I am freaking out, 5 viruses! (Trj)

Viruses and worms
1

:-X I am about to throw this computer through a wall!!This is the 100th attempt to get tyou the info that you asked me for, Here it goes… I have win xp pro, ist ed. My computer will not allow me to download any updates or install any from any site of anykind. It keeps erasing and moving files. Everytime I try to send this it erases it when I try. The version of avast VRDB is from 10/17/04 Version 0443-3 10/22/04.
Here is my hijack list
Logfile of HijackThis v1.97.7
Scan saved at 10:41:43 AM, on 10/23/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WLAN\802.11 Wireless LAN\WlanMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\WINDOWS\System32\wuauclt.exe
D:\PASSWORD rec-tools\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.juno.com/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - (no file)
R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: (no name) - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\Juno\qsacc\X1IEBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKCU..\Run: [msnmsgr] “C:\Program Files\MSN Messenger\msnmsgr.exe” /background
O4 - Startup: Configuration & Monitor Utility.lnk = ?
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\Juno\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\Juno\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: Research (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra ‘Tools’ menuitem: Messenger (HKLM)
O15 - Trusted Zone: http://my.juno.com
O15 - Trusted Zone: http://www.juno.com
O15 - Trusted Zone: http://*.ocsd.org
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://protect.microsoft.com/security/protect/wsa/shared/CAB/x86/msSecAdv.cab?1098239765313
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095820224948
O16 - DPF: {A8658086-E6AC-4957-BC8E-8D54A7E8A790} (GDIChk Object) - http://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_4us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Thnks frm Cali!!

2

Well processes are all fine. I don’t understand whats the problem exactly,because you dont have anything resident in memory.

3

Did you read the attached Virus/Error log from yesterday. I ran a deep scan last night and it didnt see any of these errors. Are they gone finally or are they just lying in wait to strike my ass agin.? Thanks for the info. Lalabgu

4
  • Disable system restore
  • Reboot
  • Run a boottime scan with Avast
  • Run Hijackthis and fix the following if they are still there:

THESE ITEMS ARE HARMFULL AND SHOULD BE FIXED/REMOVED :

\program files\msn apps\updater\01.02.3000.1001\en-us\msnappau.exe
r1 - hkcu\software\microsoft\internet explorer\searchurl,(default) = http://my.juno.com/s/search?r=minisearch
r3 - urlsearchhook: urlsearchhook class - {37d2cdbf-2af4-44aa-8113-bd0d2da3c2b8} - (no file)
r3 - urlsearchhook: incredifindbho class - {5d60ff48-95be-4956-b4c6-6bb168a70310} - (no file)
o1 - hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
o2 - bho: (no name) - {52706ef7-d7a2-49ad-a615-e903858cf284} - c:\program files\juno\qsacc\x1iebho.dll
o2 - bho: (no name) - {53707962-6f74-2d53-2644-206d7942484f} - d:\spybot~1\sdhelper.dll (file missing)
o2 - bho: (no name) - {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\01.02.3000.1001\en-us\msntb.dll
o3 - toolbar: msn - {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\01.02.3000.1001\en-us\msntb.dll
o4 - startup: configuration & monitor utility.lnk = ?
o8 - extra context menu item: display all images with full quality - res://c:\program files\juno\qsacc\appres.dll/228
o8 - extra context menu item: display image with full quality - res://c:\program files\juno\qsacc\appres.dll/227
o8 - extra context menu item: web rebates - file://c:\program files\web_rebates\sy1150\tp1150\scri1150a.htm
o9 - extra button: research (hklm)
o15 - trusted zone: http://my.juno.com
o15 - trusted zone: http://www.juno.com
o15 - trusted zone: http://*.ocsd.org
o16 - dpf: {19e28afc-eae3-4ce5-ac83-2407b42f57c9} (mssecurityadvisor class) - http://protect.microsoft.com/security/protect/wsa/shared/cab/x86/mssecadv.cab?1098239765313
o16 - dpf: {6414512b-b978-451d-a0d8-fcfdf33e833c} (wuwebcontrol class) - http://v5.windowsupdate.microsoft.com/v5consumer/v5controls/en/x86/client/wuweb_site.cab?1095820224948
o16 - dpf: {a8658086-e6ac-4957-bc8e-8d54a7e8a790} (gdichk object) - http://www.microsoft.com/security/controls/gdi/0/gdichk.cab
o16 - dpf: {b38870e4-7ecb-40da-8c6a-595f0a5519ff} (msnmessengersetupdownloadcontrol class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
o16 - dpf: {bac01377-73dd-4796-854d-2a8997e3d68a} (yahoo! photos easy upload tool class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_4us.cab
o16 - dpf: {d27cdb6e-ae6d-11cf-96b8-444553540000} (shockwave flash object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Also visit Windows Update and get/install ALL security patches/updates that are there. Keep visiting Windows Update till you got them all.

And if you don’t have a router with hardware firewall, get one or at least install a software firewall.

5

Thanx So Much. I appreciate your help emencely Eddy! Tanx for b’ing patient. I’ll give it a go.

:-*lala’s

6

???Ok, I diabled system restore and have been trying to run the boot scan but The program will not allow me to do anything. It keeps saying, “access denied” and says that i dont have any user rights. I had this problem before and was able toi fix it. Unfortunately I have been able to this time. What should I do. And Windows now wont allow me to do certain processes. I am logged in as a administrator. Any answers? This sucks. Thank u all.
:ocrazie in cali, Lalabugu

7

Fix the things I told you with HijackThis, reboot and see if it solves at least part of the rpoblem.

8

;D All Clear From Here!!! Thanks for the tools. Confusious Says, He who is calm and follows directions, will be rewarded with good health. Mental, Physical, & technilological! Lalabugu