1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Trojan Backdoor Agent BA

Discussion in 'Virus & Other Malware Removal' started by Wheatthin77, Aug 13, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. Wheatthin77

    Wheatthin77 Thread Starter

    Joined:
    Jul 26, 2006
    Messages:
    22
    I ran avenger and cannot seem to remove the trojan backdoor (C:Windows\System32\winhb.dll). Whenever I try to delete the infected file, its say access denied. Any assistance is greatly appreciated.


    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Services\ouwanyme

    *******************

    Script file located at: \??\C:\Documents and Settings\dqpkfcob.txt
    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:



    Could not open file C:Windows\System32\winhb.dll for deletion
    Deletion of file C:Windows\System32\winhb.dll failed!

    Could not process line:
    C:Windows\System32\winhb.dll
    Status: 0xc000003a


    Completed script processing.

    *******************

    Finished! Terminate.



    HJT:

    Logfile of HijackThis v1.99.1
    Scan saved at 9:38:47 AM, on 8/12/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\HijackThis\HijackThis.exe

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {09F4E9B6-4978-120D-FA31-53AD044D9CC9} -
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1154652096936
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
     
  2. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
    Save The Avenger to your Desktop

    Run HijackThis and click Do a system scan only
    Put a checkmark next to each of the following entries that appear:

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

    Click Fix Checked and exit HijackThis

    Copy the contents of the following box to your clipboard:
    Run The Avenger and click OK
    Select Input script manually and click the magnifying glass icon
    In the View/edit script box, right-click and choose Paste
    Click Done. Press the button with a picture of a green light
    Choose Yes when prompted to execute the script and click Yes when asked to reboot your computer
    Post the contents of the file C:\Avenger.txt along with a new HijackThis log
     
  3. Wheatthin77

    Wheatthin77 Thread Starter

    Joined:
    Jul 26, 2006
    Messages:
    22
    The corrupt file is now gone...I didn't save the log on the first run...When I re-run it, it says that the file is not there. When I run my avg anti virius, it's telling me there are still 50+ infected objects and it will not allow me to remove them. Do you think that I should delete all files through avenger?

    Logfile of HijackThis v1.99.1
    Scan saved at 11:07:52 PM, on 8/13/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\Grisoft\AVG Free\avgwb.dat
    C:\Program Files\HijackThis\HijackThis.exe

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {09F4E9B6-4978-120D-FA31-53AD044D9CC9} -
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154652096936
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    ogfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Services\ltrkbhlr

    *******************

    Script file located at: \??\C:\Documents and Settings\bfbimiom.txt
    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:



    File C:\Windows\System32\winhb.dll not found!
    Deletion of file C:\Windows\System32\winhb.dll failed!

    Could not process line:
    C:\Windows\System32\winhb.dll
    Status: 0xc0000034


    Completed script processing.

    *******************

    Finished! Terminate.
     
