Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

winfixer problem [RESOLVED]


  • This topic is locked This topic is locked

#1
busydad

busydad

    Member

  • Member
  • PipPip
  • 18 posts
hi
i'm new to this so bear with me. ive had this winfixer,or trojan-vundo problem for 4-5 weeks. i used avg on this old computer and it did nothing about winfixer,so i did some research and stopped it from starting up,however i knew it was still there. i installed norton anti virus and everything seemed fine for a week or so,until i got this trojan vundo alert from norton. i did their fix but got nowhere,in fact i couldnt even get the alert off my screen. after i got to your site i uninstalled norton ,got ewido,ad-aware,clean-up,and spy bot.i also tried microsoft's beta anti spyware. each program found and solved some problems except winfixer. i even tried a trial version of panda anti-virus but it slowed my computer down so much it wasn't worth the trouble so i uninstalled it.
now i have one other small problem. up until last night ewido was working fine, now i cant get it to open! when i double click it,it goes to the tray and wont restore. if i right click either the shortcut or the tray icon,ditto- won't open.
thanks in advance



Logfile of HijackThis v1.99.1
Scan saved at 8:15:42 PM, on 11/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.ce1.attbb.net:8000
O1 - Hosts: ds-now.com
O2 - BHO: MSEvents Object - {CE70731D-F28D-4D81-9D61-C8EE60378401} - C:\WINDOWS\system32\qopon.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [77rh3pe] mchemote.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [stratas] lockx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [FNI.UWA5P] "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA5PNetInstaller.exe"
O4 - HKLM\..\RunServices: [stratas] lockx.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Mw0nRfKqV] lmrci.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildt...iveLauncher.cab
O20 - Winlogon Notify: imgrun - C:\WINDOWS\
O20 - Winlogon Notify: qopon - C:\WINDOWS\system32\qopon.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
  • 0

Advertisements


#2
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Hi and welcome to GeeksToGo! My name is Sam and I will be helping you. :tazz:

I apologize for the delay getting to your log, the helpers here are very busy.
If you still need help, please post a fresh Hijack log, in this thread, so I can help you with your Malware Problems.

If you have resolved this issue please let us know.
  • 0

#3
busydad

busydad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Logfile of HijackThis v1.99.1
Scan saved at 10:50:46 AM, on 11/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.ce1.attbb.net:8000
O1 - Hosts: ds-now.com
O2 - BHO: MSEvents Object - {CE70731D-F28D-4D81-9D61-C8EE60378401} - C:\WINDOWS\system32\qopon.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [77rh3pe] mchemote.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [stratas] lockx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\RunServices: [stratas] lockx.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Mw0nRfKqV] lmrci.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildt...iveLauncher.cab
O20 - Winlogon Notify: imgrun - C:\WINDOWS\
O20 - Winlogon Notify: qopon - C:\WINDOWS\system32\qopon.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe

in the interim i uninstalled ewido and reinstalled and it 's working again
  • 0

#4
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
You have a couple issues, but we'll get rid of Vundo first.

Please print these instructions out for use in Safe Mode.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to extract the files
  • This will create a VundoFix folder on your desktop.
  • After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
  • Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
  • You will first be presented with a warning.
    It should look like this

    VundoFix V2.15 by Atri
    By using VundoFix you agree that you are doing so at your own risk
    Press enter to continue....

  • At this point press enter one time.
  • Next you will see:

    Please Type in the filepath as instructed by the forum staff
    and then press enter:

  • At this point please type the following file path (make sure to enter it exactly as below!):

    • C:\WINDOWS\system32\qopon.dll

  • Press Enter to continue with the fix.
  • Next you will see:

    Please type in the second filepath as instructed by the forum
    staff then press enter:

  • At this point please type the following file path (make sure to enter it exactly as below!):

    C:\WINDOWS\system32\nopoq.*
  • Press Enter to continue with the fix.
  • The fix will run then HijackThis will open. If it does not open automatically please open it manually.
  • In HiJackThis, please place a check next to the following items and click FIX CHECKED:


    O2 - BHO: MSEvents Object - {CE70731D-F28D-4D81-9D61-C8EE60378401} - C:\WINDOWS\system32\qopon.dll
    O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildt...iveLauncher.cab
    O20 - Winlogon Notify: imgrun - C:\WINDOWS\
    O20 - Winlogon Notify: qopon - C:\WINDOWS\system32\qopon.dll

  • After you have fixed these items, close Hijackthis.
  • Press enter to exit the program then manually reboot your computer.
  • Once your machine reboots please continue with the instructions below.
Download and install CleanUp!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, click NO.

Then, please run this online virus scan: ActiveScan

Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic.
  • 0

#5
busydad

busydad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
:tazz: thanks!

here are the hjt log and vundo fix logs. i dont have the active scan log because i cant get the scan to run!
i have this other small problem clicking links on web pages. for instance in order to access the links to the downloads you gave me i have to right click the link and choose "open' or "open in new window". if i simply (left) click, or even double click, a link nothing happens. i dont think i have a mouse problem as it works fine when clicking other things. the problem only shows up when trying to click links. so when i get to the panda activescan page i'm shown a box with an oscillating green light that says "scan my pc", with instructions below it detailing how the scan will open in a new window and active x will attempt to load,etc.
however, clicking the "scan my pc button "will not activate the scan, and right clicking the button does not provide me with an option to "open" or any other way to start the scan,so im dead in the water.



VundoFix V2.15 by Atri
--------------------------------------------------------------------------------------

Listing files contained in the vundofix folder.
--------------------------------------------------------------------------------------

killvundo.bat
process.exe
ReadMe.txt
vundo.reg
vundofix.txt

--------------------------------------------------------------------------------------

Filepaths entered
--------------------------------------------------------------------------------------

The filepath entered was C:\WINDOWS\system32\qopon.dll

The second filepath entered was C:\WINDOWS\system32\nopoq.*

--------------------------------------------------------------------------------------

Log from Process
--------------------------------------------------------------------------------------


Killing PID 124 'smss.exe'

Killing PID 736 'explorer.exe'
Killing PID 736 'explorer.exe'


Killing PID 204 'winlogon.exe'
--------------------------------------------------------------------------------------

C:\WINDOWS\system32\qopon.dll Deleted sucessfully.
C:\WINDOWS\system32\nopoq.* Deleted sucessfully.

Fixing Registry
--------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 7:45:15 PM, on 11/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.ce1.attbb.net:8000
O1 - Hosts: ds-now.com
O2 - BHO: MSEvents Object - {CE70731D-F28D-4D81-9D61-C8EE60378401} - C:\WINDOWS\system32\qopon.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [77rh3pe] mchemote.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [stratas] lockx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\RunServices: [stratas] lockx.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Mw0nRfKqV] lmrci.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildt...iveLauncher.cab
O20 - Winlogon Notify: imgrun - C:\WINDOWS\
O20 - Winlogon Notify: qopon - C:\WINDOWS\system32\qopon.dll (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe

you also mentioned some other problems,but can you suggest a way to open the activescan link so i can complete your instructions? thanks again. just for reference ill try another mouse if i can find one.
  • 0

#6
busydad

busydad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
tried another mouse,same problem
  • 0

#7
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
I'm unsure if your clicking/mouse problem is related to the malware that you still have, but let's clean the malware up first and then we'll come back to the clicking/mouse issue. It may just be a bad driver.

