so far no one can help me.....can you?

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

pcpfactory

Thread Starter
Joined
Sep 9, 2004
Messages
10
I HAVE BEEN TOLD THAT I HAVE MAJOR PROBLEMS IN MY COMPUTER AND NO-ONE CAN HELP ME PLEASE TRY

WINDOWS XP, RAN AD AWARE I HAVE NO VIRYS PROTECTION, CAN YOU RECOMMEND A FREE ONE?

HIJACK THIS LOG

Logfile of HijackThis v1.98.2
Scan saved at 7:26:35 PM, on 9/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\winbas12.exe
C:\WINDOWS\System32\msnqmgr.exe
C:\documents and settings\kitty cat\local settings\temp\dIQ.exe
C:\WINDOWS\4fd43.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\documents and settings\kitty cat\local settings\temp\SMx1uiyk.exe
C:\WINDOWS\System32\ATMFD749.exe
C:\Program Files\LIUtilities\WinTasks\wintasks.exe
C:\WINDOWS\Config\expdrv.exe
C:\WINDOWS\System32\odbccr32.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\crypserv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Kitty Cat\Desktop\Stinky\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.qjaluhgcgpwhifp.com/CCfe9TnmBLvjwXgG6FUwoo1VdfD5nusJ//ylCr4xXcF17W4/KNV2wGU2LDEeYr8_.cgi
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - _{9368D063-44BE-49B9-BD14-BB9663FD38FC} - (no file)
R3 - URLSearchHook: (no name) - _{1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Kitty Cat\Application Data\Mozilla\Profiles\default\awyb0c70.slt\prefs.js)
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {3EC8E271-FAB9-418a-8A8E-65AEB4029E64} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {60112085-E1CE-4e0e-823A-EBB1AD98804C} - (no file)
O2 - BHO: (no name) - {72AC6865-B1D3-4C32-A27B-4B3BF04DE655} - (no file)
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
O2 - BHO: (no name) - {B78C428C-7223-5BD2-7BBF-7EDF3D92BE47} - C:\PROGRA~1\COALFI~1\flag mpeg.exe
O2 - BHO: CATLEvents Object - {BF755B85-EA69-4F58-9A59-D85F384A15FF} - C:\DOCUME~1\KITTYC~1\LOCALS~1\Temp\vrdpxe.dat
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Kitty Cat\Local Settings\Temp\V8WZjORLt.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [SysService32] C:\WINDOWS\systask32l.exe
O4 - HKLM\..\Run: [Spe] C:\documents and settings\kitty cat\local settings\temp\Spe.exe
O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [] C:\Program Files\winbas12.exe
O4 - HKLM\..\Run: [Microsoft QMGR] msnqmgr.exe
O4 - HKLM\..\Run: [dIQ] C:\documents and settings\kitty cat\local settings\temp\dIQ.exe
O4 - HKLM\..\Run: [4fd43.exe] 4fd43.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [win_upd2.exe] C:\WINDOWS\System32\WINdirect.exe
O4 - HKLM\..\Run: [SMx1uiyk] C:\documents and settings\kitty cat\local settings\temp\SMx1uiyk.exe
O4 - HKLM\..\Run: [wpds.exe] C:\WINDOWS\System32\doriot.exe
O4 - HKLM\..\Run: [iisac] C:\WINDOWS\Help\iisac.exe
O4 - HKLM\..\Run: [ae2436f958c5] C:\WINDOWS\System32\ATMFD749.exe
O4 - HKLM\..\Run: [WinTasks Traybar] C:\Program Files\LIUtilities\WinTasks\wintasks.exe traybar
O4 - HKLM\..\Run: [*iisac] C:\WINDOWS\Help\iisac.exe
O4 - HKLM\..\Run: [PCBG] C:\PROGRA~1\INTRIG~1\pcbodyguard.exe /start
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [*expdrv] C:\WINDOWS\Config\expdrv.exe
O4 - HKLM\..\Run: [PLUS BYTE] C:\PROGRA~1\CLOSEF~1\manager rule 01.exe
O4 - HKLM\..\RunServices: [Microsoft QMGR] msnqmgr.exe
O4 - HKLM\..\RunOnce: [*expdrv] C:\WINDOWS\Config\expdrv.exe rerun
O4 - HKCU\..\Run: [odbccr32] C:\WINDOWS\System32\odbccr32.exe
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Kitty Cat\Application Data\ttuh.exe
O4 - HKCU\..\Run: [HB2qRXbqP] shfscard.exe
O4 - HKCU\..\Run: [key] C:\WINDOWS\System32\sys_xp.exe
O4 - HKCU\..\Run: [ssgrate.exe] C:\WINDOWS\System32\sysdoor.exe
O4 - HKCU\..\Run: [win_upd2.exe] C:\WINDOWS\System32\WINdirect.exe
O4 - HKCU\..\Run: [Vigcp] C:\WINDOWS\System32\lfh.exe
O4 - HKCU\..\Run: [wpds.exe] C:\WINDOWS\System32\doriot.exe
O4 - HKCU\..\RunOnce: [SysService32] C:\WINDOWS\System32\ln32k.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
 

buck52

Banned
Joined
Mar 9, 2001
Messages
8,372
be patient...

I'm no expert but I'll see if I can find one or you...
and I'm going to move you to security...

buck
 
Joined
Aug 25, 2004
Messages
893
Hello..

Well, it looks like you have a few viruses/trojans on your system.

You really should go to the following link and download SYSCLEAN from TrendMicro..

http://www.trendmicro.com/download/dcs.asp

After you download that, you will have to download the latest virus patterns...

http://www.trendmicro.com/download/pattern.asp

Create a folder and put the SYSCLEAN.COM in that folder. Extract the pattern file to the same folder that SYSCLEAN is in.

Reboot your system into SAFE MODE, open the folder that SYSCLEAN is in, double click SYSCLEAN.

This will clean the viruses/trojans off of your system.

As for a free antivirus program.. I don't know of a FREE one. However, most of them have 30 day trial ones.

Hope that helps a little...

Shane
 
Joined
Oct 13, 2003
Messages
2,367
Download and save these freeware/donationware programs to a permanent folder. Remember to check for updates and run them weekly.

***NOTE***A new version of SpyBot's been released (v1.3...it's no longer in beta). If you have been using 1.2 you can install right over it. If you downloaded and used 1.3 beta it is suggested you remove it and reboot prior to installing.


Ad-aware SE download

Configure Ad-aware:

First in the main window look in the bottom right corner and click on "Check for updates now." then click Connect and download the latest reference files.

From the main window, click Start then under "Select a scan Mode select "Perform full system scan.

Next deselect "Search for negligible risk entries.

Click the "Next" button.

When the scan is finished mark everything for removal and get delete the selections. (Right-click within the window and choose "Select All" from the drop down menu and click Next)

Restart your computer.


SpyBot Search and Destroy download

I also highly recommend you install and update SpywareBlaster


Tutorials:

Ad-aware tutorial link

SpyBot 1.3 tutorial link

SpywareBlaster tutorial link
http://www.bleepingcomputer.com/forums/index.php?showtutorial=49


Run Ad-aware and Spybot in Safe Mode.

How to start your computer in Safe Mode


Re-start your computer and post another HJT log in this thread.
 

pcpfactory

Thread Starter
Joined
Sep 9, 2004
Messages
10
i didn't find anything called sysclean on that link
i searched for it, thought i found it, downloaded it and now i can't find it
:mad:
 
Joined
Oct 13, 2003
Messages
2,367
You've got quite a mess there.

Do the Ad-aware and Spybot scans.

Then...

***NOTE*** Disable any active resident Anti-virus program before running the scans

Run at least one of these two on-line anti-virus programs.

As applicable, make sure the "heuristics" and "Auto Clean" boxes are checked.

If anything's found, allow it to clean the file. If it's "uncleanable" DELETE everything the virus scan finds.

Re-start the computer between each scan.


Trend Micro's free on-line scan

Panda's free on-line scan

Restart and post another HiJackThis log.
 

pcpfactory

Thread Starter
Joined
Sep 9, 2004
Messages
10
i performed both scans above and there were multiple files that the first one said were being used by another program
the second one said that there was a virus it couldn't clean
also i try to download windows update service pack 2 and it fails every time
following is my NEW hijack this log

Logfile of HijackThis v1.98.2
Scan saved at 3:27:00 AM, on 9/11/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\winbas12.exe
C:\WINDOWS\System32\msnqmgr.exe
C:\WINDOWS\4fd43.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\documents and settings\kitty cat\local settings\temp\SMx1uiyk.exe
C:\WINDOWS\System32\ATMFD749.exe
C:\Program Files\LIUtilities\WinTasks\wintasks.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\crypserv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Config\expdrv.exe
C:\WINDOWS\System32\odbccr32.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Kitty Cat\Desktop\Stinky\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.lylhgieuwhkkdtwg.biz/CCf...dfD5nusJ//ylCr4xXcGL/C_mUR6raGU2LDEeYr8_.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - _{9368D063-44BE-49B9-BD14-BB9663FD38FC} - (no file)
R3 - URLSearchHook: (no name) - _{1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Kitty Cat\Application Data\Mozilla\Profiles\default\awyb0c70.slt\prefs.js)
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {3EC8E271-FAB9-418a-8A8E-65AEB4029E64} - (no file)
O2 - BHO: (no name) - {60112085-E1CE-4e0e-823A-EBB1AD98804C} - (no file)
O2 - BHO: (no name) - {72AC6865-B1D3-4C32-A27B-4B3BF04DE655} - (no file)
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
O2 - BHO: (no name) - {B78C428C-7223-5BD2-7BBF-7EDF3D92BE47} - C:\PROGRA~1\COALFI~1\flag mpeg.exe
O2 - BHO: CATLEvents Object - {BF755B85-EA69-4F58-9A59-D85F384A15FF} - C:\DOCUME~1\KITTYC~1\LOCALS~1\Temp\vrdpxe.dat
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Kitty Cat\Local Settings\Temp\HYjdS.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [SysService32] C:\WINDOWS\systask32l.exe
O4 - HKLM\..\Run: [Spe] C:\documents and settings\kitty cat\local settings\temp\Spe.exe
O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [] C:\Program Files\winbas12.exe
O4 - HKLM\..\Run: [Microsoft QMGR] msnqmgr.exe
O4 - HKLM\..\Run: [dIQ] C:\documents and settings\kitty cat\local settings\temp\dIQ.exe
O4 - HKLM\..\Run: [4fd43.exe] 4fd43.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [win_upd2.exe] C:\WINDOWS\System32\WINdirect.exe
O4 - HKLM\..\Run: [SMx1uiyk] C:\documents and settings\kitty cat\local settings\temp\SMx1uiyk.exe
O4 - HKLM\..\Run: [wpds.exe] C:\WINDOWS\System32\doriot.exe
O4 - HKLM\..\Run: [iisac] C:\WINDOWS\Help\iisac.exe
O4 - HKLM\..\Run: [ae2436f958c5] C:\WINDOWS\System32\ATMFD749.exe
O4 - HKLM\..\Run: [WinTasks Traybar] C:\Program Files\LIUtilities\WinTasks\wintasks.exe traybar
O4 - HKLM\..\Run: [*iisac] C:\WINDOWS\Help\iisac.exe
O4 - HKLM\..\Run: [PCBG] C:\PROGRA~1\INTRIG~1\pcbodyguard.exe /start
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [*expdrv] C:\WINDOWS\Config\expdrv.exe
O4 - HKLM\..\Run: [PLUS BYTE] C:\PROGRA~1\CLOSEF~1\manager rule 01.exe
O4 - HKLM\..\RunServices: [Microsoft QMGR] msnqmgr.exe
O4 - HKLM\..\RunOnce: [*expdrv] C:\WINDOWS\Config\expdrv.exe rerun
O4 - HKCU\..\Run: [odbccr32] C:\WINDOWS\System32\odbccr32.exe
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Kitty Cat\Application Data\ttuh.exe
O4 - HKCU\..\Run: [HB2qRXbqP] shfscard.exe
O4 - HKCU\..\Run: [ssgrate.exe] C:\WINDOWS\System32\sysdoor.exe
O4 - HKCU\..\Run: [win_upd2.exe] C:\WINDOWS\System32\WINdirect.exe
O4 - HKCU\..\Run: [Vigcp] C:\WINDOWS\System32\lfh.exe
O4 - HKCU\..\Run: [wpds.exe] C:\WINDOWS\System32\doriot.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4390/mcfscan.cab

:mad:
 
Joined
Aug 8, 2004
Messages
111
Try Security Task Manager at www.neuber.com . I had msginav in my system. Nothing could take it out. Security Task Manager pointed it out as a real problem then took it out with no problem.
 

pcpfactory

Thread Starter
Joined
Sep 9, 2004
Messages
10
:D :D :D :D :D
AFTER ABOUT A MILLION SCANS AND DELETIONS I THINK I MIGHT FINALLY BE SAFE, HERE IS MY HIJACK THIS LOG, AFTER RESTARTING, NOT IN SAFE MODE


Logfile of HijackThis v1.98.2
Scan saved at 6:25:42 PM, on 9/11/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\crypserv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Config\expdrv.exe
C:\Documents and Settings\Kitty Cat\Desktop\Stinky\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.fvlfsustfbatlklblzcsxtgn...dfD5nusJ//ylCr4xXcF5uupD0h2jR2U2LDEeYr8_.html
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CATLEvents Object - {BF755B85-EA69-4F58-9A59-D85F384A15FF} - C:\DOCUME~1\KITTYC~1\LOCALS~1\Temp\vrdpxe.dat
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Kitty Cat\Local Settings\Temp\yuSm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinTasks Traybar] C:\Program Files\LIUtilities\WinTasks\wintasks.exe traybar
O4 - HKLM\..\Run: [PCBG] C:\PROGRA~1\INTRIG~1\pcbodyguard.exe /start
O4 - HKCU\..\Run: [odbccr32] C:\WINDOWS\System32\odbccr32.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4390/mcfscan.cab

AM I DONE?
 
Joined
Oct 13, 2003
Messages
2,367
Before we start, let's disable your System Restore. After the infection's been cleaned re-enable system restore.


Disabling System Restore in Windows XP Disable System Restore in Windows ME

IF, for some reason, you lose the ability to use IE or lose your internet connection...open HJT-->"Config"-->"Backups"-->"Restore".


Open HiJackThis. Click "Scan". Put a checkmark next to these:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.fvlfsustfbatlklblzcsxtgn...U2LDEeYr8_.html

O1 - Hosts: 64.91.255.87 www.dcsresearch.com


O2 - BHO: CATLEvents Object - {BF755B85-EA69-4F58-9A59-D85F384A15FF} - C:\DOCUME~1\KITTYC~1\LOCALS~1\Temp\vrdpxe.dat

O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Kitty Cat\Local Settings\Temp\yuSm.dll

The line below's an optional fix. It won't uninstall the program, it simply stops it from loading.

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe



Did you install WinTasks? If not, fix it with HiJackThis.

O4 - HKLM\..\Run: [WinTasks Traybar] C:\Program Files\LIUtilities\WinTasks\wintasks.exe traybar


O4 - HKCU\..\Run: [odbccr32] C:\WINDOWS\System32\odbccr32.exe

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe



Close ALL browser windows (except HiJackThis ;) ) and click "Fix checked."


Re-start your computer.


NEXT:


Re-start your computer into safe mode:

How to start your computer in Safe Mode

NEXT:

Because XP will not always show you hidden files and folders by default, Go to Start > Search under "More advanced search options", make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders"

Next click on "My Computer". Go to "Tools" ---> "Folder Options". Click on the "View" tab and make sure that "Show hidden files and folders" is checked. Also, uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders"

Click "Apply" then "OK".


NEXT:

Find and delete:

odbccr32.exe




Also in safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

http://www.computerhope.com/issues/ch000225.htm

Next navigate to the C:\Documents and Settings\ <user's name>\Local Settings\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Now click the "Delete Cookies" button and click OK.


Empty the Recycle Bin


Re-start your computer and post another HJT log.
 

pcpfactory

Thread Starter
Joined
Sep 9, 2004
Messages
10
so far i have followed directions to a t. now i have an automatic updates icon on bottom left that does nothing when i click on it.positioning the mouse over it reveals Downloading Updates 0% and i can't go to automatic updates, also my right click no longer can maximize or close minimized programs at bottom of screen
heres my NEW hijack this log

Logfile of HijackThis v1.98.2
Scan saved at 11:24:30 PM, on 9/11/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\crypserv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Kitty Cat\Desktop\Stinky\HijackThis.exe

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCBG] C:\PROGRA~1\INTRIG~1\pcbodyguard.exe /start
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4390/mcfscan.cab
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top