Please help

  1. 16-02-2005  #1
    RonSpears
    RonSpears is offline Newbie

    Please help

    Hello please take a look at my scan .. i believe i have mydoom . or korgo . i keep finding virus dc2.exe in c: recycler .. ive tried to take it out using search option on this forum but to no avail ,..i have bullguard system mechanic nortons wasent helping me so i tried to take it out but i can .. i dunno what else to do ..THANKS!!

    Logfile of HijackThis v1.99.0
    Scan saved at 7:55:18 AM, on 2/16/2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    D:\Program Files\CDInfo\VisualIPInsight\IPClient.exe
    D:\Program Files\CDInfo\VisualIPInsight\IPMon32.exe
    F:\Program Files\bullguard\BullGuard 5.0\BullGuard.exe
    F:\Program Files\System Mechanic 5\StartupGuard.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    F:\Program Files\systemworks\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    F:\PROGRA~1\SYSTEM~2\SPEEDD~1\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    D:\Program Files\CDInfo\VisualIPInsight\IPClient.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    F:\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer customized for Verizon Online
    O2 - BHO: Merriam-Webster Online BHO - {5ADA9CAC-04F9-4DD2-ABFD-74D673BE8624} - C:\WINDOWS\_MWOLTB.DLL
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\systemworks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Merriam-Webster Online - {B7B76DD6-B6F0-4443-AF81-6A3ECF12A57D} - C:\WINDOWS\_MWOLTB.DLL
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\systemworks\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [IPInSightLAN 01] "D:\Program Files\CDInfo\VisualIPInsight\IPClient.exe" -l
    O4 - HKLM\..\Run: [IPInSightMonitor 01] "D:\Program Files\CDInfo\VisualIPInsight\IPMon32.exe"
    O4 - HKLM\..\RunOnce: [System Mechanic Cache Cleanup] F:\Program Files\System Mechanic 5\SysMech5.exe /COMPLETECACHE
    O4 - HKCU\..\Run: [BullGuard 5.0] F:\Program Files\bullguard\BullGuard 5.0\BullGuard.exe
    O4 - HKCU\..\Run: [SpySweeper] "F:\stuff\download\Spy Sweeper\SpySweeper.exe" /0
    O4 - HKCU\..\Run: [System Mechanic Startup Guard] "F:\Program Files\System Mechanic 5\StartupGuard.exe"
    O4 - HKCU\..\Run: [AIM] F:\stuff\download\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [iolo Utility Bar] "F:\Program Files\System Mechanic 5\SMUtilityBar.exe"
    O8 - Extra context menu item: MWOL &Dictionary - res://C:\WINDOWS\_MWOLTB.DLL/23/219
    O8 - Extra context menu item: MWOL &Thesaurus - res://C:\WINDOWS\_MWOLTB.DLL/23/220
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\stuff\download\aim.exe
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1C7A0F2B-E870-4ABA-BE3B-4DEBCAF2CA96}: NameServer = 151.202.0.85 151.203.0.85
    O17 - HKLM\System\CS1\Services\Tcpip\..\{1C7A0F2B-E870-4ABA-BE3B-4DEBCAF2CA96}: NameServer = 151.202.0.85 151.203.0.85
    O23 - Service: *windows update - - (no file)
    O23 - Service: *wuauclt.exe - - (no file)
    O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - F:\Program Files\systemworks\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection - Symantec Corporation - F:\Program Files\systemworks\Norton Utilities\NPROTECT.EXE
    O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - F:\PROGRA~1\SYSTEM~2\SPEEDD~1\nopdb.exe
    O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  2. 18-02-2005  #2
    owen
    owen is offline D-A-L Team Member (UK)
    Save 20% on AVG Internet Security 2012 Suite!
    Close all browser windows, restart Hijack This and put a checkmark next to the following entries:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer customized for Verizon Online
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O23 - Service: *windows update - - (no file)
    O23 - Service: *wuauclt.exe - - (no file)

    Click Fix Checked

    Reboot

    Go to http://housecall.trendmicro.com and run a scan for viruses. Let it remove any it finds.

    Post a fresh log.
+ Reply to Thread
« Programs Freeze | help!!!!!!!!!!!!!!!!!!!!! screen freezing »