Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Please Help WinFixer Virus! [CLOSED]


  • This topic is locked This topic is locked

#1
Dcutie

Dcutie

    New Member

  • Member
  • Pip
  • 7 posts
Please help me!! I have the WinFixer virus, and I really don't know that much about computers in this sense, hence the reason I got this stupid virus. Here is my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:23:16 PM, on 10/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroDist.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Dawn\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\Documents and Settings\Dawn\Local Settings\Temporary Internet Files\Content.IE5\D0L5ZL5F\HijackThis[1].exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-ca10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-ca10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-ca10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\System32\mllmm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BackupNotify] C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: mllmm - C:\WINDOWS\System32\mllmm.dll
O20 - Winlogon Notify: vturo - C:\WINDOWS\System32\vturo.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe

Edited by Dcutie, 18 October 2005 - 10:59 PM.

  • 0

Advertisements


#2
Dcutie

Dcutie

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Please Help it's getting worse!!
  • 0

#3
Dcutie

Dcutie

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Why won't anyone help me? it's been over a week since I last posted and still no response, I'm not sure what i'm doing wrong?
  • 0

#4
John_L

John_L

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,398 posts
Hello Dcutie and welcome to Geeks To Go :tazz:

Sorry for the slow reply on this, geeks is a very busy site. Can you please post a new hijack log and we will see what we can do. :)
  • 0

#5
Dcutie

Dcutie

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thank you, thank you, thank you, for replying to my post, I am in dire need!

Here is my new Hijackthis log.......

Logfile of HijackThis v1.99.1
Scan saved at 3:48:04 PM, on 11/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroDist.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\DOCUME~1\Dawn\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Dawn\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-ca10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-ca10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-ca10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\System32\mllmm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BackupNotify] C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: mllmm - C:\WINDOWS\System32\mllmm.dll
O20 - Winlogon Notify: vturo - C:\WINDOWS\System32\vturo.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
  • 0

#6
John_L

John_L

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,398 posts
Hello again Dcutie :tazz:

Lets run this tool and see what it can do for us.

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link under to "SpySweeper" to download the program.
  • Install it. Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Options on the left side.
  • Click the Sweep Options tab.
  • Under What to Sweep please put a check next to the following:
    • Sweep Memory
    • Sweep Registry
    • Sweep Cookies
    • Sweep All User Accounts
    • Enable Direct Disk Sweeping
    • Sweep Contents of Compressed Files
    • Sweep for Rootkits
    • Please UNCHECK Do not Sweep System Restore Folder.
  • Click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.
Also please include a new hijack log when this is completed.
  • 0

#7
Dcutie

Dcutie

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Ok, here is my session log . . . . .

9:50 PM: | Start of Session, Saturday, November 05, 2005 |
9:50 PM: Spy Sweeper started
9:50 PM: Sweep initiated using definitions version 567
9:50 PM: Starting Memory Sweep
9:51 PM: Found Adware: virtumonde
9:51 PM: Detected running threat: C:\WINDOWS\system32\mllmm.dll (ID = 77)
9:51 PM: Detected running threat: C:\WINDOWS\system32\vturo.dll (ID = 77)
9:56 PM: Memory Sweep Complete, Elapsed Time: 00:05:38
9:56 PM: Starting Registry Sweep
9:56 PM: Found Adware: winantispyware 2005
9:56 PM: HKCR\checkproduct2.checkproduct\ (5 subtraces) (ID = 527503)
9:56 PM: HKCR\checkproduct2.checkproduct.1\ (3 subtraces) (ID = 527509)
9:56 PM: HKCR\appid\checkproduct2.dll\ (1 subtraces) (ID = 527632)
9:56 PM: HKCR\appid\{8c65aef6-e413-4314-815b-82717a3f1603}\ (1 subtraces) (ID = 527648)
9:56 PM: HKCR\clsid\{c427b3e3-28dc-4001-9590-d99b6776119b}\ (15 subtraces) (ID = 527829)
9:56 PM: HKCR\interface\{4f79d1c5-24f9-4e59-8022-604d4b41d5ca}\ (8 subtraces) (ID = 527937)
9:56 PM: HKCR\typelib\{30ed49a5-ca6c-4918-b5f3-5e6818c91d8b}\ (9 subtraces) (ID = 528091)
9:56 PM: HKLM\software\classes\checkproduct2.checkproduct\ (5 subtraces) (ID = 528199)
9:56 PM: HKLM\software\classes\checkproduct2.checkproduct.1\ (3 subtraces) (ID = 528205)
9:56 PM: HKLM\software\classes\appid\checkproduct2.dll\ (1 subtraces) (ID = 528341)
9:56 PM: HKLM\software\classes\appid\{8c65aef6-e413-4314-815b-82717a3f1603}\ (1 subtraces) (ID = 528357)
9:56 PM: HKLM\software\classes\clsid\{c427b3e3-28dc-4001-9590-d99b6776119b}\ (15 subtraces) (ID = 528538)
9:56 PM: HKLM\software\classes\typelib\{30ed49a5-ca6c-4918-b5f3-5e6818c91d8b}\ (9 subtraces) (ID = 528800)
9:56 PM: HKLM\software\classes\appid\{8c65aef6-e413-4314-815b-82717a3f1603}\ (1 subtraces) (ID = 543259)
9:56 PM: HKCR\clsid\{6dd0bc06-4719-4ba3-bebc-fbae6a448152}\ (12 subtraces) (ID = 954591)
9:56 PM: HKLM\software\classes\clsid\{6dd0bc06-4719-4ba3-bebc-fbae6a448152}\ (12 subtraces) (ID = 954593)
9:56 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{6dd0bc06-4719-4ba3-bebc-fbae6a448152}\ (ID = 954595)
9:56 PM: Found Adware: 180search assistant/zango
9:56 PM: HKU\S-1-5-21-706574463-3658443340-981500031-1007\software\zango\ (16 subtraces) (ID = 147919)
9:56 PM: Registry Sweep Complete, Elapsed Time:00:00:21
9:56 PM: Starting Cookie Sweep
9:56 PM: Found Spy Cookie: atlas dmt cookie
9:56 PM: [email protected][1].txt (ID = 2253)
9:56 PM: Found Spy Cookie: linksynergy cookie
9:56 PM: [email protected][2].txt (ID = 2926)
9:56 PM: Found Spy Cookie: reliablestats cookie
9:56 PM: [email protected][1].txt (ID = 3254)
9:56 PM: Found Spy Cookie: winantiviruspro cookie
9:56 PM: [email protected][2].txt (ID = 3690)
9:57 PM: Found Spy Cookie: sandboxer cookie
9:57 PM: [email protected][10].txt (ID = 3282)
9:57 PM: [email protected][1].txt (ID = 3282)
9:57 PM: [email protected][3].txt (ID = 3282)
9:57 PM: [email protected][4].txt (ID = 3282)
9:57 PM: [email protected][6].txt (ID = 3282)
9:57 PM: [email protected][8].txt (ID = 3282)
9:57 PM: Found Spy Cookie: 216.221.138 cookie
9:57 PM: [email protected][2].txt (ID = 1947)
9:57 PM: Found Spy Cookie: 247realmedia cookie
9:57 PM: [email protected][1].txt (ID = 1953)
9:57 PM: Found Spy Cookie: 2o7.net cookie
9:57 PM: [email protected][1].txt (ID = 1957)
9:57 PM: Found Spy Cookie: 3 cookie
9:57 PM: [email protected][2].txt (ID = 1959)
9:57 PM: Found Spy Cookie: 64.62.232 cookie
9:57 PM: [email protected][2].txt (ID = 1987)
9:57 PM: [email protected][3].txt (ID = 1987)
9:57 PM: [email protected][4].txt (ID = 1987)
9:57 PM: [email protected][5].txt (ID = 1987)
9:57 PM: [email protected][6].txt (ID = 1987)
9:57 PM: Found Spy Cookie: 888 cookie
9:57 PM: [email protected][1].txt (ID = 2019)
9:57 PM: Found Spy Cookie: abcsearch cookie
9:57 PM: [email protected][1].txt (ID = 2033)
9:57 PM: Found Spy Cookie: 4u.pl cookie
9:57 PM: [email protected][1].txt (ID = 1978)
9:57 PM: Found Spy Cookie: yieldmanager cookie
9:57 PM: [email protected][1].txt (ID = 3751)
9:57 PM: Found Spy Cookie: adknowledge cookie
9:57 PM: [email protected][1].txt (ID = 2072)
9:57 PM: Found Spy Cookie: hbmediapro cookie
9:57 PM: [email protected][2].txt (ID = 2768)
9:57 PM: Found Spy Cookie: adprofile cookie
9:57 PM: [email protected][2].txt (ID = 2084)
9:57 PM: Found Spy Cookie: adrevolver cookie
9:57 PM: [email protected][1].txt (ID = 2088)
9:57 PM: [email protected][3].txt (ID = 2088)
9:57 PM: Found Spy Cookie: addynamix cookie
9:57 PM: [email protected][2].txt (ID = 2062)
9:57 PM: Found Spy Cookie: joetec.net cookie
9:57 PM: [email protected][2].txt (ID = 2890)
9:57 PM: Found Spy Cookie: pointroll cookie
9:57 PM: [email protected][2].txt (ID = 3148)
9:57 PM: Found Spy Cookie: ads.tripod.lycos.com cookie
9:57 PM: [email protected][1].txt (ID = 2133)
9:57 PM: Found Spy Cookie: adserv.aavalue.com cookie
9:57 PM: [email protected][2].txt (ID = 2139)
9:57 PM: Found Spy Cookie: pollstar cookie
9:57 PM: [email protected][1].txt (ID = 3152)
9:57 PM: Found Spy Cookie: advertising cookie
9:57 PM: [email protected][1].txt (ID = 2175)
9:57 PM: Found Spy Cookie: alt cookie
9:57 PM: [email protected][2].txt (ID = 2217)
9:57 PM: Found Spy Cookie: falkag cookie
9:57 PM: [email protected][2].txt (ID = 2650)
9:57 PM: Found Spy Cookie: askmen cookie
9:57 PM: [email protected][1].txt (ID = 2247)
9:57 PM: Found Spy Cookie: ask cookie
9:57 PM: [email protected][1].txt (ID = 2245)
9:57 PM: [email protected][2].txt (ID = 2253)
9:57 PM: Found Spy Cookie: belnk cookie
9:57 PM: [email protected][2].txt (ID = 2293)
9:57 PM: Found Spy Cookie: a cookie
9:57 PM: [email protected][1].txt (ID = 2027)
9:57 PM: Found Spy Cookie: banners cookie
9:57 PM: [email protected][2].txt (ID = 2282)
9:57 PM: Found Spy Cookie: banner cookie
9:57 PM: [email protected][2].txt (ID = 2276)
9:57 PM: [email protected][2].txt (ID = 2292)
9:57 PM: Found Spy Cookie: bestmovies cookie
9:57 PM: [email protected][1].txt (ID = 2298)
9:57 PM: Found Spy Cookie: bizrate cookie
9:57 PM: [email protected][1].txt (ID = 2308)
9:57 PM: Found Spy Cookie: bluestreak cookie
9:57 PM: [email protected][2].txt (ID = 2314)
9:57 PM: Found Spy Cookie: porngraph cookie
9:57 PM: [email protected][1].txt (ID = 3169)
9:57 PM: Found Spy Cookie: casalemedia cookie
9:57 PM: [email protected][2].txt (ID = 2354)
9:57 PM: Found Spy Cookie: ccbill cookie
9:57 PM: [email protected][1].txt (ID = 2369)
9:57 PM: Found Spy Cookie: centrport net cookie
9:57 PM: [email protected][1].txt (ID = 2374)
9:57 PM: Found Spy Cookie: sexsuche cookie
9:57 PM: [email protected][2].txt (ID = 3360)
9:57 PM: Found Spy Cookie: counter cookie
9:57 PM: [email protected][1].txt (ID = 2477)
9:57 PM: Found Spy Cookie: 360i cookie
9:57 PM: [email protected][2].txt (ID = 1962)
9:57 PM: Found Spy Cookie: customer cookie
9:57 PM: [email protected][1].txt (ID = 2481)
9:57 PM: Found Spy Cookie: directroi cookie
9:57 PM: [email protected][1].txt (ID = 2525)
9:57 PM: [email protected][1].txt (ID = 2293)
9:57 PM: Found Spy Cookie: ru4 cookie
9:57 PM: [email protected][1].txt (ID = 3269)
9:57 PM: Found Spy Cookie: fastclick cookie
9:57 PM: [email protected][2].txt (ID = 2651)
9:57 PM: Found Spy Cookie: fe.lea.lycos.com cookie
9:57 PM: [email protected][1].txt (ID = 2660)
9:57 PM: [email protected][2].txt (ID = 2660)
9:57 PM: Found Spy Cookie: fortunecity cookie
9:57 PM: [email protected][1].txt (ID = 2686)
9:57 PM: Found Spy Cookie: gangbangsquad cookie
9:57 PM: [email protected][1].txt (ID = 2720)
9:57 PM: Found Spy Cookie: go.com cookie
9:57 PM: [email protected][2].txt (ID = 2728)
9:57 PM: Found Spy Cookie: starware.com cookie
9:57 PM: [email protected][1].txt (ID = 3442)
9:57 PM: Found Spy Cookie: humanclick cookie
9:57 PM: [email protected][1].txt (ID = 2810)
9:57 PM: Found Spy Cookie: herfirstanalsex cookie
9:57 PM: [email protected][1].txt (ID = 2769)
9:57 PM: Found Spy Cookie: herfirstlesbiansex cookie
9:57 PM: [email protected][2].txt (ID = 2771)
9:57 PM: Found Spy Cookie: homestore cookie
9:57 PM: [email protected][1].txt (ID = 2793)
9:57 PM: Found Spy Cookie: howstuffworks cookie
9:57 PM: [email protected][2].txt (ID = 2805)
9:57 PM: Found Spy Cookie: screensavers.com cookie
9:57 PM: [email protected][2].txt (ID = 3298)
9:57 PM: Found Spy Cookie: ic-live cookie
9:57 PM: [email protected][2].txt (ID = 2821)
9:57 PM: Found Spy Cookie: zango cookie
9:57 PM: [email protected][1].txt (ID = 3761)
9:57 PM: [email protected][1].txt (ID = 2729)
9:57 PM: Found Spy Cookie: kount cookie
9:57 PM: [email protected][1].txt (ID = 2911)
9:57 PM: Found Spy Cookie: l2m.net cookie
9:57 PM: [email protected][1].txt (ID = 2913)
9:57 PM: Found Spy Cookie: maxserving cookie
9:57 PM: [email protected][1].txt (ID = 2966)
9:57 PM: Found Spy Cookie: metareward.com cookie
9:57 PM: [email protected][2].txt (ID = 2990)
9:57 PM: [email protected][1].txt (ID = 2806)
9:57 PM: Found Spy Cookie: nextag cookie
9:57 PM: [email protected][2].txt (ID = 5014)
9:57 PM: Found Spy Cookie: one-time-offer cookie
9:57 PM: [email protected][2].txt (ID = 3095)
9:57 PM: Found Spy Cookie: outster cookie
9:57 PM: [email protected][1].txt (ID = 3103)
9:57 PM: Found Spy Cookie: partnerweekly cookie
9:57 PM: [email protected][1].txt (ID = 3109)
9:57 PM: Found Spy Cookie: passion cookie
9:57 PM: [email protected][2].txt (ID = 3113)
9:57 PM: Found Spy Cookie: paypopup cookie
9:57 PM: [email protected][1].txt (ID = 3119)
9:57 PM: Found Spy Cookie: ping cookie
9:57 PM: [email protected][2].txt (ID = 3137)
