1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

need help!

Discussion in 'Windows XP' started by rob133, Jan 26, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. rob133

    rob133 Thread Starter

    Joined:
    Jan 26, 2005
    Messages:
    10
    Ok where to start. I do not no how i got this pop up but it seemed to install its self under my "c" drive. I am trying to get rid of it, for example i can not unistall it because it is not located in my install/remove programs. This pop up does not have a name but it is really bothering me. Any suggestion or help?

    Also i do have "spy doctor" and "Ad aware" but it seems not to take it away.
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    SpywareBlaster http://www.javacoolsoftware.com/spywareblaster.html
    AdAware SE http://www.majorgeeks.com/download506.html
    SpyBot S&D 1.3 http://www.safer-networking.org/en/download/

    DL them (they are free), install them, check each for their
    definition updates
    and then run AdAware and Spybot, fixing anything
    they say.

    In SpywareBlaster - Always enable all protection after updates
    SpyBot - After an update run immunize

    Do these and reboot before the next step.

    Then get HiJack This http://www.majorgeeks.com/download3155.html, put
    it in a permanent folder (C:\HJT) , run it , DO NOT fix anything, post the
    log here.
     
  3. rob133

    rob133 Thread Starter

    Joined:
    Jan 26, 2005
    Messages:
    10
    ok will do.. thanks
     
  4. rob133

    rob133 Thread Starter

    Joined:
    Jan 26, 2005
    Messages:
    10
    is this what you wanted?

    Logfile of HijackThis v1.99.0
    Scan saved at 9:30:07 PM, on 1/26/2005
    Platform: Windows 2000 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\LEXBCES.EXE
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\LEXPPS.EXE
    C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
    C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
    C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
    C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
    C:\Program Files\McAfee\McAfee VirusScan\Webscanx.exe
    C:\WINNT\Explorer.exe
    C:\WINNT\System32\atiptaxx.exe
    C:\WINNT\System32\desk95.exe
    C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
    C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
    C:\WINNT\loadqm.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Linksys\Wireless-B PCI Adapter\OdHost.exe
    C:\Program Files\Linksys\Wireless-B PCI Adapter\WMP11Cfg.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\PKWARE\PKZIPW4\pkzipw.exe
    C:\DOCUME~1\Kathy\LOCALS~1\Temp\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.dakknqszfwgvncxplb.biz/m...4xRRYqmvRB1TvdNb/h_q0KCWAhSblBHP0864mBrf.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hthyykzobbrzfeaemdouwxvoa.com/m_QqryYItMbM9edEPu8I7ByR8fZYi8M_yqVhGKt_B3E.asp
    R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: (no name) - {79C03BC5-6C55-4B5B-921F-C02B6F1ABD7B} - (no file)
    O2 - BHO: (no name) - {99641F03-A112-6CA6-8573-C73865CF658A} - C:\DOCUME~1\Kathy\APPLIC~1\HEARTS~1\GRAM HELP.exe
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [HydarVisionDesktopManager] desk95.exe
    O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
    O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\bin\4.5.1.0\WeatherOnTray.exe
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [Axis Jump Byte Mail] C:\Documents and Settings\All Users\Application Data\Exitcoalaxisjump\2 Itch.exe
    O4 - HKCU\..\Run: [\Pribi.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pribi\Pribi.exe
    O4 - HKCU\..\Run: [Audiostop] C:\DOCUME~1\Kathy\APPLIC~1\BAITAI~1\tool dash.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B PCI Adapter\Startup.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
    O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E8F27B05-5CB0-47EA-8DA1-3CF0124FE75B}: NameServer = 192.168.1.1,207.236.176.8
    O23 - Service: AVSync Manager - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
    O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
    O23 - Service: McShield - Unknown - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
    O23 - Service: NICSer_WMP11 - Unknown - C:\Program Files\Linksys\Wireless-B PCI Adapter\NICServ.exe
     
  5. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Yep

    I'll post more but go ahead and do

    Lop Uninstaller at this link

    http://www.thespykiller.co.uk/downloads.htm

    Close all browser windows and run the uninstaller.
    When it is finished restart your computer.

    Move HJT to a permanent folder like C:\HJT

    Then markl these, close IE, click fix checked, boot and post a new log

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.dakknqszfwgvncxplb.biz/m...HP0864mBrf.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hthyykzobbrzfeaemdouwxvo...yqVhGKt_B3E.asp
    R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
     
  6. rob133

    rob133 Thread Starter

    Joined:
    Jan 26, 2005
    Messages:
    10
    Ok thanks alot! but you lost me up to the

    "Move HJT to a permanent folder like C:\HJT"

    "Then markl these, close IE, click fix checked, boot and post a new log"

    But hey man, i really apperciate this!
     
  7. Dr Dave

    Dr Dave

    Joined:
    Apr 8, 2002
    Messages:
    1,156
    Will give you a procedure to fix it yourself to keep it from being re-infected.
    [1] Download, install and run Webroots, Spysweeper
    [2] Download. install and run Firefox 1.0 Browser.
    [3] Get yourself a good virus program like Avast Anti-Virus which automatically updates its program and definitions.
    [2 and 3] are free programs, Spysweeper, which has won numberous
    awards is well worth the money. http://www.webroot.com/
    http://www.mozilla.org/
    http://www.avast.com/eng/avast_4_home.html
     
  8. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    HI :)

    What he means is, make a permanent folder on your C: drive.
    Call it something like "HJT" and move the HijackThis.exe from the Temp folder into the new folder you created.

    Then run Hijack This again (with IE closed)

    Put a check next to the entries MFDnSC listed and hit Fix checked

    Then reboot and post a new log (y)
     
  9. rob133

    rob133 Thread Starter

    Joined:
    Jan 26, 2005
    Messages:
    10
    Ok i did that. But its still there :mad: :mad: :mad: !!!
     
  10. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Post a new log
     
  11. rob133

    rob133 Thread Starter

    Joined:
    Jan 26, 2005
    Messages:
    10
    ok i no nothing about computers. so i am lost. You mean like a thread?
     
  12. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Oh no no :)

    I mean a new Hijack This log
    Like the one from above.
     
  13. rob133

    rob133 Thread Starter

    Joined:
    Jan 26, 2005
    Messages:
    10
    well ok. You mean rerun it? is there anyway you can show me step by step. do you have an email?
     
  14. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Yes rerun it

    Open the program.
    Hit "Scan"
    Then hit "Save Log"
    Open the log file you just saved
    Go to Edit>Select All
    Then Edit>Copy

    Go back to this thread
    Go to Edit>Paste

    (y)
     
  15. rez410

    rez410

    Joined:
    Dec 28, 2004
    Messages:
    163
    ok just like you did the first time. run HijackThis and post the log
    this is an example of your first one


    Logfile of HijackThis v1.99.0
    Scan saved at 9:30:07 PM, on 1/26/2005
    Platform: Windows 2000 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\LEXBCES.EXE
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\LEXPPS.EXE
    C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/323785

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice