[marknice]

Help Please!

I have some how gotten a virus i can't seem to fix. I've tried everything and have come to my witts end... I am unable to open my computer, my documents, control panel, or my network places in XP. When I try, the screen freezes and then goes back with out opening the above places. I've tried Spybot, cwshredder, Adware, and my virus scanner to no avail.

Please Help!

Marknice

[Advertisements]

It sounds like you and I are in the same boat.
I've been here in limbo for five hours and i'm starting to get some help just now.

Just be very patient with them,and they will get to you.
But firtst you have to get a log from your computer.
Go up to the top of your page where it say's "start here"
and follow the steps.
It will save you and them a little bit of time.

[Terra]

It sounds like you and I are in the same boat.
I've been here in limbo for five hours and i'm starting to get some help just now.

Just be very patient with them,and they will get to you.
But firtst you have to get a log from your computer.
Go up to the top of your page where it say's "start here"
and follow the steps.
It will save you and them a little bit of time.

[marknice]

Thanks for the info Terra!! Very much appreciated.
What a nasty virus.
Have a wonderful day!

[Terra]

What does it say on your screen just before it freezes?

[marknice]

Not a thing. Just freezes up.

[Terra]

Have you made your hijack this log yet?

[MR0624]

Can't hurt to run 1 more virus scanner; AVG Personal. The free one (I think its a free trial). You might need to get the registry keys and look them up (google them or look them up in a spyware directory like www.spywareguide.com). You can also do a free whole system scan at www.pcpitstop.com (Thats only if it isn't a virus but its still a good idea even if it is). Hope you get this thing off your PC!

[marknice]

here's a log hrom hijack. Thanks again1

Logfile of HijackThis v1.99.1
Scan saved at 5:36:29 PM, on 3/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Lexmark X125\LEX125SU.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN\MSNCoreFiles\msn6.exe
C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\TCFLA96B\HijackThis[1].exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\swzvn.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\swzvn.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\swzvn.dll/sp.html#14044
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://abosearch.com/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://abosearch.com/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://yahoo.sbc.com/dsl
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O2 - BHO: (no name) - {64DB3205-CF7B-15DD-E402-9DCF486A44CC} - C:\WINDOWS\netln.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: SpySubtract.lnk.disabled
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk.disabled
O4 - Global Startup: Quicken Startup.lnk.disabled
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {66960E23-DE25-11CF-876F-444553540000} (RepViewCtrl Object) - http://www.usrealnet...et/rrprview.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://www.streaming...MINIBrowser.CAB
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://usrealnet.we...bex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB712984-BC1B-4B43-9030-08153923E42E}: NameServer = 206.13.28.12 206.13.29.12
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\d3qb.exe (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

[marknice]

Help Please!

I have some how gotten a virus i can't seem to fix. I've tried everything and have come to my witts end... I am unable to open my computer, my documents, control panel, or my network places in XP. When I try, the screen freezes and then goes back with out opening the above places. I've tried Spybot, cwshredder, Adware, and my virus scanner to no avail.

[jdm]

Help Please!

I have some how gotten a virus i can't seem to fix. I've tried everything and have come to my witts end... I am unable to open my computer, my documents, control panel, or my network places in XP. When I try, the screen freezes and then goes back with out opening the above places. I've tried Spybot, cwshredder, Adware, and my virus scanner to no avail.

Hi Mark,

Have you tried running AdAware, Spybot, etc. while in "safe mode"? If not, try it. When starting up, press the F8 key to boot into "safe mode." Once in "safe mode" run AdAware, Spybot and your virus scanner. Then reboot.

Sounds like you might have a problem that Spysweeper could fix. I like AdAware and Spybot, but Spysweeper is probably the best and most effective (finds important crud the other softwares will miss). It's saved my computer many times.

It's too bad your problem involves the screen freezing, as I would recommend downloading the trial of Spysweeper and running the software.

Keep us posted.

Kind Regards,

JDM