I have some trojan or virus problem and I can't get rid of it. Please help me. :confused:


Logfile of HijackThis v1.99.1
Scan saved at 9:57:53 AM, on 1/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\private.exe
C:\WINDOWS\system32\lexpps.exe
C:\WINDOWS\system32\d.exe
C:\WINDOWS\system32\dial32.exe
C:\Documents and Settings\New\Desktop\New Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\system32\private.exe internat.dll,LoadMouseCarpetProfile
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,72/mcinsctl.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/abarth/us/win/QuickTimeInstaller.exe
O16 - DPF: {8FA141C5-29D7-4408-A57B-619C463ED7BB} (Cychannel_Club1_10.UserControl1) - http://club.cyworld.nate.com/cychannel_club/Cychannel_Clubmain1_11.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,15/mcgdmgr.cab
O16 - DPF: {C320CD4A-7977-4FD2-BBB7-9E6CC61837C5} (INIwallet01 Control) - http://plugin.inicis.com/INIwallet01.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{33B83627-8870-4031-AFC3-30A897D900E7}: NameServer = 85.255.115.234,85.255.112.212
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F1ACF9C-5E7D-4D53-B688-5B94F40B39F9}: NameServer = 85.255.115.234,85.255.112.212
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C838328-6843-4C6C-BC14-A57089F5F010}: NameServer = 85.255.115.234,85.255.112.212
O17 - HKLM\System\CCS\Services\Tcpip\..\{7629CCE7-CD0C-4941-B80A-3213B38A327D}: NameServer = 85.255.115.234,85.255.112.212
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE1167F9-65EA-47D7-B73F-7A8E874CF736}: NameServer = 85.255.115.234,85.255.112.212
O17 - HKLM\System\CS1\Services\Tcpip\..\{33B83627-8870-4031-AFC3-30A897D900E7}: NameServer = 85.255.115.234,85.255.112.212
O17 - HKLM\System\CS2\Services\Tcpip\..\{33B83627-8870-4031-AFC3-30A897D900E7}: NameServer = 85.255.115.234,85.255.112.212
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WUSB54Gv2SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv2.exe (file missing)

Hi, welcome to Short-Media :)


You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://forums.subratam.org/index.php?act=Attach&type=post&id=43811
http://swandog46.geekstogo.com/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan, and check the following items:

O17 - HKLM\System\CCS\Services\Tcpip\..\{33B83627-8870-4031-AFC3-30A897D900E7}: NameServer = 85.255.115.234,85.255.112.212
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F1ACF9C-5E7D-4D53-B688-5B94F40B39F9}: NameServer = 85.255.115.234,85.255.112.212
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C838328-6843-4C6C-BC14-A57089F5F010}: NameServer = 85.255.115.234,85.255.112.212
O17 - HKLM\System\CCS\Services\Tcpip\..\{7629CCE7-CD0C-4941-B80A-3213B38A327D}: NameServer = 85.255.115.234,85.255.112.212
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE1167F9-65EA-47D7-B73F-7A8E874CF736}: NameServer = 85.255.115.234,85.255.112.212
O17 - HKLM\System\CS1\Services\Tcpip\..\{33B83627-8870-4031-AFC3-30A897D900E7}: NameServer = 85.255.115.234,85.255.112.212
O17 - HKLM\System\CS2\Services\Tcpip\..\{33B83627-8870-4031-AFC3-30A897D900E7}: NameServer = 85.255.115.234,85.255.112.212

Click Fix Checked. Close HijackThis, and click OK to proceed.

At the end of the fix, you may need to restart your computer again.

Finally, please post the contents of the logfile C:\fixwareout\report.txt, along with a new HijackThis log.

Trogan thanks alot. The problem seems to be fixed. Thanks again. :Rocker:

Thats good but there is still some things that need fixing.

Can you post a new HJT log :)