Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

KredL

23 Posts

1691

August 9th, 2007 17:00

"smsc.exe has encountered a problem" - no internet or quicktime access

Hi, I started having problems when my quicktime wouldnt allow my ipod...and then i was receiving the "smsc.exe has encountered a problem and needs to close".  And then I cannot get online and still cannot-so am on different computer.  I was able to get the Hijack this and below is a list of my log:

PLEASE HELP!! thank you.

 

Logfile of Trend Micro HijackThis v2.0.2?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />

Scan saved at 9:26:23 PM, on 8/7/2007

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com

F2 - REG:system.ini: Shell=Explorer.exe,vxdsrv.exe -shell

O1 - Hosts: 127.117.170.26 www.symantec.com

O1 - Hosts: 127.221.0.143 securityresponse.symantec.com

O1 - Hosts: 127.60.77.104 symantec.com

O1 - Hosts: 127.62.139.8 www.mcafee.com

O1 - Hosts: 127.52.146.156 mcafee.com

O1 - Hosts: 127.195.76.174 us.mcafee.com

O1 - Hosts: 127.238.193.29 www.sophos.com

O1 - Hosts: 127.90.19.134 sophos.com

O1 - Hosts: 127.242.110.236 www.viruslist.com

O1 - Hosts: 127.248.13.60 viruslist.com

O1 - Hosts: 127.71.112.208 f-secure.com

O1 - Hosts: 127.230.121.16 www.f-secure.com

O1 - Hosts: 127.28.214.213 kaspersky.com

O1 - Hosts: 127.161.137.95 www.avp.com

O1 - Hosts: 127.98.137.67 www.kaspersky.com

O1 - Hosts: 127.108.8.68 avp.com

O1 - Hosts: 127.134.145.97 www.networkassociates.com

O1 - Hosts: 127.28.153.6 networkassociates.com

O1 - Hosts: 127.134.50.143 www.ca.com

O1 - Hosts: 127.207.157.66 ca.com

O1 - Hosts: 127.10.105.159 my-etrust.com

O1 - Hosts: 127.136.46.29 www.my-etrust.com

O1 - Hosts: 127.96.106.131 secure.nai.com

O1 - Hosts: 127.239.186.235 nai.com

O1 - Hosts: 127.91.48.152 www.nai.com

O1 - Hosts: 127.150.9.245 trendmicro.com

O1 - Hosts: 127.132.60.66 www.trendmicro.com

O1 - Hosts: 127.156.235.119 housecall.trendmicro.com

O1 - Hosts: 127.41.18.142 www.pandasoftware.com

O1 - Hosts: 127.142.182.237 www.bitdefender.com

O1 - Hosts: 127.38.37.27 www.ravantivirus.com

O1 - Hosts: 127.192.92.60 www3.ca.com

O1 - Hosts: 127.123.29.119 v4.windowsupdate.microsoft.com

O1 - Hosts: 127.164.202.101 windowsupdate.microsoft.com

O1 - Hosts: 127.20.198.171 www.windowsupdate.com

O1 - Hosts: 127.200.187.188 windowsupdate.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [FF966F56] C:\WINDOWS\System32\jjjtrtxmygasgs.exe

O4 - HKLM\..\Run: [00000000] C:\WINDOWS\System32\ozxfjydzjjrytd.exe

O4 - HKLM\..\Run: [Win32 USB2 Driver] smsc.exe

O4 - HKLM\..\Run: [WinService16] vxdsrv.exe -services

O4 - HKLM\..\Run: [System Update] C:\WINDOWS\System32\bdwcfybl.exe

O4 - HKLM\..\Run: [Microsoft Update] winsys32.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe

O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\zfnzv.exe

O4 - HKLM\..\Run: [restrictanonymous]

O4 - HKLM\..\Run: [Outlook Express] htctf.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\RunServices: [Win32 USB2 Driver] smsc.exe

O4 - HKLM\..\RunServices: [WinService16] vxdsrv.exe -services

O4 - HKLM\..\RunServices: [Microsoft Update] winsys32.exe

O4 - HKLM\..\RunServices: [EnableDCOM] N

O4 - HKLM\..\RunServices: [Outlook Express] htctf.exe

O4 - HKLM\..\RunOnce: [Win32 USB2 Driver] smsc.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Win32 USB2 Driver] smsc.exe

