«

Hello, my PC got hit hard with some virus crap. There are several files that
copied themselves to my desktop and I can't delete them, because it says
they're read/write only. The files are...

ploint.exe
m00.exe.1
winln.exe
sipot.exe
madopew.dll
vcsystem.exe
fierm.exe

I've run the current Ad-Aware, Spybot, About Buster and CWShredder and some
of those find tons of files, but non seem to take care of the problem, I've
also run Hijackthis, but don't know which files to delete for sure, I took
out the ones with the above file names, but some seem to reappear. Please
help if you can... Here is my log file from Hijackthis... Thank you
Logfile of HijackThis v1.98.0
Scan saved at 5:29:56 PM, on 11/9/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\scagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe
C:\documents and settings\derek brubaker\desktop\vcsystem.exe
C:\documents and settings\derek brubaker\desktop\winln.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\waqwqm.exe
C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker1.ex e
C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.ex e
C:\MyTemp\Misc\HijackThis.exe

O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} -
C:\WINDOWS\localNRD.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} -
C:\WINDOWS\systb.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} -
C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program
Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [Disc Detector] C:\Program
Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash
Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Jet Detection] C:\Program
Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client
Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual
IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual
Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge]
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common
Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [rmptrxs] C:\WINDOWS\System32\waqwqm.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKCU\..\Run: [Taskbar] C:\Program
Files\Creative\SBAudigy\Taskbar\CTLTask.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self
Support Tool\bin\matcli.exe
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program
Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program
Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} -
C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login -
{2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program
Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -
C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program
Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} -
C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} -
C:\PROGRA~1\ICQ\ICQ.exe
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! MahJong Solitaire -
http://download.games.yahoo.com/game.../y/mjst4_x.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
http://files.member.yahoo.com/dl/installs/sbc/yinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) -
http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O18 - Filter: text/html - {EE7A946E-61FA-4979-87B8-A6C462E6FA62} -
C:\WINDOWS\httpfilter.dll