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

O1 - Hosts: ds-now.com <-- unless you put this entry here, then leave it alone.
O2 - BHO: MSEvents Object - {CE70731D-F28D-4D81-9D61-C8EE60378401} - C:\WINDOWS\system32\qopon.dll (file missing)
O4 - HKLM\..\Run: [77rh3pe] mchemote.exe
O4 - HKLM\..\Run: [stratas] lockx.exe
O4 - HKLM\..\RunServices: [stratas] lockx.exe
O4 - HKCU\..\Run: [Mw0nRfKqV] lmrci.exe
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildt...iveLauncher.cab
O20 - Winlogon Notify: imgrun - C:\WINDOWS\
O20 - Winlogon Notify: qopon - C:\WINDOWS\system32\qopon.dll (file missing)



Please download and run AimFix
It should return a small log. Please post that in your next reply.


Reboot and post a new hijackthis log and the log from Aimfix.
  • 0

#8
busydad

busydad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
thanks again
here are the latest logs. does the aimfix log mean that i had viruses attached to those profiles listed?

Logfile of HijackThis v1.99.1
Scan saved at 9:52:23 AM, on 11/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.ce1.attbb.net:8000
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe

1.3.2411.221


Setting security privileges for AIMfix...

First, closing any running copies of AOL Instant Messenger (aim.exe):

***ANY VIRUS FILES REMOVED WILL BE LISTED BELOW***

C:\Data found, attempting to remove...
C:\Data quarantined
Profile for aliablockedme edited to remove possible virus code.

Profile for aliablockyblocky edited to remove possible virus code.

Profile for babyphat4760 edited to remove possible virus code.

Profile for badjewbag1590 edited to remove possible virus code.

Profile for bigredretard112 edited to remove possible virus code.

Profile for bigtpimpinj69 edited to remove possible virus code.

Profile for blazenbrunette21 edited to remove possible virus code.

Profile for blazinbeachbaby9 edited to remove possible virus code.

Profile for chocolatevacume edited to remove possible virus code.

Profile for cky4cky4 edited to remove possible virus code.

Profile for cpmcg23 edited to remove possible virus code.

Profile for crazypimp331 edited to remove possible virus code.

Profile for dimepieces09x edited to remove possible virus code.

Profile for dirtbiker00890 edited to remove possible virus code.

Profile for doyalikeemfiesty edited to remove possible virus code.

Profile for elquilt69 edited to remove possible virus code.

Profile for fatmonkey588 edited to remove possible virus code.

Profile for feistyfemale1234 edited to remove possible virus code.

Profile for fiestyfemale1234 edited to remove possible virus code.

Profile for girlskater1625 edited to remove possible virus code.

Profile for hockeyqtx10x edited to remove possible virus code.

Profile for hxcninjakilla edited to remove possible virus code.

Profile for iamhottnyurnot edited to remove possible virus code.

Profile for iwetodded1234567 edited to remove possible virus code.

Profile for jake546865465465 edited to remove possible virus code.

Profile for jakefischer1992 edited to remove possible virus code.

Profile for jklhklj edited to remove possible virus code.

Profile for johnrobert227 edited to remove possible virus code.

Profile for jumpinhobo92 edited to remove possible virus code.

Profile for killakam456 edited to remove possible virus code.

Profile for kkilakam123 edited to remove possible virus code.

Profile for kkillakam123 edited to remove possible virus code.

Profile for krunkak0la edited to remove possible virus code.

Profile for lad edited to remove possible virus code.

Profile for ladyluscious218 edited to remove possible virus code.

Profile for liesbreakhearts7 edited to remove possible virus code.

Profile for lilkyky01023 edited to remove possible virus code.

Profile for lilmobbsta311 edited to remove possible virus code.

Profile for naughtyblondie52 edited to remove possible virus code.

Profile for pat1192837465 edited to remove possible virus code.

Profile for patrickie edited to remove possible virus code.

Profile for pchoops13 edited to remove possible virus code.

Profile for pib edited to remove possible virus code.

Profile for pic edited to remove possible virus code.

Profile for pimpinbabyboy16 edited to remove possible virus code.

Profile for pinkhockeychic10 edited to remove possible virus code.

Profile for pivit159753 edited to remove possible virus code.

Profile for piv` edited to remove possible virus code.

Profile for playa4life1783 edited to remove possible virus code.

Profile for purplecitybadboy edited to remove possible virus code.

Profile for recent IM ScreenNames edited to remove possible virus code.

Profile for riderguy5000 edited to remove possible virus code.

Profile for rosebud110687 edited to remove possible virus code.

Profile for rosebud118706 edited to remove possible virus code.

Profile for sexichick908 edited to remove possible virus code.

Profile for sizzlinsweetie41 edited to remove possible virus code.

Profile for sk8forlifedude edited to remove possible virus code.

Profile for skateelement1827 edited to remove possible virus code.

Profile for skaterchick6788 edited to remove possible virus code.

Profile for skateshortys1625 edited to remove possible virus code.

Profile for skgavemelilkyky edited to remove possible virus code.

Profile for slowmotion4me313 edited to remove possible virus code.

Profile for snowboarder00324 edited to remove possible virus code.

Profile for strawberryvacume edited to remove possible virus code.

Profile for strberryvacume edited to remove possible virus code.

Profile for stupidfatassjew3 edited to remove possible virus code.

Profile for teddybear62791 edited to remove possible virus code.

Profile for thisiskylessn68 edited to remove possible virus code.

Profile for thisisntkylessn edited to remove possible virus code.

Profile for toy4life1625 edited to remove possible virus code.

Profile for whatupnegro edited to remove possible virus code.

Profile for whatupnegro112 edited to remove possible virus code.

Profile for xblondehottie16x edited to remove possible virus code.

Profile for xjohnnyboi227x edited to remove possible virus code.

Profile for xjohnnyboi454x edited to remove possible virus code.

Profile for xsazzlemyazzlex edited to remove possible virus code.

Profile for xwhatxangelx edited to remove possible virus code.

Profile for xxinthem0odxx edited to remove possible virus code.

Profile for yayjordanison edited to remove possible virus code.


***RUN COMPLETED. ANY FILES REMOVED LISTED ABOVE***
----------------------------------------------------------

1.3.2411.221


Setting security privileges for AIMfix...

First, closing any running copies of AOL Instant Messenger (aim.exe):

***ANY VIRUS FILES REMOVED WILL BE LISTED BELOW***


***RUN COMPLETED. ANY FILES REMOVED LISTED ABOVE***
----------------------------------------------------------
  • 0

#9
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts

does the aimfix log mean that i had viruses attached to those profiles listed?

Yes it does.

But your log is clean now?
How are things working on your end?
  • 0

#10
busydad

busydad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
:) thanks, everything but the mouse click problem seems to be working fine. i hate having that junk infiltrate my computer.
i dont know much about aim,but i have 6 kids who use it daily. also they're using something called "my space". my other 2 newer computers seem to be protected as i dont see any evidence of infections on them. i use norton security on them along with spy doc or spy sweeper. as i mentioned , i got norton for this computer , but i was already infected and norton was ineffective at that point. i still have a subscription to norton, should i reinstall it or just stick with ewido ?
:) my mouse click problem is still there, i assume i have a driver problem as you mentioned.


thanks again for all your help :tazz:
  • 0

#11
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Ewido is a great compliment to Norton, but not really a replacement. I'm not a big fan of Norton as it tends to be a huge resource hog on your computer, but it will do an adequate job as long as you keep it updated.

For your mouse issue, I would uninstall the driver and then reinstall it. That might just take care of it for you. If you continue to have problems with it however, you may want to post here and let one of the hardware experts advise you.

http://www.geekstogo...php?showforum=9


Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Managing Windows Millenium System Restore

    or

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:tazz: :)
  • 0

#12
busydad

busydad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
:) thank you so much for the help. i'll tackle the mouse problem and use the link you gave me if i need more help. my problem is resolved,my computer is working fine :tazz:
  • 0

#13
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP