[bugmenot]

I recently got hit by the PS guard virus. I took the steps listed on your site to remove it. The only thing I failed to do was an online scan of my computer, the download for the online viraus scan was going to take my PC hours to complete (I have bad web access, 24K top speed). Also, I have not installed Windows XP SP1 becasue it takes my PC around 8 hrs to download, and my internet access through school is limited to 6hrs/wk. Is there a way that I could download this on my nice t1 at work and then install it at home? Anyways, here is my HJT log, let me know if there is anything that needs to be cleaned from it. There is one entry left that I know has to go (R3), but there are others that are questionable. Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 9:03:58 PM, on 8/16/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Scott Ray Randall\Desktop\Virus Removal\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [sfpsv] C:\WINDOWS\system32\sfpsv.exe
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
O4 - HKLM\..\Run: [ymyHTnnC.exe] C:\documents and settings\scott ray randall\local settings\temp\ymyHTnnC.exe
O4 - HKLM\..\Run: [5Y6#ERB49YAMPM] C:\WINDOWS\System32\Tmot.exe
O4 - HKLM\..\Run: [AutoLoader40x21OYUZaPV] "C:\WINDOWS\System32\ntmusd.exe" /PC="AM.WILD" /HideUninstall
O4 - HKLM\..\Run: [47Ek34l] ntmusd.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe

[Advertisements]

We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here: http://www.microsoft...&DisplayLang=en
Apply the update, reboot, and post a fresh Hijack This log.

[tampabelle]

We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here: http://www.microsoft...&DisplayLang=en
Apply the update, reboot, and post a fresh Hijack This log.

[tampabelle]

Hi bugmenot,


I want you to tell me how many PCs you have ?????

[bugmenot]

I already downloaded the file from that site, and ran it on my computer. It then tells me that it needs to download updates. These updates will take over 8 hours to download on my crappy dial-up that runs at a top speed of 24K because of bad phone lines in the area. I get free access through school, and I have only 6 hrs of acess a week. So it is impossible for me to update to SP1 this way. Is there a way I can download all of the updates on another PC, like my nice PC at work with a t1 connection, and then put them on my PC at home?

[tampabelle]

Hi bugmenot,


I want you to tell me how many PCs you have ?????

[bugmenot]

I have several at work, and one at home. The one at home is where I am having an issue right now. It is more difficult to fix due to the fact that I cannot easily download things using my crappy dial-up access there.

[ScHwErV]

tampabelle will continue to help you since this is your home computer, but we are not here to fix work computers. That is part of our terms of service. Home computers only.

We will not be able to offer any assistance until you have updated to SP1.

ScHwErV

[bugmenot]

OK, I understand that this service is only for home PCs. My problem is with a home PC.

Could you please help me figure out how to load SP1? I know it is important to do it, but with my slow modem and limited access I just don't know how to.

Edited by bugmenot, 17 August 2005 - 01:38 PM.

[tampabelle]

You can download the file, burn it onto a CD, get it home and then update your home PC

[bugmenot]

There appears to be some confusion. The file to which you are linking is NOT windows XP SP1. Is is a installer program that installs SP1 on to your computer. The files for SP1 are still downloaded from the net by the installer program. I've taken the file to which you are linking home, and installed it. The program then proceeds to download the SP1 files from the windows server. The SP1 files are huge, and takes over 8 hours to download on my slow dial-up. I am limited to 6 hrs/wk of access, so it is impossible for me to use the program to which you are linking. Is there a way to download all the neccessary SP1 files so I can burn that to a CD and bring it home?

[ScHwErV]

Not if you download the network install version.

bugmenot,

you are not by chance using a log in from bugmenot.com?

ScHwErV

[bugmenot]

I am. Sorry, I'm an [bleep]. I was in a hurry to get this and didn't want to take the time to register.

I'll try downloading the network install version, hadn't tried that.

[ScHwErV]

After you do that, re-register and someone will help you. This account is banned.

ScHwErV