need help!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

rob133

Thread Starter
Joined
Jan 26, 2005
Messages
10
Ok where to start. I do not no how i got this pop up but it seemed to install its self under my "c" drive. I am trying to get rid of it, for example i can not unistall it because it is not located in my install/remove programs. This pop up does not have a name but it is really bothering me. Any suggestion or help?

Also i do have "spy doctor" and "Ad aware" but it seems not to take it away.
 
Joined
Sep 7, 2004
Messages
49,014
SpywareBlaster http://www.javacoolsoftware.com/spywareblaster.html
AdAware SE http://www.majorgeeks.com/download506.html
SpyBot S&D 1.3 http://www.safer-networking.org/en/download/

DL them (they are free), install them, check each for their
definition updates
and then run AdAware and Spybot, fixing anything
they say.

In SpywareBlaster - Always enable all protection after updates
SpyBot - After an update run immunize

Do these and reboot before the next step.

Then get HiJack This http://www.majorgeeks.com/download3155.html, put
it in a permanent folder (C:\HJT) , run it , DO NOT fix anything, post the
log here.
 

rob133

Thread Starter
Joined
Jan 26, 2005
Messages
10
is this what you wanted?

Logfile of HijackThis v1.99.0
Scan saved at 9:30:07 PM, on 1/26/2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\McAfee\McAfee VirusScan\Webscanx.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\atiptaxx.exe
C:\WINNT\System32\desk95.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\WINNT\loadqm.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Linksys\Wireless-B PCI Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-B PCI Adapter\WMP11Cfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\PKWARE\PKZIPW4\pkzipw.exe
C:\DOCUME~1\Kathy\LOCALS~1\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.dakknqszfwgvncxplb.biz/m...4xRRYqmvRB1TvdNb/h_q0KCWAhSblBHP0864mBrf.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hthyykzobbrzfeaemdouwxvoa.com/m_QqryYItMbM9edEPu8I7ByR8fZYi8M_yqVhGKt_B3E.asp
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {79C03BC5-6C55-4B5B-921F-C02B6F1ABD7B} - (no file)
O2 - BHO: (no name) - {99641F03-A112-6CA6-8573-C73865CF658A} - C:\DOCUME~1\Kathy\APPLIC~1\HEARTS~1\GRAM HELP.exe
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HydarVisionDesktopManager] desk95.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\bin\4.5.1.0\WeatherOnTray.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Axis Jump Byte Mail] C:\Documents and Settings\All Users\Application Data\Exitcoalaxisjump\2 Itch.exe
O4 - HKCU\..\Run: [\Pribi.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pribi\Pribi.exe
O4 - HKCU\..\Run: [Audiostop] C:\DOCUME~1\Kathy\APPLIC~1\BAITAI~1\tool dash.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B PCI Adapter\Startup.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E8F27B05-5CB0-47EA-8DA1-3CF0124FE75B}: NameServer = 192.168.1.1,207.236.176.8
O23 - Service: AVSync Manager - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: McShield - Unknown - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: NICSer_WMP11 - Unknown - C:\Program Files\Linksys\Wireless-B PCI Adapter\NICServ.exe
 
Joined
Sep 7, 2004
Messages
49,014
Yep

I'll post more but go ahead and do

Lop Uninstaller at this link

http://www.thespykiller.co.uk/downloads.htm

Close all browser windows and run the uninstaller.
When it is finished restart your computer.

Move HJT to a permanent folder like C:\HJT

Then markl these, close IE, click fix checked, boot and post a new log

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.dakknqszfwgvncxplb.biz/m...HP0864mBrf.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hthyykzobbrzfeaemdouwxvo...yqVhGKt_B3E.asp
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
 

rob133

Thread Starter
Joined
Jan 26, 2005
Messages
10
Ok thanks alot! but you lost me up to the

"Move HJT to a permanent folder like C:\HJT"

"Then markl these, close IE, click fix checked, boot and post a new log"

But hey man, i really apperciate this!
 
Joined
Apr 8, 2002
Messages
1,156
Will give you a procedure to fix it yourself to keep it from being re-infected.
[1] Download, install and run Webroots, Spysweeper
[2] Download. install and run Firefox 1.0 Browser.
[3] Get yourself a good virus program like Avast Anti-Virus which automatically updates its program and definitions.
[2 and 3] are free programs, Spysweeper, which has won numberous
awards is well worth the money. http://www.webroot.com/
http://www.mozilla.org/
http://www.avast.com/eng/avast_4_home.html
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
rob133 said:
Ok thanks alot! but you lost me up to the

"Move HJT to a permanent folder like C:\HJT"

"Then markl these, close IE, click fix checked, boot and post a new log"

But hey man, i really apperciate this!
HI :)

What he means is, make a permanent folder on your C: drive.
Call it something like "HJT" and move the HijackThis.exe from the Temp folder into the new folder you created.

Then run Hijack This again (with IE closed)

Put a check next to the entries MFDnSC listed and hit Fix checked

Then reboot and post a new log (y)
 

rob133

Thread Starter
Joined
Jan 26, 2005
Messages
10
ok i no nothing about computers. so i am lost. You mean like a thread?
 

rob133

Thread Starter
Joined
Jan 26, 2005
Messages
10
well ok. You mean rerun it? is there anyway you can show me step by step. do you have an email?
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Yes rerun it

Open the program.
Hit "Scan"
Then hit "Save Log"
Open the log file you just saved
Go to Edit>Select All
Then Edit>Copy

Go back to this thread
Go to Edit>Paste

(y)
 
Joined
Dec 28, 2004
Messages
163
ok just like you did the first time. run HijackThis and post the log
this is an example of your first one


Logfile of HijackThis v1.99.0
Scan saved at 9:30:07 PM, on 1/26/2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top