9:57 PM: [email protected][1].txt (ID = 3120)
9:57 PM: Found Spy Cookie: pricegrabber cookie
9:57 PM: [email protected][2].txt (ID = 3185)
9:57 PM: Found Spy Cookie: wegcash cookie
9:57 PM: [email protected][2].txt (ID = 3682)
9:57 PM: Found Spy Cookie: pub cookie
9:57 PM: [email protected][1].txt (ID = 3205)
9:57 PM: Found Spy Cookie: trb.com cookie
9:57 PM: [email protected][1].txt (ID = 3588)
9:57 PM: Found Spy Cookie: qsrch cookie
9:57 PM: [email protected][1].txt (ID = 3215)
9:57 PM: Found Spy Cookie: questionmarket cookie
9:57 PM: [email protected][1].txt (ID = 3217)
9:57 PM: Found Spy Cookie: realmedia cookie
9:57 PM: [email protected][2].txt (ID = 3235)
9:57 PM: Found Spy Cookie: reunion cookie
9:57 PM: [email protected][2].txt (ID = 3255)
9:57 PM: Found Spy Cookie: revenue.net cookie
9:57 PM: [email protected][1].txt (ID = 3257)
9:57 PM: Found Spy Cookie: rn11 cookie
9:57 PM: [email protected][2].txt (ID = 3261)
9:57 PM: Found Spy Cookie: adjuggler cookie
9:57 PM: [email protected][1].txt (ID = 2071)
9:57 PM: Found Spy Cookie: seeq cookie
9:57 PM: [email protected][2].txt (ID = 3331)
9:57 PM: Found Spy Cookie: servedby advertising cookie
9:57 PM: owner@servedby.advertising[2].txt (ID = 3335)
9:57 PM: Found Spy Cookie: servlet cookie
9:57 PM: owner@servlet[1].txt (ID = 3345)
9:57 PM: owner@servlet[3].txt (ID = 3345)
9:57 PM: owner@starware[2].txt (ID = 3441)
9:57 PM: Found Spy Cookie: dealtime cookie
9:57 PM: owner@stat.dealtime[1].txt (ID = 2506)
9:57 PM: Found Spy Cookie: statcounter cookie
9:57 PM: owner@statcounter[2].txt (ID = 3447)
9:57 PM: owner@stats1.reliablestats[2].txt (ID = 3254)
9:57 PM: Found Spy Cookie: webtrendslive cookie
9:57 PM: owner@statse.webtrendslive[1].txt (ID = 3667)
9:57 PM: Found Spy Cookie: targetnet cookie
9:57 PM: owner@targetnet[1].txt (ID = 3489)
9:57 PM: Found Spy Cookie: teensforcash cookie
9:57 PM: owner@teensforcash[2].txt (ID = 3509)
9:57 PM: Found Spy Cookie: tracking cookie
9:57 PM: owner@tracking[1].txt (ID = 3571)
9:57 PM: Found Spy Cookie: trafficmp cookie
9:57 PM: owner@trafficmp[1].txt (ID = 3581)
9:57 PM: Found Spy Cookie: tribalfusion cookie
9:57 PM: owner@tribalfusion[2].txt (ID = 3589)
9:57 PM: Found Spy Cookie: tripod cookie
9:57 PM: owner@tripod[2].txt (ID = 3591)
9:57 PM: Found Spy Cookie: webpower cookie
9:57 PM: owner@webpower[2].txt (ID = 3660)
9:57 PM: Found Spy Cookie: 123count cookie
9:57 PM: owner@www.123count[2].txt (ID = 1928)
9:57 PM: owner@www.ads.joetec[1].txt (ID = 2890)
9:57 PM: owner@www.askmen[1].txt (ID = 2248)
9:57 PM: Found Spy Cookie: brazilwelcomesyou cookie
9:57 PM: owner@www.brazilwelcomesyou[1].txt (ID = 2325)
9:57 PM: Found Spy Cookie: eroticy cookie
9:57 PM: owner@www.eroticy[1].txt (ID = 2624)
9:57 PM: owner@www.herfirstlesbiansex[1].txt (ID = 2772)
9:57 PM: owner@www.homestore[2].txt (ID = 2794)
9:57 PM: owner@www.ping[1].txt (ID = 3138)
9:57 PM: owner@www.pollstar[1].txt (ID = 3152)
9:57 PM: owner@www.screensavers[1].txt (ID = 3298)
9:57 PM: owner@www.seeq[1].txt (ID = 3332)
9:57 PM: owner@www48.seeq[1].txt (ID = 3332)
9:57 PM: Found Spy Cookie: adserver cookie
9:57 PM: owner@z1.adserver[1].txt (ID = 2142)
9:57 PM: Cookie Sweep Complete, Elapsed Time: 00:00:29
9:57 PM: Starting File Sweep
9:57 PM: Found Adware: bullguard popup ad
9:57 PM: c:\windows\temp\bullguard (1 subtraces) (ID = -2147476409)
9:57 PM: c:\program files\common files\winsoftware (2 subtraces) (ID = -2147476682)
10:17 PM: setup.exe (ID = 158822)
10:22 PM: df_kmd.sys (ID = 146298)
10:24 PM: winfixer2005setup.exe (ID = 158827)
10:36 PM: bulldownload.exe (ID = 52017)
10:36 PM: crxml.dll (ID = 119203)
10:38 PM: hoo65.tmp (ID = 91130)
10:49 PM: a0032663.dll (ID = 70604)
10:53 PM: Warning: Invalid file - not a PKZip file
10:53 PM: Warning: Invalid file - not a PKZip file
10:54 PM: Warning: Invalid file - not a PKZip file
10:54 PM: Warning: Unhandled Archive Type
10:55 PM: Warning: Invalid file - not a PKZip file
10:55 PM: Warning: Invalid file - not a PKZip file
10:55 PM: Warning: Invalid file - not a PKZip file
10:55 PM: Warning: Invalid file - not a PKZip file
10:55 PM: Warning: Invalid file - not a PKZip file
10:55 PM: Warning: Invalid file - not a PKZip file
10:55 PM: Warning: Invalid Stream
10:55 PM: Warning: Invalid file - not a PKZip file
10:56 PM: File Sweep Complete, Elapsed Time: 00:59:34
10:56 PM: Full Sweep has completed. Elapsed time 01:06:12
10:56 PM: Traces Found: 277
11:06 PM: Removal process initiated
11:07 PM: Quarantining All Traces: 180search assistant/zango
11:07 PM: Quarantining All Traces: virtumonde
11:07 PM: virtumonde is in use. It will be removed on reboot.
11:07 PM: C:\WINDOWS\system32\mllmm.dll is in use. It will be removed on reboot.
11:07 PM: C:\WINDOWS\system32\vturo.dll is in use. It will be removed on reboot.
11:07 PM: Quarantining All Traces: bullguard popup ad
11:07 PM: Quarantining All Traces: winantispyware 2005
11:07 PM: Quarantining All Traces: 123count cookie
11:07 PM: Quarantining All Traces: 216.221.138 cookie
11:07 PM: Quarantining All Traces: 247realmedia cookie
11:07 PM: Quarantining All Traces: 2o7.net cookie
11:07 PM: Quarantining All Traces: 3 cookie
11:07 PM: Quarantining All Traces: 360i cookie
11:07 PM: Quarantining All Traces: 4u.pl cookie
11:07 PM: Quarantining All Traces: 64.62.232 cookie
11:07 PM: Quarantining All Traces: 888 cookie
11:07 PM: Quarantining All Traces: a cookie
11:07 PM: Quarantining All Traces: abcsearch cookie
11:07 PM: Quarantining All Traces: addynamix cookie
11:07 PM: Quarantining All Traces: adjuggler cookie
11:07 PM: Quarantining All Traces: adknowledge cookie
11:07 PM: Quarantining All Traces: adprofile cookie
11:07 PM: Quarantining All Traces: adrevolver cookie
11:07 PM: Quarantining All Traces: ads.tripod.lycos.com cookie
11:07 PM: Quarantining All Traces: adserv.aavalue.com cookie
11:07 PM: Quarantining All Traces: adserver cookie
11:07 PM: Quarantining All Traces: advertising cookie
11:07 PM: Quarantining All Traces: alt cookie
11:07 PM: Quarantining All Traces: ask cookie
11:07 PM: Quarantining All Traces: askmen cookie
11:07 PM: Quarantining All Traces: atlas dmt cookie
11:07 PM: Quarantining All Traces: banner cookie
11:07 PM: Quarantining All Traces: banners cookie
11:07 PM: Quarantining All Traces: belnk cookie
11:07 PM: Quarantining All Traces: bestmovies cookie
11:07 PM: Quarantining All Traces: bizrate cookie
11:07 PM: Quarantining All Traces: bluestreak cookie
11:07 PM: Quarantining All Traces: brazilwelcomesyou cookie
11:07 PM: Quarantining All Traces: casalemedia cookie
11:07 PM: Quarantining All Traces: ccbill cookie
11:07 PM: Quarantining All Traces: centrport net cookie
11:07 PM: Quarantining All Traces: counter cookie
11:07 PM: Quarantining All Traces: customer cookie
11:07 PM: Quarantining All Traces: dealtime cookie
11:07 PM: Quarantining All Traces: directroi cookie
11:07 PM: Quarantining All Traces: eroticy cookie
11:07 PM: Quarantining All Traces: falkag cookie
11:07 PM: Quarantining All Traces: fastclick cookie
11:07 PM: Quarantining All Traces: fe.lea.lycos.com cookie
11:07 PM: Quarantining All Traces: fortunecity cookie
11:07 PM: Quarantining All Traces: gangbangsquad cookie
11:07 PM: Quarantining All Traces: go.com cookie
11:07 PM: Quarantining All Traces: hbmediapro cookie
11:07 PM: Quarantining All Traces: herfirstanalsex cookie
11:07 PM: Quarantining All Traces: herfirstlesbiansex cookie
11:07 PM: Quarantining All Traces: homestore cookie
11:07 PM: Quarantining All Traces: howstuffworks cookie
11:07 PM: Quarantining All Traces: humanclick cookie
11:07 PM: Quarantining All Traces: ic-live cookie
11:07 PM: Quarantining All Traces: joetec.net cookie
11:07 PM: Quarantining All Traces: kount cookie
11:07 PM: Quarantining All Traces: l2m.net cookie
11:07 PM: Quarantining All Traces: linksynergy cookie
11:07 PM: Quarantining All Traces: maxserving cookie
11:07 PM: Quarantining All Traces: metareward.com cookie
11:07 PM: Quarantining All Traces: nextag cookie
11:07 PM: Quarantining All Traces: one-time-offer cookie
11:07 PM: Quarantining All Traces: outster cookie
11:07 PM: Quarantining All Traces: partnerweekly cookie
11:07 PM: Quarantining All Traces: passion cookie
11:07 PM: Quarantining All Traces: paypopup cookie
11:07 PM: Quarantining All Traces: ping cookie
11:07 PM: Quarantining All Traces: pointroll cookie
11:07 PM: Quarantining All Traces: pollstar cookie
11:07 PM: Quarantining All Traces: porngraph cookie
11:07 PM: Quarantining All Traces: pricegrabber cookie
11:07 PM: Quarantining All Traces: pub cookie
11:07 PM: Quarantining All Traces: qsrch cookie
11:07 PM: Quarantining All Traces: questionmarket cookie
11:07 PM: Quarantining All Traces: realmedia cookie
11:07 PM: Quarantining All Traces: reliablestats cookie
11:07 PM: Quarantining All Traces: reunion cookie
11:07 PM: Quarantining All Traces: revenue.net cookie
11:07 PM: Quarantining All Traces: rn11 cookie
11:07 PM: Quarantining All Traces: ru4 cookie
11:07 PM: Quarantining All Traces: sandboxer cookie
11:07 PM: Quarantining All Traces: screensavers.com cookie
11:07 PM: Quarantining All Traces: seeq cookie
11:07 PM: Quarantining All Traces: servedby advertising cookie
11:07 PM: Quarantining All Traces: servlet cookie
11:07 PM: Quarantining All Traces: sexsuche cookie
11:07 PM: Quarantining All Traces: starware.com cookie
11:07 PM: Quarantining All Traces: statcounter cookie
11:07 PM: Quarantining All Traces: targetnet cookie
