Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

another winfixer problem


  • Please log in to reply

#1
Randy Swanson

Randy Swanson

    New Member

  • Member
  • Pip
  • 2 posts
Hi......I also have been having a problem with winfixer taking over my browser. Spyware and malware removal does not help. I would greatly appreciate some help. I have been reading the replies from "Crustyoldbloke". I do have Hijack This - Vundofix - and Cleanup installed. Here is my Hijackthis Log. Thanking you in advance. Randy



Logfile of HijackThis v1.99.1
Scan saved at 6:19:14 PM, on 11/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...B_PVER}&ar=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimt.../aimtoolbar.jsp
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\awtqo.dll (file missing)
O2 - BHO: Bho - {2E16DA2D-3194-4b72-AF4E-FD8597CFAFDC} - C:\WINDOWS\system32\rnaprxfq.dll
O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINDOWS\system32\awtsq.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [Ad-Aware] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" +c
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\pccguide.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe"
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - Startup: Epson scanner Registration.lnk = E:\E_reg\EPSONREG.EXE
O4 - Startup: PowerReg SchedulerV2.exe
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: awtqo - awtqo.dll (file missing)
O20 - Winlogon Notify: awtsq - C:\WINDOWS\system32\awtsq.dll
O20 - Winlogon Notify: ssttr - C:\WINDOWS\system32\ssttr.dll
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
  • 0

Advertisements


#2
FZWG

FZWG

    Visiting Staff

  • Member
  • PipPipPip
  • 145 posts
Let’s go the easy route first to see if we can get rid of the Vundo and ConHook Trojans showing up on your log.

Please do the following:

Download SpySweeper Trial (on right side of page):
http://www.webroot.c...ucts/spysweeper

Install SpySweeper v4.5 (Double click: ssfsetup1_….)
Follow the prompts and do a Typical installation
Click: Install, make sure Run SpySweeper Now is checked, and click Finish.

Update the program definitions

Then click on Options > Sweep Options
Check: Sweep all Folders on Selected drives
Check: Local Disc C
Under: What to Sweep, check every box.

Now, select: Sweep
It will take a while to scan the computer.

When the scan is done, remove whatever it finds.
Then, press the Results button
Select the Session Log tab
Select: Save to File so you can provide the results in your response.
Exit SpySweeper

Restart the computer.

Post the SpySweeper Session log, and a new HijackThis log.

Thank you.
  • 0

#3
Randy Swanson

Randy Swanson

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Hi FZWZ...........Thanks for the reply. My problem has been resolved. I went elsewhere for a fix for my problem. I didn't think that my post was going to get answered. Many people that posted after me were getting assistance, and I thought I waited a reasonable amount of time. Thank you for responding.

Best Regards,
Rswanson955
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP