#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2004
    Posts
    1
    Rep Power
    0

    Question Please Help Me, I think i got a virus!


    I had many viruses on my computer, I am using windows xp. I tried to delete all. Can someone tell me what else i need to delete so my system can be cleared?

    System Hijack Scanner Entries:
    ---------------

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main, Start Page=http://www.google.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page=http://www.gateway.net
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main, Local Page=C:\WINNT\system32\blank.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_page_url=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_search_url=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main, search bar=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    O3 - ToolBar: (no name) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - ToolBar: (no name) - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll
    O3 - ToolBar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
    O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
    O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42" (file missing)
    O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
    O4 - HKLM\..\Run: [Ad-aware] C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe +c (file missing)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
    O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide (file missing)
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe (file missing)
    O4 - HKCU\..\Run: [spywatch] C:\Program Files\BulletProofSoft.com\SpywareRemover\SpyWatch.exe /STARTUP
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Start Up: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini
    O4 - User Start Up: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini
    O4 - Global Start Up: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
    O4 - Global Start Up: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    O4 - Global Start Up: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks 2002 Delivery Agent.lnk
    O4 - Global User Start Up: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
    O4 - Global User Start Up: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    O4 - Global User Start Up: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks 2002 Delivery Agent.lnk
    O5 - HKCU\control panel\don't load: ncpa.cpl = No
    O5 - HKCU\control panel\don't load: odbccp32.cpl = No
    O8 - Extra Context Menu Items: + Offline &Explorer: Download the link - file://C:\Program Files\Offline Explorer Pro\Add_UrlO.htm
    O8 - Extra Context Menu Items: + Offline E&xplorer: Download the current page - file://C:\Program Files\Offline Explorer Pro\Add_AllO.htm
    O8 - Extra Context Menu Items: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
    O11 - Options Group: [JAVA_SUN] Java (Sun)
    O14 - iereset.inf: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    O16 - DPF: Yahoo! Chat ((no name)) - http://us.chat1.yimg.com/us.yimg.co...t/c381/chat.cab
    O16 - DPF: Yahoo! Chess ((no name)) - http://download.games.yahoo.com/gam...nts/y/ct1_x.cab
    O16 - DPF: Yahoo! Dominoes ((no name)) - http://download.games.yahoo.com/gam...ts/y/dot4_x.cab
    O16 - DPF: Yahoo! Spades ((no name)) - http://download.games.yahoo.com/gam...nts/y/st2_x.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/...ector/swdir.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.co...v45/yacscom.cab
    O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} ((no name)) - http://sc.communities.msn.com/contr...t/msnchat42.cab
    O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.4.2_04) - http://java.sun.com/products/plugin...indows-i586.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} (Java Plug-in 1.4.2_04) - http://java.sun.com/products/plugin...indows-i586.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O17 - HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TCPIP\Parameters\Interfaces\{7D81E52B-124D-4863-ABA1-AA6457C5FFE9}, NameServer=66.19.192.200 216.126.128.40
    O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\System32\Mshtml.dll
    O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINNT\system32\urlmon.dll
    O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
    O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINNT\System32\msvidctl.dll
    O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\System32\itss.dll
    O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\System32\Mshtml.dll
    O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINNT\System32\msvidctl.dll
    O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll
    O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\System32\Mshtml.dll
    O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINNT\System32\inetcomm.dll
    O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll
    O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\System32\itss.dll
    O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
    O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
    O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\System32\Mshtml.dll
    O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINNT\System32\Mshtml.dll
    O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINNT\System32\msvidctl.dll
    O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\System32\Mshtml.dll
    O18 - Protocol: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\System32\msdxm.ocx
    O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINNT\System32\wiascr.dll


    Someone please help, thanks in advance!
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Aug 2003
    Posts
    2,491
    Rep Power
    20
    Hey player_jazz,

    Perform an oline virus scan at Trend Micro's Housecall. Remove all it finds.

    reboot

    Download, install and UPDATE Spybot Search and Destroy. Scan and fix all items maked in RED.

    reboot

    Download, install and UPDATE Adaware. Scan and fix all checked items.

    Reboot

    Run HijackThis, post the entire log (including the header information).

    Alll links are below.

    Tom
    HijackThis
    Ad-aware
    Spybot Search & Destroy
    SpywareBlaster
    SpywareGuard
    Housecall Online A/V Scan

    Please read the stickys at the top of the forum before posting!

IMN logo majestic logo threadwatch logo seochat tools logo