O4 - HKCU\..\Run: [WinService16] vxdsrv.exe -drivers

O4 - HKCU\..\Run: [Microsoft Update] winsys32.exe

O4 - HKCU\..\Run: [Outlook Express] htctf.exe

O4 - HKCU\..\RunServices: [Outlook Express] htctf.exe

O4 - HKCU\..\RunOnce: [Win32 USB2 Driver] smsc.exe

O4 - HKUS\S-1-5-18\..\Run: [Microsoft Update] wuamgrd.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [Win32 USB2 Driver] smsc.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [MSN Messenger] rmxictu.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [Win32 USB2 Driver] smsc.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunServices: [MSN Messenger] rmxictu.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Microsoft Update] wuamgrd.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [Win32 USB2 Driver] smsc.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunServices: [MSN Messenger] rmxictu.exe (User 'Default user')

O4 - Startup: CD-MENU.LNK = D:\MENU.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab

O21 - SSODL: FCBBAJFB - {18105192-4540-130B-52DA-6CCC540A7B83} - C:\WINDOWS\System32\Hjmbhqcq.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: xadz - Unknown owner - C:\WINDOWS\ehnjlj.exe

 

--

End of file - 7762 bytes

bamajim

10.4K Posts

August 10th, 2007 14:00

KredL

That's quite an infection you have there. It will take a run or two at this to completely remove it so please be patient.
 

1. Go HERE and download Deldomains.

  • 1. Save it to your desktop.
    2. Right-click DelDomains.inf and select: Install (no need to restart)
    3. You may not see any noticeable changes or prompts; this is normal.

2. Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.

  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

CastleCops Instructor

MRU Graduate


"The world is what you make of it"



Message Edited by bamajim on 08-10-2007 10:07 AM

KredL

23 Posts

August 12th, 2007 21:00

Bamajim,
Thank you so much for the quick response.  I've been trying to get online on my computer and it kicks me off a lot and also is very slow, so I apologize if my responses are delayed. 
 
I was able to get the Deldomain on my desktop, but when I try to download the SDFix, I get a pop-up from Internet Explorer saying:
"Internet Explorer cannot download SDFix.exe from downloads.andymanchesta.com.
"Internet Explorer was not able to open this Internet Site.  The requested site is either unavailable or cannot be found.  Please try again later."
 
 

bamajim

10.4K Posts

August 13th, 2007 00:00

KredL
 
If you have DelDomains on your desktop, go ahead and run the program, then try to download SDFix. If you are unable to then do this
 

Please download Combofix and save to your desktop:
  • Note: It is important that it is saved directly to your desktop
    Close any open browsers.
    Double click on combofix.exe and follow the prompts.
    When it's finished it will produce a log.
    Post the contents of the C:\ComboFix.txt into your next reply.
    Note: Do not mouseclick combofix's window whilst it's running.
    That may cause the program to freeze/hang.

CastleCops Instructor

MRU Graduate


"The world is what you make of it"

KredL

23 Posts

August 16th, 2007 03:00

Hi Bamajim, I was unable to open the Deldomains, but did select the 'open with internet explorer' and nothing happened.  So i have downloaded Combofix to my desktop and it is not prompting me to press 'F1' to continue and i have done so.  Nothing from here has happened.  However, my internet ironically was VERY responsive this time.  (my window for Combofix is still open since it has stated that i should not select the 'F2'...)

bamajim

10.4K Posts

August 16th, 2007 11:00

KredL
 
Combofix ask's for 1( to continue) or 2 (to quit), not F1 or F2.
 
If you have difficulty in getting Combofix to run in normal mode. Reboot into Safe Mode and run it.
 
CastleCops Instructor

MRU Graduate


"The world is what you make of it"

KredL

23 Posts

August 29th, 2007 16:00

Ok, so I have rebooted my computer in safe mode and have run Combofix.  I get the message that comes up saying that the time will change & i should not update this at all, etc.,etc.  It also says that it should only take 10 minutes, but may take longer.  I have let it run for a full 24 hrs & nothing else has happened.  So i have tried closing out of this and re-running and i get the same thing.
I also cannot not get onto the internet now.  Maybe this is because I am in safe mode?

KredL

23 Posts

August 29th, 2007 17:00

oh- and if i need to download more things to my computer - can i reboot out of safe mode so that i can try and get online that way?
(sorry about the stupid F1,F2 comment...i feel a bit computer iliterate with all this right now - and i work on autocad all day. its' amazing)

bamajim

10.4K Posts

August 29th, 2007 18:00

KredL
 
Let's reboot into Normal Windows Mode. Then rerun Hijackthis and Post a fresh Hijackthis log. We will have to do some of this manually
 
CastleCops Instructor

MRU Graduate


"The world is what you make of it"

KredL

23 Posts

August 30th, 2007 22:00

. . .just an FYI, while opening Hijack This and getting online, i am still getting the "smsc.exe has encountered a problem and needs to close" and "windows explorer has encountered a problem...."
 
Here's my logfile:
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:24, on 2007-08-30
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\System32\winsys32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\drwtsn32.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
F2 - REG:system.ini: Shell=Explorer.exe,vxdsrv.exe -shell
O1 - Hosts: 127.117.170.26 www.symantec.com
O1 - Hosts: 127.221.0.143 securityresponse.symantec.com
O1 - Hosts: 127.60.77.104 symantec.com
O1 - Hosts: 127.62.139.8 www.mcafee.com
O1 - Hosts: 127.52.146.156 mcafee.com
O1 - Hosts: 127.195.76.174 us.mcafee.com
O1 - Hosts: 127.238.193.29 www.sophos.com
O1 - Hosts: 127.90.19.134 sophos.com
O1 - Hosts: 127.242.110.236 www.viruslist.com
O1 - Hosts: 127.248.13.60 viruslist.com
O1 - Hosts: 127.71.112.208 f-secure.com
O1 - Hosts: 127.230.121.16 www.f-secure.com
O1 - Hosts: 127.28.214.213 kaspersky.com
O1 - Hosts: 127.161.137.95 www.avp.com
O1 - Hosts: 127.98.137.67 www.kaspersky.com
O1 - Hosts: 127.108.8.68 avp.com
O1 - Hosts: 127.134.145.97 www.networkassociates.com
O1 - Hosts: 127.28.153.6 networkassociates.com
O1 - Hosts: 127.134.50.143 www.ca.com
O1 - Hosts: 127.207.157.66 ca.com
O1 - Hosts: 127.10.105.159 my-etrust.com
O1 - Hosts: 127.136.46.29 www.my-etrust.com
O1 - Hosts: 127.96.106.131 secure.nai.com
O1 - Hosts: 127.239.186.235 nai.com
O1 - Hosts: 127.91.48.152 www.nai.com
O1 - Hosts: 127.150.9.245 trendmicro.com
O1 - Hosts: 127.132.60.66 www.trendmicro.com
O1 - Hosts: 127.156.235.119 housecall.trendmicro.com
O1 - Hosts: 127.41.18.142 www.pandasoftware.com
O1 - Hosts: 127.142.182.237 www.bitdefender.com
O1 - Hosts: 127.38.37.27 www.ravantivirus.com
O1 - Hosts: 127.192.92.60 www3.ca.com
O1 - Hosts: 127.123.29.119 v4.windowsupdate.microsoft.com
O1 - Hosts: 127.164.202.101 windowsupdate.microsoft.com
O1 - Hosts: 127.20.198.171 www.windowsupdate.com
O1 - Hosts: 127.200.187.188 windowsupdate.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [FF966F56] C:\WINDOWS\System32\jjjtrtxmygasgs.exe
O4 - HKLM\..\Run: [00000000] C:\WINDOWS\System32\ozxfjydzjjrytd.exe
O4 - HKLM\..\Run: [Win32 USB2 Driver] smsc.exe
O4 - HKLM\..\Run: [WinService16] vxdsrv.exe -services
O4 - HKLM\..\Run: [System Update] C:\WINDOWS\System32\bdwcfybl.exe
O4 - HKLM\..\Run: [Microsoft Update] winsys32.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\zfnzv.exe
O4 - HKLM\..\Run: [restrictanonymous]
O4 - HKLM\..\Run: [Outlook Express] htctf.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] smsc.exe
O4 - HKLM\..\RunServices: [WinService16] vxdsrv.exe -services
O4 - HKLM\..\RunServices: [Microsoft Update] winsys32.exe
O4 - HKLM\..\RunServices: [EnableDCOM] N
O4 - HKLM\..\RunServices: [Outlook Express] htctf.exe
O4 - HKLM\..\RunOnce: [Win32 USB2 Driver] smsc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Win32 USB2 Driver] smsc.exe
O4 - HKCU\..\Run: [WinService16] vxdsrv.exe -drivers
O4 - HKCU\..\Run: [Microsoft Update] winsys32.exe
O4 - HKCU\..\Run: [Outlook Express] htctf.exe
O4 - HKCU\..\RunServices: [Outlook Express] htctf.exe
O4 - HKCU\..\RunOnce: [Win32 USB2 Driver] smsc.exe
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Update] wuamgrd.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Win32 USB2 Driver] smsc.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MSN Messenger] rmxictu.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Win32 USB2 Driver] smsc.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunServices: [MSN Messenger] rmxictu.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Microsoft Update] wuamgrd.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Win32 USB2 Driver] smsc.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [MSN Messenger] rmxictu.exe (User 'Default user')
O4 - Startup: CD-MENU.LNK = D:\MENU.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O21 - SSODL: FCBBAJFB - {18105192-4540-130B-52DA-6CCC540A7B83} - C:\WINDOWS\System32\Hjmbhqcq.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: xadz - Unknown owner - C:\WINDOWS\ehnjlj.exe
--
End of file - 7506 bytes

bamajim

10.4K Posts

August 31st, 2007 13:00

KredL

I suspected it would be, but not for long.

You may want to print out these instructions for reference.

1. Please download HostsXpert 3.7 - Hosts File Manager
Please download HostsXpert 3.7 - Hosts File Manager
  • And Save it to your Desktop
    Rt Click Hoster.zip->>Extract all->>Extract it to your Desktop
    Open The Hoster folder->>Double Click Hoster.exe (It will look like a yeild sign with a stop light in the center)
    When the program Opens Click The " Restore Original Hosts" Button

    2. Please download the Killbox.
    • 1)Save it to the desktop
      2) Rt Click->>Extract all->.Extract it to your Desktop
      3) Double Click Killbox.exe to run it
      4)Select " Delete on Reboot", and then select "All files".
      5) Copy the file names below to the clipboard by highlighting them and pressing Control-C:

      • C:\WINDOWS\System32\jjjtrtxmygasgs.exe
        C:\WINDOWS\System32\ozxfjydzjjrytd.exe
        C:\WINDOWS\System32\bdwcfybl.exe
        C:\WINDOWS\System32\zfnzv.exe
        C:\WINDOWS\ehnjlj.exe
        C:\WINDOWS\System32\Hjmbhqcq.dll

      6) Return to Killbox, go to the File menu, and choose " Paste from Clipboard".
      7) Click the red-and-white " Delete File" button.  Click " Yes" at the Delete on Reboot prompt.  Click " No" at the Pending Operations prompt.

