1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

so far no one can help me.....can you?

Discussion in 'Virus & Other Malware Removal' started by pcpfactory, Sep 10, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. pcpfactory

    pcpfactory Thread Starter

    Joined:
    Sep 9, 2004
    Messages:
    10
    I HAVE BEEN TOLD THAT I HAVE MAJOR PROBLEMS IN MY COMPUTER AND NO-ONE CAN HELP ME PLEASE TRY

    WINDOWS XP, RAN AD AWARE I HAVE NO VIRYS PROTECTION, CAN YOU RECOMMEND A FREE ONE?

    HIJACK THIS LOG

    Logfile of HijackThis v1.98.2
    Scan saved at 7:26:35 PM, on 9/10/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Unable to get Internet Explorer version!

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\BCMSMMSG.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\WINDOWS\System32\LXSUPMON.EXE
    C:\Program Files\winbas12.exe
    C:\WINDOWS\System32\msnqmgr.exe
    C:\documents and settings\kitty cat\local settings\temp\dIQ.exe
    C:\WINDOWS\4fd43.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\documents and settings\kitty cat\local settings\temp\SMx1uiyk.exe
    C:\WINDOWS\System32\ATMFD749.exe
    C:\Program Files\LIUtilities\WinTasks\wintasks.exe
    C:\WINDOWS\Config\expdrv.exe
    C:\WINDOWS\System32\odbccr32.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\crypserv.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINDOWS\wanmpsvc.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\Kitty Cat\Desktop\Stinky\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.qjaluhgcgpwhifp.com/CCfe9TnmBLvjwXgG6FUwoo1VdfD5nusJ//ylCr4xXcF17W4/KNV2wGU2LDEeYr8_.cgi
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - URLSearchHook: (no name) - _{9368D063-44BE-49B9-BD14-BB9663FD38FC} - (no file)
    R3 - URLSearchHook: (no name) - _{1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
    R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
    R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Kitty Cat\Application Data\Mozilla\Profiles\default\awyb0c70.slt\prefs.js)
    O1 - Hosts: 64.91.255.87 www.dcsresearch.com
    O2 - BHO: (no name) - {3EC8E271-FAB9-418a-8A8E-65AEB4029E64} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {60112085-E1CE-4e0e-823A-EBB1AD98804C} - (no file)
    O2 - BHO: (no name) - {72AC6865-B1D3-4C32-A27B-4B3BF04DE655} - (no file)
    O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
    O2 - BHO: (no name) - {B78C428C-7223-5BD2-7BBF-7EDF3D92BE47} - C:\PROGRA~1\COALFI~1\flag mpeg.exe
    O2 - BHO: CATLEvents Object - {BF755B85-EA69-4F58-9A59-D85F384A15FF} - C:\DOCUME~1\KITTYC~1\LOCALS~1\Temp\vrdpxe.dat
    O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
    O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Kitty Cat\Local Settings\Temp\V8WZjORLt.dll
    O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
    O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [SysService32] C:\WINDOWS\systask32l.exe
    O4 - HKLM\..\Run: [Spe] C:\documents and settings\kitty cat\local settings\temp\Spe.exe
    O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
    O4 - HKLM\..\Run: [] C:\Program Files\winbas12.exe
    O4 - HKLM\..\Run: [Microsoft QMGR] msnqmgr.exe
    O4 - HKLM\..\Run: [dIQ] C:\documents and settings\kitty cat\local settings\temp\dIQ.exe
    O4 - HKLM\..\Run: [4fd43.exe] 4fd43.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [win_upd2.exe] C:\WINDOWS\System32\WINdirect.exe
    O4 - HKLM\..\Run: [SMx1uiyk] C:\documents and settings\kitty cat\local settings\temp\SMx1uiyk.exe
    O4 - HKLM\..\Run: [wpds.exe] C:\WINDOWS\System32\doriot.exe
    O4 - HKLM\..\Run: [iisac] C:\WINDOWS\Help\iisac.exe
    O4 - HKLM\..\Run: [ae2436f958c5] C:\WINDOWS\System32\ATMFD749.exe
    O4 - HKLM\..\Run: [WinTasks Traybar] C:\Program Files\LIUtilities\WinTasks\wintasks.exe traybar
    O4 - HKLM\..\Run: [*iisac] C:\WINDOWS\Help\iisac.exe
    O4 - HKLM\..\Run: [PCBG] C:\PROGRA~1\INTRIG~1\pcbodyguard.exe /start
    O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
    O4 - HKLM\..\Run: [*expdrv] C:\WINDOWS\Config\expdrv.exe
    O4 - HKLM\..\Run: [PLUS BYTE] C:\PROGRA~1\CLOSEF~1\manager rule 01.exe
    O4 - HKLM\..\RunServices: [Microsoft QMGR] msnqmgr.exe
    O4 - HKLM\..\RunOnce: [*expdrv] C:\WINDOWS\Config\expdrv.exe rerun
    O4 - HKCU\..\Run: [odbccr32] C:\WINDOWS\System32\odbccr32.exe
    O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Kitty Cat\Application Data\ttuh.exe
    O4 - HKCU\..\Run: [HB2qRXbqP] shfscard.exe
    O4 - HKCU\..\Run: [key] C:\WINDOWS\System32\sys_xp.exe
    O4 - HKCU\..\Run: [ssgrate.exe] C:\WINDOWS\System32\sysdoor.exe
    O4 - HKCU\..\Run: [win_upd2.exe] C:\WINDOWS\System32\WINdirect.exe
    O4 - HKCU\..\Run: [Vigcp] C:\WINDOWS\System32\lfh.exe
    O4 - HKCU\..\Run: [wpds.exe] C:\WINDOWS\System32\doriot.exe
    O4 - HKCU\..\RunOnce: [SysService32] C:\WINDOWS\System32\ln32k.exe
    O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
    O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
    O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
     
  2. buck52

    buck52 Banned

    Joined:
    Mar 9, 2001
    Messages:
    8,373
    be patient...

    I'm no expert but I'll see if I can find one or you...
    and I'm going to move you to security...

    buck
     
  3. pinntech

    pinntech

    Joined:
    Aug 25, 2004
    Messages:
    893
    Hello..

    Well, it looks like you have a few viruses/trojans on your system.

    You really should go to the following link and download SYSCLEAN from TrendMicro..

    http://www.trendmicro.com/download/dcs.asp

    After you download that, you will have to download the latest virus patterns...

    http://www.trendmicro.com/download/pattern.asp

    Create a folder and put the SYSCLEAN.COM in that folder. Extract the pattern file to the same folder that SYSCLEAN is in.

    Reboot your system into SAFE MODE, open the folder that SYSCLEAN is in, double click SYSCLEAN.

    This will clean the viruses/trojans off of your system.

    As for a free antivirus program.. I don't know of a FREE one. However, most of them have 30 day trial ones.

    Hope that helps a little...

    Shane
     
  4. FinestRanger

    FinestRanger

    Joined:
    Oct 13, 2003
    Messages:
    2,367
    Download and save these freeware/donationware programs to a permanent folder. Remember to check for updates and run them weekly.

    ***NOTE***A new version of SpyBot's been released (v1.3...it's no longer in beta). If you have been using 1.2 you can install right over it. If you downloaded and used 1.3 beta it is suggested you remove it and reboot prior to installing.


    Ad-aware SE download

    Configure Ad-aware:

    First in the main window look in the bottom right corner and click on "Check for updates now." then click Connect and download the latest reference files.

    From the main window, click Start then under "Select a scan Mode select "Perform full system scan.

    Next deselect "Search for negligible risk entries.

    Click the "Next" button.

    When the scan is finished mark everything for removal and get delete the selections. (Right-click within the window and choose "Select All" from the drop down menu and click Next)

    Restart your computer.


    SpyBot Search and Destroy download

    I also highly recommend you install and update SpywareBlaster


    Tutorials:

    Ad-aware tutorial link

    SpyBot 1.3 tutorial link

    SpywareBlaster tutorial link



    Run Ad-aware and Spybot in Safe Mode.

    How to start your computer in Safe Mode


    Re-start your computer and post another HJT log in this thread.
     
  5. pcpfactory

    pcpfactory Thread Starter

    Joined:
    Sep 9, 2004
    Messages:
    10
    i didn't find anything called sysclean on that link
    i searched for it, thought i found it, downloaded it and now i can't find it
    :mad:
     
  6. FinestRanger

    FinestRanger

    Joined:
    Oct 13, 2003
    Messages:
    2,367
    You've got quite a mess there.

    Do the Ad-aware and Spybot scans.

    Then...

    ***NOTE*** Disable any active resident Anti-virus program before running the scans

    Run at least one of these two on-line anti-virus programs.

    As applicable, make sure the "heuristics" and "Auto Clean" boxes are checked.

    If anything's found, allow it to clean the file. If it's "uncleanable" DELETE everything the virus scan finds.

    Re-start the computer between each scan.


    Trend Micro's free on-line scan

    Panda's free on-line scan

    Restart and post another HiJackThis log.
     
  7. pcpfactory

    pcpfactory Thread Starter

    Joined:
    Sep 9, 2004
    Messages:
    10
    i performed both scans above and there were multiple files that the first one said were being used by another program
    the second one said that there was a virus it couldn't clean
    also i try to download windows update service pack 2 and it fails every time
    following is my NEW hijack this log

    Logfile of HijackThis v1.98.2
    Scan saved at 3:27:00 AM, on 9/11/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Unable to get Internet Explorer version!

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\BCMSMMSG.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\WINDOWS\System32\LXSUPMON.EXE
    C:\Program Files\winbas12.exe
    C:\WINDOWS\System32\msnqmgr.exe
    C:\WINDOWS\4fd43.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\documents and settings\kitty cat\local settings\temp\SMx1uiyk.exe
    C:\WINDOWS\System32\ATMFD749.exe
    C:\Program Files\LIUtilities\WinTasks\wintasks.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\crypserv.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINDOWS\wanmpsvc.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\Config\expdrv.exe
    C:\WINDOWS\System32\odbccr32.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\Kitty Cat\Desktop\Stinky\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.lylhgieuwhkkdtwg.biz/CCf...dfD5nusJ//ylCr4xXcGL/C_mUR6raGU2LDEeYr8_.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - URLSearchHook: (no name) - _{9368D063-44BE-49B9-BD14-BB9663FD38FC} - (no file)
    R3 - URLSearchHook: (no name) - _{1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
    R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
    R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Kitty Cat\Application Data\Mozilla\Profiles\default\awyb0c70.slt\prefs.js)
    O1 - Hosts: 64.91.255.87 www.dcsresearch.com
    O2 - BHO: (no name) - {3EC8E271-FAB9-418a-8A8E-65AEB4029E64} - (no file)
    O2 - BHO: (no name) - {60112085-E1CE-4e0e-823A-EBB1AD98804C} - (no file)
    O2 - BHO: (no name) - {72AC6865-B1D3-4C32-A27B-4B3BF04DE655} - (no file)
    O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
    O2 - BHO: (no name) - {B78C428C-7223-5BD2-7BBF-7EDF3D92BE47} - C:\PROGRA~1\COALFI~1\flag mpeg.exe
    O2 - BHO: CATLEvents Object - {BF755B85-EA69-4F58-9A59-D85F384A15FF} - C:\DOCUME~1\KITTYC~1\LOCALS~1\Temp\vrdpxe.dat
    O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
    O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Kitty Cat\Local Settings\Temp\HYjdS.dll
    O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
    O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [SysService32] C:\WINDOWS\systask32l.exe
    O4 - HKLM\..\Run: [Spe] C:\documents and settings\kitty cat\local settings\temp\Spe.exe
    O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
    O4 - HKLM\..\Run: [] C:\Program Files\winbas12.exe
    O4 - HKLM\..\Run: [Microsoft QMGR] msnqmgr.exe
    O4 - HKLM\..\Run: [dIQ] C:\documents and settings\kitty cat\local settings\temp\dIQ.exe
    O4 - HKLM\..\Run: [4fd43.exe] 4fd43.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [win_upd2.exe] C:\WINDOWS\System32\WINdirect.exe
    O4 - HKLM\..\Run: [SMx1uiyk] C:\documents and settings\kitty cat\local settings\temp\SMx1uiyk.exe
    O4 - HKLM\..\Run: [wpds.exe] C:\WINDOWS\System32\doriot.exe
    O4 - HKLM\..\Run: [iisac] C:\WINDOWS\Help\iisac.exe
    O4 - HKLM\..\Run: [ae2436f958c5] C:\WINDOWS\System32\ATMFD749.exe
    O4 - HKLM\..\Run: [WinTasks Traybar] C:\Program Files\LIUtilities\WinTasks\wintasks.exe traybar
    O4 - HKLM\..\Run: [*iisac] C:\WINDOWS\Help\iisac.exe
    O4 - HKLM\..\Run: [PCBG] C:\PROGRA~1\INTRIG~1\pcbodyguard.exe /start
    O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
    O4 - HKLM\..\Run: [*expdrv] C:\WINDOWS\Config\expdrv.exe
    O4 - HKLM\..\Run: [PLUS BYTE] C:\PROGRA~1\CLOSEF~1\manager rule 01.exe
    O4 - HKLM\..\RunServices: [Microsoft QMGR] msnqmgr.exe
    O4 - HKLM\..\RunOnce: [*expdrv] C:\WINDOWS\Config\expdrv.exe rerun
    O4 - HKCU\..\Run: [odbccr32] C:\WINDOWS\System32\odbccr32.exe
    O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Kitty Cat\Application Data\ttuh.exe
    O4 - HKCU\..\Run: [HB2qRXbqP] shfscard.exe
    O4 - HKCU\..\Run: [ssgrate.exe] C:\WINDOWS\System32\sysdoor.exe
    O4 - HKCU\..\Run: [win_upd2.exe] C:\WINDOWS\System32\WINdirect.exe
    O4 - HKCU\..\Run: [Vigcp] C:\WINDOWS\System32\lfh.exe
    O4 - HKCU\..\Run: [wpds.exe] C:\WINDOWS\System32\doriot.exe
    O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
    O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4390/mcfscan.cab

    :mad:
     
  8. stueycaster

    stueycaster

    Joined:
    Aug 8, 2004
    Messages:
    111
    Try Security Task Manager at www.neuber.com . I had msginav in my system. Nothing could take it out. Security Task Manager pointed it out as a real problem then took it out with no problem.
     
  9. pcpfactory

    pcpfactory Thread Starter

    Joined:
    Sep 9, 2004
    Messages:
    10
    :D :D :D :D :D
    AFTER ABOUT A MILLION SCANS AND DELETIONS I THINK I MIGHT FINALLY BE SAFE, HERE IS MY HIJACK THIS LOG, AFTER RESTARTING, NOT IN SAFE MODE


    Logfile of HijackThis v1.98.2
    Scan saved at 6:25:42 PM, on 9/11/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Unable to get Internet Explorer version!

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\BCMSMMSG.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\WINDOWS\System32\LXSUPMON.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\crypserv.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINDOWS\wanmpsvc.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\Config\expdrv.exe
    C:\Documents and Settings\Kitty Cat\Desktop\Stinky\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.fvlfsustfbatlklblzcsxtgn...dfD5nusJ//ylCr4xXcF5uupD0h2jR2U2LDEeYr8_.html
    O1 - Hosts: 64.91.255.87 www.dcsresearch.com
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: CATLEvents Object - {BF755B85-EA69-4F58-9A59-D85F384A15FF} - C:\DOCUME~1\KITTYC~1\LOCALS~1\Temp\vrdpxe.dat
    O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Kitty Cat\Local Settings\Temp\yuSm.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
    O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [WinTasks Traybar] C:\Program Files\LIUtilities\WinTasks\wintasks.exe traybar
    O4 - HKLM\..\Run: [PCBG] C:\PROGRA~1\INTRIG~1\pcbodyguard.exe /start
    O4 - HKCU\..\Run: [odbccr32] C:\WINDOWS\System32\odbccr32.exe
    O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
    O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4390/mcfscan.cab

    AM I DONE?
     
  10. FinestRanger

    FinestRanger

    Joined:
    Oct 13, 2003
    Messages:
    2,367
    Before we start, let's disable your System Restore. After the infection's been cleaned re-enable system restore.


    Disabling System Restore in Windows XP Disable System Restore in Windows ME

    IF, for some reason, you lose the ability to use IE or lose your internet connection...open HJT-->"Config"-->"Backups"-->"Restore".


    Open HiJackThis. Click "Scan". Put a checkmark next to these:

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.fvlfsustfbatlklblzcsxtgn...U2LDEeYr8_.html

    O1 - Hosts: 64.91.255.87 www.dcsresearch.com


    O2 - BHO: CATLEvents Object - {BF755B85-EA69-4F58-9A59-D85F384A15FF} - C:\DOCUME~1\KITTYC~1\LOCALS~1\Temp\vrdpxe.dat

    O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Kitty Cat\Local Settings\Temp\yuSm.dll

    The line below's an optional fix. It won't uninstall the program, it simply stops it from loading.

    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe



    Did you install WinTasks? If not, fix it with HiJackThis.

    O4 - HKLM\..\Run: [WinTasks Traybar] C:\Program Files\LIUtilities\WinTasks\wintasks.exe traybar


    O4 - HKCU\..\Run: [odbccr32] C:\WINDOWS\System32\odbccr32.exe

    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe



    Close ALL browser windows (except HiJackThis ;) ) and click "Fix checked."


    Re-start your computer.


    NEXT:


    Re-start your computer into safe mode:

    How to start your computer in Safe Mode

    NEXT:

    Because XP will not always show you hidden files and folders by default, Go to Start > Search under "More advanced search options", make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders"

    Next click on "My Computer". Go to "Tools" ---> "Folder Options". Click on the "View" tab and make sure that "Show hidden files and folders" is checked. Also, uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders"

    Click "Apply" then "OK".


    NEXT:

    Find and delete:

    odbccr32.exe




    Also in safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

    http://www.computerhope.com/issues/ch000225.htm

    Next navigate to the C:\Documents and Settings\ <user's name>\Local Settings\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

    Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Now click the "Delete Cookies" button and click OK.


    Empty the Recycle Bin


    Re-start your computer and post another HJT log.
     
  11. pcpfactory

    pcpfactory Thread Starter

    Joined:
    Sep 9, 2004
    Messages:
    10
    so far i have followed directions to a t. now i have an automatic updates icon on bottom left that does nothing when i click on it.positioning the mouse over it reveals Downloading Updates 0% and i can't go to automatic updates, also my right click no longer can maximize or close minimized programs at bottom of screen
    heres my NEW hijack this log

    Logfile of HijackThis v1.98.2
    Scan saved at 11:24:30 PM, on 9/11/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Unable to get Internet Explorer version!

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\BCMSMMSG.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\WINDOWS\System32\LXSUPMON.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\crypserv.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINDOWS\wanmpsvc.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Documents and Settings\Kitty Cat\Desktop\Stinky\HijackThis.exe

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [PCBG] C:\PROGRA~1\INTRIG~1\pcbodyguard.exe /start
    O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
    O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4390/mcfscan.cab
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/272641

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice