1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Please help I think I have some sort of virus ...

Discussion in 'Virus & Other Malware Removal' started by GODDESS, Apr 5, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. GODDESS

    GODDESS Thread Starter

    Joined:
    Apr 4, 2004
    Messages:
    6
    OK, well I'm getting alot of screen/browser shut downs (it just flashes and it's gone). I also keep being invited to DL something called "Avenue A" every time I go to a new web page, windows loading is funny as well ( a lot of black screens before it actually loads) some of my screens arent showing up at all when I try to pull them up.
    Finally when I use my PC for ,more than an hour or 2, it really starts to slow down as if I was running to many programs at once...

    I'm using XP Home,I already defragmented and emptied my temp files as well (so I know it's not a space issue).

    I've scanned it with Antivir, Adaware,Spybot and found nothing so I stumbled on this site and found one of your links to "HJT" and ran it .

    This is what I got:

    Logfile of HijackThis v1.97.7
    Scan saved at 1:55:45 AM, on 4/5/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Documents and Settings\CRYSTALINTITY\My Documents\Protection\AVGUARD.EXE
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\Documents and Settings\CRYSTALINTITY\My Documents\Protection\AVWUPSRV.EXE
    C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
    C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
    C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
    C:\Documents and Settings\CRYSTALINTITY\My Documents\Protection\AVGNT.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Microsoft Money\System\Money Express.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\America Online 9.0\aoltray.exe
    C:\Program Files\Virgin Radio Player\VRPlayer.EXE
    C:\Documents and Settings\ESTHARY\My Documents\Protection\SpywareGuard\sgmain.exe
    C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
    C:\Documents and Settings\ESTHARY\My Documents\Protection\SpywareGuard\sgbhp.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
    C:\Documents and Settings\CRYSTALINTITY\My Documents\Protection\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\America Online 9.0\waol.exe
    C:\Program Files\America Online 9.0\shellmon.exe
    C:\Program Files\America Online 9.0\aolwbspd.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\Documents and Settings\ESTHARY\My Documents\Protection\hijackthis\HijackThis.exe
    C:\WINDOWS\system32\NOTEPAD.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = MSN.COM
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = MSN.COM
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = MSN.COM
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = msn.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = msn.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = msn.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = msn.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = msn.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Yo, Esthary ....Check Dis-Out !!!!!!!!!!!!!!
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Documents and Settings\ESTHARY\My Documents\Protection\SpywareGuard\dlprotect.dll (964621e8b2415feaa99026ed4f29d198, 192512 bytes)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Documents and Settings\CRYSTALINTITY\My Documents\Protection\Spybot - Search & Destroy\SDHelper.dll (skipped, 711168 bytes)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx (1836f490f0c4e362bdf5cb5ddb51e133, 843804 bytes)
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1501.0\en-us\msntb.dll (7f3741c1f74082def57b5de59fb69e2a, 203456 bytes)
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe (c68567bb640265fbd18620d234f0805b, 327680 bytes)
    O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l (a6425d475aa75762ff626b8129e77d75, 364544 bytes)
    O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe" (835da7929caefc78f77d5d81d9c6ad90, 102400 bytes)
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (c9128ae6036cdf67873a516e1a00ed4b, 77824 bytes)
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE (skipped, 1036288 bytes)
    O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe (4ae99bb181e03eb77a73ee23194fffa1, 168448 bytes)
    O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 (7480d03346a39f44c63c6254cad98f0f, 208949 bytes)
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC (eda56eb763c8ca818c31720aa7d15e10, 77824 bytes)
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC (e8023fa6b6f8a3dcc8219a9c1955ee31, 737360 bytes)
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName (e8023fa6b6f8a3dcc8219a9c1955ee31, 737360 bytes)
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe" (eadfa0aa83007b95a815a158709de6ae, 241714 bytes)
    O4 - HKLM\..\Run: [AVGCtrl] C:\Documents and Settings\CRYSTALINTITY\My Documents\Protection\AVGNT.EXE /min
    O4 - HKLM\..\Run: [TrojanScanner] C:\Documents and Settings\CRYSTALINTITY\My Documents\Protection\tro\Trojan Remover\Trjscan.exe (f7fc39c9558826ae399f0f3481cb051b, 271360 bytes)
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (3cf6bff887af6f733473d81a8921a5c5, 180269 bytes)
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (3f298607cf54ecc80a954d67b92698a8, 2181704 bytes)
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" (6fd9aa9a4ade9d5db581b2ae190d5a54, 184376 bytes)
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (85b1054db58d13aa42d7dca778c30f57, 13312 bytes)
    O4 - HKCU\..\Run: [IncrediMail] C:\DOCUME~1\CRYSTA~1\MYDOCU~1\PROGRA~1\INCRED~1\bin\IncMail.exe /c (0caedba9fc462e2dd344c02ef700e9f7, 176171 bytes)
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - Startup: Virgin Radio Player Tray Icon.lnk = C:\Program Files\Virgin Radio Player\TrayLoad.exe (bab37007ddb85c38112575f21487294c, 16384 bytes)
    O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe (d861d7c136e23cf7cf14c3d38ac02677, 204800 bytes)
    O9 - Extra button: Control Pad (HKLM)
    O9 - Extra 'Tools' menuitem: Control Pad (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
    O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.trojanscan.com/trojanscan/TDECntrl.CAB
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://www.smgradio.com/core/player/abasetup144.cab
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C91DAEC6-5324-4CDD-8187-F9D338D61976}: NameServer = 205.188.146.146
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DC1227D4-11A6-4F7A-8C80-7C65EFCCB7B2}: NameServer = 151.202.0.84 151.203.0.84




    Any insite you you give would be a big help, thanks :D
     
  2. jameso321

    jameso321

    Joined:
    Jun 26, 2002
    Messages:
    176
  3. jameso321

    jameso321

    Joined:
    Jun 26, 2002
    Messages:
    176
    I am leaning towards NetSky virus on this one.

    We will see what the results of the Online AV scan are.



    jameso321
     
  4. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    Welcome to TSG:)
    This one enrty needs to be "checked" and "fixed" with HijackThis.

    O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe (4ae99bb181e03eb77a73ee23194fffa1, 168448 bytes)

    Re-boot and delete:C:\WINDOWS\realtime.exe

    Are you running both MCAfee AND AVP antivirus?
    ;)
     
  5. GODDESS

    GODDESS Thread Starter

    Joined:
    Apr 4, 2004
    Messages:
    6
    I sincerely apologize for the length of time it has taken me to get back to you, my screens disappeared and it wouldn't let me log off and restart cause it told me that my programs were still running. I was also afraid that an emergency shut down would total my system and I wouldn't be able to get back on so I decided to wait until it put the screens back on it's own....

    Well, I got them back and ran the scans you mentioned finally. The first one tuned out clean but the second found a malworm called HGABOT.HX I believe is the title so that might be it.

    I'm going to try to restart (now that I can shut down my program screens, again).

    And unless you have any other advice on any scans I could run or anything that looks suspicious to you, then I'll just wait and see if that was the problem....


    Thank you "so much" for your quick reply and (again) sorry for my late one...
     
  6. GODDESS

    GODDESS Thread Starter

    Joined:
    Apr 4, 2004
    Messages:
    6
    OH, I almost forgot, this is my HJT log now (sorry to double post):


    Logfile of HijackThis v1.97.7
    Scan saved at 6:59:17 PM, on 4/5/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Documents and Settings\CRYSTALINTITY\My Documents\Protection\AVGUARD.EXE
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\Documents and Settings\CRYSTALINTITY\My Documents\Protection\AVWUPSRV.EXE
    C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
    C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
    C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
    C:\Documents and Settings\CRYSTALINTITY\My Documents\Protection\AVGNT.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Microsoft Money\System\Money Express.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\America Online 9.0\aoltray.exe
    C:\Program Files\Virgin Radio Player\VRPlayer.EXE
    C:\Documents and Settings\ESTHARY\My Documents\Protection\SpywareGuard\sgmain.exe
    C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
    C:\Documents and Settings\ESTHARY\My Documents\Protection\SpywareGuard\sgbhp.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
    C:\Documents and Settings\CRYSTALINTITY\My Documents\Protection\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\America Online 9.0\waol.exe
    C:\Program Files\America Online 9.0\shellmon.exe
    C:\Program Files\America Online 9.0\aolwbspd.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\Documents and Settings\ESTHARY\My Documents\Protection\hijackthis\HijackThis.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = MSN.COM
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = MSN.COM
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = MSN.COM
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = msn.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = msn.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = msn.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = msn.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = msn.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Yo, Esthary ....Check Dis-Out !!!!!!!!!!!!!!
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Documents and Settings\ESTHARY\My Documents\Protection\SpywareGuard\dlprotect.dll (964621e8b2415feaa99026ed4f29d198, 192512 bytes)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Documents and Settings\CRYSTALINTITY\My Documents\Protection\Spybot - Search & Destroy\SDHelper.dll (423cbd3cfaeeb62c5c97a9449567b474, 711168 bytes)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx (skipped, 843804 bytes)
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1501.0\en-us\msntb.dll (7f3741c1f74082def57b5de59fb69e2a, 203456 bytes)
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe (c68567bb640265fbd18620d234f0805b, 327680 bytes)
    O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l (a6425d475aa75762ff626b8129e77d75, 364544 bytes)
    O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe" (835da7929caefc78f77d5d81d9c6ad90, 102400 bytes)
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (c9128ae6036cdf67873a516e1a00ed4b, 77824 bytes)
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE (1c0829769a4ee2dddf8995cf47c31811, 1036288 bytes)
    O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 (7480d03346a39f44c63c6254cad98f0f, 208949 bytes)
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC (eda56eb763c8ca818c31720aa7d15e10, 77824 bytes)
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC (skipped, 737360 bytes)
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName (skipped, 737360 bytes)
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe" (eadfa0aa83007b95a815a158709de6ae, 241714 bytes)
    O4 - HKLM\..\Run: [AVGCtrl] C:\Documents and Settings\CRYSTALINTITY\My Documents\Protection\AVGNT.EXE /min
    O4 - HKLM\..\Run: [TrojanScanner] C:\Documents and Settings\CRYSTALINTITY\My Documents\Protection\tro\Trojan Remover\Trjscan.exe (f7fc39c9558826ae399f0f3481cb051b, 271360 bytes)
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (3cf6bff887af6f733473d81a8921a5c5, 180269 bytes)
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (skipped, 2181704 bytes)
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" (6fd9aa9a4ade9d5db581b2ae190d5a54, 184376 bytes)
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (85b1054db58d13aa42d7dca778c30f57, 13312 bytes)
    O4 - HKCU\..\Run: [IncrediMail] C:\DOCUME~1\CRYSTA~1\MYDOCU~1\PROGRA~1\INCRED~1\bin\IncMail.exe /c (0caedba9fc462e2dd344c02ef700e9f7, 176171 bytes)
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - Startup: Virgin Radio Player Tray Icon.lnk = C:\Program Files\Virgin Radio Player\TrayLoad.exe (bab37007ddb85c38112575f21487294c, 16384 bytes)
    O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe (d861d7c136e23cf7cf14c3d38ac02677, 204800 bytes)
    O9 - Extra button: Control Pad (HKLM)
    O9 - Extra 'Tools' menuitem: Control Pad (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
    O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.trojanscan.com/trojanscan/TDECntrl.CAB
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://www.smgradio.com/core/player/abasetup144.cab
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C91DAEC6-5324-4CDD-8187-F9D338D61976}: NameServer = 205.188.146.146
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DC1227D4-11A6-4F7A-8C80-7C65EFCCB7B2}: NameServer = 151.202.0.84 151.203.0.84
     
  7. LoveTrinity

    LoveTrinity

    Joined:
    Jan 26, 2004
    Messages:
    80
    I got a virus alert and it put all but one infected files into virus vault. Said it couldn't move one. How do I get it off my hard drive.
     
  8. LoveTrinity

    LoveTrinity

    Joined:
    Jan 26, 2004
    Messages:
    80
    Any help would be greatly appreciated thanks.
     
  9. jameso321

    jameso321

    Joined:
    Jun 26, 2002
    Messages:
    176
    Looks fine to me. Make sure at least one more person looks at this.


    jameso321


    Still have the pop ups on startup?
     
  10. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    LoveTrinity.........you would be better served by starting your own thread instead of tagging on to someonelses.

    Do this:
    go to http://www.lurkhere.com/~nicefiles/ , and download 'Hijack This!'.....
    Unzip it to its own folder, doubleclick HijackThis.exe, and hit "Scan".

    When the scan is finished, the "Scan" button will change into a "Save Log" button.
    Press that, save the log somewhere, and please copy & paste its contents In a new threadto the forum.

    It will possibly show other issues deserving our attention, but most of what it lists will be harmless or even required, so do NOT fix anything yet.
    Someone here will be happy to help you analyze the results.

    If you have anything disabled by MSConfig or any other startup manager, please re-enable it before scanning to post.

    ;)
     
  11. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    GODDESS........Hello again:)
    Your log is clean............2 questions.
    1."C:\Documents and Settings\CRYSTALINTITY\My Documents\Protection\AVGUARD.EXE"
    Are you runnng 2 A/V programs?

    2.Where did the scan say the virus was found?

    3.Why is is raining again today:D
     
  12. GODDESS

    GODDESS Thread Starter

    Joined:
    Apr 4, 2004
    Messages:
    6
    Well :eek: ,

    1) In light of your first question I decided to look into things and junk AV all together for a fresh DL and instal which led me to ....

    A. I program (sadly I deleted it before I could write the info down) called "quie???.exe" ("?" stands for the letters I can't remember) which like all the others I found in the "system32" folder.

    B. Along with "Agobot.AK"

    C. Small. PLD.FO

    The Agobot I assume must have actually been in the restore (boot area I think) program cause I just got rid of it yesterday. So I turned off the restore got rid of it again and restarted, ran a new scan and it's turned up clean...


    When it comes to the others I believe that the "quei???.exe" must have corrupted my virus program somehow cause, I kept it up to date and yet it got by it, until I ran a fresh instal of Antivir.


    2) System 32 oh, and "volume restore" the last program "Small.PLD.FO"

    3)lol :D

    NOTE: the other reason I believe it corrupted Antivir is because just before I did all of this, it began to shut down the AVGaurd program on it's own and I couldn't call it back up. Then I'd start getting hit with severe slowdown. Once I logged off though it would try to crash me claiming it IPconfig.exe had failed to initialize (that just started since I removed the "q".exe)

    Well I think I got them all, I might not have if your hadn't pointed out the antivir part so a huge thanks for that (y) .

    It seems OK, since then, I'm still running scans with my other programs though. but so far "we're a go :D".
     
  13. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    Glad to know things are lokking good............you know where to come if you get any problems.
    Happy Easter(y)
     
  14. GODDESS

    GODDESS Thread Starter

    Joined:
    Apr 4, 2004
    Messages:
    6


    Thanks....I will, and same to you... :p
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/217192

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice