eay9
join:2001-08-03
Dixon, IL | reply to eay9
Re: hijack this log...Winfixer, cws.qttask, Vx2.Look2m
Nope.....it still hangs on the first file path  |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL | Re: hijack this log...Winfixer, cws.qttask, Vx2.Lo
Try typing it in (be very careful) |
|
eay9
join:2001-08-03
Dixon, IL | reply to eay9
Re: hijack this log...Winfixer, cws.qttask, Vx2.Look2m
I did that earlier today. I updated the definitions and ran the scan. The scan came out clean. |
|
eay9
join:2001-08-03
Dixon, IL | reply to eay9
""Try typing it in (be very careful)""
I did that too |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL | reply to eay9
Re: hijack this log...Winfixer, cws.qttask, Vx2.Lo
Ok - we'll scratch MSAS didn't work?
Did you try typing in the file name? |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL | reply to eay9
LOL...you're very quick! Lemme call more cavalry  |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
| reply to eay9
Ah, big cavalry. The author of the program, suggests this:
Can you ask your user to open the vundofix folder and post a list of files that are in it.
If you dont see process.exe have him redownload the vundofix.exe.
»www.atribune.org/downloads/VundoFix.exe
Note to Mods: While the forum rules state not to use a link to an .exe file in a post to protect users from accidentally clicking on a malware file. This fix uses a self-extracting archive in an .exe that is a fix tool only and is NOT malware. No other mirrored download links are allowed by the author of the tool, therefore, you will see the link to Vundofix.exe in my post here is an exception to this forum rule. Using that link for the tool ensures that the OP has the most current version of the tool maintained on the author's authorized website
--
It takes a disaster to make a woman out of a female
Microsoft MVP/Windows Security 2003-2005
Proud Member of ASAP (Alliance of Security Analysis Professionals) |
|
eay9
join:2001-08-03
Dixon, IL | reply to eay9
Re: hijack this log...Winfixer, cws.qttask, Vx2.Look2m
It has ..........
process
command line utitlity
www.beyondlogic.org
I have reinstalled this fix twice thinking that perhaps it was missing something. |
|
eay9
join:2001-08-03
Dixon, IL | reply to eay9
Oops. I forgot The other files are ......
Readme.txt
Vundo Registration Entries
srthjt |
|
eay9
join:2001-08-03
Dixon, IL | What would happen if I just renamed the file? |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL | Re: hijack this log...Winfixer, cws.qttask, Vx2.Lo
Hold on. Atribune is looking at this thread. He should post soon  |
|
Atribune
Premium
join:2004-11-21 | reply to eay9
Can you try Calamity Janes instructions again but this time instead of enter f6 enter use enter ctrl+z enter and let me know how that goes. |
|
eay9
join:2001-08-03
Dixon, IL | reply to eay9
Re: hijack this log...Winfixer, cws.qttask, Vx2.Look2m
Not a problem. I was just thinking out loud:D |
|
eay9
join:2001-08-03
Dixon, IL | reply to eay9
Will do. Thanks for your help. |
|
Atribune
Premium
join:2004-11-21 | Re: hijack this log...Winfixer, cws.qttask, Vx2.Lo
You're welcome, but i wouldn't call it help yet. |
|
eay9
join:2001-08-03
Dixon, IL | reply to eay9
Re: hijack this log...Winfixer, cws.qttask, Vx2.Look2m
enter, ctrl+z, enter......didn't work:( |
|
Atribune
Premium
join:2004-11-21 | Re: hijack this log...Winfixer, cws.qttask, Vx2.Lo
Can you post a new hijackthis log |
|
eay9
join:2001-08-03
Dixon, IL
| reply to eay9
Re: hijack this log...Winfixer, cws.qttask, Vx2.Look2m
Logfile of HijackThis v1.99.1
Scan saved at 8:18:18 PM, on 9/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\default\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = »desktop.presario.net/scripts/red···&lc=0409
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = »www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = »www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Insight Broadband
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MSEvents Object - {52B1DFC7-AAFC-4362-B103-868B0683C697} - C:\WINDOWS\system32\yabab.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\default\My Documents\filelib\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Euchre - »download.games.yahoo.com/games/c···t1_x.cab
O16 - DPF: Yahoo! Pool 2 - »download.games.yahoo.com/games/c···te_x.cab
O16 - DPF: Yahoo! Pyramids - »download.games.yahoo.com/games/c···t1_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - »messenger.zone.msn.com/binary/ms···1267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - »housecall60.trendmicro.com/house···an60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - »www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - »messenger.zone.msn.com/binary/Up···1267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - »messenger.zone.msn.com/binary/Me···1267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - »go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - »download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - »h20270.www2.hp.com/ediags/gmn/in···_gmn.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - »messenger.zone.msn.com/binary/Mi···1267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - »jcs.chat.dcn.yahoo.com/v45/yacscom.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - »appldnld.m7z.net/qtinstall.info.···ller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - »spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - »v5.windowsupdate.microsoft.com/v···10355375
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - »appdirectory.messenger.msn.com/A···ctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - »messenger.zone.msn.com/binary/Me···1267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - »appdirectory.messenger.msn.com/A···kMSN.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - »www.pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - »www.pandasoftware.com/activescan···inst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - »messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - »messenger.zone.msn.com/binary/ZI···2846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - »messenger.zone.msn.com/binary/Ba···1267.cab
O16 - DPF: {C852B12E-3F08-4099-AF8E-32FD327B88EA} (msnloader Class) - »rockstar.messenger.msn.com/rockstar.cab
O20 - Winlogon Notify: yabab - C:\WINDOWS\system32\yabab.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\82VVYU4H\CWShredder[1].exe (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe |
|
Atribune
Premium
join:2004-11-21 | Re: hijack this log...Winfixer, cws.qttask, Vx2.Lo
I sent you a messge hopefully you recieve it |
|
eay9
join:2001-08-03
Dixon, IL | Hmm....Would it be possible to re-send the message? I forgot to update my profile when I changed ISP's. My fault.
Thank you for your help. |
|
