1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Eek!!

Discussion in 'Virus & Other Malware Removal' started by Jace Vorel, Oct 16, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. Jace Vorel

    Jace Vorel Thread Starter

    Joined:
    Oct 16, 2003
    Messages:
    18
    Hi! I'm new to this whole HijackThis thingy, so could someone take a look at this for me?:

    Logfile of HijackThis v1.97.3
    Scan saved at 9:40:38 AM, on 17/10/2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\NavNT\defwatch.exe
    C:\Program Files\NavNT\rtvscan.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\PC-cillin 2003\Tmntsrv.exe
    C:\Program Files\Trend Micro\PC-cillin 2003\tmproxy.exe
    C:\Program Files\Trend Micro\PC-cillin 2003\PccPfw.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\MsgSys.EXE
    C:\Program Files\NavNT\vptray.exe
    C:\Program Files\Trend Micro\PC-cillin 2003\pccguide.exe
    C:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe
    C:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\PDG 3\pdg.exe
    C:\Documents and Settings\All Users\Documents\Downloads\Apps\HijackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    O1 - Hosts: 3510794918 auto.search.msn.com
    O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
    O4 - HKLM\..\Run: [Tapicfg.exe] C:\WINDOWS\System32\tapicfg.exe
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\pccguide.exe"
    O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe"
    O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [DKQXBHOU] C:\WINDOWS\DKQXBHOU.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [supervisor.exe] C:\WINDOWS\supervisor.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O9 - Extra button: Run DAP (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/0fb5e03023def1/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O19 - User stylesheet: C:\WINDOWS\Web\win.def (file missing)
    O19 - User stylesheet: C:\WINDOWS\default.css (file missing) (HKLM)


    I recently found 3 viruses on my system - "AnyWindowsBF.BruteForce"(or something to like that), "Trojan.Qhosts.A" and "Trojan.Bootconf". I thought I'd gotten rid of them, but they keep showing up - HELP!!
     
  2. buckaroo

    buckaroo

    Joined:
    Mar 25, 2001
    Messages:
    3,334
  3. Jace Vorel

    Jace Vorel Thread Starter

    Joined:
    Oct 16, 2003
    Messages:
    18
    Jeez! Talk about having ones system wide open! anyway, here's my new (and hopefully improved) log:

    Logfile of HijackThis v1.97.3
    Scan saved at 12:44:27 PM, on 17/10/2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\NavNT\defwatch.exe
    C:\Program Files\NavNT\rtvscan.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\PC-cillin 2003\Tmntsrv.exe
    C:\Program Files\Trend Micro\PC-cillin 2003\tmproxy.exe
    C:\Program Files\Trend Micro\PC-cillin 2003\PccPfw.exe
    C:\Program Files\NavNT\vptray.exe
    C:\Program Files\Trend Micro\PC-cillin 2003\pccguide.exe
    C:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe
    C:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe
    C:\WINDOWS\System32\MsgSys.EXE
    C:\WINDOWS\supervisor.exe
    C:\Documents and Settings\All Users\Documents\Downloads\Apps\HijackThis.exe

    O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\pccguide.exe"
    O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe"
    O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [DKQXBHOU] C:\WINDOWS\DKQXBHOU.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [supervisor.exe] C:\WINDOWS\supervisor.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O9 - Extra button: Run DAP (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/0fb5e03023def1/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37910.7357407407
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab



    -Scott
     
  4. Jace Vorel

    Jace Vorel Thread Starter

    Joined:
    Oct 16, 2003
    Messages:
    18
    anyone??
     
  5. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,196
    First Name:
    Derek
    this looks like a virus
    O4 - HKLM\..\Run: [DKQXBHOU] C:\WINDOWS\DKQXBHOU.exe

    and I have no idea what this one is,
    O4 - HKCU\..\Run: [supervisor.exe] C:\WINDOWS\supervisor.exe
    it could be to do with a lan manager but I'm not sure

    for now
    Run an online antivirus check from at least one of the following sites
    http://security.symantec.com/default.asp?
    http://housecall.trendmicro.com/
    http://www.pandasoftware.com/activescan/

    and then post back, while we attempt to do some research about the supervisor.exe entry
     
  6. Jace Vorel

    Jace Vorel Thread Starter

    Joined:
    Oct 16, 2003
    Messages:
    18
    Symantec Exposure Report: Port 445 open / ICMP Echo returned positive. Everything else: OK

    Panda Active Scan: No Virus detected

    Norton Realtime Scan: No virus Detected

    I think supervisor.exe is related to PCDoorGuard 3 (also returned nothing in a virus scan)
     
  7. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
  8. buckaroo

    buckaroo

    Joined:
    Mar 25, 2001
    Messages:
    3,334

    Candy....in looking closely at Eddie's post I'm not sure he was attributing supervisor.exe to NAV script blocking. Looks to me by not having any description next to it, he was in effect leaving it blank.

    Much like the look on my face....... :p

    MHO anyway.
     
  9. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    Good golly batman, you might be right :D

    What was I thinking earlier :eek: Of course that was prior to my tavern visit :eek:
     
  10. buckaroo

    buckaroo

    Joined:
    Mar 25, 2001
    Messages:
    3,334
    Jace

    If you're confident about supervisor.exe being a legitimate application, leave it for now.

    I would take out this entry:

    O4 - HKLM\..\Run: [DKQXBHOU] C:\WINDOWS\DKQXBHOU.exe


    ......close your browser, check the item in HJT, click Fix.

    Reboot.

    FYI, HJT has a backup feature if you need to restore an entry.

    :)
     
  11. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,196
    First Name:
    Derek
    run hijackthis, tick all below, doublecheck to make sure you haven't missed any, close all browser windows & press fix checked

    O4 - HKLM\..\Run: [DKQXBHOU] C:\WINDOWS\DKQXBHOU.exe

    then reboot & delete C:\WINDOWS\DKQXBHOU.exe

    If it isn't a virus then it's definitely a spyware/adware pop up ads baddie

    I am sure eventually we will find out what supervisor.exe is

    for now can you navigate to C:\WINDOWS\supervisor.exe right click the file and look at it's properties and see which company If any is listed as it's installer/maker etc
     
  12. Jace Vorel

    Jace Vorel Thread Starter

    Joined:
    Oct 16, 2003
    Messages:
    18
    thanks...btw...is there any major probs wth having more than one AV program??
     
  13. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,196
    First Name:
    Derek
    Jace

    there can be major problems when running more than one AV

    the main problem is that several of the major AV's clash and the result can be a virus getting through as neither actually gets to deal with it. What happens is that say Norton finds it & locks it to deal with, but mc'affee also finds the same virus, but locks a different infected file first, then neither can delete the virus becuse the other one has locked the files as in use and unable to be deleted.

    also some av's find false viruses in the other av's definition file and try to remove them with drastic consequenses.

    by all means have a second av as a backup, but only allow one to autoprotect the system and just run manual scans withn the second one.
     
  14. Jace Vorel

    Jace Vorel Thread Starter

    Joined:
    Oct 16, 2003
    Messages:
    18
    So what do you guys recommend along the lines of AV software? Norton? PC-cillian? Something else entirely??
     
  15. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,196
    First Name:
    Derek

    You would open that can of worms again :D

    500 different people will give you 500 different answers.

    I use AVG 7 now which suits me fine, many use AVG free edition, lots of forum users are perfectly happy with it and it appears to work well.

    Others swear by NOD
    some say Norton

    The consensus seems to be that MC'affee isn't the best at the moment
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/172459

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice