1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

help me delete this thing! i think it is called matcach f

Discussion in 'Windows - Virus and spyware problems' started by boomebgr, Mar 23, 2007.

  1. boomebgr

    boomebgr Member

    Joined:
    Mar 23, 2007
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    11
    directions on how to delete it told me to download hijackthis and then scan and post the log and experts would tell me whet to delete and what to keep so i dont delete something i need....please help

    Logfile of HijackThis v1.99.1
    Scan saved at 12:11:35 AM, on 3/24/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Verizon\Verizon Internet Security Suite\fws.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\ALCXMNTR.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
    C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
    C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe
    C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\DOCUME~1\JEFFER~1\MYDOCU~1\SKS~1\wucrtupd.exe
    C:\WINDOWS\a?sembly\w?auclt.exe
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dllhost.exe
    C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
    C:\Program Files\Common Files\Command Software\dvpapi.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\HJT\HijackThis.exe
    C:\Documents and Settings\Jeffery Gill\Local Settings\Temporary Internet Files\Content.IE5\01UV0PYF\EClea2_0[1].exe
    C:\Documents and Settings\Jeffery Gill\Local Settings\Temporary Internet Files\Content.IE5\01UV0PYF\EClea2_0[1].exe

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
    O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll
    O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Verizon\Verizon Internet Security Suite\FBHR.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: (no name) - {D14BBC49-75F6-207C-DF4F-569099A33999} - C:\WINDOWS\system32\hdxvtje.dll
    O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - c:\program files\peoplepc\toolbar\PPCToolbar.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [SCAR updater] C:\WINDOWS\system32\SCAR updater.exe
    O4 - HKLM\..\Run: [LXBRKsk] C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
    O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [Verizon Internet Security Suite] "C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe"
    O4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [SeekmoToolbar] C:\Program Files\SeekmoToolbar\Bin\4.8.4.0\${HOOKOE_FILE}
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Lhar] "C:\DOCUME~1\JEFFER~1\MYDOCU~1\SKS~1\wucrtupd.exe" -vt yazb
    O4 - HKCU\..\Run: [Vbv] "C:\WINDOWS\a?sembly\w?auclt.exe" 99001396
    O4 - HKCU\..\Run: [Avi Player] "C:\Program Files\Avi Player\AviPlayer.exe" hmw
    O4 - Global Startup: dllhost.exe
    O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
    O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
    O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
    O20 - AppInit_DLLs: ,
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
    O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\Verizon\Verizon Internet Security Suite\fws.exe
     
  2. Etzo

    Etzo Regular member

    Joined:
    Feb 8, 2007
    Messages:
    489
    Likes Received:
    0
    Trophy Points:
    26
    Hi!

    * Click Start
    * Click Control Panel
    * Double-click Add or Remove Program
    * Find and remove this program if found:

    Oin
    Yazzle by Oin
    Purityscan by Oin
    Snowballwars by Oin
    Or anything with Oin or Outerinfo
    Zolero
    Tizzletalk
    MediaTickets
    Cowabanga


    ========================================

    Go to www.virustotal.com and put these file: C:\Program Files\Avi Player\AviPlayer.exe, to the box above. Send the results back here.

    ========================================

    Next, download AVG Anti-Spyware:
    http://www.ewido.net/en/download/
    Locate the icon on the Desktop and double-click it to launch the program.

    Now, update the definition files:
    On the main screen select Update, and then select the Update Now link.
    Next, select the Start Update button
    (The update starts and a progress bar shows the updates installed.)

    Once the update completes select: Scanner (the top of the screen)
    Select the Settings tab
    Once in the Settings screen click on: Recommended actions
    Select: Quarantine
    Under: Reports, select: Automatically generate report after every scan
    Un-Select: Only if threats were found
    Close AVG AS for now.

    Download and drive uninstaller:
    http://www.outerinfo.com/OiUninstaller.exe

    Instructions for that uninstaller, if needed

    ========================================

    Please download NoLop to the Desktop: http://www.thespykiller.co.uk/forum/index....tpmod;dl=item16

    * Close any programs you have running since a reboot is required
    * Double click NoLop.exe to run it
    * Next, click the button labeled: Search and Destroy
    <<your computer will now be scanned for infected files>>
    * When the scan finishes, if infected, you are prompted to reboot
    * Click OK
    * Now click: REBOOT
    * A Message should popup from NoLop. If not, double click the program again and it will finish.


    Note: If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program.

    ========================================

    Please download VundoFix.exe to your desktop.

    * Double-click VundoFix.exe to run it.
    * Click the Scan for Vundo button.
    * Once it's done scanning, click the Remove Vundo button.
    * You will receive a prompt asking if you want to remove the files, click YES
    * Once you click yes, your desktop will go blank as it starts removing Vundo.
    * When completed, it will prompt that it will reboot your computer, click OK.
    * Please post the contents of C:\vundofix.txt and a new HiJackThis log.

    Important note -- It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

    ========================================
    Reboot to Safe Mode :
    -Restart your computer.
    -When the machine first starts again, tap the F8 key before Windows starts
    -You are presented with a Windows XP Advanced Options menu.
    -Select the option for Safe Mode using the arrow keys.
    -Press Enter to boot into Safe Mode.
    ========================================

    In Safemode Find / Remove these:

    C:\Program Files\SeekmoToolbar <--- FOLDER
    C:\DOCUME~1\JEFFER~1\MYDOCU~1\SKS~1\wucrtupd.exe
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dllhost.exe
    c:\program files\peoplepc <--- FOLDER

    ========================================

    Still in Safe Mode, launch AVG AS
    Select: Scanner (at the top)
    Select the Scan tab
    Click on: Complete System Scan
    AVG AS begins the scanning process, and it may take a while.
    Please do not open any other windows or programs while AVG AS is scanning, it may interfere with the scanning process!!

    Once the scan is complete, AVG AS lists any infections found.
    It also automatically sets the recommended action.
    Click: Apply all actions
    AVG AS will then display: All actions have been applied

    Next select: Reports (at the top)
    Select: Save report as (lower left of the screen)
    Save the report to a text file in a location where you can find it!
    Close AVG AS.
    ========================================

    Restart your computer back to normalmode.

    ========================================
    Close ALL programs, except HijackThis - Click Scan and
    check these lines:

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {D14BBC49-75F6-207C-DF4F-569099A33999} - C:\WINDOWS\system32\hdxvtje.dll
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [SeekmoToolbar] C:\Program Files\SeekmoToolbar\Bin\4.8.4.0\${HOOKOE_FILE}
    O4 - HKCU\..\Run: [Lhar] "C:\DOCUME~1\JEFFER~1\MYDOCU~1\SKS~1\wucrtupd.exe" -vt yazb
    O4 - HKCU\..\Run: [Vbv] "C:\WINDOWS\a?sembly\w?auclt.exe" 99001396
    O4 - Global Startup: dllhost.exe
    O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
    O20 - AppInit_DLLs: ,



    And press Fix Checked. Close HijackThis

    Restart your computer , send new HjT-log, C:\NoLop.log, C:\vundofix.txt and AVG report to your next reply.
     

Share This Page