MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: compuplague
November 22, 2019, 03:51:35 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
November 22, 2019, 03:51:35 AM

Login with username, password and session length
 Featured Sites:
News
New  New Poll on our main page!
"My experience with Vista..."
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: compuplague  (Read 1538 times)
kidigi2lx
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 24


Bookmark and Share

View Profile
« on: March 23, 2006, 01:05:13 PM »

Hey Guys,

I was warned - from my mother no less.  She informed a while ago that there was this stellar new bug that hitched a ride on your E-stuff after a simple click on a innocuous image during surfage.  I can say I forgot but, more or less, I ignored her warning and clicked on as many images as I possibly could, taunting disaster.  Disaster obtained!  Fortunately, this is for another computer that can not access this site (for whatever reason).  You guys have helped me out thrice in days past and after not learning a single thing I need assistance one last time for this new-old laptop (Compaq Armada 4220T).  I know the drill - the logfile (drumroll...):

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\INET20091\WINLOGON.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\PROGRAM FILES\NETGEAR\WG511\UTILITY\WG511WLU.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\MOUSEPAD5.EXE
C:\WINDOWS\IRXFER.EXE
C:\WINDOWS\NEWNAME5.EXE
C:\WINDOWS\SYSC00.EXE
C:\WINDOWS\MYUVSC.EXE
C:\WINDOWS\SYS09846992615.EXE
C:\WINSTALL.EXE
C:\PROGRAM FILES\AIM\AIM.EXE
C:\PROGRAM FILES\SONY\OPENMG JUKEBOX\OMGTRAY.EXE
C:\WINDOWS\DIMAS.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\1143116246\EE\AOLHOSTMANAGER.EXE
C:\WINDOWS\DIMAS.EXE
C:\WINDOWS\DIMAS.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\1143116246\EE\AOLSERVICEHOST.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
C:\WINDOWS\MS03992615846.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\PROGRAM FILES\SURFSIDEKICK 3\SSKBHO.DLL
F1 - win.ini: run=C:\WINDOWS\INET20091\WINLOGON.EXE
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\PROGRAM FILES\AOL\AOL TOOLBAR 2.0\AOLTB.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
O4 - HKLM\..\Run: [WG511WLU] C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe -hide
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\INET20091\WINLOGON.EXE
O4 - HKLM\..\Run: [keyboard] C:\WINDOWS\KEYBOARD5.exe
O4 - HKLM\..\Run: [mousepad] C:\WINDOWS\MOUSEPAD5.exe
O4 - HKLM\..\Run: [newname] C:\WINDOWS\NEWNAME5.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [win3201469926158] C:\WINDOWS\win3201469926158.exe
O4 - HKLM\..\Run: [win3207158469926] C:\WINDOWS\win3207158469926.exe
O4 - HKLM\..\Run: [ms08584699261] C:\WINDOWS\ms08584699261.exe
O4 - HKLM\..\Run: [autoupdate] rundll32 C:\WINDOWS\SYSTEM\DMONWV.DLL,SHStart
O4 - HKLM\..\Run: [mpynsa] C:\WINDOWS\myuvsc.exe reg_run
O4 - HKLM\..\Run: [win3208584699261] C:\WINDOWS\win3208584699261.exe
O4 - HKLM\..\Run: [sys09846992615] C:\WINDOWS\sys09846992615.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\PROGRAM FILES\SURFSIDEKICK 3\Ssk.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1143116246\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [ms03992615846] C:\WINDOWS\ms03992615846.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [Shell] "C:\WINDOWS\SYSTEM\ibm00001.exe"
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [imgot] C:\WINDOWS\myuvsc.exe reg_run
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\INET20091\WINLOGON.EXE
O4 - HKCU\..\Run: [SurfSideKick 3] C:\PROGRAM FILES\SURFSIDEKICK 3\Ssk.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\RunServices: [Shell] "C:\WINDOWS\SYSTEM\ibm00001.exe"
O4 - HKCU\..\RunServices: [Windows installer] C:\winstall.exe
O4 - HKCU\..\RunServices: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\RunServices: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\RunServices: [imgot] C:\WINDOWS\myuvsc.exe reg_run
O4 - HKCU\..\RunServices: [xp_system] C:\WINDOWS\INET20091\WINLOGON.EXE
O4 - HKCU\..\RunServices: [SurfSideKick 3] C:\PROGRAM FILES\SURFSIDEKICK 3\Ssk.exe
O4 - HKCU\..\RunServices: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: OpenMG Jukebox Startup.lnk = C:\Program Files\Sony\OpenMG Jukebox\Omgtray.exe
O4 - Startup: fghwy.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\PROGRAM FILES\AOL\AOL TOOLBAR 2.0\AOLTB.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

That's it for me.  I saw that someone threaded the surfsidekick thing.  That's an interesting one b/c it keeps coming back.  I'll take a look at that while I wait and hopefully it'll solve some of my issues, maybe.  Oh and this time if procedure involves me creating a backup of my reg then this time I'll make sure.  Big-ups to Pancake for a successful 3 for 3; appreciate it.
-D I J nice funky new feature guys  Cheesy
« Last Edit: March 23, 2006, 02:09:20 PM by kidigi2lx » Logged

I can't write my signiture on the computer screen so i'll just use this.
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #1 on: March 24, 2006, 06:02:07 AM »

    Hi and Welcome

    It may help to print out or copy this page as you will be working in Safe Mode.. Make sure to work through the fixes in the exact order its listed.Some files may no longer be present after running some of the fixes.

    -------------------------------------------------------------


    Download any of the required programs before attempting to start any of the fixes.

      ------------------------------------------------------------------
    SHOW HIDDEN FILES AND FOLDERS.
    To show hidden files instructions (WinXP)
    Doubleclick My Computer | Tools | Folder Options | View tab
    Select Show Hidden Files and Folders
    Uncheck Hide extensions for known file types
    Uncheck Hide protected operating system files (Recommended)
    Select Apply to All Folders | Yes | Apply | OK

    ------------------------------------------------------------------

    Download the trial version of Ewido Security Suite

    When installing, under "Additional Options" uncheck "Install Background Guard" and "Install scan via context menu".

    Launch Ewido Security Suite (there should be an icon on your desktop doubleclick it). The program will now go to the main screen. You will need to update ewido to the latest definition files.

    On the left hand side of the main screen click update and then click on Start Update. The update will start and a progress bar will show the updates being installed. If you have problems with the updater, you can use this link to manually update ewido.
     http://www.ewido.net/en/download/updates/. Do not run a scan yet.

    When you have done this, boot into Safe Mode (restart your PC and keep tapping F8 while it restarts).

    Run Ewido Security Suite now. Click on Scanner and click Complete System Scan and the scan will begin. During the scan it will prompt you to clean files, click OK. When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK. When the scan is finished, click the Save report button at the bottom of the screen. Save the report to your desktop and close Ewido Security Suite.Please post its log here.

    ----------------------------------------------------------------
    How to setup  AboutBuster version 5

    Download AboutBuster

    Then unzip all files from the zip folder to a folder or your desktop. Start it and press the OK button. Then hit the update button and a new screen will appear. On that screen press the Check for Updates button..

    To scan your machine, press the Start button and then press OK. The program should start scanning. When it is done, press the exit button and reboot. Once rebooted run About:Buster one more time.

    This program is updated often so you should always use the built in update feature before you scan with it.

    ----------------------------------------------------------------

    Download smitRem.exe and save the file to your desktop.
    Double click on the file to extract it to it's own folder on the desktop.

    Next, please reboot your computer in SafeMode by doing the following:[list=1]
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
    • Instead of Windows loading as normal, a menu should appear
    • Select the first option, to run Windows in Safe Mode.
    Now scan with HJT and place a checkmark next to each of the following items and click FIX CHECKED:


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\PROGRAM FILES\SURFSIDEKICK 3\SSKBHO.DLL
    F1 - win.ini: run=C:\WINDOWS\INET20091\WINLOGON.EXE
    O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
    O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\INET20091\WINLOGON.EXE
    O4 - HKLM\..\Run: [keyboard] C:\WINDOWS\KEYBOARD5.exe
    O4 - HKLM\..\Run: [mousepad] C:\WINDOWS\MOUSEPAD5.exe
    O4 - HKLM\..\Run: [newname] C:\WINDOWS\NEWNAME5.exe
    O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
    O4 - HKLM\..\Run: [win3201469926158] C:\WINDOWS\win3201469926158.exe
    O4 - HKLM\..\Run: [win3207158469926] C:\WINDOWS\win3207158469926.exe
    O4 - HKLM\..\Run: [ms08584699261] C:\WINDOWS\ms08584699261.exe
    O4 - HKLM\..\Run: [autoupdate] rundll32 C:\WINDOWS\SYSTEM\DMONWV.DLL,SHStart
    O4 - HKLM\..\Run: [mpynsa] C:\WINDOWS\myuvsc.exe reg_run
    O4 - HKLM\..\Run: [win3208584699261] C:\WINDOWS\win3208584699261.exe
    O4 - HKLM\..\Run: [sys09846992615] C:\WINDOWS\sys09846992615.exe
    O4 - HKLM\..\Run: [SurfSideKick 3] C:\PROGRAM FILES\SURFSIDEKICK 3\Ssk.exeO4 - HKCU\..\Run: [Shell] "C:\WINDOWS\SYSTEM\ibm00001.exe"
    O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
    O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
    O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
    O4 - HKCU\..\Run: [imgot] C:\WINDOWS\myuvsc.exe reg_run
    O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\INET20091\WINLOGON.EXE
    O4 - HKCU\..\Run: [SurfSideKick 3] C:\PROGRAM FILES\SURFSIDEKICK 3\Ssk.exe
    O4 - HKCU\..\RunServices: [Shell] "C:\WINDOWS\SYSTEM\ibm00001.exe"
    O4 - HKCU\..\RunServices: [Windows installer] C:\winstall.exe
    O4 - HKCU\..\RunServices: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
    O4 - HKCU\..\RunServices: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
    O4 - HKCU\..\RunServices: [imgot] C:\WINDOWS\myuvsc.exe reg_run
    O4 - HKCU\..\RunServices: [xp_system] C:\WINDOWS\INET20091\WINLOGON.EXE
    O4 - HKCU\..\RunServices: [SurfSideKick 3] C:\PROGRAM FILES\SURFSIDEKICK 3\Ssk.exe
    O4 - HKLM\..\Run: [ms03992615846] C:\WINDOWS\ms03992615846.exe
    O4 - Startup: fghwy.exe





    Then open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
    Wait for the tool to complete and disk cleanup to finish.

    ----------------------------------------------------------------

    Files highlighted in BLACK  will need to be removed from your hard drive.

    Folders that have been highlighted RED will need to be uninstalled.


     ------------------------------------------------------------------

    Uninstall the following programs (if they still exist) Go into HijackThis->Config->Misc.Tools->Open Uninstall manager

    C:\Program Files\Common Files\VCClient
    C:\PROGRAM FILES\SURFSIDEKICK 3
    C:\WINDOWS\INET20091


    -----------------------------------------------------------------


    Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following exe file/s and click End Process for each one if they are  listed.

    C:\WINSTALL.EXE
    C:\WINDOWS\MYUVSC.EXE
    C:\WINDOWS\SYSTEM\ibm00001.exe
     C:\WINDOWS\ms03992615846.exe
    C:\WINDOWS\sys09846992615.exe
    C:\WINDOWS\win3208584699261.exe
    C:\WINDOWS\ms08584699261.exe
    C:\WINDOWS\win3207158469926.exe
     C:\WINDOWS\win3201469926158.exe
     C:\WINDOWS\KEYBOARD5.exe
     C:\WINDOWS\MOUSEPAD5.exe
    C:\WINDOWS\NEWNAME5.exe
     C:\WINDOWS\SYSC00.exe


    ------------------------------------------------------------------   
                   

    Open Windows Explorer and delete the following highlighted  file/s
    Also delete the following red folder/s
     
    C:\WINSTALL.EXE
    C:\WINDOWS\MYUVSC.EXE
    C:\WINDOWS\SYSTEM\ibm00001.exe
     C:\WINDOWS\ms03992615846.exe
    C:\WINDOWS\sys09846992615.exe
    C:\WINDOWS\win3208584699261.exe
    C:\WINDOWS\ms08584699261.exe
    C:\WINDOWS\win3207158469926.exe
     C:\WINDOWS\win3201469926158.exe
     C:\WINDOWS\KEYBOARD5.exe
     C:\WINDOWS\MOUSEPAD5.exe
    C:\WINDOWS\NEWNAME5.exe
     C:\WINDOWS\SYSC00.exe


    C:\WINDOWS\SYSTEM\DMONWV.DLL

    C:\Program Files\Common Files\VCClient
    C:\PROGRAM FILES\SURFSIDEKICK 3
    C:\WINDOWS\INET20091

     -------------------------------------------------------------------



    When finished please  post a new log......
    Logged

    An Australian Member of

    EDDY
    kidigi2lx
    Jr. Member
    **

    Karma: +0/-0
    Offline Offline

    Gender: Male
    Posts: 24


    Bookmark and Share

    View Profile
    « Reply #2 on: March 25, 2006, 05:24:46 AM »

    Hey Guys.
    Can't use Ewido.  Ap doesn't work for OS's that are pre XP.  Is it absolutely crucial that I scan with Ewido or can I just follow the instruction that comes after?  Thanx again.
    Yours Truly - L
    Logged

    I can't write my signiture on the computer screen so i'll just use this.
    Pancake
    Global Moderator
    Hero Member
    *****

    Karma: +78/-0
    Offline Offline

    Gender: Male
    Posts: 3915


    Bookmark and Share

    View Profile
    « Reply #3 on: March 25, 2006, 06:15:16 AM »

    No its ok.Just carry on with the rest of the instructions...
    Logged

    An Australian Member of

    EDDY
    Pages: [1] Go Up Print 
     
    Jump to:  

    Powered by MySQL Powered by PHP

    Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

    Valid XHTML 1.0! Valid CSS!

    Disclaimer
    This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
    Back to Top
    Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
    Back to Top
    Google visited last this page April 29, 2018, 04:02:15 PM