"dbru" <> wrote in message
news:...
> Hello, my PC got hit hard with some virus crap. There are several files
that
> copied themselves to my desktop and I can't delete them, because it says
> they're read/write only. The files are...
>
> ploint.exe
> m00.exe.1
> winln.exe
> sipot.exe
> madopew.dll
> vcsystem.exe
> fierm.exe
>
> I've run the current Ad-Aware, Spybot, About Buster and CWShredder and
some
> of those find tons of files, but non seem to take care of the problem,
I've
> also run Hijackthis, but don't know which files to delete for sure, I took
> out the ones with the above file names, but some seem to reappear. Please
> help if you can... Here is my log file from Hijackthis... Thank you
> Logfile of HijackThis v1.98.0
> Scan saved at 5:29:56 PM, on 11/9/2004
> Platform: Windows XP SP1 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\Explorer.EXE
> C:\WINDOWS\system32\spoolsv.exe
> C:\WINDOWS\System32\CTsvcCDA.EXE
> C:\WINDOWS\System32\nvsvc32.exe
> C:\WINDOWS\system32\scagent.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\System32\MsPMSPSv.exe
> C:\Program Files\Common Files\Real\Update_OB\realsched.exe
> C:\Program Files\Creative\ShareDLL\CtNotify.exe
> C:\Program Files\BroadJump\Client Foundation\CFD.exe
> C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
> C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
> C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
> C:\WINDOWS\System32\rundll32.exe
> C:\Program Files\Creative\ShareDLL\MediaDet.Exe
> C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe
> C:\documents and settings\derek brubaker\desktop\vcsystem.exe
> C:\documents and settings\derek brubaker\desktop\winln.exe
> C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
> C:\WINDOWS\System32\wuauclt.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\System32\waqwqm.exe
> C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker1.ex e
> C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.ex e
> C:\MyTemp\Misc\HijackThis.exe
>
> O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} -
> C:\WINDOWS\localNRD.dll
> O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} -
> C:\WINDOWS\systb.dll
> O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
> C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
> C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
> O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} -
> C:\WINDOWS\System32\msbe.dll
> O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
> C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
> O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
> C:\WINDOWS\System32\msdxm.ocx
> O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no
file)
> O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
> C:\WINDOWS\System32\NvCpl.dll,NvStartup
> O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
> O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
> Files\Real\Update_OB\realsched.exe" -osboot
> O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program
> Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
> O4 - HKLM\..\Run: [Disc Detector] C:\Program
> Files\Creative\ShareDLL\CtNotify.exe
> O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash
> Screen\CTEaxSpl.EXE /run
> O4 - HKLM\..\Run: [Jet Detection] C:\Program
> Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
> O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
> Files\QuickTime\qttask.exe" -atboottime
> O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client
> Foundation\CFD.exe
> O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual
Networks\Visual
> IP InSight\SBC\IPClient.exe" -l
> O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual
> Networks\Visual IP InSight\SBC\IPMon32.exe"
> O4 - HKLM\..\Run: [Motive SmartBridge]
> C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
> O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
> O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common
> Files\Sonic\Update Manager\sgtray.exe" /r
> O4 - HKLM\..\Run: [rmptrxs] C:\WINDOWS\System32\waqwqm.exe
> O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
> O4 - HKCU\..\Run: [Taskbar] C:\Program
> Files\Creative\SBAudigy\Taskbar\CTLTask.exe
> O4 - HKCU\..\Run: [Yahoo! Pager] 1
> O4 - Startup: PowerReg Scheduler V3.exe
> O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
> Files\Adobe\Calibration\Adobe Gamma Loader.exe
> O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self
> Support Tool\bin\matcli.exe
> O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program
> Files\Yahoo!\Common/ycdict.htm
> O8 - Extra context menu item: Yahoo! Search - file:///C:\Program
> Files\Yahoo!\Common/ycsrch.htm
> O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} -
> C:\Program Files\Yahoo!\Common\ylogin.dll
> O9 - Extra 'Tools' menuitem: Yahoo! Login -
> {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program
> Files\Yahoo!\Common\ylogin.dll
> O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -
> C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
> O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
> {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program
> Files\Yahoo!\Messenger\yhexbmes.dll
> O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} -
> C:\PROGRA~1\ICQ\ICQ.exe
> O9 - Extra 'Tools' menuitem: ICQ -
{6224f700-cba3-4071-b251-47cb894244cd} -
> C:\PROGRA~1\ICQ\ICQ.exe
> O12 - Plugin for .spop: C:\Program Files\Internet
> Explorer\Plugins\NPDocBox.dll
> O16 - DPF: Yahoo! MahJong Solitaire -
> http://download.games.yahoo.com/game.../y/mjst4_x.cab
> O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
> http://files.member.yahoo.com/dl/installs/sbc/yinst.cab
> O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) -
> http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
> O18 - Filter: text/html - {EE7A946E-61FA-4979-87B8-A6C462E6FA62} -
> C:\WINDOWS\httpfilter.dll
>
>
>

copy all the **** to a temp dir

then go into dos and delete em

use safe mode if you have to.


