Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spywarestrike


  • Please log in to reply
29 replies to this topic

#1 hvacer

hvacer

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 28 January 2006 - 07:01 PM

Hi, My names Brian, from Pittsburgh. first, thank you to anyone who takes the time to read this and help, I need it badly and I appreciate it. I'm happy to return the favor with any heating airconditioning problems at hvac-talk.com, im always there and always willing to help.

I picked up the spywarestrike virus and ran the smitremove program in accordance with the instructions here. the program gradually crawls back in after restart. I use trendmicro and just picked up bitdefender, umm heres the hijackthis log you can take it from here.


Logfile of HijackThis v1.99.1
Scan saved at 6:50:33 PM, on 1/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\PD6000SM.EXE
C:\SMC\SMC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccmain.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\SanDisk\low power 128MB + Wi-Fi CompactFlash Card\WLANUTL.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\dlbxcoms.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/explore.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://cgi.verizon.net/bookmarks/bmredir.a...=4.0&bm=ho_home
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qsrch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: (no name) - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - (no file)
O4 - HKLM\..\Run: [PD6000StatusMonitor] C:\WINDOWS\System32\PD6000SM.EXE
O4 - HKLM\..\Run: [SMC] C:\SMC\SMC.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DLBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlbxmon.exe] "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\home\LOCALS~1\Temp\2006128182017_mcinfo.exe /insfin
O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\home\LOCALS~1\Temp\2006128182039_mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [SpywareStrike] C:\Program Files\SpywareStrike\SpywareStrike.exe /h
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: SanDisk Wi-Fi.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\ControlPad\Misc\a_menu.exe (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://cgi.verizon.net/bookmarks/bmredir.asp?region=east&bw=dsl&cd=4.0&bm=ho_home
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1122246359431
O18 - Protocol: x-excid - {9D6CC632-1337-4A33-9214-2DA092E776F4} - c:\WINDOWS\Downloaded Program Files\mimectl.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,536 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:31 AM

Posted 28 January 2006 - 10:43 PM

I need to get an export of the files being started via the SharedTaskScheduler registry key.

Please download the following file and save it to your desktop:

getsts.exe

Once it has downloaded, please double-click on the file, which should now be on your desktop. When the program is finished, it will create a text file on your desktop called getsts.txt and open it in notepad.

Please post the contents of this notepad as a reply to this topic.

#3 hvacer

hvacer
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 29 January 2006 - 04:38 AM

SharedTaskScheduler exporter by Grinler

{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader => %SystemRoot%\System32\browseui.dll

{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon => %SystemRoot%\System32\browseui.dll

{D81E2FC4-B0A2-11D3-21AC-07C04C21A18A} - Replay for WindowsXP => Empty Value

thanks here ya go

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,536 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:31 AM

Posted 29 January 2006 - 11:16 AM

Download the attached reg file and save it to your desktop. Then double-click on the reg file and allow thedata to be merged.


Then,

Click on start, settings, control panel and double-click on add/remove programs. From with add/remove program uninstall the following if they exist:

SpywareStrike

Finally,

Print out these instructions and then close all windows including Internet Explorer.

Then I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:

O2 - BHO: (no name) - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - (no file)
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\home\LOCALS~1\Temp\2006128182017_mcinfo.exe /insfin
O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\home\LOCALS~1\Temp\2006128182039_mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [SpywareStrike] C:\Program Files\SpywareStrike\SpywareStrike.exe /h

Reboot your computer into Safe Mode

Then delete these files or directories (Do not be concerned if they do not exist)

C:\Program Files\SpywareStrike\

Reboot your computer to go back to normal mode and post a new log and tell me if your better..

Attached Files



#5 hvacer

hvacer
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 29 January 2006 - 01:58 PM

puter seems to be healthy now. wow is it nice to not see that friggin popup window :thumbsup:

Logfile of HijackThis v1.99.1
Scan saved at 1:49:57 PM, on 1/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\PD6000SM.EXE
C:\SMC\SMC.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\SanDisk\low power 128MB + Wi-Fi CompactFlash Card\WLANUTL.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\dlbxcoms.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
c:\program files\softwin\bitdefender8\bdmcon.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/explore.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://cgi.verizon.net/bookmarks/bmredir.a...=4.0&bm=ho_home
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qsrch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O4 - HKLM\..\Run: [PD6000StatusMonitor] C:\WINDOWS\System32\PD6000SM.EXE
O4 - HKLM\..\Run: [SMC] C:\SMC\SMC.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DLBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlbxmon.exe] "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: SanDisk Wi-Fi.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\ControlPad\Misc\a_menu.exe (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://cgi.verizon.net/bookmarks/bmredir.asp?region=east&bw=dsl&cd=4.0&bm=ho_home
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1122246359431
O18 - Protocol: x-excid - {9D6CC632-1337-4A33-9214-2DA092E776F4} - c:\WINDOWS\Downloaded Program Files\mimectl.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,536 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:31 AM

Posted 29 January 2006 - 03:41 PM

Now that your clean:

Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and reenable system restore here:

Managing Windows Millenium System Restore

or

Windows XP System Restore Guide

Renable system restore with instructions from tutorial above


Next,

This process will clean out your Temp files and your Temporary Internet Files. Please do both steps:

Step 1:Delete Temp Files
To clean out your temp files, click on Start and then run, and type %temp% and press the ok button.

This should open up the temp directory that your machine uses. Please delete all files that are found there. If you get an error when deleting a file, skip that file and delete all the others. If you had trouble deleting a file, reboot into Safe Mode and follow this step again. You should now be able to delete all the files.

Step 2: Delete Temporary Internet Files
Now I want you to open up Internet Explorer, and click on the Tools menu and then Internet Options. At the General tab, which should be the first tab you are currently on, click on the Delete Files button and put a checkmark in Delete offline content. Then press the OK button. This may take quite a while, so do not be alarmed with how long it takes. When it is done, your Temporary Internet Files will now be deleted.

Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet


Glad I was able to help and if there any other problems related to your computer please feel free to post them in the appropriate forum. Though we help people with spyware and viruses here at BC, we also help people with other computer problems! Do not forget to tell your friends about us!

#7 hvacer

hvacer
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 29 January 2006 - 03:55 PM

Lawrance I cant thank you enough bro. I'm broke man, if you hadnt helped I would have had to live with the problem, repair shop is not an option. lemme remind yopu that your the man.

Brian

#8 hvacer

hvacer
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 29 January 2006 - 03:59 PM

HEY SHOULD i BE DELETING THE HIDDEN FILES AS WELL?

#9 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,536 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:31 AM

Posted 29 January 2006 - 04:14 PM

What hidden files?

#10 hvacer

hvacer
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 29 January 2006 - 04:25 PM

not sure it says there are 4 hidden files that have not been displayed

#11 hvacer

hvacer
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 29 January 2006 - 05:00 PM

man im sorry I know im pushing my luck.....

when we sent the virus packing it apparently took some of my puters belongings. I cant connect to my hvac-talk chat room so I tried a few others, no chat rooms will work.

#12 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,536 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:31 AM

Posted 29 January 2006 - 10:53 PM

What says there are four hidden files? I am a bit confused.

As for your hvac chat... gimme the url to it so I can tell you what you need to install again. Not sure what may have been removed.

#13 hvacer

hvacer
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 30 January 2006 - 03:03 PM

http://www.hvac-talk.com/vbb/enterchat.php

says it needs a java compatable web browser to run. I re installed java but it didnt change.

when I opened the temp folder a popup window opened which said there are also four hidden items, for instructions on how to view them, click here.

The popup doesnt come up anymore when I open it, so it must no longer be an issue?

#14 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,536 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:31 AM

Posted 30 January 2006 - 05:27 PM

Im surprised smitrem would cause this problem. I dont believe it touches anything that has to do with java. So you go to that page and it says you do not have a java compatible browser? This is after you install the sun java?

If you open IE, click on tools, then internet options, click on the advanced tab and scroll down till you see Java Sun. Is it checked where it says Use java? Also what is checked under Microsoft vm?

#15 hvacer

hvacer
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 30 January 2006 - 05:49 PM

jit compiler for nirtual sun is the only box checked in the vm protion, and java sun is enabled. I pulled quite a few chunks of spyware out of the puter, suppose it could have been any of them?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users