Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bitdefender, Activescan & Hjt Logs


  • Please log in to reply
24 replies to this topic

#1 AhhhLeah

AhhhLeah

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:31 AM

Posted 21 December 2005 - 04:34 PM

It seems as though the remaining bits of viruses are very deep rooted and I'm having trouble getting everything. I've run BitDefender, ActiveScan, Ccleaner, Spybot S&D, Ad-Aware, eTrust, Housecall & Panda. I'm ready for more punishment...lol. I'd really appreciate any help you can offer. Thanks.

BitDefender Online Scanner
Scan report generated at: Wed, Dec 21, 2005 - 01:51:46
Scan path: A:\;C:\;D:\;
Statistics
Time 01:25:53
Files 106970
Folders 2581
Boot Sectors 2
Archives 974
Packed Files 3184
Results
Identified Viruses 3
Infected Files 3
Suspect Files 0
Warnings 0
Disinfected 0
Deleted Files 3
Engines Info
Virus Definitions 247094
Engine build AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)
Scan plugins 13
Archive plugins 38
Unpack plugins 4
E-mail plugins 6
System plugins 1
Scan Settings
First Action Disinfect
Second Action Delete
Heuristics Yes
Enable Warnings Yes
Scanned Extensions *;
Exclude Extensions
Scan Emails Yes
Scan Archives Yes
Scan Packed Yes
Scan Files Yes
Scan Boot Yes
Scanned File
Status

ActiveScan Results:

C:\WINDOWS\SYSTEM\ventcc.exe=>(NSIS o)=>zlib_nsis0002
Detected with: Adware.BookedSpace.E

C:\WINDOWS\SYSTEM\ventcc.exe=>(NSIS o)=>zlib_nsis0002
Disinfection failed

C:\WINDOWS\SYSTEM\ventcc.exe=>(NSIS o)=>zlib_nsis0002
Deleted

C:\WINDOWS\SYSTEM\ventcc.exe=>(NSIS o)
Update failed

C:\WINDOWS\Downloaded Program Files\bbsetup.exe=>wise0038
Detected with: Adware.Bonzib.A

C:\WINDOWS\Downloaded Program Files\bbsetup.exe=>wise0038
Disinfection failed

C:\WINDOWS\Downloaded Program Files\bbsetup.exe=>wise0038
Deleted

C:\WINDOWS\Downloaded Program Files\bbsetup.exe
Update failed

C:\Install_AIM.exe=>wise0041=>wise0008
Detected with: Adware.Wheaterbug.A

C:\Install_AIM.exe=>wise0041=>wise0008
Disinfection failed

C:\Install_AIM.exe=>wise0041=>wise0008
Deleted

C:\Install_AIM.exe=>wise0041
Update failed




Incident Status Location

Adware:adware/maxifiles Not disinfected C:\PROGRAM FILES\COMMON FILES\services.exe
Adware:adware/exact.bargainbuddyNot disinfected C:\WINDOWS\SYSTEM\MQEXDLM.SRG
Adware:adware/ist.istbar Not disinfected C:\WINDOWS\SYSTEM\aupdate.exe
Spyware:spyware/marketscore Not disinfected C:\WINDOWS\SYSTEM\osconfig.dll
Adware:adware/portalscan Not disinfected C:\WINDOWS\SYSTEM\winupdt.bin
Adware:adware/addestroyer Not disinfected C:\WINDOWS\SYSTEM\PopOops2.dll
Adware:adware/dealhelper Not disinfected C:\WINDOWS\SYSTEM\HookPopup.dll
Adware:adware/p2pnetworking Not disinfected C:\WINDOWS\SYSTEM\P2P Networking v126.cpl
Adware:adware/mirar Not disinfected C:\WINDOWS\SYSTEM\WinNB57.dll
Spyware:spyware/betterinet Not disinfected C:\WINDOWS\INF\BIINI.INF
Adware:adware/twain-tech Not disinfected C:\WINDOWS\INF\MULTIMPP.INF
Adware:adware/ipinsight Not disinfected C:\WINDOWS\INF\CONSCORR.INF
Adware:adware/localnrd Not disinfected C:\WINDOWS\INF\LOCALNRD.INF
Adware:adware/gator Not disinfected C:\GatorPatch.log
Adware:adware/ncase Not disinfected C:\WINDOWS\msbb.exe.temp
Adware:adware/bookedspace Not disinfected C:\WINDOWS\cfgmgr52.ini
Adware:adware/wintools Not disinfected C:\PROGRAM FILES\COMMON FILES\BTLINK
Adware:adware/windowenhancer Not disinfected C:\WINDOWS\SYSTEM\SBUtils
Adware:adware/virtualbouncer Not disinfected C:\WINDOWS\ALL USERS\APPLICATION DATA\VBouncer
Adware:adware/elitebar Not disinfected C:\WINDOWS\etb
Spyware:spyware/cydoor Not disinfected C:\WINDOWS\cdmxtras
Adware:adware/tvmedia Not disinfected C:\WINDOWS\bundles
Adware:Adware/Exact.BargainBuddyNot disinfected C:\WINDOWS\SYSTEM\MQEXDLM.SRG
Virus:Trj/Downloader.GOQ Not disinfected C:\WINDOWS\SYSTEM\aupdate.exe
Spyware:Spyware/MarketScore Not disinfected C:\WINDOWS\SYSTEM\CSLOA.DL__
Spyware:Spyware/MarketScore Not disinfected C:\WINDOWS\SYSTEM\osconfig.dll
Spyware:Spyware/MarketScore Not disinfected C:\WINDOWS\SYSTEM\CSLOA.DLL
Adware:Adware/DealHelper Not disinfected C:\WINDOWS\SYSTEM\Aodump.exe
Adware:Adware/Exact.BargainBuddyNot disinfected C:\WINDOWS\SYSTEM\exdl.exe
Hacktool:HackTool/SRunner.B Not disinfected C:\WINDOWS\SYSTEM\instsrv.exe
Adware:Adware/AdDestroyer Not disinfected C:\WINDOWS\SYSTEM\PopOops2.dll
Adware:Adware/AdLogix Not disinfected C:\WINDOWS\SYSTEM\wzvswf.exe
Adware:Adware/AdLogix Not disinfected C:\WINDOWS\SYSTEM\wzvsw.dll
Adware:Adware/AdDestroyer Not disinfected C:\WINDOWS\SYSTEM\PopOops.dll
Adware:Adware/AdDestroyer Not disinfected C:\WINDOWS\SYSTEM\SWLAD2.dll
Adware:Adware/AdDestroyer Not disinfected C:\WINDOWS\SYSTEM\SWLAD1.dll
Adware:Adware/Exact.BargainBuddyNot disinfected C:\WINDOWS\SYSTEM\exdl0.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM\cbxxy.dll
Adware:Adware/Exact.SearchBar Not disinfected C:\WINDOWS\SYSTEM\exul.exe
Adware:Adware/Exact.SearchBar Not disinfected C:\WINDOWS\SYSTEM\javexulm.vxd
Adware:Adware/Exact.BargainBuddyNot disinfected C:\WINDOWS\SYSTEM\msbe.dll
Adware:Adware/404Search Not disinfected C:\WINDOWS\SYSTEM\exclean.exe
Adware:Adware/Exact.BargainBuddyNot disinfected C:\WINDOWS\SYSTEM\exdl1.exe
Adware:Adware/Exact.SearchBar Not disinfected C:\WINDOWS\SYSTEM\exul1.exe
Adware:Adware/DealHelper Not disinfected C:\WINDOWS\SYSTEM\dun.exe
Adware:Adware/DealHelper Not disinfected C:\WINDOWS\SYSTEM\HookPopup.dll
Adware:Adware/P2PNetworking Not disinfected C:\WINDOWS\SYSTEM\P2P Networking v126.cpl
Adware:Adware/Mirar Not disinfected C:\WINDOWS\SYSTEM\WinNB57.dll
Spyware:Spyware/BetterInet Not disinfected C:\WINDOWS\INF\BIINI.INF
Adware:Adware/MultiMPP Not disinfected C:\WINDOWS\INF\MULTIMPP.INF
Adware:Adware/IPInsight Not disinfected C:\WINDOWS\INF\CONSCORR.INF
Adware:Adware/LocalNRD Not disinfected C:\WINDOWS\INF\LOCALNRD.INF
Spyware:Spyware/BetterInet Not disinfected C:\WINDOWS\INF\SATMAT.INF
Adware:Adware/Transponder Not disinfected C:\WINDOWS\INF\POLALL1R.INF
Adware:Adware/Exact.BargainBuddyNot disinfected C:\WINDOWS\etb\xml\images\dating.bmp
Adware:Adware/Exact.BargainBuddyNot disinfected C:\WINDOWS\etb\xml\images\casino.bmp
Adware:Adware/Exact.BargainBuddyNot disinfected C:\WINDOWS\etb\xml\images\virus.bmp
Adware:Adware/Otx Not disinfected C:\WINDOWS\Downloaded Program Files\OTXMedia.dll
Adware:Adware/IPInsight Not disinfected C:\WINDOWS\SATMAT.INI
Adware:Adware/BookedSpace Not disinfected C:\WINDOWS\Dtpbgpfg.dll
Adware:Adware/BookedSpace Not disinfected C:\WINDOWS\meuwzfgk.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\InetGet\mc-110-12-0000121.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\Windows\services32.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\Windows\mc-110-12-0000121.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\services.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\system32.dll[cwebpage.dll]
Adware:Adware/AdDestroyer Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB363.TMP\AdDestroyer.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\DNS\cwebpage.dll
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Freeprod Toolbar\freeprod.dll
Spyware:Spyware/BetterInet Not disinfected C:\backup-20040401-005551-540.inf
Adware:Adware/Coupons Not disinfected C:\backup-20040527-195228-480.dll
Adware:Adware/Otx Not disinfected C:\backup-20040616-124621-347.dll
Adware:Adware/Otx Not disinfected C:\backup-20040718-215114-343.dll
Adware:Adware/Otx Not disinfected C:\backup-20040730-183115-451.dll
Adware:Adware/AdLogix Not disinfected C:\backup-20041129-140400-425.dll
Adware:Adware/MultiMPP Not disinfected C:\backup-20041129-164434-909.dll
Adware:Adware/Coupons Not disinfected C:\backup-20041215-093719-565.dll

Logfile of HijackThis v1.99.1
Scan saved at 4:10:52 PM, on 12/21/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\OFFICE51\SOINTGR.EXE
C:\PROGRAM FILES\YAHOO!\ANTIVIRUS\ISAFE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\PROGRAM FILES\EASY KEYBOARD\EASYKEY.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YBRWICON.EXE
C:\PROGRAM FILES\YAHOO!\ANTIVIRUS\VETMSG.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\YAHOO!\ANTIVIRUS\CAVTRAY.EXE
C:\PROGRAM FILES\YAHOO!\ANTIVIRUS\CAVRID.EXE
C:\PROGRAM FILES\YAHOO!\YOP\YOP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YCOMMON.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {022155A9-4A14-2581-2356-998073FD97A8} - C:\WINDOWS\Dtpbgpfg.dll
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {2296428D-C133-4928-B76A-A200FF409572} - (no file)
O2 - BHO: (no name) - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - (no file)
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - (no file)
O2 - BHO: (no name) - {35877F98-EE9F-4731-F311-E189617FD690} - (no file)
O2 - BHO: (no name) - {32E1051D-BBA1-9753-82FE-C06934FADECA} - (no file)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] systray.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [Easykey] C:\Program Files\Easy Keyboard\Easykey.exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\OFFICE51\SOINTGR.EXE
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [VetAlert] C:\PROGRA~1\YAHOO!\ANTIVI~1\VETMSG.EXE
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\YAHOO!\YOP\yop.exe /autostart
O4 - HKLM\..\RunServices: [SO5 Integrator Pass One] C:\OFFICE51\SOINTGR.EXE
O4 - HKLM\..\RunServices: [CAISafe] C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O4 - Startup: Logitech Desktop Messenger.lnk.disabled
O4 - Startup: eWare Startup.lnk.disabled
O4 - Startup: eWare Startup.lnk = C:\Program Files\eWare\iWareStart.exe
O4 - Startup: SBC Self Support Tool.lnk.disabled
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay111.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab

BC AdBot (Login to Remove)

 


#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 23 December 2005 - 09:28 PM

Get rid of the Yahoo antiVirus

Get the free AVG 7 install it, check for updates and run a full scan

AVG 7 - http://free.grisoft.com/freeweb.php/doc/2/


Get all of these and/or verify you have the current versions

SpywareBlaster 3.4 http://majorgeeks.com/download2859.html
SpyBot V1.4 http://www.majorgeeks.com/download2471.html
AdAware SE 1.06 http://www.majorgeeks.com/download506.html


DownLoad them (they are free), install them, check each for their
definition updates
and then run AdAware and Spybot, fixing anything
they say.

In SpywareBlaster - Always enable all protection after updates
In SpyBot - After an update run immunize

Boot post a new log
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#3 AhhhLeah

AhhhLeah
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:31 AM

Posted 27 December 2005 - 05:20 PM

Thank you for your help. I uninstalled Yahoo antivirus then downloaded each of the above programs. I then attempted to run Adaware but the program locked up so I decided to try to run Spybot S&D. That program also locked up. I rebooted and found I no longer had internet access. I called SBC and talked to their techies who said the TCIP adapters aren't working/connecting properly. The real funny thing is that somehow a PPPoE adapter showed back up when I never reinstalled it (it had been deleted in the past). He deleted it again but said at this point my only options are to go buy Norton (or something similar) and run it OR reinstall Windows. I'd like your thoughts on that before I do anything. I think it's extremely odd that I've been working so hard on eliminating the viruses and when I get almost done suddenly I have no internet connection because of the viruses? I don't know that I believe that. Bottom line is though, he was unable to help me re-establish my internet connection. I have a second computer on a wireless connection to the DSL service which is clearly working since I was able to send this email so I do know that the problem itself is within the computer. Any thoughts?

#4 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 27 December 2005 - 05:32 PM

Try running those programs in safe mode

You are very infected and nothing will surprise me
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#5 AhhhLeah

AhhhLeah
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:31 AM

Posted 27 December 2005 - 08:16 PM

I ran all of the recommended programs in safe mode although I didn't check the definition updates anything due to not having an internet connection. The newest version of Spybot wouldn't finish installing either so I ran 1.2 instead of 1.4. After finishing I rebooted thinking I now need to check my internet access. Once I rebooted, this is what came up in a red box: AVG Boot-up Scanner has dectected a virus: C:\BACKUP~5.DLL AdwareGeneric.ANR We recommend you restart your computer using an operating system from a virus free system diskette or CD-ROM then use the AVG Rescue Disk and remove the virus by healing. Please select one of the following options ®eboot and restart system from virus free diskette OR ©ontinue at your own risk

I'll leave this on my screen until I hear back from you.

#6 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 28 December 2005 - 12:17 PM

1.2 of SpyBot is ineffective, you must run 1.4 to have current definitions

Boot back to safe mode and Run AVG there



Fix these with HJT – mark them, close IE, click fix checked

R3 - URLSearchHook: (no name) - {022155A9-4A14-2581-2356-998073FD97A8} - C:\WINDOWS\Dtpbgpfg.dll

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

O2 - BHO: (no name) - {2296428D-C133-4928-B76A-A200FF409572} - (no file)

O2 - BHO: (no name) - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - (no file)

O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - (no file)

O2 - BHO: (no name) - {35877F98-EE9F-4731-F311-E189617FD690} - (no file)

O2 - BHO: (no name) - {32E1051D-BBA1-9753-82FE-C06934FADECA} - (no file)

O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)

O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)


DownLoad http://www.downloads.subratam.org/KillBox.zip

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\Dtpbgpfg.dll


Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system

Edited by MFDnSC, 28 December 2005 - 12:20 PM.

"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#7 AhhhLeah

AhhhLeah
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:31 AM

Posted 28 December 2005 - 02:46 PM

I tried again to run Spybot 1.4. It says there's a file missing. I still have no internet access to try to redownload it.

When I ran AVG the first time I was in safe mode. I left safe mode after I had run all the programs you told me to run. That's when I got the red box from AVG telling me there was a virus. I just reran AVG in safe mode and it found nothing.

Can I run HJT in safe mode?

#8 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 28 December 2005 - 03:25 PM

Yes
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#9 AhhhLeah

AhhhLeah
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:31 AM

Posted 28 December 2005 - 03:33 PM

HJT items deleted. Still no internet access. Unable to download Killbox. **Sigh** Now what?

BTW...thanks again for your continued help.

#10 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 28 December 2005 - 03:36 PM

You need to get this on the system

IE Fix - http://windowsxp.mvps.org/IEFIX.htm - Repair - http://www.theeldergeek.com/repair_ie6.htm

post the current HJT log
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#11 AhhhLeah

AhhhLeah
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:31 AM

Posted 28 December 2005 - 03:44 PM

Just a reminder that I have Windows 98. theeldergeek repair appears to be for XP.

So I can download the IE Fix program onto my other computer and transfer it by floppy?

#12 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 28 December 2005 - 04:13 PM

Sorry = yes

Also try this

DownLoad http://www.cexx.org/lspfix.htm

Launch the LSP application, and click the "I know what I'm doing" checkbox.

Move nothing just click Finish.
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#13 AhhhLeah

AhhhLeah
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:31 AM

Posted 28 December 2005 - 05:30 PM

Move nothing? As in? Put them on floppy but don't move them to my other computer?

#14 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 28 December 2005 - 05:41 PM

No that is an instruction when you run that app - it will list some files that can be moved, but you do not want to move any - you'll see
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#15 AhhhLeah

AhhhLeah
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:31 AM

Posted 28 December 2005 - 06:03 PM

I ran both and here's my new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 5:57:37 PM, on 12/28/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\AntiVirus AntiSpyware\SpybotS&D\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] systray.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [Easykey] C:\Program Files\Easy Keyboard\Easykey.exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\OFFICE51\SOINTGR.EXE
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [SO5 Integrator Pass One] C:\OFFICE51\SOINTGR.EXE
O4 - HKLM\..\RunServices: [CAISafe] C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O4 - Startup: Logitech Desktop Messenger.lnk.disabled
O4 - Startup: eWare Startup.lnk.disabled
O4 - Startup: eWare Startup.lnk = C:\Program Files\eWare\iWareStart.exe
O4 - Startup: SBC Self Support Tool.lnk.disabled
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay111.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users