HiJack This Note

Question

I need help with the WinFixer and Trafficexplorer pop ups. I read the post that says I can paste the Hijack this result here to get advice. So here it is. Thank you in advance! Nik.   Logfile of HijackThis v1.99.1Scan saved at 06:28:42 PM, on 9/3/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exeC:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exeC:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exeC:\PROGRA~1\TRENDM~1\INTERN~2	mproxy.exeC:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Trend Micro\Internet Security 2005\pccguide.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\WINDOWS\explorer.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Drivers & Softwares\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywayR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tasktoy.com/R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywayR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Nik's DellO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - (no file)O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWSepair\cmd.dllO2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [pccguide.exe] 'C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe'O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAYO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - Startup: AppRocket.lnk.disabledO4 - Startup: Rainlendar.lnk.disabledO4 - Startup: Stardock ObjectDock.lnk.disabledO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO8 - Extra context menu item: &Document Tree - C:\WINDOWS\web	ree.htmO8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htmO8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htmO8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.htmlO8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htmO8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htmO8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htmO8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htmO8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Subscribe in default RSS reader - C:\Documents and Settings\Nick Su\Application Data\RssBandit\iecontext_subscribefeed.htmO8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.htmlO8 - Extra context menu item: View Partial So&urce - C:\WINDOWS\web\source.htmO8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htmO8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)O9 - Extra button: (no name) - {438AFBA1-B0CB-11d2-9214-00104B3BCE5F} - C:\WINDOWS\web	ree.htmO9 - Extra 'Tools' menuitem: &Document Tree - {438AFBA1-B0CB-11d2-9214-00104B3BCE5F} - C:\WINDOWS\web	ree.htmO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLLO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exeO9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exeO9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exeO9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exeO9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cabO16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cabO16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - http://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CABO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cabO16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cabO16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cabO16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15010/CTPID.cabO20 - Winlogon Notify: cmd - C:\WINDOWSepair\cmd.dllO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXEO23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exeO23 - Service: MSRS Recording SystemService (MSRSService) - Unknown owner - C:\Program Files\NCH Swift Sound\MSRS\msrs.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exeO23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exeO23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exeO23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exeO23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exeO23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2	mproxy.exeO23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

zbestwun2001 · Answer

Let's get started. Please download VundoFix.zip to your desktop. Double-click VundoFix.zip and extract it to your C:\ directory. Copy the instructions below and paste them into Notepad for reference. All other windows need to be closed while doing this fix! Navigate to the new folder C:\VundoFix Double click on KillVundo.bat When it starts running it will tell you that you need an active internet connection then ask you to press any key once you do. Please press any key to continue. Wait for HiJackThis to open. When HiJackThis opens, click Do a system scan only. Place a check next to the following items, if found: O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - (no file) O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file) O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\repair\cmd.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O4 - Startup: AppRocket.lnk.disabled O4 - Startup: Rainlendar.lnk.disabled O4 - Startup: Stardock ObjectDock.lnk.disabled O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present ...(Unless you've set these with a anti-spyware program like SpyBot's Immunize feature, have HiJackThis fix this.) O20 - Winlogon Notify: cmd - C:\WINDOWS\repair\cmd.dll Once they all have a check next to them, click the FIX CHECKED button, then close HiJackThis.You will once again be prompted to press any key. Upon doing so this time you will receive a 'Blue Screen Of Death'. Don't worry,this is normal! Let the computer reboot. If it doesn't boot straight to windows, manually turn the computer off and then back on. After you boot up Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders: folders... C:\WINDOWS\repair C:\PROGRA~1\FlashGet Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're ' in use', try deleting them from ' Safe Mode'. Reboot and post back a new log, and let me know how everything goes.Steve-Once the computer is rebooted post a new HiJackThis log as well as the contents of vundofix.txt which can be found in this folder: C:\VundoFix

Virus & Spyware

Was this post helpful?