1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Serious problems, HJT log

Discussion in 'Virus & Other Malware Removal' started by Khouse, Jan 10, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. Khouse

    Khouse Thread Starter

    Joined:
    Jan 10, 2006
    Messages:
    28
    When I run it, it freezes up.
     
  2. sjpritch25

    sjpritch25 Malware Specialist

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Please Print out these instructios!!!! Please post as quick as possible. You might want to print out these instructions



    Khouse, Lets try form removing TVMedia http://support.microsoft.com/?kbid=886590. Follow all the directions.

    Lets try that Nail fix again. Please delete the old one you used before. Lets start with a fresh download.


    Step 1: Download the Revised Installer for the Nailfix Utility.
    Save it to your desktop. DO NOT run it yet.

    Step 2: Reboot your computer in "SAFE MODE" using the F8 method so Windows will start with minimal drivers and running processes. This means some of the programs that normally are set to run when Windows starts will not run. To do this tap the F8 key repeatedly while your computer starts, then navigate the screen using the arrow keys and select "Safe Mode"

    For additional help in booting into Safe Mode, see here.

    Step 3: Once in "SAFE MODE" double-click on nailfix.exe.
    Click "Next" in the setup, then make sure "Run Nailfix" is checked and click "Finish". Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.


    These instructions are for Normal Mode

    To make sure it doesn't freeze, try closing all open programs.
    To stop a service and set to 'disabled'

    Go to Start > Run and type in Services.msc then click OK

    Click the Extended tab.

    Scroll down until you find the service System Startup Service.

    Click once on the service to highlight it.

    Click Stop

    Right-Click on the service.

    Click on 'Properties'

    Select the 'General' tab

    Click the Arrow-down tab on the right-hand side on the 'Start-up Type' box

    From the drop-down menu, click on 'Disabled'

    Click the 'Apply' tab, then click 'OK'

    The service is now stopped and disabled.


    Use this tool by Symantec to remove Clearsearch
    http://securityresponse.symantec.com/avcenter/FixCSrch.exe. Download to your desktop. run the FixCSrch.exe. Let the tool complete. Then go to the next step:



    Run HijackThis, and press "Do a System Scan Only".
    1. When the scan is complete place a check mark next to the following entries:

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsearches.com/sidesearch.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.popupsearches.com/sidesearch.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - SOFTWARE - (no file)
    O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
    O2 - BHO: SDWin32 Class - {023A0245-1F2F-4687-A28F-D5F4DCB13A53} - C:\WINDOWS\System32\uuqhz.dll
    O2 - BHO: SDWin32 Class - {3CD4A170-2DDB-4AA3-8305-5E2E0B9EE6CB} - C:\WINDOWS\System32\ywiwc.dll (file missing)
    O2 - BHO: SDWin32 Class - {5109576F-ED59-4755-BE50-4192166FD9B5} - C:\WINDOWS\System32\toien.dll
    O2 - BHO: TChkBHO Class - {80825624-C3CD-4159-ABEE-82A8E64843BA} - C:\WINDOWS\system32\yitkumt.dll (file missing)
    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
    O2 - BHO: Redirect Class - {9516919A-9D32-4B17-BD14-2CE488599F65} - C:\Program Files\EE\EEF.dll (file missing)
    O2 - BHO: IEHlprObj Class - {9DF0A5F8-A71F-4F8A-A37D-55DD6E5A2DF8} - C:\WINDOWS\system32\mo030414s.dll
    O2 - BHO: SDWin32 Class - {DA5A4AB4-0F05-490B-AEAE-25DE051DEBB1} - C:\WINDOWS\System32\uqsuw.dll (file missing)
    O2 - BHO: BestOffers Shopping BHO - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} - C:\Program Files\TBONAS\TBONlchr.dll (file missing)
    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
    O3 - Toolbar: BestOffers Shopping v1.20 - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - C:\Program Files\TBONAS\TBONlchr.dll (file missing)
    O4 - HKLM\..\Run: [susp] C:\WINDOWS\susp.exe
    O4 - HKLM\..\Run: [ee.exe] C:\Program Files\EE\ee.exe
    O4 - HKLM\..\Run: [DhVYhw] C:\windows\temp\DhVYhw.exe
    O4 - HKLM\..\Run: [DhVYhw.exe] C:\windows\temp\DhVYhw.exe
    O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [CSV10P70] C:\Program Files\CSBB\CSv10P070.exe
    O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
    O4 - HKLM\..\Run: [ywiwcc] C:\WINDOWS\System32\ywiwcc.exe
    O4 - HKLM\..\Run: [toienc] C:\WINDOWS\System32\toienc.exe
    O4 - HKLM\..\Run: [JVM0.12] C:\WINDOWS\System32\ioxqubf.exe
    O4 - HKCU\..\Run: [prutgct] C:\WINDOWS\System32\prutgct.exe
    O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
    O16 - DPF: {11111111-1111-1111-1111-111191113457} - file://c:\ied_s7.cab
    O16 - DPF: {11111111-1111-1111-1111-511111193457} - file://c:\x.cab
    O16 - DPF: {11111111-1111-1111-1111-511111193458} - file://c:\x.cab
    O16 - DPF: {23232323-2323-2323-2323-232323291122} - file://c:\x.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
    O20 - AppInit_DLLs: mad.dll,NVDESK32.DLL
    O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe


    2. After checking these items CLOSE ALL open windows EXCEPT HijackThis and click "Fix Checked."


    Please boot into safe mode


    Please remove these programs via Add/Remove Programs(if present).
    • VirtualBouncer
    • E2give Plug-in
    • Viewpoint Toolbar

      Open killbox.exe.

      Check the following boxes:

      Standard File Kill

      Highlight all the entries in the quote box below and then Copy them.

      C:\WINDOWS\System32\uuqhz.dll
      C:\WINDOWS\System32\toien.dll
      C:\WINDOWS\system32\mo030414s.dll
      C:\WINDOWS\system32\mad.dll
      C:\WINDOWS\svcproc.exe
      C:\WINDOWS\susp.exe
      C:\WINDOWS\System32\ywiwcc.exe
      C:\WINDOWS\System32\toienc.exe
      C:\WINDOWS\System32\ioxqubf.exe
      C:\WINDOWS\System32\prutgct.exe
      c:\ied_s7.cab
      c:\x.cab

      Then in killbox click File>>Paste from Clipboard

      At this point the "All Files" button should be enabled so you can click it.

      Click the "All Files" button.

      Then click the Red X ...and for the confirmation message that will appear, you will need to click Yes

      A second message will ask to Reboot now? you will need to click Yes to allow the reboot.

      Note: Killbox will let you know if a file does not exist.

      If you have any issues with this method you can copy and paste the lines one at a time into the killbox top box. Then click the "Single File" button. Then click the Red X ...and for the confirmation message that will appear, you will need to click Yes. A second message will ask to Reboot now? you will need to click No until the last one at which time you click yes to allow the reboot



      Please DELETE the following file(s)/folder(s) IF STILL PRESENT. You can use Windows Explorer to navigate or use Windows Search feature to locate them.

      Folders:
      C:\Program Files\EE\ <-- this folder
      C:\Program Files\VVSN\ <-- this folder
      C:\Program Files\TBONAS\ <-- this folder
      C:\Program Files\Viewpoint\ <-- this folder
      C:\windows\temp\ <-- Delete all the contents. NOT THE folder!!!!!!
      C:\Program Files\CSBB\ <-- this folder
      C:\PROGRA~1\VBouncer\ <-- this folder


      Please reboot your computer


      Then please run the Panda scan here:
      http://www.pandasoftware.com/products/activescan.htm
      Follow the prompts and save the report to your desktop. Restart your computer.


      Please update to Service Pack 1
      http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us

      Please post a fresh HijackThis, and Panda Activescan log in your next reply. Please let me know of any problems that occurred.
     
  3. Khouse

    Khouse Thread Starter

    Joined:
    Jan 10, 2006
    Messages:
    28
    As I've stated I think twice before, the services.msc does not work, and because of it I cannot disable running processes. I know you're trying and I'm really grateful, but right now it doesn't look I'll be able to do it.
     
  4. sjpritch25

    sjpritch25 Malware Specialist

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Just go ahead and finish with the rest of my instructions. Nail fix should be able to stop the service
     
  5. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Is there any reason why no Service Packs have been installed?
     
  6. Khouse

    Khouse Thread Starter

    Joined:
    Jan 10, 2006
    Messages:
    28
    Alright, I'm just starting on it now. The TV Media fix says that it isn't on the system, but that may be because I don't have the service packs or whatnot.

    I'm pretty sure I didn't download those because my dad has some pirated Microsoft applications, or something along those lines. At least if we're thinking of the same thing. It's entirely possible that I could have just never heard of them.
     
  7. linskyjack

    linskyjack

    Joined:
    Aug 28, 2004
    Messages:
    22,812
    Pirated Microsoft applications----thats a no no--tell dad that he isn't setting a very good example for you.
     
  8. Khouse

    Khouse Thread Starter

    Joined:
    Jan 10, 2006
    Messages:
    28
    Yeah, ClearSearch isn't on there either.
     
  9. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    If this copy of Windows is pirated, then doing all these fixes is pointless. Without the Service Packs, you will only get reinfected.
     
  10. Khouse

    Khouse Thread Starter

    Joined:
    Jan 10, 2006
    Messages:
    28
    I don't think Windows itself is pirated, just some programs.

    So I tried Killbox, and all but mad.dll didn't exist, and it couldnt' delete that for whatever reason.
     
  11. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Finish up sjpritch25's instructions. Then post a new log.

    What happens when you go to install Service Pack 1?
     
  12. Khouse

    Khouse Thread Starter

    Joined:
    Jan 10, 2006
    Messages:
    28
    The Panda scan won't work because IE stopped working a long time ago.
     
  13. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
     
  14. Khouse

    Khouse Thread Starter

    Joined:
    Jan 10, 2006
    Messages:
    28
    I need Internet Explorer to do that too.
     
  15. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    You mentioned IE stopped working awhile ago. Does it give you errors? Have you uninstalled it?
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/433052