Having Winfixer Problems -- HijackThis & uninstall list

Welcome! Register for a free account (or login) > How does it work?

Quickly register. It will only take 60 seconds.
Start a new topic. Ask your question. Wait for an email reply.
Is your system infected? Begin reading the malware removal guide.

What the Tech > Spyware / Malware / Virus Removal > Infections Removal

Having Winfixer Problems -- HijackThis & uninstall list

Options

ScottyG View Member Profile	Jan 6 2006, 06:34 PM Post #1
New Member Group: Authentic Member Posts: 15 Joined: 6-January 06 Member No.: 47,923 Operating System: XP	Please help me with getting rid of this annoying WinFixer popup. Here's my HJT log followed by the uninstall list: Logfile of HijackThis v1.99.1 Scan saved at 6:23:21 PM, on 1/6/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe C:\WINDOWS\System32\ScsiAccess.EXE C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ca.exe C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Scott\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gt.rr.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\ddccb.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: ATLDistrib Object - {3FE36807-69ED-45D1-B9BE-85C0E3F75B6A} - C:\WINDOWS\system32\jkkli.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ca.exe O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe" O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe" O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe" O4 - HKLM\..\Run: [System Kernal Support] system.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\RunServices: [System Kernal Support] system.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124330648750 O20 - Winlogon Notify: ddccb - C:\WINDOWS\SYSTEM32\ddccb.dll O20 - Winlogon Notify: jkkli - C:\WINDOWS\system32\jkkli.dll O20 - Winlogon Notify: pmnll - C:\WINDOWS\system32\pmnll.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing) UNINSTALL LIST: 3D Groove Playback Engine Adobe Acrobat 5.0 Adobe Download Manager 2.0 (Remove Only) Adobe Photoshop Album 2.0 Starter Edition Adobe Reader 7.0 America Online (Choose which version to remove) Ant War Anti Boss Key AOL Instant Messenger aspi ATI Control Panel ATI Decoder ATI Display Driver ATI HYDRAVISION ATI Multimedia Center 9.01 ATI Remote Wonder 2.3 Blackhawk Striker from ATI (remove only) Blasterball 2 from ATI (remove only) BMSE dbl BookWorm Deluxe 1.03 Bounce Symphony from ATI (remove only) CA eTrust PestPatrol CCHelp CCScore Chuzzle Deluxe 1.0 Chuzzle Deluxe from ATI (remove only) Conexant SmartHSFi V.9x 56K DF PCI Modem CoolSpeech 5.0 with Mary DAO Dell Support 5.0.0 (766) Digital Line Detect DivX DivX Player DVDSentry Dynomite Deluxe 2.71 ESSAdpt ESSANUP ESSCAM ESSCDBK ESScore ESSgui ESShelp ESSini ESSPCD ESSTUTOR ESSvpaht ESSvpot eTrust EZ Antivirus eTrust EZ Armor Guild Wars HijackThis 1.99.1 HP Deskjet 6800 HP Photo & Imaging 4.1 HP Software Update IE Help IEC system Insaniquarium Deluxe 1.0 Insaniquarium Deluxe from ATI (remove only) Intel® Extreme Graphics Driver Intel® PRO Network Adapters and Drivers Intel® PROSet InterActual Player Internet Explorer Default Page Jasc Paint Shop Photo Album Jasc Paint Shop Pro 8 Dell Edition Java 2 Runtime Environment, SE v1.4.2 Kodak EasyShare software KSU LimeWire 4.9.37 Listen Rhapsody Macromedia Flash Player 8 Macromedia Shockwave Player Mars Rover from ATI (remove only) MechWarrior 4 Mercenaries MechWarrior Vengeance Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB886903) Microsoft Data Access Components KB870669 Microsoft Office Basic Edition 2003 Microsoft Text-to-Speech Engine 4.0 (English) Modem Helper MSN Music Assistant MUSICMATCH® Jukebox NetWaiting Notifier Orbital from ATI (remove only) OTtBP Overball from ATI (remove only) P.I.E. Patch Polar Bowler from ATI (remove only) PowerDVD QuickTime RealOne Player Retrospect 6.5 Rhapsody Runescape Xplorer 2 Security Update for Step By Step Interactive Training (KB898458) Security Update for Windows XP (KB883939) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB896688) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899588) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB903235) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB912919) SFR SFR2 Shockwave Sonic DLA Sonic RecordNow! Sound Blaster Live! Starware 3.3.2.0 STX from ATI (remove only) SuperPower (remove only) Support Software Untitled Screen Saver Update for Windows XP (KB894391) Update for Windows XP (KB896727) Update for Windows XP (KB898461) Update for Windows XP (KB910437) USB MassStorage CardReader Viewpoint Media Player Virtual Warfare from ATI (remove only) WD Media Center Driver WildTangent GameChannel (remove only) WildTangent Web Driver Windows Genuine Advantage v1.3.0254.0 Windows Installer 3.1 (KB893803) Windows Installer 3.1 (KB893803) Windows Media Encoder 9 Series Windows Media Encoder 9 Series Windows Media Format Runtime Windows Media Player 10 Windows SA Windows SR 2.0 Windows XP Hotfix - KB834707 Windows XP Hotfix - KB867282 Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890047 Windows XP Hotfix - KB890175 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB890923 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB893066 Windows XP Hotfix - KB893086 Windows XP Service Pack 2 WinZip Word Symphony from ATI (remove only) Yahoo! Companion

Replies

Siggyx View Member Profile	Jan 7 2006, 10:21 AM Post #2
SuperHelper Group: Authentic Member Posts: 6,744 Joined: 11-May 04 From: Cambridge, Ontario Member No.: 6,554 Operating System: Some wires and a screen	Ok, post a new hijackthis log please.

Posts in this topic

ScottyG Having Winfixer Problems -- HijackThis & uninstall list Jan 6 2006, 06:34 PM

Siggyx Download VirtumundoBegone and save it to your desk... Jan 6 2006, 11:06 PM

ScottyG When I tried the VirtumundoBegone download, I got ... Jan 7 2006, 10:15 AM

Siggyx Ok, post a new hijackthis log please. Jan 7 2006, 10:21 AM

ScottyG I certainly appreciate the quick response. Here... Jan 7 2006, 10:49 AM

Siggyx STEP 1. ====== SpySweeper Please download http://... Jan 7 2006, 04:26 PM

ScottyG Hate to be a pain, but I get "You are not aut... Jan 7 2006, 09:12 PM

ScottyG Stand by.... my firewall settings were a little to... Jan 7 2006, 10:40 PM

ScottyG Allright... here's some results: The SpySweep... Jan 8 2006, 10:22 AM

Siggyx Scan with hijackthis (close all browser windows) t... Jan 8 2006, 10:27 AM

ScottyG Here you go: Logfile of HijackThis v1.99.1 Scan s... Jan 8 2006, 10:53 AM

Siggyx Have hijackthis fix this line R3 - Default URLSea... Jan 8 2006, 10:57 AM

ScottyG I just had my daughter try it out and one of her s... Jan 8 2006, 11:21 AM

Siggyx Well looks like we got the infections off the syst... Jan 8 2006, 11:24 AM

ScottyG I'm at work, so it will be this evening (Centr... Jan 9 2006, 10:34 AM

ScottyG Done... no issues. Here's the log file: Logf... Jan 9 2006, 07:24 PM

Siggyx Glad we could be of assistance. This topic is now ... Jan 9 2006, 08:01 PM

« Next Oldest · Infections Removal · Next Newest »

Topic Title	Replies	Topic Starter	Views	Last Action
Infections Removal [Closed] HijackThis Log and post Security-Tool virus problems	29	AndrewReed	756	Today, 06:48 AM Last post by: CatByte
Browsers, Internet and email Browser Problems with IE/Firefox/Google chrome & Opera	0	Helpless Oldie	12	Today, 04:55 AM Last post by: Helpless Oldie
Other software java certificate problems in firefox	4	damien44	51	Today, 03:54 AM Last post by: Doug
Infections Removal HiJackThis Log	5	Blindsided623	72	Yesterday, 08:25 PM Last post by: ken545