--


PhEaSaNt PLuCKeR

"dbru" <> wrote in message
news:...
> Hello, my PC got hit hard with some virus crap. There are several files
that
> copied themselves to my desktop and I can't delete them, because it says
> they're read/write only. The files are...
>
> ploint.exe
> m00.exe.1
> winln.exe
> sipot.exe
> madopew.dll
> vcsystem.exe
> fierm.exe
>
> I've run the current Ad-Aware, Spybot, About Buster and CWShredder and
some
> of those find tons of files, but non seem to take care of the problem,
I've
> also run Hijackthis, but don't know which files to delete for sure, I took
> out the ones with the above file names, but some seem to reappear. Please
> help if you can... Here is my log file from Hijackthis... Thank you
> Logfile of HijackThis v1.98.0
> Scan saved at 5:29:56 PM, on 11/9/2004
> Platform: Windows XP SP1 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\Explorer.EXE
> C:\WINDOWS\system32\spoolsv.exe
> C:\WINDOWS\System32\CTsvcCDA.EXE
> C:\WINDOWS\System32\nvsvc32.exe
> C:\WINDOWS\system32\scagent.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\System32\MsPMSPSv.exe
> C:\Program Files\Common Files\Real\Update_OB\realsched.exe
> C:\Program Files\Creative\ShareDLL\CtNotify.exe
> C:\Program Files\BroadJump\Client Foundation\CFD.exe
> C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
> C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
> C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
> C:\WINDOWS\System32\rundll32.exe
> C:\Program Files\Creative\ShareDLL\MediaDet.Exe
> C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe
> C:\documents and settings\derek brubaker\desktop\vcsystem.exe
> C:\documents and settings\derek brubaker\desktop\winln.exe
> C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
> C:\WINDOWS\System32\wuauclt.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\System32\waqwqm.exe
> C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker1.ex e
> C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.ex e
> C:\MyTemp\Misc\HijackThis.exe
>
> O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} -
> C:\WINDOWS\localNRD.dll
> O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} -
> C:\WINDOWS\systb.dll
> O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
> C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
> C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
> O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} -
> C:\WINDOWS\System32\msbe.dll
> O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
> C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
> O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
> C:\WINDOWS\System32\msdxm.ocx
> O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no
file)
> O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
> C:\WINDOWS\System32\NvCpl.dll,NvStartup
> O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
> O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
> Files\Real\Update_OB\realsched.exe" -osboot
> O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program
> Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
> O4 - HKLM\..\Run: [Disc Detector] C:\Program
> Files\Creative\ShareDLL\CtNotify.exe
> O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash
> Screen\CTEaxSpl.EXE /run
> O4 - HKLM\..\Run: [Jet Detection] C:\Program
> Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
> O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
> Files\QuickTime\qttask.exe" -atboottime
> O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client
> Foundation\CFD.exe
> O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual
Networks\Visual
> IP InSight\SBC\IPClient.exe" -l
> O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual
> Networks\Visual IP InSight\SBC\IPMon32.exe"
> O4 - HKLM\..\Run: [Motive SmartBridge]
> C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
> O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
> O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common
> Files\Sonic\Update Manager\sgtray.exe" /r
> O4 - HKLM\..\Run: [rmptrxs] C:\WINDOWS\System32\waqwqm.exe
> O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
> O4 - HKCU\..\Run: [Taskbar] C:\Program
> Files\Creative\SBAudigy\Taskbar\CTLTask.exe
> O4 - HKCU\..\Run: [Yahoo! Pager] 1
> O4 - Startup: PowerReg Scheduler V3.exe
> O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
> Files\Adobe\Calibration\Adobe Gamma Loader.exe
> O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self
> Support Tool\bin\matcli.exe
> O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program
> Files\Yahoo!\Common/ycdict.htm
> O8 - Extra context menu item: Yahoo! Search - file:///C:\Program
> Files\Yahoo!\Common/ycsrch.htm
> O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} -
> C:\Program Files\Yahoo!\Common\ylogin.dll
> O9 - Extra 'Tools' menuitem: Yahoo! Login -
> {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program
> Files\Yahoo!\Common\ylogin.dll
> O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -
> C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
> O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
> {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program
> Files\Yahoo!\Messenger\yhexbmes.dll
> O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} -
> C:\PROGRA~1\ICQ\ICQ.exe
> O9 - Extra 'Tools' menuitem: ICQ -
{6224f700-cba3-4071-b251-47cb894244cd} -
> C:\PROGRA~1\ICQ\ICQ.exe
> O12 - Plugin for .spop: C:\Program Files\Internet
> Explorer\Plugins\NPDocBox.dll
> O16 - DPF: Yahoo! MahJong Solitaire -
> http://download.games.yahoo.com/game.../y/mjst4_x.cab
> O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
> http://files.member.yahoo.com/dl/installs/sbc/yinst.cab
> O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) -
> http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
> O18 - Filter: text/html - {EE7A946E-61FA-4979-87B8-A6C462E6FA62} -
> C:\WINDOWS\httpfilter.dll
>
Copy this to a PERMANENT folder and then post it over at www.pcguide.com
where one of the really informed geeks will give you a thorough checkup on
it.
>
>
>
>
>
>

Thanks for the suggestions, the only problem I worry about with deleting
them, is that I have a feeling there are other files in my windows folders
that need deleting also, but I'm unsure which ones. In the past I thought I
took care of the problem, but it just kept coming back to haunt me, till I
found the .exe file hidden deep in a folder and deleted it. Thanks for the
help. I'm going to keep working...


"PhEaSaNt PLuCKeR" <> wrote in message
news:cmrmoo$9fo$...
>
> "dbru" <> wrote in message
> news:...
> > Hello, my PC got hit hard with some virus crap. There are several files
> that
> > copied themselves to my desktop and I can't delete them, because it says
> > they're read/write only. The files are...
> >
> > ploint.exe
> > m00.exe.1
> > winln.exe
> > sipot.exe
> > madopew.dll
> > vcsystem.exe
> > fierm.exe
> >
> > I've run the current Ad-Aware, Spybot, About Buster and CWShredder and
> some
> > of those find tons of files, but non seem to take care of the problem,
> I've
> > also run Hijackthis, but don't know which files to delete for sure, I
took
> > out the ones with the above file names, but some seem to reappear.
Please
> > help if you can... Here is my log file from Hijackthis... Thank you
> > Logfile of HijackThis v1.98.0
> > Scan saved at 5:29:56 PM, on 11/9/2004
> > Platform: Windows XP SP1 (WinNT 5.01.2600)
> > MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
> >
> > Running processes:
> > C:\WINDOWS\System32\smss.exe
> > C:\WINDOWS\system32\winlogon.exe
> > C:\WINDOWS\system32\services.exe
> > C:\WINDOWS\system32\lsass.exe
> > C:\WINDOWS\system32\svchost.exe
> > C:\WINDOWS\Explorer.EXE
> > C:\WINDOWS\system32\spoolsv.exe
> > C:\WINDOWS\System32\CTsvcCDA.EXE
> > C:\WINDOWS\System32\nvsvc32.exe
> > C:\WINDOWS\system32\scagent.exe
> > C:\WINDOWS\System32\svchost.exe
> > C:\WINDOWS\System32\MsPMSPSv.exe
> > C:\Program Files\Common Files\Real\Update_OB\realsched.exe
> > C:\Program Files\Creative\ShareDLL\CtNotify.exe
> > C:\Program Files\BroadJump\Client Foundation\CFD.exe
> > C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
> > C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
> > C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
> > C:\WINDOWS\System32\rundll32.exe
> > C:\Program Files\Creative\ShareDLL\MediaDet.Exe
> > C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe
> > C:\documents and settings\derek brubaker\desktop\vcsystem.exe
> > C:\documents and settings\derek brubaker\desktop\winln.exe
> > C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
> > C:\WINDOWS\System32\wuauclt.exe
> > C:\WINDOWS\System32\svchost.exe
> > C:\WINDOWS\System32\waqwqm.exe
> > C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker1.ex e
> > C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.ex e
> > C:\MyTemp\Misc\HijackThis.exe
> >
> > O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} -
> > C:\WINDOWS\localNRD.dll
> > O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} -
> > C:\WINDOWS\systb.dll
> > O2 - BHO: Yahoo! Companion BHO -
{02478D38-C3F9-4efb-9B51-7695ECA05670} -
> > C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
> > O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
> > C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
> > O2 - BHO: ADP UrlCatcher Class -
{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -
> > C:\WINDOWS\System32\msbe.dll
> > O3 - Toolbar: &Yahoo! Companion -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} -
> > C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
> > O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
> > C:\WINDOWS\System32\msdxm.ocx
> > O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no
> file)
> > O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
> > C:\WINDOWS\System32\NvCpl.dll,NvStartup
> > O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
> > O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
> > Files\Real\Update_OB\realsched.exe" -osboot
> > O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program
> > Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
> > O4 - HKLM\..\Run: [Disc Detector] C:\Program
> > Files\Creative\ShareDLL\CtNotify.exe
> > O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash
> > Screen\CTEaxSpl.EXE /run
> > O4 - HKLM\..\Run: [Jet Detection] C:\Program
> > Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
> > O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
> > Files\QuickTime\qttask.exe" -atboottime
> > O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client
> > Foundation\CFD.exe
> > O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual
> Networks\Visual
> > IP InSight\SBC\IPClient.exe" -l
> > O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual
> > Networks\Visual IP InSight\SBC\IPMon32.exe"
> > O4 - HKLM\..\Run: [Motive SmartBridge]
> > C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
> > O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
> > O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common
> > Files\Sonic\Update Manager\sgtray.exe" /r
> > O4 - HKLM\..\Run: [rmptrxs] C:\WINDOWS\System32\waqwqm.exe
> > O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
> > O4 - HKCU\..\Run: [Taskbar] C:\Program
> > Files\Creative\SBAudigy\Taskbar\CTLTask.exe
> > O4 - HKCU\..\Run: [Yahoo! Pager] 1
> > O4 - Startup: PowerReg Scheduler V3.exe
> > O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
> > Files\Adobe\Calibration\Adobe Gamma Loader.exe
> > O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC
Self
> > Support Tool\bin\matcli.exe
> > O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program
> > Files\Yahoo!\Common/ycdict.htm
> > O8 - Extra context menu item: Yahoo! Search - file:///C:\Program
> > Files\Yahoo!\Common/ycsrch.htm
> > O9 - Extra button: Yahoo! Login -
{2499216C-4BA5-11D5-BD9C-000103C116D5} -
> > C:\Program Files\Yahoo!\Common\ylogin.dll
> > O9 - Extra 'Tools' menuitem: Yahoo! Login -
> > {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program
> > Files\Yahoo!\Common\ylogin.dll
> > O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -
> > C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
> > O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
> > {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program
> > Files\Yahoo!\Messenger\yhexbmes.dll
> > O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} -
> > C:\PROGRA~1\ICQ\ICQ.exe
> > O9 - Extra 'Tools' menuitem: ICQ -
> {6224f700-cba3-4071-b251-47cb894244cd} -
> > C:\PROGRA~1\ICQ\ICQ.exe
> > O12 - Plugin for .spop: C:\Program Files\Internet
> > Explorer\Plugins\NPDocBox.dll
> > O16 - DPF: Yahoo! MahJong Solitaire -
> > http://download.games.yahoo.com/game.../y/mjst4_x.cab
> > O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
> > http://files.member.yahoo.com/dl/installs/sbc/yinst.cab
> > O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) -
> > http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
> > O18 - Filter: text/html - {EE7A946E-61FA-4979-87B8-A6C462E6FA62} -
> > C:\WINDOWS\httpfilter.dll
> >
> >
> >
>
> copy all the **** to a temp dir
>
> then go into dos and delete em
>
> use safe mode if you have to.
>
>
> --
>
>
> PhEaSaNt PLuCKeR
>
>
>
>
>
>
>

Ok, I think I fixed it... Had to boot in Safe Mode to delete the files, then
run my virus programs to fix it. Seems ok now though. Thanks for the help...


"dbru" <> wrote in message
news:...
> Thanks for the suggestions, the only problem I worry about with deleting
> them, is that I have a feeling there are other files in my windows folders
> that need deleting also, but I'm unsure which ones. In the past I thought
I
> took care of the problem, but it just kept coming back to haunt me, till I
> found the .exe file hidden deep in a folder and deleted it. Thanks for the
> help. I'm going to keep working...
>
>
> "PhEaSaNt PLuCKeR" <> wrote in message
> news:cmrmoo$9fo$...
> >
> > "dbru" <> wrote in message
> > news:...
> > > Hello, my PC got hit hard with some virus crap. There are several
files
> > that
> > > copied themselves to my desktop and I can't delete them, because it
says
> > > they're read/write only. The files are...
> > >
> > > ploint.exe
> > > m00.exe.1
> > > winln.exe
> > > sipot.exe
> > > madopew.dll
> > > vcsystem.exe
> > > fierm.exe
> > >
> > > I've run the current Ad-Aware, Spybot, About Buster and CWShredder and
> > some
> > > of those find tons of files, but non seem to take care of the problem,
> > I've
> > > also run Hijackthis, but don't know which files to delete for sure, I
> took
> > > out the ones with the above file names, but some seem to reappear.
> Please
> > > help if you can... Here is my log file from Hijackthis... Thank you
> > > Logfile of HijackThis v1.98.0
> > > Scan saved at 5:29:56 PM, on 11/9/2004
> > > Platform: Windows XP SP1 (WinNT 5.01.2600)
> > > MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
> > >
> > > Running processes:
> > > C:\WINDOWS\System32\smss.exe
> > > C:\WINDOWS\system32\winlogon.exe
> > > C:\WINDOWS\system32\services.exe
> > > C:\WINDOWS\system32\lsass.exe
> > > C:\WINDOWS\system32\svchost.exe
> > > C:\WINDOWS\Explorer.EXE
> > > C:\WINDOWS\system32\spoolsv.exe
> > > C:\WINDOWS\System32\CTsvcCDA.EXE
> > > C:\WINDOWS\System32\nvsvc32.exe
> > > C:\WINDOWS\system32\scagent.exe
> > > C:\WINDOWS\System32\svchost.exe
> > > C:\WINDOWS\System32\MsPMSPSv.exe
> > > C:\Program Files\Common Files\Real\Update_OB\realsched.exe
> > > C:\Program Files\Creative\ShareDLL\CtNotify.exe
> > > C:\Program Files\BroadJump\Client Foundation\CFD.exe
> > > C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
> > > C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
> > > C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
> > > C:\WINDOWS\System32\rundll32.exe
> > > C:\Program Files\Creative\ShareDLL\MediaDet.Exe
> > > C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe
> > > C:\documents and settings\derek brubaker\desktop\vcsystem.exe
> > > C:\documents and settings\derek brubaker\desktop\winln.exe
> > > C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
> > > C:\WINDOWS\System32\wuauclt.exe
> > > C:\WINDOWS\System32\svchost.exe
> > > C:\WINDOWS\System32\waqwqm.exe
> > > C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker1.ex e
> > > C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.ex e
> > > C:\MyTemp\Misc\HijackThis.exe
> > >
> > > O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} -
> > > C:\WINDOWS\localNRD.dll
> > > O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} -
> > > C:\WINDOWS\systb.dll
> > > O2 - BHO: Yahoo! Companion BHO -
> {02478D38-C3F9-4efb-9B51-7695ECA05670} -
> > > C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
> > > O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
> > > C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
> > > O2 - BHO: ADP UrlCatcher Class -
> {F4E04583-354E-4076-BE7D-ED6A80FD66DA} -
> > > C:\WINDOWS\System32\msbe.dll
> > > O3 - Toolbar: &Yahoo! Companion -
> {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
> > > C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