11:07 PM: Quarantining All Traces: teensforcash cookie
11:07 PM: Quarantining All Traces: tracking cookie
11:07 PM: Quarantining All Traces: trafficmp cookie
11:07 PM: Quarantining All Traces: trb.com cookie
11:07 PM: Quarantining All Traces: tribalfusion cookie
11:07 PM: Quarantining All Traces: tripod cookie
11:07 PM: Quarantining All Traces: webpower cookie
11:07 PM: Quarantining All Traces: webtrendslive cookie
11:07 PM: Quarantining All Traces: wegcash cookie
11:07 PM: Quarantining All Traces: winantiviruspro cookie
11:07 PM: Quarantining All Traces: yieldmanager cookie
11:07 PM: Quarantining All Traces: zango cookie
11:07 PM: Warning: Timed out waiting for explorer.exe
11:07 PM: Warning: Launched explorer.exe
11:07 PM: Warning: Quarantine process could not restart Explorer.
11:08 PM: Preparing to restart your computer. Please wait...
11:08 PM: Removal process completed. Elapsed time 00:01:49
********
9:44 PM: | Start of Session, Saturday, November 05, 2005 |
9:44 PM: Spy Sweeper started
9:44 PM: Sweep initiated using definitions version 567
9:44 PM: Starting Memory Sweep
9:44 PM: Found Adware: virtumonde
9:44 PM: Detected running threat: C:\WINDOWS\system32\mllmm.dll (ID = 77)
9:44 PM: Detected running threat: C:\WINDOWS\system32\vturo.dll (ID = 77)
9:48 PM: Sweep Canceled
9:48 PM: Memory Sweep Complete, Elapsed Time: 00:04:27
9:48 PM: Traces Found: 2
9:50 PM: | End of Session, Saturday, November 05, 2005 |
********
9:43 PM: | Start of Session, Saturday, November 05, 2005 |
9:43 PM: Spy Sweeper started
9:44 PM: Your spyware definitions have been updated.
9:44 PM: | End of Session, Saturday, November 05, 2005 |
  • 0

#8
John_L

John_L

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,398 posts
Good job Dcutie :tazz:

Can you now show me a new hijack log? And we will see what else we have to do. :)
  • 0

#9
Dcutie

Dcutie

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Ok, here is my new hijack this log. . . .

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroDist.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\DOCUME~1\Dawn\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Documents and Settings\Dawn\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-ca10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-ca10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-ca10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BackupNotify] C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe

Thank you so much for the help. I haven't had any Winfixer pop ups or anything since I ran that program.

D-
  • 0

#10
John_L

John_L

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,398 posts
Hello again :tazz:

Still a couple things to remove.

Fire up hijack this, press scan only and place a check next to these.

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

Close all browsers and click fix on hijack this.

Find your way to this file and delete if found.

C:\WINDOWS\ALCXMNTR.EXE <--This file

Reboot and show me a new log please. :)
  • 0

#11
John_L

John_L

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,398 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP