Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

can't open msconfig regedit or task manager

Started by amkar , Sep 02 2004 09:50 PM

  • Please log in to reply

#1
amkar
Posted 02 September 2004 - 09:50 PM

amkar

    Member

  • Member
  • PipPip
  • 14 posts
Hello can someone plz help me with this hijack log...

I am running xp and seem to have a virus.. or a parasite..
I have adaware have run it it comes us clean have a firewall as well also have run stinger but didn't fix the prob. i can't open msconfig regedit or task manager. they just flash and go away..

so here is the hijack this log...

Logfile of HijackThis v1.98.2
Scan saved at 11:51:56 PM, on 9/2/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\svvhost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\MXOALDR.EXE
C:\WINDOWS\System32\bznyiuk.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\expl0rer.exe
C:\WINDOWS\System32\iexpl0rer.exe
C:\WINDOWS\System32\vhqqzb.exe
C:\WINDOWS\System32\sysentry.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\USER\Application Data\tals.exe
C:\WINDOWS\System32\dkzfkvci.exe
C:\WINDOWS\System32\LVComS.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\IEPopupKiller\PopupKillerTray.exe
C:\WINDOWS\System32\storage.exe
C:\Documents and Settings\USER\Desktop\HijackThis1982.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cosc.brocku.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = sympatico.ca
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IEPopupKillerBHO.CIEPopupKillerBHO - {31801B7B-6A29-43A2-A54F-A8920FA70F9C} - C:\Program Files\IEPopupKiller\IEPopupKillerBHO.dll
O2 - BHO: (no name) - {39A56772-C015-7ACC-8574-10557BDA2112} - C:\WINDOWS\System32\fmiutu.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Windows Firewalll] svvhost.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [lknkpviwtx] C:\WINDOWS\System32\bznyiuk.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] expl0rer.exe
O4 - HKLM\..\Run: [Windows service] iexpl0rer.exe
O4 - HKLM\..\Run: [Windows Media Player] vhqqzb.exe
O4 - HKLM\..\Run: [System Uptime Server] sysentry.exe
O4 - HKLM\..\RunServices: [Windows Firewalll] svvhost.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] expl0rer.exe
O4 - HKLM\..\RunServices: [Windows service] iexpl0rer.exe
O4 - HKLM\..\RunServices: [Windows Media Player] vhqqzb.exe
O4 - HKLM\..\RunServices: [System Uptime Server] sysentry.exe
O4 - HKCU\..\Run: [Windows Firewalll] svvhost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Microsoft Update Machine] expl0rer.exe
O4 - HKCU\..\Run: [ltwvc12n] C:\WINDOWS\System32\ltwvc12n.exe
O4 - HKCU\..\Run: [Windows Media Player] vhqqzb.exe
O4 - HKCU\..\Run: [storage] C:\WINDOWS\System32\storage.exe
O4 - HKCU\..\Run: [Rpad] C:\Documents and Settings\USER\Application Data\tals.exe
O4 - HKCU\..\Run: [Kaaru] C:\WINDOWS\System32\dkzfkvci.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunServices: [Windows Media Player] vhqqzb.exe
O4 - Startup: sympatico.lnk = ?
O4 - Global Startup: bell.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} - http://streamp.baben...cabs/videox.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab28578.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28578.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zon...ry/ZAxRcMgr.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-downlo...tsInstaller.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab30149.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{750D3A65-E483-4AD5-8834-089101B5D44E}: Domain = sympatico.ca
O17 - HKLM\System\CCS\Services\Tcpip\..\{750D3A65-E483-4AD5-8834-089101B5D44E}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A3A367DB-69D1-4255-A5D5-79D83E72C05C}: NameServer = 206.47.244.102 206.47.244.89

hopefully someone can help .. thx
  • 0

Advertisements

#2
ditto
Posted 02 September 2004 - 11:04 PM

ditto

    - i pwn n00bs -

  • Member
  • PipPipPipPip
  • 1,260 posts
Please run a free online virus scan here:
http://housecall.antivirus.com/

And a free trojan scan here:
http://www.moosoft.com/


Afterwards please reply back with a new HJT log.

Thanks,
ditto
  • 0

#3
amkar
Posted 03 September 2004 - 11:26 AM

amkar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
:D ok this is weird.. i tried everything it just won't work
starting to panic an little.... <_<

ohhk. i had no luck with both of the scans..

i downloaded the cleaner and installed it but it just won't work i tired to run it many ways start run, quick launch, programs, but just won't load it flashes and goes away.

and i tried the trend micro scan and it won't load.

when the Active Update finished( which it doesn't cause it gives an error) it says

error # 7
failed to update.

and i try the scan and it says unable to load the virus scan engine

well here is a :D new HJT log


*************************************************
Logfile of HijackThis v1.98.2
Scan saved at 1:27:30 PM, on 9/3/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\svvhost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\MXOALDR.EXE
C:\WINDOWS\System32\bznyiuk.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\expl0rer.exe
C:\WINDOWS\System32\iexpl0rer.exe
C:\WINDOWS\System32\vhqqzb.exe
C:\WINDOWS\System32\sysentry.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\USER\Application Data\tals.exe
C:\WINDOWS\System32\dkzfkvci.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\LVComS.exe
C:\Program Files\IEPopupKiller\PopupKillerTray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\storage.exe
C:\Documents and Settings\USER\Desktop\HijackThis1982.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cosc.brocku.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = sympatico.ca
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IEPopupKillerBHO.CIEPopupKillerBHO - {31801B7B-6A29-43A2-A54F-A8920FA70F9C} - C:\Program Files\IEPopupKiller\IEPopupKillerBHO.dll
O2 - BHO: (no name) - {39A56772-C015-7ACC-8574-10557BDA2112} - C:\WINDOWS\System32\fmiutu.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Windows Firewalll] svvhost.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [lknkpviwtx] C:\WINDOWS\System32\bznyiuk.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] expl0rer.exe
O4 - HKLM\..\Run: [Windows service] iexpl0rer.exe
O4 - HKLM\..\Run: [Windows Media Player] vhqqzb.exe
O4 - HKLM\..\Run: [System Uptime Server] sysentry.exe
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\RunServices: [Windows Firewalll] svvhost.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] expl0rer.exe
O4 - HKLM\..\RunServices: [Windows service] iexpl0rer.exe
O4 - HKLM\..\RunServices: [Windows Media Player] vhqqzb.exe
O4 - HKLM\..\RunServices: [System Uptime Server] sysentry.exe
O4 - HKCU\..\Run: [Windows Firewalll] svvhost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Microsoft Update Machine] expl0rer.exe
O4 - HKCU\..\Run: [ltwvc12n] C:\WINDOWS\System32\ltwvc12n.exe
O4 - HKCU\..\Run: [Windows Media Player] vhqqzb.exe
O4 - HKCU\..\Run: [storage] C:\WINDOWS\System32\storage.exe
O4 - HKCU\..\Run: [Rpad] C:\Documents and Settings\USER\Application Data\tals.exe
O4 - HKCU\..\Run: [Kaaru] C:\WINDOWS\System32\dkzfkvci.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunServices: [Windows Media Player] vhqqzb.exe
O4 - Startup: sympatico.lnk = ?
O4 - Global Startup: bell.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} - http://streamp.baben...cabs/videox.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab28578.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28578.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zon...ry/ZAxRcMgr.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-downlo...tsInstaller.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab30149.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{750D3A65-E483-4AD5-8834-089101B5D44E}: Domain = sympatico.ca
O17 - HKLM\System\CCS\Services\Tcpip\..\{750D3A65-E483-4AD5-8834-089101B5D44E}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A3A367DB-69D1-4255-A5D5-79D83E72C05C}: NameServer = 206.47.244.102 206.47.244.89

***************************************************

thx.. any help would be nice..

aps
  • 0

#4
admin
Posted 03 September 2004 - 12:44 PM

admin

    Founder Geek

  • Community Leader
  • 24,639 posts
Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.
O2 - BHO: (no name) - {39A56772-C015-7ACC-8574-10557BDA2112} - C:\WINDOWS\System32\fmiutu.dll
O4 - HKLM\..\Run: [Windows Firewalll] svvhost.exe
O4 - HKLM\..\Run: [lknkpviwtx] C:\WINDOWS\System32\bznyiuk.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] expl0rer.exe
O4 - HKLM\..\Run: [Windows service] iexpl0rer.exe
O4 - HKLM\..\Run: [Windows Media Player] vhqqzb.exe
O4 - HKLM\..\Run: [System Uptime Server] sysentry.exe
O4 - HKLM\..\RunServices: [Windows Firewalll] svvhost.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] expl0rer.exe
O4 - HKLM\..\RunServices: [Windows service] iexpl0rer.exe
O4 - HKLM\..\RunServices: [Windows Media Player] vhqqzb.exe
O4 - HKLM\..\RunServices: [System Uptime Server] sysentry.exe
O4 - HKCU\..\Run: [Windows Firewalll] svvhost.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] expl0rer.exe
O4 - HKCU\..\Run: [ltwvc12n] C:\WINDOWS\System32\ltwvc12n.exe
O4 - HKCU\..\Run: [Windows Media Player] vhqqzb.exe
O4 - HKCU\..\Run: [storage] C:\WINDOWS\System32\storage.exe
O4 - HKCU\..\Run: [Rpad] C:\Documents and Settings\USER\Application Data\tals.exe
O4 - HKCU\..\Run: [Kaaru] C:\WINDOWS\System32\dkzfkvci.exe
O4 - HKCU\..\RunServices: [Windows Media Player] vhqqzb.exe
O4 - Startup: sympatico.lnk = ?
O4 - Global Startup: bell.lnk = ?
O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} - http://streamp.baben...cabs/videox.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-downlo...tsInstaller.cab

Reboot in safe mode (by tapping F8 at startup and select safe mode from the menu).
Be sure you're able to view hidden files, and remove the following files in bold (if found):
C:\WINDOWS\System32\fmiutu.dll
C:\WINDOWS\System32\svvhost.exe
C:\WINDOWS\System32\bznyiuk.exe
C:\WINDOWS\System32\expl0rer.exe
C:\WINDOWS\System32\iexpl0rer.exe
C:\WINDOWS\System32\vhqqzb.exe
C:\WINDOWS\System32\sysentry.exe
C:\WINDOWS\System32\svvhost.exe
C:\WINDOWS\System32\ltwvc12n.exe
C:\WINDOWS\System32\storage.exe
C:\Documents and Settings\USER\Application Data\tals.exe
C:\WINDOWS\System32\dkzfkvci.exe

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working. <_<
  • 0

#5
amkar
Posted 03 September 2004 - 01:42 PM

amkar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
WEll Thx for your help i followed all the instruction and did all that u asked..

found some files deleted them.. restarted..
still the prob. is not fixed can't get to msconfig task manager or regedit to open
here is a fresh log..

******************************************************

Logfile of HijackThis v1.98.2
Scan saved at 3:37:59 PM, on 9/3/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\iexpl0rer.exe
C:\WINDOWS\System32\vhqqzb.exe
C:\WINDOWS\System32\expl0rer.exe
C:\WINDOWS\System32\svvhost.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\LVComS.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\USER\Desktop\HijackThis1982.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cosc.brocku.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = sympatico.ca
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IEPopupKillerBHO.CIEPopupKillerBHO - {31801B7B-6A29-43A2-A54F-A8920FA70F9C} - C:\Program Files\IEPopupKiller\IEPopupKillerBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [Windows service] iexpl0rer.exe
O4 - HKLM\..\Run: [Windows Media Player] vhqqzb.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] expl0rer.exe
O4 - HKLM\..\Run: [Windows Firewalll] svvhost.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] expl0rer.exe
O4 - HKLM\..\RunServices: [Windows Media Player] vhqqzb.exe
O4 - HKLM\..\RunServices: [System Uptime Server] sysentry.exe
O4 - HKLM\..\RunServices: [Windows service] iexpl0rer.exe
O4 - HKLM\..\RunServices: [Windows Firewalll] svvhost.exe
O4 - HKCU\..\Run: [Windows Firewalll] svvhost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Microsoft Update Machine] expl0rer.exe
O4 - HKCU\..\Run: [Windows Media Player] vhqqzb.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunServices: [Windows Media Player] vhqqzb.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab28578.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28578.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zon...ry/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab30149.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{750D3A65-E483-4AD5-8834-089101B5D44E}: Domain = sympatico.ca
O17 - HKLM\System\CCS\Services\Tcpip\..\{750D3A65-E483-4AD5-8834-089101B5D44E}: NameServer = 192.168.2.1

*********************************************

hopefully i can get it working..
thx for ur help

aps
  • 0

#6
admin
Posted 03 September 2004 - 03:33 PM

admin

    Founder Geek

  • Community Leader
  • 24,639 posts
We're you able to boot in safe mode and were you enable viewing hidden files? Most all the files that were to be removed are still in your log. <_<
  • 0

#7
amkar
Posted 03 September 2004 - 04:21 PM

amkar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
yes I was able to go into safe mode.. and i did delete some of the files but couldn't find all the files.

i did goto tools folder options and selected the bullet for show all hidden files and folders.

i dont' know what else can be wrong..

should i try it again.. as in goto safe mode and delete the files again..

plz let me know

thx
aps
  • 0

#8
amkar
Posted 05 September 2004 - 10:33 AM

amkar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hello, Thanks for you help earlier.
I repeated everything that u said to do earlier for a second time just to be sure i did it correctly. Here is a fresh log and there are still the same files exisiting that i deleted in safe mode.
C:\WINDOWS\System32\iexpl0rer.exe
C:\WINDOWS\System32\vhqqzb.exe


O4 - HKLM\..\Run: [Windows service] iexpl0rer.exe
O4 - HKLM\..\Run: [Windows Media Player] vhqqzb.exe
O4 - HKLM\..\RunServices: [Windows service] iexpl0rer.exe
O4 - HKLM\..\RunServices: [Windows Media Player] vhqqzb.exe
O4 - HKCU\..\Run: [Windows Media Player] vhqqzb.exe

Any ideas as to how to get rid of these.. i know i dont' need them.. but still keep poping up from no where. Any help would be really nice.

Thanks
ApS

Logfile of HijackThis v1.98.2
Scan saved at 12:29:03 PM, on 9/5/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\iexpl0rer.exe
C:\WINDOWS\System32\vhqqzb.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\LVComS.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\USER\Desktop\HijackThis1982.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cosc.brocku.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = sympatico.ca
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IEPopupKillerBHO.CIEPopupKillerBHO - {31801B7B-6A29-43A2-A54F-A8920FA70F9C} - C:\Program Files\IEPopupKiller\IEPopupKillerBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [Windows service] iexpl0rer.exe
O4 - HKLM\..\Run: [Windows Media Player] vhqqzb.exe
O4 - HKLM\..\RunServices: [Windows service] iexpl0rer.exe
O4 - HKLM\..\RunServices: [Windows Media Player] vhqqzb.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Windows Media Player] vhqqzb.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunServices: [Windows Media Player] vhqqzb.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab28578.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28578.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zon...ry/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab30149.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{750D3A65-E483-4AD5-8834-089101B5D44E}: Domain = sympatico.ca
O17 - HKLM\System\CCS\Services\Tcpip\..\{750D3A65-E483-4AD5-8834-089101B5D44E}: NameServer = 192.168.2.1
  • 0

#9
admin
Posted 05 September 2004 - 11:16 AM

admin

    Founder Geek

  • Community Leader
  • 24,639 posts
When you performed a scan with Trend Housecall, did you tick the Auto Clean checkbox?

Please run a free online virus scan here (tick the "Auto Clean checkbox):
http://housecall.antivirus.com/

You also don't seem to have any antivirus software on your computer. We recommend the free version of AVG: http://free.grisoft....1/lng/us/tpl/v5
  • 0

#10
amkar
Posted 07 September 2004 - 12:48 PM

amkar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Thanks Admin...

I have tried both of the things.. but they dont' work
I downloaded the Anti virus program AVG but i can't install it.. it won't work...

when i run the executable it brings up the dialog box and i click setup and it unzips the files and the flashes and closes.. dont' know y it does that.

For the housecall anti virus chk it will not load i click on scan now it's free and
when the Active Update finished( which it doesn't cause it gives an error) it says

error # 7
failed to update.

and i try the scan (with auto clean chkbox) and it says unable to load the virus scan engine

so i am still stuck .. please help.. :D <_<


thx
aps
  • 0

Advertisements

#11
amkar
Posted 07 September 2004 - 09:50 PM

amkar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hello just to add..

I was able to run the cleaner from moosoft but i can only run it in stealth mode.. if i run it in normal mode it just flashes and goes away. that is i can't run it.

but when i run in stealth mode it runs fine and i can scan and it doesn't pick up anything it comes up clean. no virus or adware.

and i have been able to run stinger.. and it runs fine as well no viruses..

is there any other scans i can do please let me know..

housecall.trendmicro won't work and avg doen't work as well.

all help will be appericiated.

thanks.
aPs
  • 0

#12
admin
Posted 08 September 2004 - 12:15 AM

admin

    Founder Geek

  • Community Leader
  • 24,639 posts

is there any other scans i can do please let me know..

Here's a list: http://www.geekstogo...hp?showtopic=38

Let's try Panda Scan: http://www.pandasoft...ef=EN-PR-AS-107
  • 0

#13
amkar
Posted 08 September 2004 - 02:28 PM

amkar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hello thx for the links..

i downloaded avast anti virus and ran it.. it found viruses and they were fixed i also ran panda and the report is..as follows..


Incident Status Location

Virus:Trj/Downloader.RX Disinfected C:\aalifiger.exe
Virus:Trj/Small.AK Disinfected C:\dasla.exe
Virus:Trj/Downloader.GK No disinfected C:\Documents and Settings\USER\Local Settings\Temp\THI3730.tmp\twaintec.cab[polall1t.exe]
Virus:Trj/Small.AK Disinfected C:\faasla.exe
Virus:Trj/Small.AK Disinfected C:\fasoda.exe
Virus:Trj/Small.AK Disinfected C:\lfsad.exe
Virus:Trj/Small.AK Disinfected C:\lnsad.exe
Virus:Trj/Small.AK Disinfected C:\micropatch.exe
Virus:Trj/Small.AK Disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\09IVGPQV\tk[1].exe
Virus:Trj/Small.AK Disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\89EJC5YF\pro[1].exe
Virus:Trj/Small.AK Disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KD2BW5YJ\bar[1].exe
Virus:Trj/Small.AK Disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KD2BW5YJ\bar[2].exe
Virus:W32/Gaobot.AFB.worm Disinfected C:\WINDOWS\system32\expl0rer.exe
Virus:W32/Sdbot.gen.worm Disinfected C:\WINDOWS\system32\sysentry.exe
Virus:Trj/Small.AK Disinfected C:\WINDOWS\system32\winmaur.exe


but as soon as i restarted my pc.. the files came back..

i wanna permanetly get rid of these viruses..

iexpl0rer.exe
vhqqzb.exe...and others...

any ideas how to get rid of them.. now that i know wat's in my computer..
  • 0

#14
amkar
Posted 10 September 2004 - 07:46 AM

amkar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I was able to get my system running...

now i can access task manager msconfig and regedit..

but the prob is that when ever i start my pc.. it says that i am using system configaration.. and that i have some startup files disable.. and stuff..

it's in msconfig.. i think i will just download a startup program and hopefully i can fix dat..

thx for all the help..
  • 0

#15
admin
Posted 10 September 2004 - 08:19 AM

admin

    Founder Geek

  • Community Leader
  • 24,639 posts
Click Start -> Run, type msconfig, select Normal Startup.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP