Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I got the Dr Watson Post Mortem Debugger

Started by CestLaVie , Mar 19 2005 12:25 AM

  • Please log in to reply

#16
CestLaVie
Posted 22 April 2005 - 12:16 PM

CestLaVie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
Ok heres what i got for active but for some reason i couldnt get a read out on the micro trend. all it did was just scan and then told me i had 9 uncleanable files and said that i couldnt destroy them and like it didnt give me any other options for like a readme or an overview or anything so if you can tell me how.

I have another problem now. my computer like whne i get on the internet it always loads the screen up and then it says i says that my browser doesnt work or something like i have to install it




well heres active scans report ( again i dont have the Micro trend cause i dont know how to get the report)


Incident Status Location

Virus:Trj/Agent.PF Disinfected Operating system
Adware:Adware/MyWebSearch No disinfected C:\PROGRA~1\Toolbar\TBPSSvc.exe
Adware:Adware/FIsearch No disinfected C:\WINDOWS\isrvs\msdbhk.dll
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\qh4mkbv9.dll
Adware:Adware/IESearchBar No disinfected C:\WINDOWS\isrvs\mfiltis.dll
Adware:Adware/WinAD No disinfected C:\Program Files\Media Access\MediaAccK.exe
Spyware:Spyware/Dyfuca No disinfected C:\Program Files\Lxmgivd\Lmnvmtq.exe
Adware:Adware/WinAD No disinfected C:\Program Files\Media Access\MediaAccess.exe
Adware:Adware/WinAD No disinfected C:\Program Files\Media Access\MediaAccC.dll
Adware:Adware/MyWebSearch No disinfected C:\PROGRA~1\Toolbar\TBPS.exe
Adware:Adware/WinTools No disinfected C:\PROGRA~1\Toolbar\common.dll
Adware:Adware/MyWebSearch No disinfected C:\PROGRA~1\Toolbar\toolbar.dll
Spyware:Spyware/ISTbar No disinfected C:\Program Files\ISTsvc\istsvc.exe
Adware:Adware/IESearchBar No disinfected C:\WINDOWS\isrvs\desktop.exe
Spyware:Spyware/Dyfuca No disinfected C:\Program Files\Internet Optimizer\optimize.exe
Adware:Adware/MyWebSearch No disinfected C:\PROGRA~1\Toolbar\PIB.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\ap9h4qmo.exe
Adware:Adware/nCase No disinfected c:\program files\180solutions\sais.exe
Adware:Adware/nCase No disinfected c:\program files\180solutions\saishook.dll
Adware:Adware/WinAD No disinfected C:\PROGRA~1\MEDIAA~1\MEDIAA~2.EXE
Spyware:Spyware/Dyfuca No disinfected C:\PROGRA~1\Lxmgivd\Lmnvmtq.exe
Adware:Adware/MyWebSearch No disinfected C:\PROGRA~1\Toolbar\TBPS.exe
Spyware:Spyware/ISTbar No disinfected C:\PROGRA~1\ISTsvc\istsvc.exe
Adware:Adware/IESearchBar No disinfected C:\WINDOWS\isrvs\desktop.exe
Adware:Adware/ISearch No disinfected C:\WINDOWS\isrvs\FFISEA~1.EXE
Spyware:Spyware/Dyfuca No disinfected C:\PROGRA~1\INTERN~2\optimize.exe
Adware:Adware/nCase No disinfected c:\PROGRA~1\180SOL~1\sais.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\ap9h4qmo.exe
Adware:Adware/nCase No disinfected C:\WINDOWS\ohufabah.exe
Adware:Adware/DealHelper No disinfected C:\WINDOWS\system32\Iilzlf.exe
Adware:Adware/SaveNow No disinfected Windows Registry
Adware:Adware/Gator No disinfected C:\WINDOWS\FT*_GEPFAH.EXE
Adware:Adware/MyWay No disinfected Windows Registry
Adware:Adware/nCase No disinfected C:\Program Files\180solutions
Spyware:Spyware/Dyfuca No disinfected C:\Program Files\Internet Optimizer
Spyware:Spyware/ISTbar No disinfected C:\Program Files\Common Files\Totem Shared
Adware:Adware/PowerScan No disinfected C:\Program Files\Power Scan
Adware:Adware/SAHAgent No disinfected Windows Registry
Adware:Adware/CWS No disinfected C:\Documents and Settings\Josh Nguyen\Favorites\Fun & Games\Betting.lnk
Adware:Adware/BHO No disinfected Windows Registry
Adware:Adware/Apropos No disinfected C:\DOCUME~1\JOSHNG~1\LOCALS~1\Temp\cfout.txt
Adware:Adware/WinTools No disinfected C:\PROGRA~1\Toolbar\toolbar.dll
Adware:Adware/SideFind No disinfected C:\Program Files\SideFind
Adware:Adware/NavHelper No disinfected C:\Program Files\Ares
Adware:Adware/DealHelper No disinfected C:\WINDOWS\system32\DealHelper
Adware:Adware/ISearch No disinfected C:\WINDOWS\isrvs
Adware:Adware/WildTangent No disinfected C:\WINDOWS\wt
Adware:Adware/WUpd No disinfected C:\Program Files\Media Access
Spyware:Spyware/Altnet No disinfected Windows Registry
Adware:Adware/EliteBar No disinfected C:\WINDOWS\EliteSideBar
Adware:Adware/Beginto No disinfected C:\WINDOWS\system32\nsr7B.dll
Adware:Adware/MyWebSearch No disinfected Windows Registry
Adware:Adware/SuperSpider No disinfected C:\WINDOWS\msxmidi.exe
Spyware:Spyware/YourSiteBar No disinfected C:\Program Files\YourSiteBar
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Josh Nguyen\Favorites\Sites about\Broadband comparison.url
Adware:Adware/Transponder No disinfected Windows Registry
Adware:Adware/P2PNetworking No disinfected C:\WINDOWS\system32\P2P Networking
Adware:Adware/ISearch No disinfected C:\Documents and Settings\Josh Nguyen\Local Settings\Temp\B52416552\build2.exe
Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\Josh Nguyen\Local Settings\Temp\BundleLite_westfrontier1001.exe
Spyware:Spyware/BetterInet No disinfected C:\Documents and Settings\Josh Nguyen\Local Settings\Temp\HQP\uacupg.exe
Spyware:Spyware/Dyfuca No disinfected C:\Documents and Settings\Josh Nguyen\Local Settings\Temp\optimize.exe
Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\Josh Nguyen\Local Settings\Temp\R7UL9JJD.dll
Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\Josh Nguyen\Local Settings\Temp\setup4002b.cab
Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\Josh Nguyen\Local Settings\Temp\setup4002b.cab[lkir8l2gm_.dll]
Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\Josh Nguyen\Local Settings\Temp\setup4002b.cab[abasa5jrp_.exe]
Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\Josh Nguyen\Local Settings\Temp\setup4002b.cab[u6f6uftuc_.exe]
Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\Josh Nguyen\Local Settings\Temp\setup4002b.cab[hochkaod3_.exe]
Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\Josh Nguyen\Local Settings\Temp\setup4002b.cab[u6f6uftuc_.ini]
Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\Josh Nguyen\Local Settings\Temp\setup4002b.cab[hochkaod3_.ini]
Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\Josh Nguyen\Local Settings\Temp\setup4002b.cab[setup4002b.ini]
Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\Josh Nguyen\Local Settings\Temp\setup4002b.cab[webinstaller.dll]
Adware:Adware/SideFind No disinfected C:\Documents and Settings\Josh Nguyen\Local Settings\Temp\sidefind.exe
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Josh Nguyen\Local Settings\Temp\temp.frF78D
Adware:Adware/nCase No disinfected C:\Program Files\180Solutions\sais.exe
Adware:Adware/nCase No disinfected C:\Program Files\180Solutions\saishook.dll
Spyware:Spyware/Dyfuca No disinfected C:\Program Files\Internet Optimizer\optimize.exe
Spyware:Spyware/ISTbar No disinfected C:\Program Files\ISTsvc\istsvc.exe
Spyware:Spyware/Dyfuca No disinfected C:\Program Files\Lxmgivd\Lmnvmtq.exe
Adware:Adware/WinAD No disinfected C:\Program Files\Media Access\MediaAccC.dll
Adware:Adware/WinAD No disinfected C:\Program Files\Media Access\MediaAccess.exe
Adware:Adware/WinAD No disinfected C:\Program Files\Media Access\MediaAccK.exe
Adware:Adware/SideFind No disinfected C:\Program Files\SideFind\sfbho.dll
Adware:Adware/SideFind No disinfected C:\Program Files\SideFind\sidefind.dll
Adware:Adware/SideFind No disinfected C:\Program Files\SideFind\update\sidefind.exe
Adware:Adware/WinTools No disinfected C:\Program Files\Toolbar\common.dll
Adware:Adware/MyWebSearch No disinfected C:\Program Files\Toolbar\nzqlihv.wzg
Adware:Adware/MyWebSearch No disinfected C:\Program Files\Toolbar\PIB.exe
Adware:Adware/MyWebSearch No disinfected C:\Program Files\Toolbar\TBPS.exe
Adware:Adware/MyWebSearch No disinfected C:\Program Files\Toolbar\TBPSSvc.exe
Adware:Adware/MyWebSearch No disinfected C:\Program Files\Toolbar\toolbar.dll
Spyware:Spyware/YourSiteBar No disinfected C:\Program Files\YourSiteBar\ysb.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\47354531.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\a95kfrhe.exe
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\Bolger.dll
Adware:Adware/ISearch No disinfected C:\WINDOWS\delprot.ini
Adware:Adware/WinAD No disinfected C:\WINDOWS\Downloaded Program Files\MediaAccX.dll
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\Downloaded Program Files\setup4002b.ini
Adware:Adware/P2PNetworking No disinfected C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll
Adware:Adware/IESearchBar No disinfected C:\WINDOWS\isrvs\desktop.exe
Adware:Adware/FIsearch No disinfected C:\WINDOWS\isrvs\edmond.exe
Adware:Adware/ISearch No disinfected C:\WINDOWS\isrvs\ffisearch.exe
Adware:Adware/ISearch No disinfected C:\WINDOWS\isrvs\isearch.xpi[isearch.jar][isearch.js]
Adware:Adware/IESearchBar No disinfected C:\WINDOWS\isrvs\mfiltis.dll
Adware:Adware/FIsearch No disinfected C:\WINDOWS\isrvs\msdbhk.dll
Adware:Adware/ISearch No disinfected C:\WINDOWS\isrvs\sysupd.dll
Spyware:Spyware/Dyfuca No disinfected C:\WINDOWS\nem220.dll
Adware:Adware/nCase No disinfected C:\WINDOWS\ohufabah.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\SYSTEM32\ap9h4qmo.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\SYSTEM32\bln02nqv.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\SYSTEM32\BundleLite_westfrontier1001.exe
Virus:Trj/Delprot.A Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\delprot.sys
Virus:Trj/Qhost.AF Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
Virus:Trj/Agent.PF Disinfected C:\WINDOWS\SYSTEM32\DrPMon.dll
Adware:Adware/DealHelper No disinfected C:\WINDOWS\SYSTEM32\dun.exe
Adware:Adware/DealHelper No disinfected C:\WINDOWS\SYSTEM32\Iilzlf.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\SYSTEM32\q17i9a4j.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\SYSTEM32\qh4mkbv9.dll
  • 0

Advertisements

#17
don77
Posted 22 April 2005 - 07:44 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
YIKES !!!!!!! You picked up a bunch more ! Please post a fresh log please
  • 0

#18
CestLaVie
Posted 23 April 2005 - 11:47 PM

CestLaVie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
Ok here you go Don

and there seems to be trouble after trouble i have another problem here when ever i go anywhere like switch to a different website or click on a link this message window pops up.

DAX error

'4/22/2005' is not a valid date.

And then i click ok or X and it would just disappear but anytime i click onto another link or a website it comes up again.





Well here you go the HJT LOG...

Logfile of HijackThis v1.99.1
Scan saved at 12:38:43, on 24/04/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Lxmgivd\Lmnvmtq.exe
C:\WINDOWS\wtiqhyvc.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\WINDOWS\isrvs\desktop.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\AIM\aim.exe
c:\windows\system32\xftcuql.exe
C:\program files\valve\steam\steam.exe
C:\Program Files\Vg\VirtuaGirl2.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Documents and Settings\Josh Nguyen\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.baldpussy...net/promout.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.baldpussy...net/promout.php
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\svhost.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll
O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINDOWS\system32\nsr7B.dll
O2 - BHO: (no name) - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - (no file)
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\system32\gah95on6.exe
O4 - HKLM\..\Run: [Yrotl] C:\Program Files\Lxmgivd\Lmnvmtq.exe
O4 - HKLM\..\Run: [System backup] C:\WINDOWS\system32\msxmidi.exe
O4 - HKLM\..\Run: [kh1Rc] C:\WINDOWS\wtiqhyvc.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [ap9h4qmo] C:\WINDOWS\system32\ap9h4qmo.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [kh$vùõš/‚²‘ÆßfÏNb‰C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\wtiqhyvc.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [sficcsj] c:\windows\system32\xftcuql.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [System backup] C:\WINDOWS\system32\msxmidi.exe
O4 - Startup: VirtuaGirl2.lnk = C:\Program Files\Vg\VirtuaGirl2.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.traffic2cash.biz
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c15.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1101159102015
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/z...s/heartbeat.cab
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE






and i dont know how to thank you so much for helping me to fix my computer.

God Bless
Josh
  • 0

#19
don77
Posted 24 April 2005 - 07:28 AM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Boy o boy Josh, you did find quite a few nasties !!!!

Might be a good idea to save these instructions to notepad somewhere where you can access them or print them out,

First -
Dowload the following program
CWShredder
It should be the current version, but check for updates
Run Program cwshredder and have it fix anything it finds.
Make sure you click the “Fix” button


Next -
Go to add/Remove programs, search for and remove if found,
Media Access
Power Scan
ISTsvc
Vg or VirtuaGirl2
ShopAtHomeSelect


Next -
First step:

Download the following program, They have a free verison you can download.

Ewido Security Suite
http://www.ewido.net/en/

Be sure to get the updates first before scanning. Close out the program

Next,
Download Pocket Killbox by O^E from http://www.atribune....ads/KillBox.exe.


Extract Killbox from the zip file then double-click on Killbox.exe to run it. Place the following lines (complete paths) in bold in the "Full Path of File to Delete" box in Killbox, and click the red button with the white X on it after each. Keep track of any files it tells you either could not be found or could not be deleted, as you'll need those later.

C:\WINDOWS\Nail.exe
C:\WINDOWS\system32\svhost.exe
C:\WINDOWS\isrvs\sysupd.dll
C:\WINDOWS\wtiqhyvc.exe
c:\windows\system32\xftcuql.exe

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again.

Step 2:

Open HijackThis, click the "Scan" button, and check the following files:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.baldpussy...net/promout.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.baldpussy...net/promout.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\svhost.exe
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll
O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINDOWS\system32\nsr7B.dll
O2 - BHO: (no name) - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - (no file)
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\system32\gah95on6.exe
O4 - HKLM\..\Run: [Yrotl] C:\Program Files\Lxmgivd\Lmnvmtq.exe
O4 - HKLM\..\Run: [System backup] C:\WINDOWS\system32\msxmidi.exe
O4 - HKLM\..\Run: [kh1Rc] C:\WINDOWS\wtiqhyvc.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [ap9h4qmo] C:\WINDOWS\system32\ap9h4qmo.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [kh$v ùõš/‚²‘Æ ßfÏNb‰C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\wtiqhyvc.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [sficcsj] c:\windows\system32\xftcuql.exe
O4 - HKCU\..\Run: [System backup] C:\WINDOWS\system32\msxmidi.exe
O4 - Startup: VirtuaGirl2.lnk = C:\Program Files\Vg\VirtuaGirl2.exe
O15 - Trusted Zone: *.traffic2cash.biz
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c15.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) –
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe



Close all windows except HijackThis and click the 'Fix Checked' button.

Next Reboot into SAFE MODE Make sure you can view all Hidden Files/Folders search for and delete the files highlighted in BOLD if found:

C:\WINDOWS\Bolger.dll
C:\WINDOWS\isrvs\sysupd.dll
C:\WINDOWS\system32\nsr7B.dll
C:\Program Files\Media Access\ <--Folder
C:\WINDOWS\system32\gah95on6.exe
C:\Program Files\Lxmgivd\ <--Folder
C:\WINDOWS\system32\msxmidi.exe
C:\WINDOWS\wtiqhyvc.exe
C:\WINDOWS\isrvs\ <--Folder
C:\WINDOWS\system32\ap9h4qmo.exe
C:\Program Files\ISTsvc\ <--Folder
C:\WINDOWS\wtiqhyvc.exe
c:\windows\system32\xftcuql.exe
C:\Program Files\Vg\ <--Folder

While still in safe mode please run Ewido Security Suite

Restart your computer

Post back a fresh log when done please,
  • 0

#20
CestLaVie
Posted 21 May 2005 - 11:59 AM

CestLaVie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
Sorry its been so long

hahahhah well here we go here's everything

Logfile of HijackThis v1.99.1
Scan saved at 00:54:16, on 22/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\stisvsq.exe
C:\WINDOWS\svshost.exe
C:\WINDOWS\msqdevl.exe
C:\WINDOWS\lssas.exe
C:\WINDOWS\mservice.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\program files\valve\steam\steam.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Documents and Settings\Josh Nguyen\Desktop\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Internet Connection Wizard] stisvsq.exe
O4 - HKLM\..\Run: [Games Acceleration] svshost.exe
O4 - HKLM\..\Run: [Internet Mail and News] msqdevl.exe
O4 - HKLM\..\Run: [Microsoft Management Console] lssas.exe
O4 - HKLM\..\Run: [Multimedia extensions] mservice.exe
O4 - HKLM\..\Run: [Microsoft Internet Acceleration Utility] iau.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Microsoft Internet Acceleration Utility] iau.exe
O4 - HKCU\..\Run: [Internet Connection Wizard] stisvsq.exe
O4 - HKCU\..\Run: [Games Acceleration] svshost.exe
O4 - HKCU\..\Run: [Internet Mail and News] msqdevl.exe
O4 - HKCU\..\Run: [Microsoft Management Console] lssas.exe
O4 - HKCU\..\Run: [Multimedia extensions] mservice.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: SUN Microsystems Connection manager Helper - {8FE97CB1-4F78-4DDC-94CA-54BC5AC3CE66} - C:\WINDOWS\system32\iegfxfrw.dll
O9 - Extra 'Tools' menuitem: SUN Microsystems Connection manager Helper - {8FE97CB1-4F78-4DDC-94CA-54BC5AC3CE66} - C:\WINDOWS\system32\iegfxfrw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: SUN Microsystems Connection manager Helper - {8FE97CB1-4F78-4DDC-94CA-54BC5AC3CE66} - C:\WINDOWS\system32\iegfxfrw.dll (HKCU)
O9 - Extra 'Tools' menuitem: SUN Microsystems Connection manager Helper - {8FE97CB1-4F78-4DDC-94CA-54BC5AC3CE66} - C:\WINDOWS\system32\iegfxfrw.dll (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1101159102015
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/z...s/heartbeat.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
  • 0

#21
don77
Posted 21 May 2005 - 12:18 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hi Josh
  • Please set your system to show
    all files; please see here if you're unsure how to do this.



