need help!

Ok where to start. I do not no how i got this pop up but it seemed to install its self under my "c" drive. I am trying to get rid of it, for example i can not unistall it because it is not located in my install/remove programs. This pop up does not have a name but it is really bothering me. Any suggestion or help?

Also i do have "spy doctor" and "Ad aware" but it seems not to take it away.

 

SpywareBlaster http://www.javacoolsoftware.com/spywareblaster.html
AdAware SE http://www.majorgeeks.com/download506.html
SpyBot S&D 1.3 http://www.safer-networking.org/en/download/

DL them (they are free), install them, check each for their
definition updates and then run AdAware and Spybot, fixing anything
they say.

In SpywareBlaster - Always enable all protection after updates
SpyBot - After an update run immunize

Do these and reboot before the next step.

Then get HiJack This http://www.majorgeeks.com/download3155.html, put
it in a permanent folder (C:\HJT) , run it , DO NOT fix anything, post the
log here.

 

ok will do.. thanks

 

is this what you wanted?

Logfile of HijackThis v1.99.0
Scan saved at 9:30:07 PM, on 1/26/2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\McAfee\McAfee VirusScan\Webscanx.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\atiptaxx.exe
C:\WINNT\System32\desk95.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\WINNT\loadqm.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Linksys\Wireless-B PCI Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-B PCI Adapter\WMP11Cfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\PKWARE\PKZIPW4\pkzipw.exe
C:\DOCUME~1\Kathy\LOCALS~1\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.dakknqszfwgvncxplb.biz/m...4xRRYqmvRB1TvdNb/h_q0KCWAhSblBHP0864mBrf.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hthyykzobbrzfeaemdouwxvoa.com/m_QqryYItMbM9edEPu8I7ByR8fZYi8M_yqVhGKt_B3E.asp
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {79C03BC5-6C55-4B5B-921F-C02B6F1ABD7B} - (no file)
O2 - BHO: (no name) - {99641F03-A112-6CA6-8573-C73865CF658A} - C:\DOCUME~1\Kathy\APPLIC~1\HEARTS~1\GRAM HELP.exe
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HydarVisionDesktopManager] desk95.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\bin\4.5.1.0\WeatherOnTray.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Axis Jump Byte Mail] C:\Documents and Settings\All Users\Application Data\Exitcoalaxisjump\2 Itch.exe
O4 - HKCU\..\Run: [\Pribi.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pribi\Pribi.exe
O4 - HKCU\..\Run: [Audiostop] C:\DOCUME~1\Kathy\APPLIC~1\BAITAI~1\tool dash.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B PCI Adapter\Startup.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E8F27B05-5CB0-47EA-8DA1-3CF0124FE75B}: NameServer = 192.168.1.1,207.236.176.8
O23 - Service: AVSync Manager - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: McShield - Unknown - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: NICSer_WMP11 - Unknown - C:\Program Files\Linksys\Wireless-B PCI Adapter\NICServ.exe

 

Yep

I'll post more but go ahead and do

Lop Uninstaller at this link

http://www.thespykiller.co.uk/downloads.htm

Close all browser windows and run the uninstaller.
When it is finished restart your computer.

Move HJT to a permanent folder like C:\HJT

Then markl these, close IE, click fix checked, boot and post a new log

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.dakknqszfwgvncxplb.biz/m...HP0864mBrf.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hthyykzobbrzfeaemdouwxvo...yqVhGKt_B3E.asp
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

 

Ok thanks alot! but you lost me up to the

"Move HJT to a permanent folder like C:\HJT"

"Then markl these, close IE, click fix checked, boot and post a new log"

But hey man, i really apperciate this!

 

Will give you a procedure to fix it yourself to keep it from being re-infected.
[1] Download, install and run Webroots, Spysweeper
[2] Download. install and run Firefox 1.0 Browser.
[3] Get yourself a good virus program like Avast Anti-Virus which automatically updates its program and definitions.
[2 and 3] are free programs, Spysweeper, which has won numberous
awards is well worth the money. http://www.webroot.com/
http://www.mozilla.org/
http://www.avast.com/eng/avast_4_home.html

 

HI

What he means is, make a permanent folder on your C: drive.
Call it something like "HJT" and move the HijackThis.exe from the Temp folder into the new folder you created.

Then run Hijack This again (with IE closed)

Put a check next to the entries MFDnSC listed and hit Fix checked

Then reboot and post a new log

 

Ok i did that. But its still there !!!

 

Post a new log

 

ok i no nothing about computers. so i am lost. You mean like a thread?

 

Oh no no

I mean a new Hijack This log
Like the one from above.

 

well ok. You mean rerun it? is there anyway you can show me step by step. do you have an email?

 

Yes rerun it

Open the program.
Hit "Scan"
Then hit "Save Log"
Open the log file you just saved
Go to Edit>Select All
Then Edit>Copy

Go back to this thread
Go to Edit>Paste

 

ok just like you did the first time. run HijackThis and post the log
this is an example of your first one


Logfile of HijackThis v1.99.0
Scan saved at 9:30:07 PM, on 1/26/2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe