Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

sbeetle

166 Posts

21730

January 31st, 2005 00:00

what micro world scan found help 39 items

here is what i think you wanted the list is long File c:\WINDOWS\system32\calsp.dll infected by "TrojanDownloader.Win32.\Agent br" virus action taken no action taken      File c:\WINDOWS\system32\aklsp.dll infected by "TrojanDownloader.win32Agent br" virus action taken no action taken   File C:\Windows\BTGrab.dll infected by "not a virus: Adware.BiSpy .t virus action taken no action taken   all of these from now on says at the end virus action taken no action taken so i am putting it down     File C:\Docume~1\Rita\APPLIC~1\eetu.exe infected by "not a virus:Adware.purityScan.v"     File C:\WINDOWS\SYSTEM32\PEOPLE

sbeetle

166 Posts

February 1st, 2005 00:00

FileC:Windows\system32\peopleonpage.exeinfected by Backdoor.Win32Agent.bg  CileC:Windows\system32\\BTGrab.dll infected by "not a virus:Adware.BiSpy.t  FileC:\Docume~1\Rita\APPLIC~1\eetu.exe infected by not a virus Adware.PurityScan.v   FileC:\windows\iconu.exe infected by not a virus:Adware.Zestyfind  FileC:\windows\woinstall.exe infected by not a virus:Adware.EZula.ak   FileC:\Windows\aklsp.dll infected by Trojandownloader.win32Agent.br  FileC:windows\betterinernet.exe infected by not a virus Adware/Betteromternet  FileC;\windows\system32\broadcastpc.exe infected by not a virus Adware.broadcap.a  FileC;\windows\system32\calsp.dll infected by Trojan-Downloader.Win32.Agent.br  FileC;\windows\system32\clickspring.exe infected by not a virus:AdwareMediaTickets.h  FileC:\windows\system32\dskfrf.dll infected by not a virus:Adware.Toolbar.Hot Search Bar.b  FileC:\windows\system32\ezsys.exe infected by not a virus:Adware.EZula.ad  FileC:\windows\system32\suncade-ICMEDOAX-install.exe infected by not a virus:Adware.BarginBuddy.q  FileC:\docume~1\rita\locals~1\temp\lfc.tmp infected by not a virus"backdoor.win32.bg"   FileC:\docume~1\rita\locals~1\temp46F.tmp infected by "backdoor win32Agemt bg.  FileC:\Docume~1\rita\locals~1\temp\68tmp infected by "backdoor.win32.Agent.bg  FileCL\Docume~1\rita\locals~1\temp9A.tmp infected by not a vius "backdoor.win32Agent bg   FileC:\docume~1\rita\locals~1\temp\bw2.exe "trojan dropper.win32.small    FileC:\docume~1\rita\locals~1\temp\cd.tmp infected by not a virus backdoor.win32.Agent.bg  FileC:\docume~1\rita\locals~1\temp\nsdtmp09.dll infected by not a virus:Adware.Metadirect  FileC:\docume~1\rita\locals~1\temp\th12059.tmp/BTGrab.dll infected by not a virus:Adware.BiSpy.t  File c:\docume~1\rita\locals~1\temp\TMP369.tmp infected by not a virusAdware.webspecials.a   FileC:\docume~1\rita\locals~1\temp\vmstmp\vmstmp.exe infected by not a virus:Adware.DelphinMediaViewer. maybe i got it all  please help

zbestwun2001

4 Apprentice

 • 

8.8K Posts

February 1st, 2005 00:00

Hi
Would it be possible for you to arrange that log so it's one entry per line?
That is very confusing to decipher.
If you could and repost that in this thread that would be a lot easier to work with.

Thanks
Steve

sbeetle

166 Posts

February 1st, 2005 22:00

here it is i rescanned and 6 news items added i think all say at the end virus:action taken no action taken so i am not putting it down unless it says different

FileC:\WINDOWS\system32\calsp.dll infected by "TrojanDownloader.Win32.Agent.br"virus.

FileC:\WINDOWS\system32\aklsp.dll infected by "Trojan-Downloader.Win32.Agent.br"virus:

FileC:\WINDOWS\BTGrab.dll infected by "not a virus:AdWare.BiSpy.t"virus.

FileC:\DOCUME`1\Rita\APPLIC-1\eetu.exe infected by "not a virus:AdWare.PurityScan.v"virus.

FileC:\windows\system32\idcgjeb.exe infected by Trojan.win32.Agent.ay"

FileC:\WINDOWS\\BTGrab.dll infected by "not a virus:AdWare.BiSpy.t"

FileC:\WINDOWS\farmmext.exe infected by "Trojandownloader.Win32.Studdy.c"

FileC:\PROGRA`1\COMMON~1\Java\bptre.exe infected by "not a virus:AdWare.Broadcap.a"

FileC:\windows\system32\idcgjeb.exe infected by "Trojan.Win32.Agent.ay"

FileC:\WINDOWS\wupdt.exe infected by "Trojan-Downloader.Win32.OneClickNetSearch.h"

FileC:\DOCUME`1\Rita\APPLIC`1\eetu.exe infected by "not a virus:AdWare.PurityScan.v"

FileC:\WINDOWS\iconu.exe infected by "not a virus:AdWare.Zestyfind"

FileC:\WINDOWS\woinstall.exe infected by "not a virus:AdWare.EZula.ak"

FileC:\WINDOWS\system32\aklsp.dll infected by "Trojan-downloader.Win32.Agent br"

FileC:\WINDOWS\system32\calsp.dll infected by "Trojan-Downloader.Win32.Agent.br"

FileC:\WINDOWS\system32\dsktrf.dll infected by "not a virus:AdWare.ToolBar.HotSearchBar.b"

FileC:\WINDOWS\system32\ezsys.exe infected by "not a virus:AdWare.EZula.ad"

FileC:\WINDOWS\syste,32\funcade_ICMEDIAX_install.exe infected by "not a virus:AdWare.BarginBuddy.q"

FileC:\WINDOWS\system32\lbczxs.exe infected by "Backdoor.Win32Agent.bq"

FileC:\WINDOWS\system32\randreco.exe infected by "not a virus:AdWare.BetterInternet"

FileC:\WINDOWS\system32\secure.exe infected by "not a virus:AdWare.DealHelper.v"

FilecC:\WINDOWS\system32\tff.dll infected by "not a virus AdWare.PurityScan.ak"

FileCWINDOWS\system32\unstaller.exe infected by not a virus:AdWare.DealHelper.u"

FileC:\WINDOWS\system32\vertone.exe infected by "Trojan-Downloader.Win32.Envolo.b"

FileC:\WINDOWS\system32\wzcnd.exe infected by "Trojan-Downloader.Win32.Agent.hc

FileC:\DOCUME~1\Rita\LOCALS~1\Temp\!update.exe infected by "not a virus:AdWare.PuriityScan.v"

FileC:\DOCUME`1\Rita\LOCALS~1\142.tmp infected by "Backdoor.Win32.Agent.bg"

FileC:\DOCUME~1\Rita\LOCALS~1\154.tmp infected by "Backdoor.Win32.Agent.bg"

FileC:\DOCUME~1\Rita\LOCALS~1\1FC.tmp infected by "Backdoor.Win32.Agent.bg"

FileC:\DOCUME~1\Rita\LOCALS~1\46F.tmp infected by "Backdoor.win32.Agent.bg"

FileC:\DOCUME~1\Rita\LOCALS~1\68.tmp infected by "Backdoor.Win32.Agent.bg"

FileC:\DOCUME~1\Rita\LOCALS~1\9A.tmp infected by "Backdoor.Win32.Agent.bg"

FileC:\DOCUME~1\Rita\LOCALS~1\bw2.exe infected by "Trojan-dropper.Win32.Small of"

FileC:\DOCUME~1\Rita\LOCALS~1\CD.tmp infected by "Backdoor.Win32.Agent.bg"

FileC:\DOCUME~1\Rita\LOCALS~1\DrTemp\mm_reco.exe infected by "not a virus :AdWare.BetterInternet"

FileC:/DOCUME~1\Rita\LOCALS~1\DrTemp\wupdsnff.exe infected by "not a virus:AdWare.BetterInternet'

FileC:\DOCUME~1\Rita\LOCALS~1\i6tmp infected by "not a virus:AdWare.SurfSide.a"

FileC:\DOCUME~1\Rita\LOCALS~1\nsdtmp09.dll infected by "not a virus:AdWare.MetaDirect.a"

FileC:\DOCUME~1\Rita\LOCALS~1\THI12059.tmp\BTGrab.dll infected by "not a virus:AdWare.BiSpy.t"

FileC:\DOCUME~1\Rita\LOCALS~1\TH127EC.tmp\farmmext.exe infected by "TrojanDownloader.Win32.Stubby.c"

FileC:\DOCUME~1\Rita\LOCALS~1\THl3292.tmp\wupdt.exe infected by "Trojan-Downloader.Win32.OneClickNetSearch.h"

FileC:\DOCUME~1\RITA\LOCALS~1\THl3555.tmp\wupdt.exe infected by "Trojan-Downloader.Win32.OneClickNet Search.h"

FileC:\DOCUME~1\Rita\LOCALS~1\THl595.tmp\farmmext.exe infected by "TrojanDownloader.Win32.Stubby.c"

FileC:\DOCUME~1\Rita\LOCALS~1\TMP369.tmp infected by not a virus:AdWare.WebSpecial.a"

FileC:\DOCUME~1\Rita\LOCALS~1\vmstmp\vmstmp.exe infected by "not a virus:AdWare.DelphinMediaViewer.c"

 

 

Message Edited by sbeetle on 02-01-2005 06:17 PM

Message Edited by sbeetle on 02-01-2005 06:29 PM

Midnight Star

4.8K Posts

February 2nd, 2005 23:00

sbeetle,

Here are the file(s) we'll need to delete...


Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:

files...

C:\WINDOWS\BTGrab.dll
C:\DOCUME`1\Rita\APPLIC-1\eetu.exe
C:\windows\system32\idcgjeb.exe
C:\WINDOWS\\BTGrab.dll
C:\WINDOWS\farmmext.exe
C:\WINDOWS\wupdt.exe
C:\DOCUME`1\Rita\APPLIC`1\eetu.exe
C:\WINDOWS\iconu.exe
C:\WINDOWS\woinstall.exe
C:\WINDOWS\system32\dsktrf.dll
C:\WINDOWS\system32\ezsys.exe
C:\WINDOWS\system32\lbczxs.exe
C:\WINDOWS\system32\randreco.exe
C:\WINDOWS\system32\secure.exe
C:\WINDOWS\system32\tff.dll
C:\WINDOWS\system32\vertone.exe
C:\WINDOWS\system32\wzcnd.exe
C:\DOCUME~1\Rita\LOCALS~1\Temp\!update.exe
C:\DOCUME~1\Rita\LOCALS~1\bw2.exe
C:\DOCUME~1\Rita\LOCALS~1\DrTemp\mm_reco.exe
C:\DOCUME~1\Rita\LOCALS~1\nsdtmp09.dll
C:\DOCUME~1\Rita\LOCALS~1\THI12059.tmp\BTGrab.dll
C:\DOCUME~1\Rita\LOCALS~1\TH127EC.tmp\farmmext.exe
C:\DOCUME~1\Rita\LOCALS~1\THl3292.tmp\wupdt.exe
C:\DOCUME~1\RITA\LOCALS~1\THl3555.tmp\wupdt.exe
C:\DOCUME~1\Rita\LOCALS~1\THl595.tmp\farmmext.exe
C:\DOCUME~1\Rita\LOCALS~1\vmstmp\vmstmp.exe

-

Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're ' in use', try deleting them from " Safe Mode".

Midnight Star

4.8K Posts

February 2nd, 2005 23:00

sbeetle,

Ok, so it's increasing? Let's see a new log and see if they're turning up where we can easily delete them.

Mike.

Midnight Star

4.8K Posts

February 3rd, 2005 16:00

sbeetle,
 
Your using dialup correct? So it's not starting up (connecting) when you double-click on the msn icon on your desktop?
 
Mike.
 

sbeetle

166 Posts

February 3rd, 2005 16:00

ok i  am having trouble geeting online now i reinstalled msn9 it would not do anything before i removed it and now it still wont i am getting online by going to start connect then msn1 could you please help me

sbeetle

166 Posts

February 3rd, 2005 18:00

yes i think it didnt download right or something all this started tuesday nit when i download microsoft beta spyware it found and deleted 30 items i went in and found some of what was on your list but i had already deleted some monday i only have msn icon not msn explorer icon now do i need to run hijackthis i keep getting pop up and the microsoft is stopping some of them what do i need to do

Midnight Star

4.8K Posts

February 3rd, 2005 19:00

sbeetle,
 
Ok, here's what we need to do...
 
1. Click "Start | Run...", then enter    sfc  /scannow
2. Post back a new HiJackThis log and let me see what you've got.
 
-
 
Mike.
 

Midnight Star

4.8K Posts

February 3rd, 2005 19:00

sbeetle,

Sorry about that. I was thinking that you already had HiJackThis from a previous thread. We'll be able to see what running with this...


  Download, then unzip to " C:\HJT", the newest version of HiJackThis; version 1.99.0. Now, let's do the following: 
   
  1.  Click " Scan
  2.  Click " Save log
   
  Notepad will pop-up with a copy of your system long, then: 
   
  1.  " Edit | Select all
  2.  " Edit | Copy
   
  Next, let's " Reply" back to this post, then: 
   
  1.  Right-click on the message body. 
  2.  Select " Paste
   
  Then just " Post" the message, and we'll analyze your log shortly, then post back any recommendation(s).
 

Mike.

 

sbeetle

166 Posts

February 3rd, 2005 19:00

ok but do i need to download a hijackthis program i have only run the micrworld scan or do i just type in what you said in the run window i think i have too many process running it was at 40 now its at 50
i am not sure what to do first

Midnight Star

4.8K Posts

February 3rd, 2005 23:00

sbeetle,

There's quite alot to do here, so just take everything one step at a time.

-

Let's get started...


Download, unzip to your desktop CWShredder and run it, then:
 
1.  Click " Check For Update"
 
    ( If an update isn't available, skip to step #4.)
 
2.  Click " Click here to Download the upate".
3.  When the new version has been downloaded, click " Save".
4.  Click " Fix ->"
 

Next, Open a command prompt by:
 
1.  Clicking " Start", then " Run...".
2.  Enter " cmd" ( without the quotes).
3.  Enter " services.msc" ( without the quotes).
 
-
 
Now, locate and ' stop' the following services, if present:
 
dhbpgyfxklem
 
Look carefully, since the name of the service (above) can be anywhere in the entry; also be careful not to 'stop' any required system services.
 

Run HiJackThis then:
 
1.  Click " Config..."
2.  Click " Misc Tools"
3.  Click " Open Process manager"
 
-
 
Next, while holding down the CTRL key, locate ( if present) and click on ( highlight) each of the following:
 
    C:\WINDOWS\system32\crmdocm\lhbkxs.exe
    C:\WINDOWS\system32\eikribdl\tetcyod.exe
    C:\WINDOWS\system32\wysbki\rowlev.exe
    C:\WINDOWS\system32\uswnohhe\kbotd.exe
    C:\WINDOWS\system32\rmhnsu\hcww.exe
    C:\DOCUME~1\Rita\LOCALS~1\Temp\27.exe\27.exe
    C:\WINDOWS\system32\ccvrhw\lriaewj.exe
    C:\windows\system32\idcgjeb.exe
    C:\Program Files\Bpt\bpt.exe
    C:\WINDOWS\kxeelgt.exe
    C:\Documents and Settings\Rita\Application Data\eetu.exe
 
Now double-check and make sure that only those item(s) above are highlighted, then click " Kill process". Now, click " Refresh", check again, and repeat this step if any remain.
 

Now, let's open a command prompt and unregister the dll(s) we're going to remove, by entering the following:
 
regsvr32  /u  BTGrab.dll
regsvr32  /u  utjkcphd.dll
 
It's ok, if these aren't found or 'error' out. If you want, just copy and paste the individual lines to the command prompt to save on the typing.


Before we begin, let's move HiJackThis to it's own folder; like c:\HJT. When we're done ' cleaning' off your system, we're going to ' flush' the temporary folders which, with HiJackThis in it's current location, we'll lose both the program and the backups it creates. These backups are important in case we need to restore any 'fixed' entry(s) later.
 
Also move the " Backups" folder, for HiJackThis, if present.
 