> > > O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
> > > C:\WINDOWS\System32\msdxm.ocx
> > > O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no
> > file)
> > > O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
> > > C:\WINDOWS\System32\NvCpl.dll,NvStartup
> > > O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
> > > O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
> > > Files\Real\Update_OB\realsched.exe" -osboot
> > > O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program
> > > Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
> > > O4 - HKLM\..\Run: [Disc Detector] C:\Program
> > > Files\Creative\ShareDLL\CtNotify.exe
> > > O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash
> > > Screen\CTEaxSpl.EXE /run
> > > O4 - HKLM\..\Run: [Jet Detection] C:\Program
> > > Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
> > > O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
> > > Files\QuickTime\qttask.exe" -atboottime
> > > O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client
> > > Foundation\CFD.exe
> > > O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual
> > Networks\Visual
> > > IP InSight\SBC\IPClient.exe" -l
> > > O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual
> > > Networks\Visual IP InSight\SBC\IPMon32.exe"
> > > O4 - HKLM\..\Run: [Motive SmartBridge]
> > > C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
> > > O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
> > > O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common
> > > Files\Sonic\Update Manager\sgtray.exe" /r
> > > O4 - HKLM\..\Run: [rmptrxs] C:\WINDOWS\System32\waqwqm.exe
> > > O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
> > > O4 - HKCU\..\Run: [Taskbar] C:\Program
> > > Files\Creative\SBAudigy\Taskbar\CTLTask.exe
> > > O4 - HKCU\..\Run: [Yahoo! Pager] 1
> > > O4 - Startup: PowerReg Scheduler V3.exe
> > > O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
> > > Files\Adobe\Calibration\Adobe Gamma Loader.exe
> > > O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC
> Self
> > > Support Tool\bin\matcli.exe
> > > O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program
> > > Files\Yahoo!\Common/ycdict.htm
> > > O8 - Extra context menu item: Yahoo! Search - file:///C:\Program
> > > Files\Yahoo!\Common/ycsrch.htm
> > > O9 - Extra button: Yahoo! Login -
> {2499216C-4BA5-11D5-BD9C-000103C116D5} -
> > > C:\Program Files\Yahoo!\Common\ylogin.dll
> > > O9 - Extra 'Tools' menuitem: Yahoo! Login -
> > > {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program
> > > Files\Yahoo!\Common\ylogin.dll
> > > O9 - Extra button: Messenger -
{4528BBE0-4E08-11D5-AD55-00010333D0AD} -
> > > C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
> > > O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
> > > {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program
> > > Files\Yahoo!\Messenger\yhexbmes.dll
> > > O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} -
> > > C:\PROGRA~1\ICQ\ICQ.exe
> > > O9 - Extra 'Tools' menuitem: ICQ -
> > {6224f700-cba3-4071-b251-47cb894244cd} -
> > > C:\PROGRA~1\ICQ\ICQ.exe
> > > O12 - Plugin for .spop: C:\Program Files\Internet
> > > Explorer\Plugins\NPDocBox.dll
> > > O16 - DPF: Yahoo! MahJong Solitaire -
> > > http://download.games.yahoo.com/game.../y/mjst4_x.cab
> > > O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter
Class) -
> > > http://files.member.yahoo.com/dl/installs/sbc/yinst.cab
> > > O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) -
> > > http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
> > > O18 - Filter: text/html - {EE7A946E-61FA-4979-87B8-A6C462E6FA62} -
> > > C:\WINDOWS\httpfilter.dll
> > >
> > >
> > >
> >
> > copy all the **** to a temp dir
> >
> > then go into dos and delete em
> >
> > use safe mode if you have to.
> >
> >
> > --
> >
> >
> > PhEaSaNt PLuCKeR
> >
> >
> >
> >
> >
> >
> >
>
>

Howdy!

"dbru" <> wrote in message
news:...
> Hello, my PC got hit hard with some virus crap. There are several files
that
> copied themselves to my desktop and I can't delete them, because it says
> they're read/write only. The files are...

<snip of some of text>

> Running processes:

> C:\documents and settings\derek brubaker\desktop\vcsystem.exe
> C:\documents and settings\derek brubaker\desktop\winln.exe

Stop these two.

Then delete the files.

General rule: If it's in "DOcuments and Settings" ANYTHING whack it
out.

> C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
> C:\WINDOWS\System32\wuauclt.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\System32\waqwqm.exe
> C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker1.ex e
> C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.ex e

Uninstall EbatesMoeMoneyMaker from Add/Remove Programs, then run
CWShredder in "Safe" mode, followed by Ad-Aware in "Safe" mode followed by
Spybot in "Safe" mode, followed by HiJackThis and create a new log file, all
in safe mode.

<snip others>

> O4 - HKLM\..\Run: [rmptrxs] C:\WINDOWS\System32\waqwqm.exe
> O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe

Again, from Safe mode, kill these from within HiJackThis then delete
the files themselves.

The others? I'd google for - there's a metric buttload that I just
don't recognize.

RwP

You could copy and paste the log here:-

http://hijackthis.de/index.php?langselect=english

and follow the instructions.
Regards
Bill

"dbru" <> wrote in message
news:...
> Hello, my PC got hit hard with some virus crap. There are several
files that
> copied themselves to my desktop and I can't delete them, because it
says
> they're read/write only. The files are...
>
> ploint.exe
> m00.exe.1
> winln.exe
> sipot.exe
> madopew.dll
> vcsystem.exe
> fierm.exe
>
> I've run the current Ad-Aware, Spybot, About Buster and CWShredder and
some
> of those find tons of files, but non seem to take care of the problem,
I've
> also run Hijackthis, but don't know which files to delete for sure, I
took
> out the ones with the above file names, but some seem to reappear.
Please
> help if you can... Here is my log file from Hijackthis... Thank you
> Logfile of HijackThis v1.98.0
> Scan saved at 5:29:56 PM, on 11/9/2004
> Platform: Windows XP SP1 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\Explorer.EXE
> C:\WINDOWS\system32\spoolsv.exe
> C:\WINDOWS\System32\CTsvcCDA.EXE
> C:\WINDOWS\System32\nvsvc32.exe
> C:\WINDOWS\system32\scagent.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\System32\MsPMSPSv.exe
> C:\Program Files\Common Files\Real\Update_OB\realsched.exe
> C:\Program Files\Creative\ShareDLL\CtNotify.exe
> C:\Program Files\BroadJump\Client Foundation\CFD.exe
> C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
> C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
> C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
> C:\WINDOWS\System32\rundll32.exe
> C:\Program Files\Creative\ShareDLL\MediaDet.Exe
> C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe
> C:\documents and settings\derek brubaker\desktop\vcsystem.exe
> C:\documents and settings\derek brubaker\desktop\winln.exe
> C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
> C:\WINDOWS\System32\wuauclt.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\System32\waqwqm.exe
> C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker1.ex e
> C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.ex e
> C:\MyTemp\Misc\HijackThis.exe
>
> O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} -
> C:\WINDOWS\localNRD.dll
> O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} -
> C:\WINDOWS\systb.dll
> O2 - BHO: Yahoo! Companion BHO -
{02478D38-C3F9-4efb-9B51-7695ECA05670} -
> C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
> O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
> C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
> O2 - BHO: ADP UrlCatcher Class -
{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -
> C:\WINDOWS\System32\msbe.dll
> O3 - Toolbar: &Yahoo! Companion -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} -
> C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
> O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
> C:\WINDOWS\System32\msdxm.ocx
> O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no
file)
> O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
> C:\WINDOWS\System32\NvCpl.dll,NvStartup
> O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
> O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
> Files\Real\Update_OB\realsched.exe" -osboot
> O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program
> Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
> O4 - HKLM\..\Run: [Disc Detector] C:\Program
> Files\Creative\ShareDLL\CtNotify.exe
> O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash
> Screen\CTEaxSpl.EXE /run
> O4 - HKLM\..\Run: [Jet Detection] C:\Program
> Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
> O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
> Files\QuickTime\qttask.exe" -atboottime
> O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client
> Foundation\CFD.exe
> O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual
Networks\Visual
> IP InSight\SBC\IPClient.exe" -l
> O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual
> Networks\Visual IP InSight\SBC\IPMon32.exe"
> O4 - HKLM\..\Run: [Motive SmartBridge]
> C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
> O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
> O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common
> Files\Sonic\Update Manager\sgtray.exe" /r
> O4 - HKLM\..\Run: [rmptrxs] C:\WINDOWS\System32\waqwqm.exe
> O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
> O4 - HKCU\..\Run: [Taskbar] C:\Program
> Files\Creative\SBAudigy\Taskbar\CTLTask.exe
> O4 - HKCU\..\Run: [Yahoo! Pager] 1
> O4 - Startup: PowerReg Scheduler V3.exe
> O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
> Files\Adobe\Calibration\Adobe Gamma Loader.exe
> O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC
Self
> Support Tool\bin\matcli.exe
> O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program
> Files\Yahoo!\Common/ycdict.htm
> O8 - Extra context menu item: Yahoo! Search - file:///C:\Program
> Files\Yahoo!\Common/ycsrch.htm
> O9 - Extra button: Yahoo! Login -
{2499216C-4BA5-11D5-BD9C-000103C116D5} -
> C:\Program Files\Yahoo!\Common\ylogin.dll
> O9 - Extra 'Tools' menuitem: Yahoo! Login -
> {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program
> Files\Yahoo!\Common\ylogin.dll
> O9 - Extra button: Messenger -
{4528BBE0-4E08-11D5-AD55-00010333D0AD} -
> C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
> O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
> {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program
> Files\Yahoo!\Messenger\yhexbmes.dll
> O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} -
> C:\PROGRA~1\ICQ\ICQ.exe
> O9 - Extra 'Tools' menuitem: ICQ -
{6224f700-cba3-4071-b251-47cb894244cd} -
> C:\PROGRA~1\ICQ\ICQ.exe
> O12 - Plugin for .spop: C:\Program Files\Internet
> Explorer\Plugins\NPDocBox.dll
> O16 - DPF: Yahoo! MahJong Solitaire -
> http://download.games.yahoo.com/game.../y/mjst4_x.cab
> O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter
Class) -
> http://files.member.yahoo.com/dl/installs/sbc/yinst.cab
> O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) -
> http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
> O18 - Filter: text/html - {EE7A946E-61FA-4979-87B8-A6C462E6FA62} -
> C:\WINDOWS\httpfilter.dll
>
>
>
>
>
>
>