    3. Rerun Hiajckthis (scan only) and place checks beside the following entries
    • O4 - HKLM\..\Run: [FF966F56] C:\WINDOWS\System32\jjjtrtxmygasgs.exe
      O4 - HKLM\..\Run: [00000000] C:\WINDOWS\System32\ozxfjydzjjrytd.exe
      O4 - HKLM\..\Run: [Win32 USB2 Driver] smsc.exe
      O4 - HKLM\..\Run: [WinService16] vxdsrv.exe -services
      O4 - HKLM\..\Run: [System Update] C:\WINDOWS\System32\bdwcfybl.exe
      O4 - HKLM\..\Run: [Microsoft Update] winsys32.exe
      O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\zfnzv.exe
      O4 - HKLM\..\Run: [restrictanonymous]
      O4 - HKLM\..\Run: [Outlook Express] htctf.exe
      O4 - HKLM\..\RunServices: [Win32 USB2 Driver] smsc.exe
      O4 - HKLM\..\RunServices: [WinService16] vxdsrv.exe -services
      O4 - HKLM\..\RunServices: [Microsoft Update] winsys32.exe
      O4 - HKLM\..\RunServices: [EnableDCOM] N
      O4 - HKLM\..\RunServices: [Outlook Express] htctf.exe
      O4 - HKLM\..\RunOnce: [Win32 USB2 Driver] smsc.exe
      O4 - HKCU\..\Run: [Win32 USB2 Driver] smsc.exe
      O4 - HKCU\..\Run: [WinService16] vxdsrv.exe -drivers
      O4 - HKCU\..\Run: [Microsoft Update] winsys32.exe
      O4 - HKCU\..\Run: [Outlook Express] htctf.exe
      O4 - HKCU\..\RunServices: [Outlook Express] htctf.exe
      O4 - HKCU\..\RunOnce: [Win32 USB2 Driver] smsc.exe
      O4 - HKUS\S-1-5-18\..\Run: [Microsoft Update] wuamgrd.exe (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\Run: [Win32 USB2 Driver] smsc.exe (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\Run: [MSN Messenger] rmxictu.exe (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\RunOnce: [Win32 USB2 Driver] smsc.exe (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\RunServices: [MSN Messenger] rmxictu.exe (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [Microsoft Update] wuamgrd.exe (User 'Default user')
      O4 - HKUS\.DEFAULT\..\RunOnce: [Win32 USB2 Driver] smsc.exe (User 'Default user')
      O4 - HKUS\.DEFAULT\..\RunServices: [MSN Messenger] rmxictu.exe (User 'Default user')
      O21 - SSODL: FCBBAJFB - {18105192-4540-130B-52DA-6CCC540A7B83} - C:\WINDOWS\System32\Hjmbhqcq.dll
    Close all other oopen windows except Hiajckthis and Select " Fix checked"

    Close Hijackthis ->> Reboot your PC ->> Rerun Hiajckthis and post a fresh Hijackthis log


    CastleCops Instructor

    MRU Graduate


    "The world is what you make of it"

KredL

23 Posts

August 31st, 2007 18:00

Great, I will do this first thing tonight when I get home.  I am hoping that I can get online to save these things to my desktop...

KredL

23 Posts

September 4th, 2007 12:00

Well, I wasn't able to get on online on my laptop all weekend.  I tried rebooting, refreshing, and restarting.  I keep getting the smsc.exe & messenger things saying they have encountered a problem & need to close.  Is there any other way I could get these programs downloaded to my laptop w/o getting online?  I don't know what to do.  This is incredibly frustrating. 

bamajim

10.4K Posts

September 4th, 2007 14:00

KredL

What you can do is download the programs needed to a working PC. Then transfer the programs to a USB key (some people call it a memeroy stick) or a CD and then transfer them to the infected PC. Then run them as instructed.

If you are unable to do that then reply and we will try something else.

CastleCops Instructor

MRU Graduate

"The world is what you make of it"

KredL

23 Posts

September 5th, 2007 00:00

Ok, i am at an internet station and the link for HostsXpert 3.7 would not go thru...however I clicked on a link to get me to funkytoad.com.  Here they offer HostsXpert v4.0.  I have saved this to a USB, as well as the Killbox.  Do i need to have the 3.7?  I am hoping that the 4.0 is ok & I will try this.

KredL

23 Posts

September 5th, 2007 01:00

I extracted and ran both HostsXpert v4.0 & Killbox to my computer.  I followed the steps for both.  The only thing that was a bit different: It did not say Hoster.exe (which im assuming is because i downloaded 4.0).  It said HostsXpert>Hosts File Editor.  Then I selected "Restore MS Hosts File" which it then prompted with the "Restore Original Hosts".
Also - during the last step for the Killbox, it did not prompt anything after the "Delete on Reboot".  So my computer rebooted after this...which maybe was a problem?
I cannot run HijackThis now.  When i click on the icon (or even try opening directly from the C:drive) i get the hour glass, but then it stops and nothing opens.  So i am back, hoping i can re-download hijackThis in case something has happened to the program.  I will try this now and try to run again.

Was this post helpful?

View All

No Events found!

Top