Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Please help roings and other problems

Started by Graham , Jul 21 2004 11:47 AM

  • Please log in to reply

#1
Graham
Posted 21 July 2004 - 11:47 AM

Graham

    New Member

  • Member
  • Pip
  • 7 posts
Hi,
Been having some computer problems lately and not being much of a computer person and it is slowly driving me crazy so I would sure appreciate some help. I have a few problems and I am not sure if they are related or not but let me try to explain.

#1 When I run Spybot it shows I have DSO Exploit. Now originally I had 5 entries but I followed some advice on one of these forums, went into the registry and deleted the "1004" entries that came up on the right side of the split registry screen when you clicked on the little blocks in spybot. But one of them didn't have 1004 entry so now when I do Spybot scan I have DSO Exploit but only 1 entry. I updated windows yesterday and got the impression that it may not be that big of deal as long as you are updated. Is that true or is this still a problem?

#2 The more serious problem is Roings(I am not exactly sure what these are.) but when I do adaware scans I get 10-15 that adaware removes. I reboot and they are all back again. Also every time I run adaware I get 4 cookies even when I have not been to any websites. Is this related to the Roings? This may have nothing to do with anything but I didn't have the Roings problem(at least it didn't show up on adaware) until yesterday when I tried to remove Paltalk a chat server I used to be a member of. It is kind of unusal I click to uninstall Paltalk in the "add remove programs" section and it asks if I want to do this says I will lose all Paltalk files etc. Then it says "Paltalk has been removed" BUT it stays in the Add Remove programs box. Which doesn't make any sense. (It says the file is very small 0.16 MB) so i wonder if it removed most of it but leaves a little to torment you. (That would be very fitting for that company.)

Sorry I have been so long winded and perhaps disjointed but I wouldn't doubt that what seems irrelevant to me might be very important to someone trying to fix this trouble. Anyways here is Hijack This logfile


Logfile of HijackThis v1.98.0
Scan saved at 11:44:03 AM, on 7/21/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\DIRECWAY\bin\dpcproxy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\bqcxu.exe
C:\WINDOWS\ajfvncvxt.exe
C:\WINDOWS\tciml.exe
C:\WINDOWS\zoglacywu.exe
C:\WINDOWS\yoxxttpe.exe
C:\WINDOWS\vrxt.exe
C:\WINDOWS\ovsp.exe
C:\Program Files\NoAds\NoAds.exe
C:\Program Files\DIRECWAY\BIN\dpcstart.exe
C:\PROGRA~1\DIRECWAY\bin\dpcnav.exe
C:\WINDOWS\cqvsm.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\HijackThis[1]\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:83
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [jtmyec] C:\WINDOWS\bqcxu.exe
O4 - HKLM\..\Run: [evelz] C:\WINDOWS\ajfvncvxt.exe
O4 - HKLM\..\Run: [htjsog] C:\WINDOWS\tciml.exe
O4 - HKLM\..\Run: [aepvb] C:\WINDOWS\zoglacywu.exe
O4 - HKLM\..\Run: [sxtwvrrxp] C:\WINDOWS\yoxxttpe.exe
O4 - HKLM\..\Run: [czzwqpp] C:\WINDOWS\vrxt.exe
O4 - HKLM\..\Run: [dcwld] C:\WINDOWS\ovsp.exe
O4 - HKLM\..\Run: [mebu] C:\WINDOWS\cqvsm.exe
O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe"
O4 - Startup: Dpcstart.lnk = C:\Program Files\DIRECWAY\BIN\dpcstart.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\ws2dummy.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarest...es2/Install.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5FA2AB2D-65F7-41C6-BC47-ED30D3C71FA3}: Domain = direcway.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{5FA2AB2D-65F7-41C6-BC47-ED30D3C71FA3}: NameServer = 66.82.4.8 198.77.116.8 66.82.4.8 198.77.116.8 66.82.4.8 198.77.116.8 66.82.4.8 198.77.116.8 66.82.4.8 198.77.116.8 66.82.4.8 198.77.116.8 66.82.4.8 198.77.116.8 66.82.4.8 198.77.116.8 66.82.4.8 198.77.116.8 66.82.4.8 198.77.116.8 66.82.4.8 198.77.116.8 66.82.



As I said earlier I would sincerely appreciate some help. I can't figure out what to do and I use this computer everyday with my work. Thankyou
  • 0

Advertisements

#2
Smokey
Posted 21 July 2004 - 12:39 PM

Smokey

    Member 1K

  • Retired Staff
  • 1,423 posts
Welcome to GTG Graham <_<

Next, You may wish to print out a copy of these instructions to follow while you complete this procedure.

Please move Hijack This to a permanent folder (i.e. C:\HJT). This ensures backups are saved and accessible.

First, Please Download LSPFix from http://www.cexx.org/lspfix.htm and Run the Program. Disconnect from the Internet and close all Internet Explorer Windows. Check the "I know what I'm doing" Button and remove all traces of ws2dummy.dll.

Reboot in safe mode (by tapping F8 at startup and select safe mode from the menu).
Be sure you're able to view hidden files, and remove the following files in bold:

C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\bqcxu.exe
C:\WINDOWS\ajfvncvxt.exe
C:\WINDOWS\tciml.exe
C:\WINDOWS\zoglacywu.exe
C:\WINDOWS\yoxxttpe.exe
C:\WINDOWS\vrxt.exe
C:\WINDOWS\ovsp.exe
C:\WINDOWS\cqvsm.exe

After that, please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [jtmyec] C:\WINDOWS\bqcxu.exe
O4 - HKLM\..\Run: [evelz] C:\WINDOWS\ajfvncvxt.exe
O4 - HKLM\..\Run: [htjsog] C:\WINDOWS\tciml.exe
O4 - HKLM\..\Run: [aepvb] C:\WINDOWS\zoglacywu.exe
O4 - HKLM\..\Run: [sxtwvrrxp] C:\WINDOWS\yoxxttpe.exe
O4 - HKLM\..\Run: [czzwqpp] C:\WINDOWS\vrxt.exe
O4 - HKLM\..\Run: [dcwld] C:\WINDOWS\ovsp.exe
O4 - HKLM\..\Run: [mebu] C:\WINDOWS\cqvsm.exe

If you don't want the Quicktime tray icon, fix this one too:
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log, and let us know how your system's working. :D
  • 0

#3
Graham
Posted 21 July 2004 - 05:24 PM

Graham

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi
Thganks for such a quick response. Ok i think i followed intructions to the letter and it appears that roings are gone. But I did create a problem I htink. After I rebooted I tried to go on the internet(I have a satellite connection with Direcway) When I did I got a cannot find server message on the top left and a This page cannot be displayed. So I can't get online(I am on second comp right now with dialup connection) Anyways I called satellite people and tech support walked me through the usual stuff (reinstall etc.) which did not work so more advanced tech guy supposed to call later. Was wondering if what I did (assuming I did everything right) would have done anything so direcway satellite woudln't let me online. The connection is good (signal strength etc.) So is it possible I just need to open something etc. to let me get online. Thanks again for help
  • 0

#4
Graham
Posted 21 July 2004 - 07:25 PM

Graham

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi again was looking at files deleted do you think it is possible tha that the file with the name dcwld C:\WINDOWS ovsp.exe that the dcwld stands for direcway? I have no idea anyways would appreciate some help thanks
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP