MrFixitSC
Premium,VIP,ExMod 2001-06
join:2000-12-01
Moncks Corner, SC | reply to CalamityJane
Re: hijack this log...Winfixer, cws.qttask, Vx2.Lo
thanks |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
| reply to MrFixitSC
MrFixitCT, you really should start your own new topic instead piggybacking on this one. But it is known that a Vundo infection interferes sometimes with getting the PC into safe mode and the author of the Vundofix tool has verfied that the tool should work in Normal Mode as well. So try that. But if you need help on the specific files ...please post a new topic and we'll glad to assist.
--
It takes a disaster to make a woman out of a female
Microsoft MVP/Windows Security 2003-2006
Proud Member of ASAP (Alliance of Security Analysis Professionals) |
|
MrFixitSC
Premium,VIP,ExMod 2001-06
join:2000-12-01
Moncks Corner, SC | reply to eay9
Re: hijack this log...Winfixer, cws.qttask, Vx2.Look2m
I have a vundo related (possibly) when I try to boot in safe mode all I get is a black screen with "safemode" in the four corners so I cant proceed with the fix..?? |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
| reply to eay9
Re: hijack this log...Winfixer, cws.qttask, Vx2.Lo
You're welcome eay, glad we could help! Hope you have a great week, too 
@Rusty Dusty: Atribune just notified me that it was the f-lock key on his keyboard not being on so the F buttons didnt work. |
|
eay9
join:2001-08-03
Dixon, IL
| reply to CalamityJane
Greetings Calamity Jane,
Thanks for the information. I'm already using Clean up. Great program and so easy to use.
I downloaded the MS Security stuff...... it's not able to locate my computer. I guess I'm invisible these days. >
The desktop is running smoothly but slow. It's slow because of all the anti-spyware, anti-trojan, and anti-virus programs running in the background. Yep, Color me paranoid.
Thanks again for all of your help. I hope you have a great week. |
|
Rusty Dusty
join:2002-11-23
| reply to Atribune
said by Atribune  :I sent you a messge hopefully you recieve it Well, this isn't so good.....!
It is great that "eay" problem(s) have been solved, but the resorting to an off-line fix session in the middle of a problem solving process that I was following leaves me wondering what the fix was so that I can learn and help myself or someone else in the future....
So what was the 'fix', please?
Thanks. |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
| reply to eay9
looks like you got it to work Many thanks to Atribune for his efforts and help!!
The file that Panda found is in your cache (TIF) folder. Go here and delete all the files in there: C:\Documents and Settings\default\Local Settings\Temporary Internet Files.
You can also run this little program to do that for you:
Download and install CleanUp!
»www.stevengould.org/downloads/cl···Up40.exe
Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
* Empty Recycle Bins
* Delete Cookies
* Delete Prefetch files
* Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.
You can go ahead and delete the Vundofix folder now that we're done with that, should it be needed again, it's best to download a fresh copy as frequently changes are made to handle newer variants.
The HijackThis log looks good now
I think we can move forward to final cleanup and prevention steps now.
Now that your PC is clean, make sure all programs are running properly and then you'll need to reset your restore point in Windows XP.......why?
One of the best features of Windows ME or XP is the System Restore option, however if a malware infects a computer with this operating system it can be backed up in the System Restore folder. Therefore, clearing the restore points is necessary after malware removal.
To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.
(winXP)
1. Turn off System Restore.
Go to Start > Run, click on *My Computer*.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.
Go to Start > Run, click on *My Computer*.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
How to Turn On and Turn Off System Restore in Windows XP
»support.microsoft.com/default.as···s;310405
Next, I highly recommend you get some extra protection to prevent future infections. Here are some things you can do and some free programs to help .
»Security »How do I prevent browser hijacks and spyware?
I'm happy to see you have SP2 installed. That will address numerous security issues in your Operating System and IE
Make sure that you keep your Operating System and IE updated with the latest Critical Security Updates from Microsoft...they usually come out once a month, on the 2nd Tuesday of each month. This is the first step in malware prevention, as many nasties now take advantage of new exploits and if not patched, you are vulnerable!
Windows Update
»v4.windowsupdate.microsoft.com/e···ault.asp
And see this link for instructions on how to configure the enhanced security features in SP2:
»www.microsoft.com/technet/securi···cxp.mspx
I also highly recommend to get the free tool, Microsoft Baseline Security Analyzer (MBSA) from Microsoft to analyze your PC security for prevention purposes.
MBSA Version 2.0 will scan for common system misconfigurations on Windows 2000, Windows XP, and Windows Server 2003 systems. This program will identify the system security weaknesses in your browser and operating system and provides easy instructions to correct them. This includes any missing critical Windows security updates, system vulnerabilities and your IE Browser security settings. Get the download here:
Microsoft Baseline Security Analyzer
»www.microsoft.com/technet/securi···ome.mspx
Choose MBSAsetup-EN.msi = (English Version) or the language appropriate for you.
--
It takes a disaster to make a woman out of a female
Microsoft MVP/Windows Security 2003-2005
Proud Member of ASAP (Alliance of Security Analysis Professionals) |
|
eay9
join:2001-08-03
Dixon, IL
| reply to eay9
Re: hijack this log...Winfixer, cws.qttask, Vx2.Look2m
Atribune and Calamity Jane,
Thank you. You turned my bad experience into a wonderful one. You've been very kind and I truly appreciate all of your help.
Here's the Panda and HJt logs.
-----------------------------------------------------------
ACTIVE SCAN:
Incident Status Location
Adware:adware/savenow No disinfected
Windows registry
Adware:Adware/CWS
No disinfected
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\8HMN81QF\menus[1].js ------------------------------------------------------------
HJT:
Logfile of HijackThis v1.99.1
Scan saved at 10:37:40 PM, on 9/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\default\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = »desktop.presario.net/scripts/red···&lc=0409
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = »www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = »www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Insight Broadband
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\default\My Documents\filelib\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Euchre - »download.games.yahoo.com/games/c···t1_x.cab
O16 - DPF: Yahoo! Pool 2 - »download.games.yahoo.com/games/c···te_x.cab
O16 - DPF: Yahoo! Pyramids - »download.games.yahoo.com/games/c···t1_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - »messenger.zone.msn.com/binary/ms···1267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - »housecall60.trendmicro.com/house···an60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - »www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - »messenger.zone.msn.com/binary/Up···1267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - »messenger.zone.msn.com/binary/Me···1267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - »go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - »download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - »h20270.www2.hp.com/ediags/gmn/in···_gmn.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - »messenger.zone.msn.com/binary/Mi···1267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - »jcs.chat.dcn.yahoo.com/v45/yacscom.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - »appldnld.m7z.net/qtinstall.info.···ller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - »spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - »v5.windowsupdate.microsoft.com/v···10355375
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - »appdirectory.messenger.msn.com/A···ctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - »messenger.zone.msn.com/binary/Me···1267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - »appdirectory.messenger.msn.com/A···kMSN.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - »www.pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - »www.pandasoftware.com/activescan···inst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - »messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - »messenger.zone.msn.com/binary/ZI···2846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - »messenger.zone.msn.com/binary/Ba···1267.cab
O16 - DPF: {C852B12E-3F08-4099-AF8E-32FD327B88EA} (msnloader Class) - »rockstar.messenger.msn.com/rockstar.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\82VVYU4H\CWShredder[1].exe (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe |
|
Atribune
Premium
join:2004-11-21 | reply to eay9
Re: hijack this log...Winfixer, cws.qttask, Vx2.Lo
Resent |
|
eay9
join:2001-08-03
Dixon, IL | reply to Atribune
Hmm....Would it be possible to re-send the message? I forgot to update my profile when I changed ISP's. My fault.
Thank you for your help. |
|
Atribune
Premium
join:2004-11-21 | reply to eay9
I sent you a messge hopefully you recieve it |
|
eay9
join:2001-08-03
Dixon, IL
| reply to eay9
Re: hijack this log...Winfixer, cws.qttask, Vx2.Look2m
Logfile of HijackThis v1.99.1
Scan saved at 8:18:18 PM, on 9/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\default\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = »desktop.presario.net/scripts/red···&lc=0409
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = »www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = »www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Insight Broadband
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MSEvents Object - {52B1DFC7-AAFC-4362-B103-868B0683C697} - C:\WINDOWS\system32\yabab.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\default\My Documents\filelib\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Euchre - »download.games.yahoo.com/games/c···t1_x.cab
O16 - DPF: Yahoo! Pool 2 - »download.games.yahoo.com/games/c···te_x.cab
O16 - DPF: Yahoo! Pyramids - »download.games.yahoo.com/games/c···t1_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - »messenger.zone.msn.com/binary/ms···1267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - »housecall60.trendmicro.com/house···an60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - »www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - »messenger.zone.msn.com/binary/Up···1267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - »messenger.zone.msn.com/binary/Me···1267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - »go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - »download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - »h20270.www2.hp.com/ediags/gmn/in···_gmn.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - »messenger.zone.msn.com/binary/Mi···1267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - »jcs.chat.dcn.yahoo.com/v45/yacscom.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - »appldnld.m7z.net/qtinstall.info.···ller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - »spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - »v5.windowsupdate.microsoft.com/v···10355375
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - »appdirectory.messenger.msn.com/A···ctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - »messenger.zone.msn.com/binary/Me···1267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - »appdirectory.messenger.msn.com/A···kMSN.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - »www.pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - »www.pandasoftware.com/activescan···inst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - »messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - »messenger.zone.msn.com/binary/ZI···2846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - »messenger.zone.msn.com/binary/Ba···1267.cab
O16 - DPF: {C852B12E-3F08-4099-AF8E-32FD327B88EA} (msnloader Class) - »rockstar.messenger.msn.com/rockstar.cab
O20 - Winlogon Notify: yabab - C:\WINDOWS\system32\yabab.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\82VVYU4H\CWShredder[1].exe (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe |
|
Atribune
Premium
join:2004-11-21 | reply to eay9
Re: hijack this log...Winfixer, cws.qttask, Vx2.Lo
Can you post a new hijackthis log |
|
eay9
join:2001-08-03
Dixon, IL | reply to eay9
Re: hijack this log...Winfixer, cws.qttask, Vx2.Look2m
enter, ctrl+z, enter......didn't work:( |
|
Atribune
Premium
join:2004-11-21 | reply to eay9
Re: hijack this log...Winfixer, cws.qttask, Vx2.Lo
You're welcome, but i wouldn't call it help yet. |
|
eay9
join:2001-08-03
Dixon, IL | reply to eay9
Re: hijack this log...Winfixer, cws.qttask, Vx2.Look2m
Will do. Thanks for your help. |
|
eay9
join:2001-08-03
Dixon, IL | reply to eay9
Not a problem. I was just thinking out loud:D |
|
Atribune
Premium
join:2004-11-21 | reply to eay9
Re: hijack this log...Winfixer, cws.qttask, Vx2.Lo
Can you try Calamity Janes instructions again but this time instead of enter f6 enter use enter ctrl+z enter and let me know how that goes. |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL | reply to eay9
Hold on. Atribune is looking at this thread. He should post soon |
|
eay9
join:2001-08-03
Dixon, IL | reply to eay9
Re: hijack this log...Winfixer, cws.qttask, Vx2.Look2m
What would happen if I just renamed the file? |
|