  4. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
  5. Wheatthin77

    Wheatthin77 Thread Starter

    Joined:
    Jul 26, 2006
    Messages:
    22
    C:\Program Files\America Online 8.0\download\5.dat Trojan horse Downloader.Agent.3.AO Infected
    C:\Program Files\America Online 8.0\download\rmtct.exe Trojan horse Clicker.AAS Infected
    C:\Program Files\Internet Explorer\a.exe Trojan horse Downloader.Small.40.AK Infected
    C:\Recycled\Q375359.exe Trojan horse Downloader.Small.28.AU Infected
    C:\RECYCLER\S-1-5-18\Dc1.DAT Trojan horse PSW.Agent.2.AQ Infected
    C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP331\A0066859.exe Trojan horse Downloader.Zlob.CGY Infected
    C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP336\A0067861.exe Trojan horse Downloader.Zlob.CGY Infected
    C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP336\A0068862.exe Trojan horse Downloader.Zlob.CGY Infected
    C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP336\A0069866.exe Trojan horse Downloader.Zlob.CGY Infected
    C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP336\A0070861.exe Trojan horse Downloader.Zlob.CGY Infected
    C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP336\A0070864.dll Trojan horse Startpage.19.AN Infected
    C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP336\A0070870.exe Trojan horse Downloader.Zlob.CGY Infected
    C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP336\A0070882.exe Trojan horse Downloader.Zlob.CGY Infected
    C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP336\A0070890.exe Trojan horse Downloader.Zlob.CGY Infected
    C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP336\A0071890.exe Trojan horse Downloader.Zlob.CGY Infected
    C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP340\A0072189.exe Trojan horse Downloader.Zlob.CGY Infected
    C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP340\A0073185.exe Trojan horse Downloader.Zlob.CGY Infected
    C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP340\A0074185.exe Trojan horse Downloader.Zlob.CGY Infected
    C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP340\A0074194.exe Trojan horse Downloader.Zlob.CGY Infected
    C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP340\A0074208.exe Trojan horse Downloader.Zlob.CGY Infected
    C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP340\A0075208.exe Trojan horse Downloader.Zlob.CGY Infected
    C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP341\A0075217.exe Trojan horse Downloader.Zlob.CGY Infected
    C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP341\A0076217.exe Trojan horse Downloader.Zlob.CGY Infected
    C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP342\A0077217.exe Trojan horse Downloader.Zlob.CGY Infected
    C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP342\A0078217.exe Trojan horse Downloader.Small.28.AU Infected
    C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP342\A0078218.exe Trojan horse Downloader.Agent.5.AG Infected
    C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP342\A0078219.exe Trojan horse Downloader.Zlob.CHA Infected
    C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP342\A0078220.exe Trojan horse Downloader.Zlob.CGY Infected
    C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP342\A0078221.exe Trojan horse PSW.Agent.2.W Infected
    C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP342\A0078392.exe Trojan horse Downloader.Small.8.R Infected
    C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP342\A0078393.exe Trojan horse Clicker.AD Infected
    C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP342\A0078395.exe Trojan horse Downloader.Agent.4.AO Infected
    C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP342\A0078397.exe Trojan horse Clicker.6.AR Infected
    C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP342\A0078398.exe Trojan horse Clicker.6.AT Infected
    C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP342\A0078399.exe Trojan horse Downloader.Agent.4.AX Infected
    C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP342\A0078400.exe Trojan horse Downloader.Agent.5.C Infected
    C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP342\A0078401.exe Trojan horse Startpage.13.D Infected
    C:\WINDOWS\restore.dat Trojan horse Downloader.Agent.6.AR Infected
    C:\WINDOWS\srt_iehost.dll Trojan horse Downloader.Agent.5.AF Infected
    C:\WINDOWS\Downloaded Program Files\orxmdzyy.exe Trojan horse Downloader.Delf.4.J Infected
    C:\WINDOWS\Downloaded Program Files\ProfR1G.exe Trojan horse Downloader.Istbar.4.Q Infected
    C:\WINDOWS\Downloaded Program Files\Q375359.exe Trojan horse Downloader.Small.28.AU Infected
    C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ProfR1G.exe Trojan horse Downloader.Istbar.4.Q Infected
    C:\WINDOWS\Downloaded Program Files\CONFLICT.2\ProfR1G.exe Trojan horse Downloader.Istbar.4.Q Infected
    C:\WINDOWS\SYSTEM\121336.exe Trojan horse Dialer.7.N Infected
    C:\WINDOWS\SYSTEM\121690.exe Trojan horse Dialer Infected
    C:\WINDOWS\SYSTEM32\DlhR6z5p.exe Trojan horse Downloader.VB.4.AG Infected
    C:\WINDOWS\SYSTEM32\EGCOMSERVICE2.dll Trojan horse Dialer.21.AR Infected
    C:\WINDOWS\SYSTEM32\EGCOMSERVICE_1053.dll Trojan horse Dialer.12.BN Infected
    C:\WINDOWS\SYSTEM32\Kxjno.exe Trojan horse Downloader.VB.4.AG Infected
    C:\WINDOWS\SYSTEM32\LjpiOq5.exe Trojan horse Downloader.VB.4.AG Infected
    C:\WINDOWS\SYSTEM32\Rbl7x.exe Trojan horse Downloader.VB.4.AG Infected
    C:\WINDOWS\SYSTEM32\Rdrc4j1S.exe Trojan horse Downloader.VB.4.AG Infected
    C:\WINDOWS\SYSTEM32\YbtiPy8.exe Trojan horse Downloader.VB.4.AG Infected
    C:\WINDOWS\SYSTEM32\golumm\services.exe Trojan horse Downloader.Agent.3.AO Infected
    C:\WINDOWS\Temp\rccvsm.dat Trojan horse PSW.Agent.2.AQ Infected
     
  6. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
    Go to Start>>Run. Type msconfig and press Enter
    Click Launch System Restore then click System Restore Settings
    Put a checkmark next to Turn off system restore on all drives and click Apply>>OK
    Close System Restore utility and the System Configuration Utility

    Copy the contents of the following box to your clipboard:
    Run The Avenger and click OK
    Select Input script manually and click the magnifying glass icon
    In the View/edit script box, right-click and choose Paste
    Click Done. Press the button with a picture of a green light
    Choose Yes when prompted to execute the script and click Yes when asked to reboot your computer

    Go to Start>>Run. Type msconfig and press Enter
    Click Launch System Restore then click System Restore Settings
    Uncheck Turn off system restore on all drives and click Apply>>OK
    Close System Restore utility and the System Configuration Utility
     
  7. Wheatthin77

    Wheatthin77 Thread Starter

    Joined:
    Jul 26, 2006
    Messages:
    22
    I was recently booted by my cable company for having an open proxy. Do you think that its safe enough to go back online to download the service pack.. I have not been back online with that pc since they said that I would be suspended if the proxy is still open...I cant thank you enough for your help with this...
     
  8. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
    Yeah, just install a firewall when you get it back online.
     
  9. Wheatthin77

    Wheatthin77 Thread Starter

    Joined:
    Jul 26, 2006
    Messages:
    22
    Thanks! I will now go back online and download the service pack...Attached, is the HJT/Avenger log


    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Services\ojakeafk

    *******************

    Script file located at: \??\C:\WINDOWS\gqehinfo.txt
    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    File C:\Program Files\America Online 8.0\download\5.dat deleted successfully.
    File C:\Program Files\America Online 8.0\download\rmtct.exe deleted successfully.
    File C:\Program Files\Internet Explorer\a.exe deleted successfully.
    File C:\Recycled\Q375359.exe deleted successfully.
    File C:\RECYCLER\S-1-5-18\Dc1.DAT deleted successfully.
    File C:\WINDOWS\restore.dat deleted successfully.
    File C:\WINDOWS\srt_iehost.dll deleted successfully.
    File C:\WINDOWS\Downloaded Program Files\orxmdzyy.exe deleted successfully.
    File C:\WINDOWS\Downloaded Program Files\ProfR1G.exe deleted successfully.
    File C:\WINDOWS\Downloaded Program Files\Q375359.exe deleted successfully.
    File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ProfR1G.exe deleted successfully.
    File C:\WINDOWS\Downloaded Program Files\CONFLICT.2\ProfR1G.exe deleted successfully.
    File C:\WINDOWS\SYSTEM\121336.exe deleted successfully.
    File C:\WINDOWS\SYSTEM\121690.exe deleted successfully.
    File C:\WINDOWS\SYSTEM32\DlhR6z5p.exe deleted successfully.
    File C:\WINDOWS\SYSTEM32\EGCOMSERVICE2.dll deleted successfully.
    File C:\WINDOWS\SYSTEM32\EGCOMSERVICE_1053.dll deleted successfully.
    File C:\WINDOWS\SYSTEM32\Kxjno.exe deleted successfully.
    File C:\WINDOWS\SYSTEM32\LjpiOq5.exe deleted successfully.
    File C:\WINDOWS\SYSTEM32\Rbl7x.exe deleted successfully.
    File C:\WINDOWS\SYSTEM32\Rdrc4j1S.exe deleted successfully.
    File C:\WINDOWS\SYSTEM32\YbtiPy8.exe deleted successfully.
    File C:\WINDOWS\SYSTEM32\golumm\services.exe deleted successfully.
    File C:\WINDOWS\Temp\rccvsm.dat deleted successfully.

    Completed script processing.

    *******************

    Finished! Terminate.

    Logfile of HijackThis v1.99.1
    Scan saved at 11:39:20 PM, on 8/13/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\HijackThis\HijackThis.exe

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {09F4E9B6-4978-120D-FA31-53AD044D9CC9} -
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154652096936
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
     
  10. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
    Ok, everything should be fixed after you get the service pack installed.
    Then go to http://www.windowsupdate.com and get the updates for your computer
     
  11. Wheatthin77

    Wheatthin77 Thread Starter

    Joined:
    Jul 26, 2006
    Messages:
    22
    For some odd reason, it's not allowing me to download the service pack...I get an error from Internet explorer...Internet explorer has encountered a problem and needs to to close. We are sorry for any inconvenience.
     
  12. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
  13. Wheatthin77

    Wheatthin77 Thread Starter

    Joined:
    Jul 26, 2006
    Messages:
    22
    Everything seems to be working pretty good....Thank you! Thank you! Thank you!

    How do I default my browser to Internet Explorer...it keeps going to AOL and I can't stand it.
     
  14. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
    Do you use AOL? If not, just uninstall it from Start>>Control Panel>>Add or Remove Programs
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/492121

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice