1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Oh God! What Happened?!

Discussion in 'Virus & Other Malware Removal' started by Renegade313, Jan 10, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. Renegade313

    Renegade313 Thread Starter

    Joined:
    May 25, 2004
    Messages:
    151
    look. I have...s.crewed myself over somehow. I went into safe mode, and ran a bunch of programs to clean up my system.

    problem one: One program uninstalled my video drivers.

    problem two: my computer's defenses are GONE it seems because I'm getitng more pop mups and error messages than EVER before. I have an AD on my desktop. a CLICKABLE ad is on my desktop as a background image. I can close that, but behind it theres an error message image. I'veb been running sometuff on my comp again to try to get rid of it, but nothings working, what should i do?!

    Heres my hijackthis log:

    Logfile of HijackThis v1.99.1
    Scan saved at 10:19:24 PM, on 1/10/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe
    C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
    C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
    C:\WINDOWS\713xRMT.exe
    C:\Program Files\Yahoo!\browser\ybrwicon.exe
    C:\Program Files\2Wire\2PortalMon.exe
    C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\Mixer.exe
    C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\WINDOWS\System32\igps.exe
    C:\WINDOWS\newfrn.exe
    C:\Program Files\Google\Google Talk\googletalk.exe
    C:\WINDOWS\System32\pgws.exe
    C:\Program Files\Desktop Macros\MacroS.exe
    C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe
    C:\winstall.exe
    C:\WINDOWS\System32\sywsvcs.exe
    C:\Program Files\honestech\honestech TVR\scheduleTV.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\PROGRA~1\MOZILL~1\firefox.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Jerry\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
    F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
    O2 - BHO: LinkTracker Class - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - C:\Program Files\QL\qlink32.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: (no name) - {C5AF2622-8C75-4dfb-9693-23AB7686A456} - C:\WINDOWS\DH.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
    O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
    O4 - HKLM\..\Run: [PCI TV Card Remote Control Applet] C:\WINDOWS\713xRMT.exe
    O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
    O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
    O4 - HKLM\..\Run: [LyraHD2TrayApp] "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe"
    O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
    O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [C-Media Echo Control] C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe
    O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
    O4 - HKLM\..\Run: [enewsletterpro] C:\windows\enewsletterpro.exe
    O4 - HKLM\..\Run: [0go40948.dll] RUNDLL32.EXE 0go40948.dll,b 17887750
    O4 - HKLM\..\Run: [banmanpro] C:\windows\banmanpro.exe
    O4 - HKLM\..\Run: [drsmartloadb] c:\\drsmartloadb.exe
    O4 - HKLM\..\Run: [lspins] "C:\WINDOWS\System32\igps.exe"
    O4 - HKLM\..\Run: [NewFrn] C:\WINDOWS\newfrn.exe
    O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
    O4 - HKCU\..\Run: [Desktop Macros] C:\Program Files\Desktop Macros\MacroS.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
    O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
    O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
    O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\sywsvcs.exe
    O4 - HKCU\..\Run: [frou] C:\PROGRA~1\COMMON~1\frou\froum.exe
    O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
    O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
    O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: ScheduleTV.lnk = C:\Program Files\honestech\honestech TVR\scheduleTV.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - C:\Program Files\QL\qlink32.dll
    O21 - SSODL: fldrsys - {C634E959-DF86-4874-9139-925D38410D8E} - fldrsys.dll (file missing)
    O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\WINDOWS\System32\dcom_12.dll
    O21 - SSODL: XHbvuAdobV - {F06BDAED-5AC1-7047-EC0D-706AC1CBF048} - C:\WINDOWS\System32\pqixi.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
     
  2. xSoilworkeRx

    xSoilworkeRx

    Joined:
    Dec 6, 2004
    Messages:
    96
    I'd suggest you run Spybot. I say a program called 'PayTime' listed there twice, so that can't be good. Clear your startup environment also by doing this: Start->Run->msconfig->under the startup tab, click 'disable all'->under the services tab click 'hide all microsoft services' then click 'disable all'->choose apply, if not there, choose close->restart your system. This should take care of most things.

    I don't know what program uninstalled the video drivers, but those are easily gotten back by downloading them from the internet, or, if you have a resource CD, you can usually pull them from there.
     
  3. kiwiguy

    kiwiguy

    Joined:
    Aug 17, 2003
    Messages:
    17,584
    The PC is about as inected as I have ever seen!

    Click on the little triangle in the top right of your post and ask a moderator to move it to the security forum where the experts can deal with it.

    It's going to take more than just spybot to eradicate that lot!
     
  4. ZEUS_GB

    ZEUS_GB

    Joined:
    Jan 5, 2006
    Messages:
    275
    I would suggest that you post your hijack this log in the security forum - http://forums.techguy.org/54-security/

    I would also suggest that you download spybot, ad-aware, zonealarm, a-squared.
    Once installed update and run them. Also run a full virus scan, if you don't have any anti-virus software download Avast or AVG they are both free.
     
  5. EAFiedler

    EAFiedler Moderator

    Joined:
    Apr 25, 2000
    Messages:
    14,146
    Thread moved to Security Forum per request.
     
  6. Renegade313

    Renegade313 Thread Starter

    Joined:
    May 25, 2004
    Messages:
    151
    I actually installed my video drivers already. all that other stuff is what i need to be rid of.
     
  7. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    * Click here to download smitRem.exe.
    • Save the file to your desktop.
    • It is a self extracting file.
    • Doubleclick the smitRem.exe and it will extract the files to a smitRem folder on your desktop.
    • Do not do anything with it yet. You will run the RunThis.bat file later in safe mode.
    • If the link to SmitRem above is not working try this one.


    * Download the trial version of Ewido Security Suite here.
    • Install ewido.
    • During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    • Launch ewido
    • It will prompt you to update click the OK button and it will go to the main screen
    • On the left side of the main screen click update
    • Click on Start and let it update.
    • DO NOT run a scan yet. You will do that later in safe mode.


    * Click here for info on how to boot to safe mode if you don't already know how.


    * Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.


    * Restart your computer into safe mode now. Perform the following steps in safe mode:


    * Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
    Wait for the tool to complete and disk cleanup to finish.


    * Run Ewido:
    • Click on scanner
    • Click Complete System Scan and the scan will begin.
    • During the scan it will prompt you to clean files, click OK
    • When the scan is finished, look at the bottom of the screen and click the Save report button.
    • Save the report to your desktop


    * Go to Control Panel > Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


    * Next go to Control Panel > Display. Click on the "Desktop" tab then click the "Customize Desktop" button. Click on the "Web" tab. Under "Web Pages" you should see an entry checked called something like "Security info" or similar. If it is there, select that entry and click the "Delete" button. Click OK then Apply and OK.


    * Restart back into Windows normally now.


    * Run ActiveScan online virus scan here

    When the scan is finished, save the results from the scan!

    Post a new HiJackThis log along with the results from ActiveScan
     
  8. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    Any reason that you have no Windows XP Service Packs installed?
     
  9. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Thanks Candy. I mssed that.
     
  10. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    You're welcome. My eyes always go there first ;)
     
  11. Renegade313

    Renegade313 Thread Starter

    Joined:
    May 25, 2004
    Messages:
    151
    My computer has been mildly screwed for a while, so when they actually released the service pack 2, i tried to get it, and it didnt work. BUT....we bought another home PC and a windows installation cd came with it, and it has the service pack on it. I'll try to use it.
     
  12. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    A cd from another computer more than likely isn't going to work on this one.

    However, please elaborate, what happened when you tried to get it? What does 'it didn't work' mean?
     
  13. Renegade313

    Renegade313 Thread Starter

    Joined:
    May 25, 2004
    Messages:
    151
    ummm. If i can remmeber correctly When i tried installing it, the window popped up basically telling me i had to stop the installation. but where theres usually buttons saying "continue anyway" or "Stop installation",it only had an option for "Stop installation".


    anywho, i finished with the other steps besides the online scan. That other stuff took hours. Like Ewido and the disk clean up. and before I finish i jsut wanna elt it be known that i appreciate all the help guys.
     
  14. Renegade313

    Renegade313 Thread Starter

    Joined:
    May 25, 2004
    Messages:
    151
    i actually just tried the activescan and my activeX controls are too emssed up to allow me to do this. I've been having troudble out of my activeX controls for so long. whcih is why i avoid IE and i just use Firefox
     
  15. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
    You will need to install Service Pack 1 before you can use SP2.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/433055

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice