Please help I think I have some sort of virus ...

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

GODDESS

Thread Starter
Joined
Apr 4, 2004
Messages
6
OK, well I'm getting alot of screen/browser shut downs (it just flashes and it's gone). I also keep being invited to DL something called "Avenue A" every time I go to a new web page, windows loading is funny as well ( a lot of black screens before it actually loads) some of my screens arent showing up at all when I try to pull them up.
Finally when I use my PC for ,more than an hour or 2, it really starts to slow down as if I was running to many programs at once...

I'm using XP Home,I already defragmented and emptied my temp files as well (so I know it's not a space issue).

I've scanned it with Antivir, Adaware,Spybot and found nothing so I stumbled on this site and found one of your links to "HJT" and ran it .

This is what I got:

Logfile of HijackThis v1.97.7
Scan saved at 1:55:45 AM, on 4/5/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\CRYSTALINTITY\My Documents\Protection\AVGUARD.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Documents and Settings\CRYSTALINTITY\My Documents\Protection\AVWUPSRV.EXE
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
C:\Documents and Settings\CRYSTALINTITY\My Documents\Protection\AVGNT.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft Money\System\Money Express.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Virgin Radio Player\VRPlayer.EXE
C:\Documents and Settings\ESTHARY\My Documents\Protection\SpywareGuard\sgmain.exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\Documents and Settings\ESTHARY\My Documents\Protection\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
C:\Documents and Settings\CRYSTALINTITY\My Documents\Protection\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\WINDOWS\system32\winlogon.exe
C:\Documents and Settings\ESTHARY\My Documents\Protection\hijackthis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = MSN.COM
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = MSN.COM
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = MSN.COM
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Yo, Esthary ....Check Dis-Out !!!!!!!!!!!!!!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Documents and Settings\ESTHARY\My Documents\Protection\SpywareGuard\dlprotect.dll (964621e8b2415feaa99026ed4f29d198, 192512 bytes)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Documents and Settings\CRYSTALINTITY\My Documents\Protection\Spybot - Search & Destroy\SDHelper.dll (skipped, 711168 bytes)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx (1836f490f0c4e362bdf5cb5ddb51e133, 843804 bytes)
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1501.0\en-us\msntb.dll (7f3741c1f74082def57b5de59fb69e2a, 203456 bytes)
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe (c68567bb640265fbd18620d234f0805b, 327680 bytes)
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l (a6425d475aa75762ff626b8129e77d75, 364544 bytes)
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe" (835da7929caefc78f77d5d81d9c6ad90, 102400 bytes)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (c9128ae6036cdf67873a516e1a00ed4b, 77824 bytes)
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE (skipped, 1036288 bytes)
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe (4ae99bb181e03eb77a73ee23194fffa1, 168448 bytes)
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 (7480d03346a39f44c63c6254cad98f0f, 208949 bytes)
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC (eda56eb763c8ca818c31720aa7d15e10, 77824 bytes)
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC (e8023fa6b6f8a3dcc8219a9c1955ee31, 737360 bytes)
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName (e8023fa6b6f8a3dcc8219a9c1955ee31, 737360 bytes)
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe" (eadfa0aa83007b95a815a158709de6ae, 241714 bytes)
O4 - HKLM\..\Run: [AVGCtrl] C:\Documents and Settings\CRYSTALINTITY\My Documents\Protection\AVGNT.EXE /min
O4 - HKLM\..\Run: [TrojanScanner] C:\Documents and Settings\CRYSTALINTITY\My Documents\Protection\tro\Trojan Remover\Trjscan.exe (f7fc39c9558826ae399f0f3481cb051b, 271360 bytes)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (3cf6bff887af6f733473d81a8921a5c5, 180269 bytes)
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (3f298607cf54ecc80a954d67b92698a8, 2181704 bytes)
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" (6fd9aa9a4ade9d5db581b2ae190d5a54, 184376 bytes)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (85b1054db58d13aa42d7dca778c30f57, 13312 bytes)
O4 - HKCU\..\Run: [IncrediMail] C:\DOCUME~1\CRYSTA~1\MYDOCU~1\PROGRA~1\INCRED~1\bin\IncMail.exe /c (0caedba9fc462e2dd344c02ef700e9f7, 176171 bytes)
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Startup: Virgin Radio Player Tray Icon.lnk = C:\Program Files\Virgin Radio Player\TrayLoad.exe (bab37007ddb85c38112575f21487294c, 16384 bytes)
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe (d861d7c136e23cf7cf14c3d38ac02677, 204800 bytes)
O9 - Extra button: Control Pad (HKLM)
O9 - Extra 'Tools' menuitem: Control Pad (HKLM)
O9 - Extra button: MoneySide (HKLM)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.trojanscan.com/trojanscan/TDECntrl.CAB
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://www.smgradio.com/core/player/abasetup144.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C91DAEC6-5324-4CDD-8187-F9D338D61976}: NameServer = 205.188.146.146
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC1227D4-11A6-4F7A-8C80-7C65EFCCB7B2}: NameServer = 151.202.0.84 151.203.0.84




Any insite you you give would be a big help, thanks :D
 
Joined
Jun 26, 2002
Messages
176
Joined
Jun 26, 2002
Messages
176
I am leaning towards NetSky virus on this one.