Run HiJackThis and click " Scan", then check(tick) the following, if present:
 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsearches.com/sidesearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.popupsearches.com/sidesearch.html
 
R3 - URLSearchHook: US Class - {1FFED2CB-FC98-49f8-B3D0-678D03350F1E} - C:\WINDOWS\mscore.dll (file missing)
 
O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINDOWS\BTGrab.dll
O2 - BHO: (no name) - {3584704F-719C-577C-0D49-C853AFB38860} - C:\WINDOWS\system32\mvlavskn\utjkcphd.dll
 
O4 - HKLM\..\Run: [pniqolo] C:\WINDOWS\system32\vekn\pniqolo.exe
O4 - HKLM\..\Run: [shelntxw] C:\WINDOWS\system32\pgtle\shelntxw.exe
O4 - HKLM\..\Run: [dhuqsi] C:\WINDOWS\system32\gksegt\dhuqsi.exe
O4 - HKLM\..\Run: [kame] C:\WINDOWS\system32\gtfyxyvv\kame.exe
O4 - HKLM\..\Run: [nyhvagl] C:\WINDOWS\system32\htqseeo\nyhvagl.exe
O4 - HKLM\..\Run: [qonedqkm] C:\WINDOWS\system32\cdfywgkx\qonedqkm.exe
O4 - HKLM\..\Run: [slpvldi] C:\WINDOWS\system32\epmx\slpvldi.exe
O4 - HKLM\..\Run: [wfnv] C:\WINDOWS\system32\nvudor\wfnv.exe
O4 - HKLM\..\Run: [hakmhsj] C:\WINDOWS\system32\lfwcaa\hakmhsj.exe
O4 - HKLM\..\Run: [hrvbq] C:\WINDOWS\system32\nfpewij\hrvbq.exe
O4 - HKLM\..\Run: [otia] C:\WINDOWS\system32\kusufyx\otia.exe
O4 - HKLM\..\Run: [kjdjk] C:\WINDOWS\system32\krwgpri\kjdjk.exe
O4 - HKLM\..\Run: [marpmxa] C:\WINDOWS\system32\tsthkdv\marpmxa.exe
O4 - HKLM\..\Run: [doixjx] C:\WINDOWS\system32\hpvc\doixjx.exe
O4 - HKLM\..\Run: [tbsbnuft] C:\WINDOWS\system32\ysrw\tbsbnuft.exe
O4 - HKLM\..\Run: [dhbpgyfx] C:\WINDOWS\system32\klem\dhbpgyfx.exe
O4 - HKLM\..\Run: [eckv] C:\WINDOWS\system32\dkciht\eckv.exe
O4 - HKLM\..\Run: [nasq] C:\WINDOWS\system32\iwxq\nasq.exe
O4 - HKLM\..\Run: [DI2] "C:\DOCUME~1\Rita\LOCALS~1\Temp\27.exe\27.exe"
O4 - HKLM\..\Run: [tetcyod] C:\WINDOWS\system32\eikribdl\tetcyod.exe
O4 - HKLM\..\Run: [rowlev] C:\WINDOWS\system32\wysbki\rowlev.exe
O4 - HKLM\..\Run: [lriaewj] C:\WINDOWS\system32\ccvrhw\lriaewj.exe
O4 - HKLM\..\Run: [lhbkxs] C:\WINDOWS\system32\crmdocm\lhbkxs.exe
O4 - HKLM\..\Run: [kbotd] C:\WINDOWS\system32\uswnohhe\kbotd.exe
O4 - HKLM\..\Run: [hcww] C:\WINDOWS\system32\rmhnsu\hcww.exe
O4 - HKLM\..\Run: [idcgjeb] c:\windows\system32\idcgjeb.exe
O4 - HKLM\..\Run: [BPT] "C:\Program Files\Bpt\bpt.exe"
O4 - HKLM\..\Run: [C:\WINDOWS\kxeelgt.exe] C:\WINDOWS\kxeelgt.exe
O4 - HKLM\..\Run: [Makarzy] C:\WINDOWS\nyei.exe
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Rita\Application Data\eetu.exe
 
O23 - Service: dhbpgyfxklem - Unknown - C:\WINDOWS\system32\klem\dhbpgyfx.exe
O23 - Service: lhbkxscrmdocm - Unknown - C:\WINDOWS\system32\crmdocm\lhbkxs.exe
O23 - Service: owdigoqluppnxw - Unknown - C:\WINDOWS\system32\qluppnxw\owdigo.exe
 

Now, with all windows closed except HiJackThis, click " Fix checked".
 

Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:
 
folders...
 
    C:\WINDOWS\system32\crmdocm
    C:\WINDOWS\system32\eikribdl
    C:\WINDOWS\system32\wysbki
    C:\WINDOWS\system32\uswnohhe
    C:\WINDOWS\system32\rmhnsu
    C:\WINDOWS\system32\ccvrhw
    C:\Program Files\Bpt
    C:\WINDOWS\system32\mvlavskn
    C:\WINDOWS\system32\vekn
    C:\WINDOWS\system32\pgtle
    C:\WINDOWS\system32\gksegt
    C:\WINDOWS\system32\gtfyxyvv
    C:\WINDOWS\system32\htqseeo
    C:\WINDOWS\system32\cdfywgkx
    C:\WINDOWS\system32\epmx
    C:\WINDOWS\system32\nvudor
    C:\WINDOWS\system32\lfwcaa
    C:\WINDOWS\system32\nfpewij
    C:\WINDOWS\system32\kusufyx
    C:\WINDOWS\system32\krwgpri
    C:\WINDOWS\system32\tsthkdv
    C:\WINDOWS\system32\hpvc
    C:\WINDOWS\system32\ysrw
    C:\WINDOWS\system32\klem
    C:\WINDOWS\system32\dkciht
    C:\WINDOWS\system32\iwxq
    C:\WINDOWS\system32\qluppnxw
 
files...
 
    C:\DOCUME~1\Rita\LOCALS~1\Temp\27.exe\27.exe
    C:\windows\system32\idcgjeb.exe
    C:\WINDOWS\kxeelgt.exe
    C:\Documents and Settings\Rita\Application Data\eetu.exe
    C:\WINDOWS\BTGrab.dll
    C:\WINDOWS\nyei.exe
 
-
 
Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're ' in use', try deleting them from " Safe Mode".
 

Post back a new log.
 
-
 
Mike.
 

Message Edited by Midnight Star on 02-03-2005 07:47 PM

sbeetle

166 Posts

February 3rd, 2005 23:00

Logfile of HijackThis v1.99.0
Scan saved at 8:29:20 PM, on 02/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\crmdocm\lhbkxs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\crmdocm\lhbkxs.exe
C:\WINDOWS\system32\eikribdl\tetcyod.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\wysbki\rowlev.exe
C:\WINDOWS\system32\uswnohhe\kbotd.exe
C:\WINDOWS\system32\rmhnsu\hcww.exe
C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\DOCUME~1\Rita\LOCALS~1\Temp\27.exe\27.exe
C:\WINDOWS\system32\ccvrhw\lriaewj.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\windows\system32\idcgjeb.exe
C:\Program Files\Bpt\bpt.exe
C:\WINDOWS\kxeelgt.exe
C:\Documents and Settings\Rita\Application Data\eetu.exe
C:\windows\system32\calc.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\Rita\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsearches.com/sidesearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.popupsearches.com/sidesearch.html
R3 - URLSearchHook: US Class - {1FFED2CB-FC98-49f8-B3D0-678D03350F1E} - C:\WINDOWS\mscore.dll (file missing)
O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINDOWS\BTGrab.dll
O2 - BHO: (no name) - {3584704F-719C-577C-0D49-C853AFB38860} - C:\WINDOWS\system32\mvlavskn\utjkcphd.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [pniqolo] C:\WINDOWS\system32\vekn\pniqolo.exe
O4 - HKLM\..\Run: [shelntxw] C:\WINDOWS\system32\pgtle\shelntxw.exe
O4 - HKLM\..\Run: [dhuqsi] C:\WINDOWS\system32\gksegt\dhuqsi.exe
O4 - HKLM\..\Run: [kame] C:\WINDOWS\system32\gtfyxyvv\kame.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [nyhvagl] C:\WINDOWS\system32\htqseeo\nyhvagl.exe
O4 - HKLM\..\Run: [qonedqkm] C:\WINDOWS\system32\cdfywgkx\qonedqkm.exe
O4 - HKLM\..\Run: [slpvldi] C:\WINDOWS\system32\epmx\slpvldi.exe
O4 - HKLM\..\Run: [wfnv] C:\WINDOWS\system32\nvudor\wfnv.exe
O4 - HKLM\..\Run: [hakmhsj] C:\WINDOWS\system32\lfwcaa\hakmhsj.exe
O4 - HKLM\..\Run: [hrvbq] C:\WINDOWS\system32\nfpewij\hrvbq.exe
O4 - HKLM\..\Run: [otia] C:\WINDOWS\system32\kusufyx\otia.exe
O4 - HKLM\..\Run: [kjdjk] C:\WINDOWS\system32\krwgpri\kjdjk.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [marpmxa] C:\WINDOWS\system32\tsthkdv\marpmxa.exe
O4 - HKLM\..\Run: [doixjx] C:\WINDOWS\system32\hpvc\doixjx.exe
O4 - HKLM\..\Run: [tbsbnuft] C:\WINDOWS\system32\ysrw\tbsbnuft.exe
O4 - HKLM\..\Run: [dhbpgyfx] C:\WINDOWS\system32\klem\dhbpgyfx.exe
O4 - HKLM\..\Run: [eckv] C:\WINDOWS\system32\dkciht\eckv.exe
O4 - HKLM\..\Run: [nasq] C:\WINDOWS\system32\iwxq\nasq.exe
O4 - HKLM\..\Run: [DI2] "C:\DOCUME~1\Rita\LOCALS~1\Temp\27.exe\27.exe"
O4 - HKLM\..\Run: [tetcyod] C:\WINDOWS\system32\eikribdl\tetcyod.exe
O4 - HKLM\..\Run: [rowlev] C:\WINDOWS\system32\wysbki\rowlev.exe
O4 - HKLM\..\Run: [lriaewj] C:\WINDOWS\system32\ccvrhw\lriaewj.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [lhbkxs] C:\WINDOWS\system32\crmdocm\lhbkxs.exe
O4 - HKLM\..\Run: [kbotd] C:\WINDOWS\system32\uswnohhe\kbotd.exe
O4 - HKLM\..\Run: [hcww] C:\WINDOWS\system32\rmhnsu\hcww.exe
O4 - HKLM\..\Run: [idcgjeb] c:\windows\system32\idcgjeb.exe
O4 - HKLM\..\Run: [BPT] "C:\Program Files\Bpt\bpt.exe"
O4 - HKLM\..\Run: [Breg] "C:\Program Files\Common Files\Java\bptre.exe"
O4 - HKLM\..\Run: [C:\WINDOWS\kxeelgt.exe] C:\WINDOWS\kxeelgt.exe
O4 - HKLM\..\Run: [Makarzy] C:\WINDOWS\nyei.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe /auto
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Rita\Application Data\eetu.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {CE185270-53A5-11D9-9669-0800200C9A66} - http://www.ouchvideo.com/mmviewer_ic2.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D34E7EF-5593-4057-82F9-C681009C2005}: NameServer = 205.171.3.65 205.171.2.65
O17 - HKLM\System\CS1\Services\Tcpip\..\{2D34E7EF-5593-4057-82F9-C681009C2005}: NameServer = 205.171.3.65 205.171.2.65
O21 - SSODL: Creative PlayCenter 2.0 - {52DE9C19-11E4-DCC4-5FC8-B8EA9F0BFD06} - C:\PROGRA~1\COMMON~1\Services.dll
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: dhbpgyfxklem - Unknown - C:\WINDOWS\system32\klem\dhbpgyfx.exe
O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lhbkxscrmdocm - Unknown - C:\WINDOWS\system32\crmdocm\lhbkxs.exe
O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: owdigoqluppnxw - Unknown - C:\WINDOWS\system32\qluppnxw\owdigo.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
 

sbeetle

166 Posts

February 4th, 2005 20:00

ok i am trying to work on this list i have got to open process manger i have found all but one on the list and then you say click refresh check to see if any remain i ahve done this 3 times did you mean kill process instead of refresh???they keep coming back all of them when i click refresh

Midnight Star

4.8K Posts

February 4th, 2005 21:00

sbeetle,
 
Yes, after you have them highlighted, click "Kill Process", then click "Refresh" and see if any come back, if they do, try fixing them again. Don't try it for more than 3 - 4 times before moving onto the next step, since we might be able to get them on the next pass.
 
Mike.
 

Was this post helpful?

View All

0 events found

No Events found!

Top