1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

DMVLite - HiJackThis log attached

Discussion in 'Malware and Virus Removal Archive' started by psipe27713, 2005/01/13.

Thread Status:
Not open for further replies.
  1. 2005/01/13
    psipe27713

    psipe27713 Inactive Thread Starter

    Joined:
    2005/01/13
    Messages:
    3
    Likes Received:
    0
    I'm in bad shape. Please help. It have dmvlite and euniverse, neither of which I can remove from computer. Now nothing works. I was able to create the hijack log (see below) which I had to upload from another computer. My spybot will not remove certain files (which change periodically) and my adware will identify the hundreds of problems but freezes when I try to quarantine or remove. My computer will basically do nothing at this point Here is the info from Hijack. I thank you beforehand for your generosity.



    Logfile of HijackThis v1.98.0
    Scan saved at 8:28:08 PM, on 1/12/2005
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
    C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
    C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\RTVSCN95.EXE
    C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\LTSMMSG.EXE
    C:\PROGRAM FILES\THINKPAD\EASY LAUNCH BUTTONS\TPHKMGR.EXE
    C:\WINDOWS\SYSTEM\PRPCUI.EXE
    C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
    C:\WINDOWS\SYSTEM\JCNAMO.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\VPTRAY.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\COMMON FILES\SEARCHUPGRADER\SEARCHUPGRADER.EXE
    C:\WINDOWS\SYSTEM\WSXSVC\WSXSVC.EXE
    C:\WINDOWS\SYSTEM\XGFYUY.EXE
    C:\PROGRAM FILES\AUTOUPDATE\AUTOUPDATE.EXE
    C:\WINDOWS\SYSTEM\LOGSVR32.EXE
    C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
    C:\WINDOWS\SYSTEM\WINUPDT.EXE
    C:\WINDOWS\SYSTEM\LICLS210.EXE
    C:\PROGRAM FILES\LINKSYS\CONFIGURE UTILITY\CONFIG.EXE
    C:\PROGRAM FILES\HANDSPRING\HOTSYNC.EXE
    C:\PROGRAM FILES\CXTPLS\CXTPLS.EXE
    C:\MY DOCUMENTS\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - C:\PROGRAM FILES\SURFSIDEKICK 2\SSKBHO.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\PROGRAM FILES\CXTPLS\CXTPLS.DLL
    O2 - BHO: (no name) - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - C:\WINDOWS\SYSTEM\MSNKMI.DLL
    O2 - BHO: CUrlCliObj Object - {94927A13-4AAA-476A-989D-392456427688} - C:\WINDOWS\SYSTEM\MSJFBL.DLL
    O2 - BHO: (no name) - {CC916B4B-BE44-4026-A19D-8C74BBD23361} - C:\WINDOWS\SYSTEM\MSFAOL.DLL
    O2 - BHO: (no name) - {0982868C-47F0-4EFB-A664-C7B0B1015808} - C:\WINDOWS\SYSTEM\MSKHHE.DLL
    O2 - BHO: (no name) - {25F7FA20-3FC3-11D7-B487-00D05990014C} - C:\WINDOWS\SYSTEM\MSEGGO.GIF
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [TrackPointSrv] daemon.exe
    O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
    O4 - HKLM\..\Run: [LLMODCL3] c:\windows\rundll.exe setupx.dll,InstallHinfSection DefaultInstall 128 C:\WINDOWS\INF\LLMODCL2.INF
    O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\THINKPAD\EASYLA~1\TPHKMGR.EXE
    O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [CSV10P70] \Progra~1\CSBB\CSV10P070.EXE
    O4 - HKLM\..\Run: [udhnhbfpbjigi] C:\WINDOWS\SYSTEM\jcnamo.exe
    O4 - HKLM\..\Run: [ccApp] "C:\PROGRAM FILES\COMMON FILES\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTRAY.EXE
    O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\SYSTEM\winupdtl.exe
    O4 - HKLM\..\Run: [SearchUpgrader] C:\PROGRAM FILES\Common files\SearchUpgrader\SearchUpgrader.exe
    O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe
    O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\SYSTEM\wsxsvc\wsxsvc.exe
    O4 - HKLM\..\Run: [SurfSideKick 2] C:\PROGRAM FILES\SURFSIDEKICK 2\Ssk.exe
    O4 - HKLM\..\Run: [version] C:\WINDOWS\SYSTEM\JBKRMW.exe
    O4 - HKLM\..\Run: [secure] C:\WINDOWS\SYSTEM\XGFYUY.exe
    O4 - HKLM\..\Run: [sain] c:\windows\system\sain.exe
    O4 - HKLM\..\Run: [qvupunqh] C:\WINDOWS\qvupunqh.exe
    O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [rF9O36Q] LOGSVR32.EXE
    O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\PROGRAM FILES\COMMON FILES\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [ccSetMgr] "C:\PROGRAM FILES\COMMON FILES\Symantec Shared\ccSetMgr.exe"
    O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\SYMANT~1\DEFWATCH.EXE
    O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\SYMANT~1\RTVSCN95.EXE
    O4 - HKCU\..\Run: [aoqERWcme] LICLS210.EXE
    O4 - HKCU\..\Run: [msmc] C:\WINDOWS\SYSTEM\msedpb.exe
    O4 - HKCU\..\Run: [SurfSideKick 2] C:\PROGRAM FILES\SURFSIDEKICK 2\Ssk.exe
    O4 - HKCU\..\RunServices: [aoqERWcme] LICLS210.EXE
    O4 - HKCU\..\RunServices: [msmc] C:\WINDOWS\SYSTEM\msedpb.exe
    O4 - HKCU\..\RunServices: [SurfSideKick 2] C:\PROGRAM FILES\SURFSIDEKICK 2\Ssk.exe
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: Configuration Utility.lnk = C:\Program Files\LINKSYS\Configure Utility\Config.exe
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
    O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.planetbluegrass.com/CFIDE/classes/CFJava.cab
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.bitstream.com/wfplayer/tdserver.cab
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200...taller.exe
    O16 - DPF: {5763F8E8-0DD7-4A0F-ADB0-9F64C8F2C349} (Pixami/Snapfish Upload UI Control) - http://www.snapfish.com/SnapfishUploader.cab
    O16 - DPF: {FB2961FD-DD24-4F8A-8A92-6F9325FF6F11} - http://www.supaseek.com/toolbar/toolbar.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0381bf93f41...xIE601.cab
    O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installer...taller.cab
    O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l...cfscan.cab
    O16 - DPF: {BAB3E70B-A847-4A88-ACFC-778FCCC00287} (CActSetupObj Object) - http://www.odysseusmarketing.com/actsetup.cab
    O18 - Filter: text/html - {CC905FF6-B553-496C-9DFA-CFF65ADCD0FC} - C:\WINDOWS\SYSTEM\MSHFAN.DLL
    O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:\WINDOWS\SYSTEM\AUHOOK.DLL
     
    psipe27713,
    #1
  2. 2005/01/15
    Lonny Jones

    Lonny Jones Inactive Alumni

    Joined:
    2002/12/16
    Messages:
    2,252
    Likes Received:
    0
    Hi psipe27713

    Set windows to show hidden extensions file's and folder's.
    >click here for instructions<.
    start in safe mode
    Click Start, click Run, type msconfig in the Open box, and then click OK.
    Click the advanced button then place a check next enable Starup Menu
    Hit OK, then apply, and then the PC will restart, at the selective startup menu choose safe mode. Once windows has started exit the help screen.
    when finished with instructions below, before you re-start back to normal uncheck that box

    find and delete (ONLY THESE EXACT) files and folder's (If present)
    C:\PROGRAM FILES\CXTPLS
    C:\WINDOWS\SYSTEM\winupdtl.exe
    C:\PROGRAM FILES\Common files\SearchUpgrader
    C:\PROGRA~1\VBOUNCER
    C:\PROGRAM FILES\SURFSIDEKICK 2
    C:\PrograM FILES\CSBB
    C:\WINDOWS\SYSTEM\wsxsv
    c:\windows\system\sain.exe
    c:\Program Files\AutoUpdate
    C:\WINDOWS\SYSTEM\MSNKMI.DLL
    C:\WINDOWS\SYSTEM\MSJFBL.DLL
    C:\WINDOWS\SYSTEM\MSKHHE.DLL
    C:\WINDOWS\SYSTEM\MSFAOL.DLL
    C:\WINDOWS\SYSTEM\MSEGGO.GIF
    C:\WINDOWS\SYSTEM\JBKRMW.exe
    C:\WINDOWS\SYSTEM\XGFYUY.exe
    C:\WINDOWS\SYSTEM\msedpb.exe
    C:\WINDOWS\SYSTEM\jcnamo.exe
    C:\WINDOWS\SYSTEM\XGFYUY.EXE
    C:\WINDOWS\qvupunqh.exe

    ==============================
    I am not sure of these files, check thre properties > as in rightclick > properties, write donw any info found there
    C:\WINDOWS\SYSTEM\LICLS210.EXE
    C:\WINDOWS\SYSTEM\LOGSVR32.EXE

    In the windows control panel > internet options > settings > view Objects rightclick on each and choose remove

    Now run Ad-Aware then SpyBot fix anything they find.


    Restart back to a normal windows session download the newer version of hijackthis and post a new log
    http://www.merijn.org/files/HijackThis.exe
     
    Lonny Jones,
    #2


  3. to hide this advert.

  4. 2005/01/16
    psipe27713

    psipe27713 Inactive Thread Starter

    Joined:
    2005/01/13
    Messages:
    3
    Likes Received:
    0
    Follow up per Mr. Jones

    First, thank you for taking on this project. If you ever have any tax questions (I'm a cpa) I hope you'll let me return the favor. here is the new log

    Logfile of HijackThis v1.99.0
    Scan saved at 12:57:41 PM, on 1/16/2005
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
    C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
    C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\RTVSCN95.EXE
    C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\LTSMMSG.EXE
    C:\PROGRAM FILES\THINKPAD\EASY LAUNCH BUTTONS\TPHKMGR.EXE
    C:\WINDOWS\SYSTEM\PRPCUI.EXE
    C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
    C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\VPTRAY.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\WSXSVC\WSXSVC.EXE
    C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
    C:\PROGRAM FILES\LINKSYS\CONFIGURE UTILITY\CONFIG.EXE
    C:\PROGRAM FILES\HANDSPRING\HOTSYNC.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\MY DOCUMENTS\HIJACKTHIS.EXE

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [TrackPointSrv] daemon.exe
    O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
    O4 - HKLM\..\Run: [LLMODCL3] c:\windows\rundll.exe setupx.dll,InstallHinfSection DefaultInstall 128 C:\WINDOWS\INF\LLMODCL2.INF
    O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\THINKPAD\EASYLA~1\TPHKMGR.EXE
    O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [CSV10P70] \Progra~1\CSBB\CSV10P070.EXE
    O4 - HKLM\..\Run: [udhnhbfpbjigi] C:\WINDOWS\SYSTEM\jcnamo.exe
    O4 - HKLM\..\Run: [ccApp] "C:\PROGRAM FILES\COMMON FILES\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTRAY.EXE
    O4 - HKLM\..\Run: [SearchUpgrader] C:\PROGRAM FILES\Common files\SearchUpgrader\SearchUpgrader.exe
    O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe
    O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\SYSTEM\wsxsvc\wsxsvc.exe
    O4 - HKLM\..\Run: [version] C:\WINDOWS\SYSTEM\JBKRMW.exe
    O4 - HKLM\..\Run: [secure] C:\WINDOWS\SYSTEM\XGFYUY.exe
    O4 - HKLM\..\Run: [sain] c:\windows\system\sain.exe
    O4 - HKLM\..\Run: [qvupunqh] C:\WINDOWS\qvupunqh.exe
    O4 - HKLM\..\Run: [rF9O36Q] LOGSVR32.EXE
    O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\PROGRAM FILES\COMMON FILES\Symantec Shared\ccEvtMgr.exe "
    O4 - HKLM\..\RunServices: [ccSetMgr] "C:\PROGRAM FILES\COMMON FILES\Symantec Shared\ccSetMgr.exe "
    O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\SYMANT~1\DEFWATCH.EXE
    O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\SYMANT~1\RTVSCN95.EXE
    O4 - HKCU\..\Run: [aoqERWcme] LICLS210.EXE
    O4 - HKCU\..\Run: [msmc] C:\WINDOWS\SYSTEM\msedpb.exe
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: Configuration Utility.lnk = C:\Program Files\LINKSYS\Configure Utility\Config.exe
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
    O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.planetbluegrass.com/CFIDE/classes/CFJava.cab
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.bitstream.com/wfplayer/tdserver.cab
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...ple.com/drakken/us/win/QuickTimeInstaller.exe
    O16 - DPF: {5763F8E8-0DD7-4A0F-ADB0-9F64C8F2C349} (Pixami/Snapfish Upload UI Control) - http://www.snapfish.com/SnapfishUploader.cab
    O16 - DPF: {FB2961FD-DD24-4F8A-8A92-6F9325FF6F11} - http://www.supaseek.com/toolbar/toolbar.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0381bf93f411edba3719/netzip/RdxIE601.cab
    O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
    O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4416/mcfscan.cab
    O16 - DPF: {BAB3E70B-A847-4A88-ACFC-778FCCC00287} (CActSetupObj Object) - http://www.odysseusmarketing.com/actsetup.cab
     
    psipe27713,
    #3
  5. 2005/01/16
    Lonny Jones

    Lonny Jones Inactive Alumni

    Joined:
    2002/12/16
    Messages:
    2,252
    Likes Received:
    0
    Hi

    Run hijackthis Hit "config" then "misc tools" > "open proccess manager'
    select and choose KILL Proccess

    C:\WINDOWS\SYSTEM\WSXSVC\WSXSVC.EXE

    Hit refresh and see if it came back ?, wheather or not it did move on to the next steps. delete C:\WINDOWS\SYSTEM\WSXSVC < folder
    Hit >back< then Scan and Place a check next to these, close all browers and programs that show in the taskbar including explorer folder's
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    R3 - Default URLSearchHook is missing
    O4 - HKLM\..\Run: [CSV10P70] \Progra~1\CSBB\CSV10P070.EXE
    O4 - HKLM\..\Run: [udhnhbfpbjigi] C:\WINDOWS\SYSTEM\jcnamo.exe
    O4 - HKLM\..\Run: [SearchUpgrader] C:\PROGRAM FILES\Common files\SearchUpgrader\SearchUpgrader.exe
    O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe
    O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\SYSTEM\wsxsvc\wsxsvc.exe
    O4 - HKLM\..\Run: [version] C:\WINDOWS\SYSTEM\JBKRMW.exe
    O4 - HKLM\..\Run: [secure] C:\WINDOWS\SYSTEM\XGFYUY.exe
    O4 - HKLM\..\Run: [sain] c:\windows\system\sain.exe
    O4 - HKLM\..\Run: [qvupunqh] C:\WINDOWS\qvupunqh.exe
    O4 - HKLM\..\Run: [rF9O36Q] LOGSVR32.EXE
    O4 - HKCU\..\Run: [aoqERWcme] LICLS210.EXE
    O4 - HKCU\..\Run: [msmc] C:\WINDOWS\SYSTEM\msedpb.exe
    O16 - DPF: {FB2961FD-DD24-4F8A-8A92-6F9325FF6F11} - =http://www.supaseek.com/toolbar/toolbar.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - =http://software-dl.real.com/0381bf9...ip/RdxIE601.cab
    O16 - DPF: {BAB3E70B-A847-4A88-ACFC-778FCCC00287} (CActSetupObj Object) - =http://www.odysseusmarketing.com/actsetup.cab
    ==============================================
    and hit fix checked, exit Hijackthis and restart your PC

    Go back through the list in my last post of files and folders to delete and make sure they are all gone
    Important Next Clear IE's cache via control panel internet options
    [delete files] button and mark the popup to also delete offline content
    Provided you have just restarted, delete the
    contents of all your temp folders, as in.
    C:\windows\temp folder and C:\temp if there

    Make us a list of the files and folders you were not able to delete please

    Install SpywareBlaster (By JavaCool): http://www.javacoolsoftware.com/spywareblaster.html

    Post a new hijackthis log and mention any and all the problems you have noticed.
     
    Lonny Jones,
    #4
  6. 2005/01/17
    psipe27713

    psipe27713 Inactive Thread Starter

    Joined:
    2005/01/13
    Messages:
    3
    Likes Received:
    0
    2nd reply to Mr. Jones

    I didn't have any problems and it appears all list items were removed and didn't come back. This is probably a seperate item so please ignore this question if not appropriate. I loaded the spywareblaster on this computer and my windows 98. This computer it works fine but the windows 98 says "cannot find important dll, may be missing corrupt or wrong version; file msvbvm60.dll. Didn't know if this might be a quick easy thing to fix. Anyway, here is the new hijack this log for this computer. Thanks again, Paul

    Logfile of HijackThis v1.99.0
    Scan saved at 9:36:15 AM, on 1/17/2005
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
    C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
    C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\RTVSCN95.EXE
    C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\LTSMMSG.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\THINKPAD\EASY LAUNCH BUTTONS\TPHKMGR.EXE
    C:\WINDOWS\SYSTEM\PRPCUI.EXE
    C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
    C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\VPTRAY.EXE
    C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\LINKSYS\CONFIGURE UTILITY\CONFIG.EXE
    C:\PROGRAM FILES\HANDSPRING\HOTSYNC.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\MY DOCUMENTS\HIJACKTHIS.EXE

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [TrackPointSrv] daemon.exe
    O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
    O4 - HKLM\..\Run: [LLMODCL3] c:\windows\rundll.exe setupx.dll,InstallHinfSection DefaultInstall 128 C:\WINDOWS\INF\LLMODCL2.INF
    O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\THINKPAD\EASYLA~1\TPHKMGR.EXE
    O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ccApp] "C:\PROGRAM FILES\COMMON FILES\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTRAY.EXE
    O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\PROGRAM FILES\COMMON FILES\Symantec Shared\ccEvtMgr.exe "
    O4 - HKLM\..\RunServices: [ccSetMgr] "C:\PROGRAM FILES\COMMON FILES\Symantec Shared\ccSetMgr.exe "
    O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\SYMANT~1\DEFWATCH.EXE
    O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\SYMANT~1\RTVSCN95.EXE
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: Configuration Utility.lnk = C:\Program Files\LINKSYS\Configure Utility\Config.exe
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
    O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.planetbluegrass.com/CFIDE/classes/CFJava.cab
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.bitstream.com/wfplayer/tdserver.cab
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...ple.com/drakken/us/win/QuickTimeInstaller.exe
    O16 - DPF: {5763F8E8-0DD7-4A0F-ADB0-9F64C8F2C349} (Pixami/Snapfish Upload UI Control) - http://www.snapfish.com/SnapfishUploader.cab
    O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
    O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4416/mcfscan.cab
     
    psipe27713,
    #5
  7. 2005/01/17
    Lonny Jones

    Lonny Jones Inactive Alumni

    Joined:
    2002/12/16
    Messages:
    2,252
    Likes Received:
    0
    Hello
    That Log looks fine


    Purge the old system restore points
    Right-click the My Computer icon on the Desktop and click Properties.
    Click the Performance tab.
    Click the File System button.
    Click the Troubleshooting tab.
    Select Disable System Restore.
    Click Apply > Close > Close.
    When prompted to restart, click Yes.
    Next go back and Re-enable System Restore
    by unchecking Disable System Restore
    ============================
    File named "msvbvm60.dll" is missing.
    check here > http://www.javacoolsoftware.com/downloadfaq.html
     
    Lonny Jones,
    #6
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...