  • Close all programs leaving only HijackThis running. Place a check mark next to the following, making sure you get them all and not any others by mistake:

    O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
    O4 - HKLM\..\Run: [Internet Connection Wizard] stisvsq.exe
    O4 - HKLM\..\Run: [Games Acceleration] svshost.exe
    O4 - HKLM\..\Run: [Internet Mail and News] msqdevl.exe
    O4 - HKLM\..\Run: [Microsoft Management Console] lssas.exe
    O4 - HKLM\..\Run: [Multimedia extensions] mservice.exe
    O4 - HKLM\..\Run: [Microsoft Internet Acceleration Utility] iau.exe
    O4 - HKCU\..\Run: [Microsoft Internet Acceleration Utility] iau.exe
    O4 - HKCU\..\Run: [Internet Connection Wizard] stisvsq.exe
    O4 - HKCU\..\Run: [Games Acceleration] svshost.exe
    O4 - HKCU\..\Run: [Internet Mail and News] msqdevl.exe
    O4 - HKCU\..\Run: [Microsoft Management Console] lssas.exe
    O4 - HKCU\..\Run: [Multimedia extensions] mservice.exe

    Click on Fix Checked when finished and exit HijackThis.

  • Reboot into Safe Mode: please see here if you are not sure how to do this.


    Using Windows Explorer, locate the following files/folders, and delete them:


    iau.exe
    stisvsq.exe
    svshost.exe
    msqdevl.exe
    lssas.exe
    mservice.exe
    Exit Explorer, and reboot as normal afterwards.


    Please run these two online scans. Make sure they are set to clean automatically:

    TrendMicro's HouseCall
    ActiveScan

    You should try to delete any files that these scanners are unable to clean. Make sure you check the 'Disinfect automatically' option in Active scan, and check the “Auto Clean” option in TrendMicro, Then let us know if its working better and what the scans found.

    Then scan again with HijackThis and post another log.
Post back a fresh HijackThis log and we will take another look.
  • 0

#22
CestLaVie
Posted 22 May 2005 - 11:58 AM

CestLaVie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
sorry but i need to know where to find these things below.
I don't know where to look :tazz:

" Using Windows Explorer, locate the following files/folders, and delete them:


iau.exe
stisvsq.exe
svshost.exe
msqdevl.exe
lssas.exe
mservice.exe
Exit Explorer, and reboot as normal afterwards. "


Please tell me where i should look thank you
  • 0

#23
don77
Posted 22 May 2005 - 01:33 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Grrr sorry about that
C:\WINDOWS\
They are all residing in there
  • 0

#24
CestLaVie
Posted 01 June 2005 - 04:11 PM

CestLaVie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
well can you recheck all of them cause I haven't done



Logfile of HijackThis v1.99.1
Scan saved at 17:07:45, on 01/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Program Files\Yahoo!\Messenger\YPAGER.EXE
C:\Documents and Settings\Josh Nguyen\Desktop\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: SUN Microsystems Connection manager Helper - {8FE97CB1-4F78-4DDC-94CA-54BC5AC3CE66} - C:\WINDOWS\system32\iegfxfrw.dll
O9 - Extra 'Tools' menuitem: SUN Microsystems Connection manager Helper - {8FE97CB1-4F78-4DDC-94CA-54BC5AC3CE66} - C:\WINDOWS\system32\iegfxfrw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: SUN Microsystems Connection manager Helper - {8FE97CB1-4F78-4DDC-94CA-54BC5AC3CE66} - C:\WINDOWS\system32\iegfxfrw.dll (HKCU)
O9 - Extra 'Tools' menuitem: SUN Microsystems Connection manager Helper - {8FE97CB1-4F78-4DDC-94CA-54BC5AC3CE66} - C:\WINDOWS\system32\iegfxfrw.dll (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1101159102015
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/z...s/heartbeat.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
  • 0

#25
don77
Posted 01 June 2005 - 07:58 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Go to Start->Run and type "Services.msc" (without quotes) then hit Ok
Scroll down and find the services called:

System Startup Service

or

SvcProc

When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok.

Open HiJackThis, click on "None of the above, just start the program". Now, click on the "Config" button (bottom right), then click on "Misc Tools", then click on "Delete an NT Service" a window will pop up. Enter the below item into that field (make sure there are NO spaces before or after the name):

SvcProc
Click OK.

It should pull up information about the service, then ask if you want to reboot. Click YES.

Post a new HiJackThis log after it reboots and let me know if you received any error messages.
  • 0

Advertisements

#26
CestLaVie
Posted 04 June 2005 - 11:57 PM

CestLaVie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
ok

no errors so far but my Dr. Watson Post Mortem message has returned and i had an error of starting my online game. And heres the Log

Logfile of HijackThis v1.99.1
Scan saved at 00:55:13, on 05/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\program files\valve\steam\steam.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Josh Nguyen\Desktop\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: SUN Microsystems Connection manager Helper - {8FE97CB1-4F78-4DDC-94CA-54BC5AC3CE66} - C:\WINDOWS\system32\iegfxfrw.dll
O9 - Extra 'Tools' menuitem: SUN Microsystems Connection manager Helper - {8FE97CB1-4F78-4DDC-94CA-54BC5AC3CE66} - C:\WINDOWS\system32\iegfxfrw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: SUN Microsystems Connection manager Helper - {8FE97CB1-4F78-4DDC-94CA-54BC5AC3CE66} - C:\WINDOWS\system32\iegfxfrw.dll (HKCU)
O9 - Extra 'Tools' menuitem: SUN Microsystems Connection manager Helper - {8FE97CB1-4F78-4DDC-94CA-54BC5AC3CE66} - C:\WINDOWS\system32\iegfxfrw.dll (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://file.nx.com/a...ic_new/nxpm.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1101159102015
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/z...s/heartbeat.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE



Thank you
  • 0

#27
CestLaVie
Posted 01 July 2005 - 12:44 AM

CestLaVie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
Hello ? Are you still operational
  • 0

#28
don77
Posted 01 July 2005 - 05:04 AM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Yes I am sorry,
The last log you posted is clean, However its been a while so its best to post a fesh one,
  • 0

#29
CestLaVie
Posted 01 July 2005 - 11:17 PM

CestLaVie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
Yeah sorry about the time But heres my fresh post


Logfile of HijackThis v1.99.1
Scan saved at 00:14:59, on 02/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\ed.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\igfxpers.exe
C:\program files\180searchassistant\sais.exe
C:\WINDOWS\system32\r4vvpdq4.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\program files\valve\steam\steam.exe
C:\Program Files\Dell Support\DSAgnt.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Yahoo!\Messenger\YPAGER.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Josh Nguyen\Desktop\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program files\180searchassistant\saishook.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Antivirus Installer] C:\ed.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [r4vvpdq4] C:\WINDOWS\system32\r4vvpdq4.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: SUN Microsystems Connection manager Helper - {8FE97CB1-4F78-4DDC-94CA-54BC5AC3CE66} - C:\WINDOWS\system32\iegfxfrw.dll
O9 - Extra 'Tools' menuitem: SUN Microsystems Connection manager Helper - {8FE97CB1-4F78-4DDC-94CA-54BC5AC3CE66} - C:\WINDOWS\system32\iegfxfrw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: SUN Microsystems Connection manager Helper - {8FE97CB1-4F78-4DDC-94CA-54BC5AC3CE66} - C:\WINDOWS\system32\iegfxfrw.dll (HKCU)
O9 - Extra 'Tools' menuitem: SUN Microsystems Connection manager Helper - {8FE97CB1-4F78-4DDC-94CA-54BC5AC3CE66} - C:\WINDOWS\system32\iegfxfrw.dll (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://file.nx.com/a...ic_new/nxpm.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1101159102015
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {ECA53AA3-FF93-464F-8789-C62C06DFA4F3} (ChundoLauncher Control) - http://www.1000do.co...ndoLauncher.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE




There you go and thanks so much
  • 0

#30
CestLaVie
Posted 04 July 2005 - 12:13 AM

CestLaVie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
oh after that i think i have just got two more big problems .............
problem 1.) whenever i get on to the internet and it happens sometimes and what it does is its really slow responding and then i x out of it and a message comes up about something wrong with my yahoo browser. and i guess thats why i haven't been ablt to listen to music on launch

problem 2.) ummm i have Steam ( It's like a thing that contains server for games i guess ) and i play Counter strike and Day of deafeat and ive been having slow response in loading and entering a server and just today it kicked me out and said something about send error report or don't send and i sent anyways like any thing. yeah......

thanks
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP