Virus Help ( dl.exe )

  1. 20-08-2005  #1
    Tich112
    Tich112 is offline Newbie

    Virus Help ( dl.exe )

    but this site looked like a great place to try to get help. Yesterday as I started my computer up, I noticed a Dos Window pop up and it was a program called dl.exe running. Well instantly I knew something was wrong. It started opening printers and all kinds of other files. It corrupted a lot of files such as Spy Doctor, Registry Scan. I tried to reinstall NAV, but it won't even let me start. Spy Doctor installs, but when I restarted my computer and dl.exe started again it just corrupted it over. I notice that my internet speed has slowed down a lot also. So, here I am...with no Virus protection and no way of removing this file. Can I be helped without having to completely reformat my computer? Any assistance is appreciated.

  3. 20-08-2005  #2
    madmikejt12
    madmikejt12 is offline Dedicated Member
    http://www.sarc.com/avcenter/venc/da...alinstructions

    try this, where it says scan for viruses use AVG free anti-virus (download by clicking "AVG Anti Virus" in my signature)
  4. 21-08-2005  #3
    Tich112
    Tich112 is offline Newbie
    Sorry it has taken so long to reply, but I had to step away from the computer out of frustration. I am trying to get the avg virus scan dl'd now, and I am doing a scan on trend micro now. I was going to post a log from hjt, but for some reason I have lost word and notepad capabilities and I'm unable to open the log files

    I'll post again after the scans and whatnot...probably be an hour or two (dl.exe has internet crawling).
  5. 21-08-2005  #4
    Tich112
    Tich112 is offline Newbie
    Logfile of HijackThis v1.99.1
    Scan saved at 2:50:42 PM, on 8/21/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WIN98\System32\smss.exe
    C:\WIN98\system32\csrss.exe
    C:\WIN98\system32\winlogon.exe
    C:\WIN98\system32\services.exe
    C:\WIN98\system32\lsass.exe
    C:\WIN98\system32\svchost.exe
    C:\WIN98\System32\svchost.exe
    C:\WIN98\System32\svchost.exe
    C:\WIN98\System32\svchost.exe
    C:\WIN98\system32\LEXBCES.EXE
    C:\WIN98\system32\spoolsv.exe
    C:\WIN98\system32\LEXPPS.EXE
    C:\WIN98\System32\nvsvc32.exe
    C:\WIN98\system32\pctspk.exe
    C:\WIN98\System32\svchost.exe
    C:\WIN98\Explorer.EXE
    C:\WIN98\System32\RUNDLL32.EXE
    C:\WIN98\System32\LVComS.exe
    C:\WIN98\System32\wuauclt.exe
    C:\Program Files\Everquest\_verQuest.exe
    C:\WIN98\patch.exe
    C:\WIN98\system32\ntvdm.exe
    C:\PROGRAM FILES\COREL\WORDPERFECT OFFICE 2000\REGISTER\remind32.exe
    C:\Documents and Settings\JonB\Desktop\hijackthis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.phantomraiders.org/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WIN98\SYSTEM\blank.htm
    R3 - URLSearchHook: (no name) - _{9368D063-44BE-49B9-BD14-BB9663FD38FC} - (no file)
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_7_1. dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WIN98\system32\msdxm.ocx
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_7_1. dll
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WIN98\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WIN98\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\RunOnce: [Selfreg] C:\WIN98\Corel\Slfregen.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - Global Startup: CorelCENTRAL 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\ccwin9.exe
    O4 - Global Startup: CorelCENTRAL Alarms.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
    O4 - Global Startup: Desktop Application Director 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
    O4 - Global Startup: Corel Registration.lnk = C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {3C200107-2959-4C6E-91B8-F6D911B398A8} (Driver_Detective_v43_Members.DD_v43) - http://www.drivershq.com/cab/prod/Dr...43_Members.CAB
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1100305234056
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1123909959261
    O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3D8C53D4-A4E1-4B42-86CD-16415BFE6122}: NameServer = 66.63.192.2 66.63.192.3
    O17 - HKLM\System\CCS\Services\Tcpip\..\{EA3F57B2-1DB8-4793-AE44-0598B528BAF1}: NameServer = 192.168.0.1
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WIN98\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WIN98\System32\nvsvc32.exe
    O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WIN98\system32\pctspk.exe
  6. 21-08-2005  #5
    Tich112
    Tich112 is offline Newbie
    Save 20% on AVG Internet Security 2012 Suite!
    I'm thinking reformatting is probably my best choice.
+ Reply to Thread
« Unable to log into Yahoo Mail: "Getting file information" | Please help me to get rid of the blue toolbar IE »