Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HUGE computer problems - HJT log inside.


  • Please log in to reply

#1
Lanimilbus

Lanimilbus

    New Member

  • Member
  • Pip
  • 4 posts
I was looking for lyrics through google, and when I clicked on one of the lyrics sites listed, about 300 windows came up, even with my pop-up blocker, and then my computer crashed. When I restarted, all sorts of new programs were running that had not been beforehand. Internet Explorer now additionally had a new toolbar installed on it, and ads were coming up everywhere. I tried to uninstall these new programs, but when I tried to, a window came up telling me I needed to download more software from this company to uninstall it, which I was wary of doing for fear of even more spyware. My computer is now a huge mess, and if anyone could help me clean this garbage out, it would be appreciated beyond belief. Thanks in advance.

I ran Adaware Personal and deleted everything it found.
I ran SpyBot and deleted everything it found.
I ran Norton Anti-Virus, and it found 26 “at risk” files. Out of the 26, it was only able to delete 3. The files it could not delete are:

The file C:\WINDOWS\876029.exe is a Adware threat.

The file C:\WINDOWS\Temporary Internet Files\Content.IE5\YNSV230F\876029[1].exe is a Adware threat.

The file C:\WINDOWS\Temporary Internet Files\Content.IE5\P3331P8E\ad[1] is a Adware threat.

The file C:\WINDOWS\bundle_mediamotor1004.exe is a Adware threat.

The file C:\WINDOWS\Temporary Internet Files\Content.IE5\07WX7X4F\bundle_mediamotor1004[1].exe is a Adware threat.

The file C:\WINDOWS\TEMP\Del7193.TMP is a Adware threat.

The file C:\WINDOWS\TEMP\ICD1.tmp\mm81.ocx is a Adware threat.

The file C:\WINDOWS\Downloaded Program Files\mm81.ocx is a Adware threat.

The compressed file mm81.ocx within C:\WINDOWS\Temporary Internet Files\Content.IE5\1JRJHHSE\alien[1].cab is a Adware threat.

The file C:\WINDOWS\Temporary Internet Files\Content.IE5\SDIF45E3\stubinstaller6282[1].exe is a Adware threat.

The compressed file Webhdll.dll within C:\WINDOWS\Temporary Internet Files\Content.IE5\OZ5FUMZX\whCC-GIANT[1].exe is a Spyware threat.

The compressed file Webhdll.dll within C:\WINDOWS\whCC-GIANT.exe is a Spyware threat.

The file C:\WINDOWS\Temporary Internet Files\Content.IE5\OZ5FUMZX\whCC-GIANT[1].exe is a Spyware threat.

The compressed file whiehlpr.dll within C:\WINDOWS\Temporary Internet Files\Content.IE5\OZ5FUMZX\whCC-GIANT[1].exe is a Spyware threat.

The compressed file whiehlpr.dll within C:\WINDOWS\whCC-GIANT.exe is a Spyware threat.

The compressed file WhSurvey.exe within C:\WINDOWS\Temporary Internet Files\Content.IE5\OZ5FUMZX\whCC-GIANT[1].exe is a Spyware threat.

The compressed file WhSurvey.exe within C:\WINDOWS\whCC-GIANT.exe is a Spyware threat.

The file C:\WINDOWS\SYSTEM\WinNB57.dll is a Adware threat.

After running the previous three programs, I ran HijackThis. Here’s my log:

Logfile of HijackThis v1.99.1
Scan saved at 4:47:33 PM, on 9/18/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\PROMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE
C:\WINDOWS\SYSTEM\PCXQQRL.EXE
C:\WINDOWS\SYSTEM\CTFMON.EXE
C:\PROGRAM FILES\WEBSHOTS\WEBSHOTS.SCR
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\CFGWIZ32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\NMAIN.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE10\WINWORD.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\DESKTOP\S\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [OEMCleanup] C:\WINDOWS\OPTIONS\OEMRESET.EXE
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [pcxqqrl] c:\windows\system\pcxqqrl.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [MDM7] "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Startup: Microsoft Office.lnk = c:\WINDOWS\Installer\{90170409-6000-11D3-8CFE-0050048383C9}\misc.exe
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....738&clcid=0x409
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab

Edited by Lanimilbus, 18 September 2005 - 02:54 PM.

  • 0

Advertisements


#2
Lanimilbus

Lanimilbus

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I'm having to use someone else's computer for the time being, because mine is completely inaccesible...and I need to get back on it by tomorrow to research a paper, so if anyone could help with how to fix this, I'd truly appreciate it.
  • 0

#3
Lanimilbus

Lanimilbus

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
:tazz:

Please?
  • 0

#4
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,674 posts
First, I'd like you to uninstall ViewPoint manager under Add/Remove Software.

Reboot into safe mode and use the DiskCleanup Tool to empty all your Temp folders.

Still in safe mode run both Norton and AdAware to do a full system scan.

Post a new HijackThis log and report any bad files you were unable to remove this way.

Regards,
  • 0

#5
skate_punk_21

skate_punk_21

    Malware Removal Expert

  • Retired Staff
  • 1,049 posts
sorry i see metallica has taken care of you..

Edited by skate_punk_21, 19 September 2005 - 01:30 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP