1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help needed for a sick Computer

Discussion in 'Virus & Other Malware Removal' started by Captain Morg, Apr 18, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. Captain Morg

    Captain Morg Thread Starter

    Joined:
    Apr 10, 2004
    Messages:
    37
    I'm helping a less knowledgeble friend out with their computer. Right now I have CWshredder, ad-aware, hijackthis, spybot, and just about everything else installed/updated/executed.

    Symptoms: The computer has become incredibly slow in recent weeks, and both ad-aware and spybot both ran partway before it froze. Ad-aware showed more than 150 items before giving up the ghost. CWshredder has already been ran, thankfully the computer is clean of that. Here is the hijackthis log:


    Logfile of HijackThis v1.97.7
    Scan saved at 12:24:05 AM, on 4/18/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\System32\gearsec.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
    C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\DAP\DAP.EXE
    C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
    C:\Program Files\D-Link AirPlus Xtreme G DWL-G650\AIRPLUS.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Program Files\Fujitsu Service Assistant\bin\mpbtn.exe
    C:\Documents and Settings\Jeremy\Desktop\HijackThis_1.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gunbound.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fujitsupc.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://gunbound.net/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.fujitsupc.com/
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\Program Files\Lycos\Sidesearch\sidesearch1311.dll
    O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
    O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - C:\WINDOWS\System32\bpkwb.dll
    O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet4_85.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem217.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: (no name) - {AE113D85-C3F3-4F88-A896-245E71D659C0} - C:\WINDOWS\System32\docpsrop.dll (file missing)
    O2 - BHO: (no name) - {EFD84954-6B46-42f4-81F3-94CE9A77052D} - C:\WINDOWS\lbbho.dll
    O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem214.dll
    O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
    O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\ISTbar\istbar.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
    O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
    O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
    O4 - HKLM\..\Run: [bpk] C:\WINDOWS\System32\bpk.exe
    O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q
    O4 - Global Startup: D-Link AirPlus Xtreme G DWL-G650 Adapter Utility.lnk = C:\Program Files\D-Link AirPlus Xtreme G DWL-G650\AIRPLUS.exe
    O4 - Global Startup: Fujitsu Service Assistant.lnk = C:\Program Files\Fujitsu Service Assistant\bin\matcli.exe
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Sidesearch (HKLM)
    O9 - Extra button: Run DAP (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.fujitsupc.com/
    O16 - DPF: {023A3744-EA13-4C8A-8B23-ABF98974A9F5} (JoyOnPack Control) - http://gunbound.joyon.com/joyonpack.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: {345CA9DC-1600-4CD2-BFCF-7B57DD1A32DA} (NeoworkInstall Control) - http://easyinstall.icons.com.ne.kr/easyinstall/ocx/ver1003/NeoworkInstall.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akamai.net/7/1408/99...W/win/019-0123.20031218.zes4d/iTunesSetup.exe
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,81/mcinsctl.cab
    O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DDA887E8-E6E4-4D48-81E4-817DCA66B8FB} (NethardShort Control) - http://icons.com.ne.kr/active-x/shortcut/netshort/NetShort.cab
    O16 - DPF: {EF86873F-04C2-4A95-A373-5703C08EFC7B} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab



    Any and all help would be appreciated, ignore anything associated with Limewire and DAP. Every other suspicious file is open to repair.
     
  2. Captain Morg

    Captain Morg Thread Starter

    Joined:
    Apr 10, 2004
    Messages:
    37
    Ugh... this comp is in worse shape than I indicated in the above post. There has been a rash of "Microsoft Visual C++ Runtime Library" errors, all having to do with iexplore.exe. Attempted file downloads to the desktop end up resulting in a "cyclical redundancy error" and downloading the file to a folder worked - but then the unzip process failed with the same error indicated! Wtf?! :mad: :mad: :mad: (n)
     
  3. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    Dis you get your CWS problem resolved?

    Add/Remove programs and uninstall "NewDotNet"

    Run hijackthis again and put a checkmark against these entries....double check
    in case you miss anything....
    .....then,close all browser and outlook windowsincluding this one and "fix checked"

    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
    O2 - BHO: (no name) - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - C:\WINDOWS\System32\bpkwb.dll
    O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet4_85.dll
    O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem217.dll
    O2 - BHO: (no name) - {AE113D85-C3F3-4F88-A896-245E71D659C0} - C:\WINDOWS\System32\docpsrop.dll (file missing)
    O2 - BHO: (no name) - {EFD84954-6B46-42f4-81F3-94CE9A77052D} - C:\WINDOWS\lbbho.dll
    O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem214.dll
    O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
    O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\ISTbar\istbar.dll
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
    O4 - HKLM\..\Run: [bpk] C:\WINDOWS\System32\bpk.exe
    O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q
    O16 - DPF: {DDA887E8-E6E4-4D48-81E4-817DCA66B8FB} (NethardShort Control) - http://icons.com.ne.kr/active-x/sho...rt/NetShort.cab
    O16 - DPF: {EF86873F-04C2-4A95-A373-5703C08EFC7B} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab


    Reboot into safe mode by following instructions here: http://helpdesk.its.bethel.edu/resnet/Documents/Antivirus/Safemode.html
    then as some of the files or folders you need to delete may be hidden do this:
    Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
    Click "Apply" then "OK"

    Locate and remove:
    C:\Program Files\Internet Optimizer [FOLDER]
    C:\WINDOWS\System32\bpk.exe
    C:\PROGRAM FILES\CLOCKSYNC [FOLDER]
    C:\Program Files\ISTbar [FOLDER]


    Consider installing the following:

    SpywareBlaster v 3.0 and SpywareGuard v2.2, to prevent Active-X drive-by installations, as well as provide real-time browser hijacking protection: http://www.wilderssecurity.net/index.html

    IE-SPYAD, a registry file that adds a long list of known "sites" to the Restricted Sites of your Internet Explorer: http://www.staff.uiuc.edu/~ehowes/resource.htm

    ;)
     
  4. Captain Morg

    Captain Morg Thread Starter

    Joined:
    Apr 10, 2004
    Messages:
    37
    Doing the stuff above... OMFG it took windows 30+ seconds to recognize that I wanted to save the spywareblaster.exe, what a piece. I thought it locked up. (n)


    ADDED: There was a bpkr.exe in the system32 folder, should I remove this?
     
  5. Captain Morg

    Captain Morg Thread Starter

    Joined:
    Apr 10, 2004
    Messages:
    37
    Ad-aware still dies after instructions above, with 129 objects found! Looks like spybot's not doing much better... :(

    ADDED: Got through as much as I can, ad-aware still locks up when it starts deep-scanning the registry. How infuriating - I know there's hundreds of crapware instances. :mad: (n)
     
  6. Captain Morg

    Captain Morg Thread Starter

    Joined:
    Apr 10, 2004
    Messages:
    37
    WTF is a cyclic redundancy check?!?! Why does it come up on this pentium 4 when I try to unzip/install something?! My ancient 800 never has these errors. What a POS of a laptop. (n) (n) (n) (n) (n)
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/221488

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice