i keep getting a pop up of winfixer.com every time i use internet exp.i did everything the thread said to do using ccleaner and anti virus scan.i tried almost every program out there to try to get rid of this.and on the scan report it says i have viewpoint tool bar and i cant get rid of that either.are these a virus or a trojan? any help will be appreciated. here is the hijack log file Logfile of HijackThis v1.99.1 Scan saved at 6:33:12 PM, on 1/19/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AVENGINE.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\program files\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PsImSvc.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\apvxdwin.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Common Files\AOL\1109400908\ee\AOLSoftware.exe C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\SRVLOAD.EXE C:\Program Files\America Online 9.0\waol.exe C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\WebProxy.exe C:\Program Files\America Online 9.0\shellmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\COMMON~1\MICROS~1\Msinfo\OFFPROV.EXE C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: ATLDistrib Object - {83A5F7B7-DC75-44CE-9195-264F41709FA9} - C:\WINDOWS\system32\vtstr.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1109400908\ee\AOLSoftware.exe O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\Inicio.exe" O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll O20 - Winlogon Notify: vtstr - C:\WINDOWS\system32\vtstr.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe O23 - Service: Panda Antispam Engine (pmshellsrv) - PANDA SOFTWARE - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program files\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PsImSvc.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Have you tried anti-spyware software? Here are some of the best ones out there, for free: [bold]Ad-Aware SE 1.06[/bold]: http://www.download.com/Ad-Aware-SE-Personal-Edition/3000-8022_4-10399602.html?tag=lst-4-1 [bold]Spybot: Search & Destroy[/bold] : http://www.download.com/Spybot-Search-Destroy/3000-8022_4-10401314.html?tag=lst-4-2 [bold]Microsoft AntiSpyware[/bold] : http://filehippo.com/download_microsoft_antispyware/ Other Tools: [bold]CoolWeb Shredder[/bold] (gets rid of the coolwebsearch trojans/hijackers) : http://filehippo.com/download_cwshredder/ [bold]Spyware Blaster[/bold] (prevents Active-X based spyware from installing) : http://filehippo.com/download_spywareblaster/ [bold]Win Patrol[/bold] (helps manage start-up entries, end stubborn programs that refuse to close, etc.) :http://www.winpatrol.com/wpsetup.exe Some other Anti-Virus software to consider using if your current anti-virus isn't picking up viruses/worms/trojans... Anti-Vir: http://filehippo.com/download_antivir/ - I can help you set this one up so that it detect better than the default settings... [bold]Avast! Home Edition 4.6.744[/bold] : http://filehippo.com/download_avast_antivirus/ [bold]AVG Free Edition[/bold] : http://filehippo.com/download_avg_antivirus/ Remember to update the programs you wish to use! Let us know how everything goes. Provide details so that people can help you to the best of our ability...
i have tried the following programs with no luck. Ad-Aware SE 1.06,Spybot: Search & Destroy,Microsoft AntiSpyware,CoolWeb Shredder,Win Patrol. i am going to try avast anti virus home edition.can you help me set it up.thank you for all of your help so far.
Actually, I'm more familiar with AntiVir than Avast! I can help you set that one up. By the way, when you use Internet Explorer, the homepage that you use, is it: http://www.optonline.net/ ? If not then open up Hijack This and place a checkmark at the following entries: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/ O2 - BHO: ATLDistrib Object - {83A5F7B7-DC75-44CE-9195-264F41709FA9} - C:\WINDOWS\system32\vtstr.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing) O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing) Download ewido security suite install, update and run it. http://www.download.com/Ewido-Security-Suite/3000-8022_4-10326287.html Please set up as :- 1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu". 2. Run Ewido --- When you run it for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment. 3. From the main ewido screen, click on update in the left menu, then click the Start update button. 4. After the update finishes (the status bar at the bottom will display "Update successful") 5. You may need to manually update the definitions which you can get HERE 6. Exit Ewido. DO NOT scan yet. boot into safemode...and scan with Ewido 7. Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run. 8. If ewido finds anything, it will pop up a notification. We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, AOL pcAnywhere and the game "Risk" have been flagged), select "none" as the action. DO NOT check "Perform action with all infections". If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if ewido needs to be run again. 9. Once the ewido scan has completed, there will be a button located on the bottom of the screen called Save report. Important - You need to click "Save report" and Save it to your desktop, or you wont have a log reboot post the ewido log
first i want to thank you for all of your help.before i ran ewido in safe mode i tried vundo fix. and it found some files and deleted them. then i ran ewido in safe mode and it found nothing.but i have had no problem with pop ups any more after running vundo fix.here is my latest hijack report.do you see anything that shouldnt be there? Logfile of HijackThis v1.99.1 Scan saved at 12:22:22 PM, on 1/21/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\AOL\1109400908\ee\AOLSoftware.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\America Online 9.0\waol.exe C:\Program Files\America Online 9.0\shellmon.exe C:\Documents and Settings\mike\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1109400908\ee\AOLSoftware.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe plus i ran a program called rootkit revealer and it found 1 file. here is the report.should i be concern about this. HKLM\SOFTWARE\Classes\webcal\URL Protocol 2/26/2005 1:56 AM 13 bytes Data mismatch between Windows API and raw hive data. thanx for all the help.
Your log looks clean for now, but there are some entries I'm going to do some additional research on to make sure you are in fact clean. However, for some reason, some of the anti-spyware/anti-virus software components that run in the background after you have booted your comp, seems to be have missing files. It's not a big problem, though I do not know how that would've happened. As for the rootkit problem, don't worry too much about it. Unless you bought one of the cds that Sony recalled due to the rootkit-like installation of DRM components made by First4Internet (company) and/or Media Max. If you have, here's a free tool from the makes of Ad-Aware to help remove the rootkit from the Sony CDs: Info: http://www.lavasoftusa.com/software/rootkit/ Remover: http://updates.ls-servers.com/AriesRemoverInst.exe Final suggestions: Remember to update your anti-virus, anti-spyware apps every week and to scan your comp for such stuff. New stuff gets created on a daily basis, so be careful on which sites you visit. Make sure you have a firewall to protect data from coming in [bold]and[/bold] out of your computer. You can get a free one from Zone Alarm: http://www.download.com/ZoneAlarm/3000-10435_4-10465069.html?tag=lst-0-3 Internet Explorer is one of the worst browsers anyone could use. Due to many flaws and vulnerabilities...many browser hijacks target IE. Here are some browsers to consider, since they are safer: Firefox: http://filehippo.com/download_firefox/ Avant (use this as a replacement for IE when certain sites "require" IE to access the site, for example: Microsoft Windows Update Site): http://filehippo.com/download_avant_browser/ Final thing: Go to Microsoft's website to download the latest updates to secure XP: http://windowsupdate.microsoft.com/
thanx for all of your help.computer running fine know.one more question have you or anybody else heard of viewpoint media player?it keeps comming up on my scans.i keep deleting it but it keeps comming back after i restart my computer.its even in my add/remove programs.
Yes, Viewpoint Media Player could be labled both ways. Some antispyware companies will label it spyware, while some won't. It does however install w/out the user's consent. It's usually bundled with AIM and Netscape. For more information to help whether you want to get rid of it: http://www.kephyr.com/spywarescanner/library/viewpointmediaplayer/index.phtml