We will see what the results of the Online AV scan are.



jameso321
 
Joined
Oct 9, 2001
Messages
9,396
Welcome to TSG:)
This one enrty needs to be "checked" and "fixed" with HijackThis.

O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe (4ae99bb181e03eb77a73ee23194fffa1, 168448 bytes)

Re-boot and delete:C:\WINDOWS\realtime.exe

Are you running both MCAfee AND AVP antivirus?
;)
 

GODDESS

Thread Starter
Joined
Apr 4, 2004
Messages
6
I sincerely apologize for the length of time it has taken me to get back to you, my screens disappeared and it wouldn't let me log off and restart cause it told me that my programs were still running. I was also afraid that an emergency shut down would total my system and I wouldn't be able to get back on so I decided to wait until it put the screens back on it's own....

Well, I got them back and ran the scans you mentioned finally. The first one tuned out clean but the second found a malworm called HGABOT.HX I believe is the title so that might be it.

I'm going to try to restart (now that I can shut down my program screens, again).

And unless you have any other advice on any scans I could run or anything that looks suspicious to you, then I'll just wait and see if that was the problem....


Thank you "so much" for your quick reply and (again) sorry for my late one...
 

GODDESS

Thread Starter
Joined
Apr 4, 2004
Messages
6
OH, I almost forgot, this is my HJT log now (sorry to double post):


Logfile of HijackThis v1.97.7
Scan saved at 6:59:17 PM, on 4/5/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\CRYSTALINTITY\My Documents\Protection\AVGUARD.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Documents and Settings\CRYSTALINTITY\My Documents\Protection\AVWUPSRV.EXE
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
C:\Documents and Settings\CRYSTALINTITY\My Documents\Protection\AVGNT.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft Money\System\Money Express.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Virgin Radio Player\VRPlayer.EXE
C:\Documents and Settings\ESTHARY\My Documents\Protection\SpywareGuard\sgmain.exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\Documents and Settings\ESTHARY\My Documents\Protection\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
C:\Documents and Settings\CRYSTALINTITY\My Documents\Protection\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\WINDOWS\system32\winlogon.exe
C:\Documents and Settings\ESTHARY\My Documents\Protection\hijackthis\HijackThis.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = MSN.COM
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = MSN.COM
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = MSN.COM
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Yo, Esthary ....Check Dis-Out !!!!!!!!!!!!!!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Documents and Settings\ESTHARY\My Documents\Protection\SpywareGuard\dlprotect.dll (964621e8b2415feaa99026ed4f29d198, 192512 bytes)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Documents and Settings\CRYSTALINTITY\My Documents\Protection\Spybot - Search & Destroy\SDHelper.dll (423cbd3cfaeeb62c5c97a9449567b474, 711168 bytes)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx (skipped, 843804 bytes)
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1501.0\en-us\msntb.dll (7f3741c1f74082def57b5de59fb69e2a, 203456 bytes)
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe (c68567bb640265fbd18620d234f0805b, 327680 bytes)
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l (a6425d475aa75762ff626b8129e77d75, 364544 bytes)
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe" (835da7929caefc78f77d5d81d9c6ad90, 102400 bytes)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (c9128ae6036cdf67873a516e1a00ed4b, 77824 bytes)
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE (1c0829769a4ee2dddf8995cf47c31811, 1036288 bytes)
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 (7480d03346a39f44c63c6254cad98f0f, 208949 bytes)
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC (eda56eb763c8ca818c31720aa7d15e10, 77824 bytes)
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC (skipped, 737360 bytes)
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName (skipped, 737360 bytes)
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe" (eadfa0aa83007b95a815a158709de6ae, 241714 bytes)
O4 - HKLM\..\Run: [AVGCtrl] C:\Documents and Settings\CRYSTALINTITY\My Documents\Protection\AVGNT.EXE /min
O4 - HKLM\..\Run: [TrojanScanner] C:\Documents and Settings\CRYSTALINTITY\My Documents\Protection\tro\Trojan Remover\Trjscan.exe (f7fc39c9558826ae399f0f3481cb051b, 271360 bytes)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (3cf6bff887af6f733473d81a8921a5c5, 180269 bytes)
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (skipped, 2181704 bytes)
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" (6fd9aa9a4ade9d5db581b2ae190d5a54, 184376 bytes)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (85b1054db58d13aa42d7dca778c30f57, 13312 bytes)
O4 - HKCU\..\Run: [IncrediMail] C:\DOCUME~1\CRYSTA~1\MYDOCU~1\PROGRA~1\INCRED~1\bin\IncMail.exe /c (0caedba9fc462e2dd344c02ef700e9f7, 176171 bytes)
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Startup: Virgin Radio Player Tray Icon.lnk = C:\Program Files\Virgin Radio Player\TrayLoad.exe (bab37007ddb85c38112575f21487294c, 16384 bytes)
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe (d861d7c136e23cf7cf14c3d38ac02677, 204800 bytes)
O9 - Extra button: Control Pad (HKLM)
O9 - Extra 'Tools' menuitem: Control Pad (HKLM)
O9 - Extra button: MoneySide (HKLM)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.trojanscan.com/trojanscan/TDECntrl.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://www.smgradio.com/core/player/abasetup144.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C91DAEC6-5324-4CDD-8187-F9D338D61976}: NameServer = 205.188.146.146
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC1227D4-11A6-4F7A-8C80-7C65EFCCB7B2}: NameServer = 151.202.0.84 151.203.0.84
 
Joined
Jan 26, 2004
Messages
80
I got a virus alert and it put all but one infected files into virus vault. Said it couldn't move one. How do I get it off my hard drive.
 
Joined
Jun 26, 2002
Messages
176
Looks fine to me. Make sure at least one more person looks at this.


jameso321


Still have the pop ups on startup?
 
Joined
Oct 9, 2001
Messages
9,396
LoveTrinity.........you would be better served by starting your own thread instead of tagging on to someonelses.

Do this:
go to http://www.lurkhere.com/~nicefiles/ , and download 'Hijack This!'.....
Unzip it to its own folder, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log somewhere, and please copy & paste its contents In a new threadto the forum.

It will possibly show other issues deserving our attention, but most of what it lists will be harmless or even required, so do NOT fix anything yet.
Someone here will be happy to help you analyze the results.

If you have anything disabled by MSConfig or any other startup manager, please re-enable it before scanning to post.

;)
 
Joined
Oct 9, 2001
Messages
9,396
GODDESS........Hello again:)
Your log is clean............2 questions.
1."C:\Documents and Settings\CRYSTALINTITY\My Documents\Protection\AVGUARD.EXE"
Are you runnng 2 A/V programs?

2.Where did the scan say the virus was found?

3.Why is is raining again today:D
 

GODDESS

Thread Starter
Joined
Apr 4, 2004
Messages
6
Well :eek: ,

1) In light of your first question I decided to look into things and junk AV all together for a fresh DL and instal which led me to ....

A. I program (sadly I deleted it before I could write the info down) called "quie???.exe" ("?" stands for the letters I can't remember) which like all the others I found in the "system32" folder.

B. Along with "Agobot.AK"

C. Small. PLD.FO

The Agobot I assume must have actually been in the restore (boot area I think) program cause I just got rid of it yesterday. So I turned off the restore got rid of it again and restarted, ran a new scan and it's turned up clean...


When it comes to the others I believe that the "quei???.exe" must have corrupted my virus program somehow cause, I kept it up to date and yet it got by it, until I ran a fresh instal of Antivir.


2) System 32 oh, and "volume restore" the last program "Small.PLD.FO"

3)lol :D

NOTE: the other reason I believe it corrupted Antivir is because just before I did all of this, it began to shut down the AVGaurd program on it's own and I couldn't call it back up. Then I'd start getting hit with severe slowdown. Once I logged off though it would try to crash me claiming it IPconfig.exe had failed to initialize (that just started since I removed the "q".exe)

Well I think I got them all, I might not have if your hadn't pointed out the antivir part so a huge thanks for that (y) .

It seems OK, since then, I'm still running scans with my other programs though. but so far "we're a go :D".
 
Joined
Oct 9, 2001
Messages
9,396
Glad to know things are lokking good............you know where to come if you get any problems.
Happy Easter(y)
 

GODDESS

Thread Starter
Joined
Apr 4, 2004
Messages
6
$teve said:
Glad to know things are lokking good............you know where to come if you get any problems.
Happy Easter(y)


Thanks....I will, and same to you... :p
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top