New Hijack

[KOZMO]

Now this winhound illegally installed on my comp
here is my log
thanks for the help

Logfile of HijackThis v1.99.1
Scan saved at 3:03:47 AM, on 1/9/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\BCMWLTRY.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\STARTER.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\MY DOCUMENTS\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/space.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/space.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 129.170.214.191:8888
O2 - BHO: (no name) - {3E1168D9-7199-42B3-A96C-D68F30C3E70C} - C:\WINDOWS\SYSTEM\PDCK.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [Motorola Wireless Configuration Utility] C:\WINDOWS\SYSTEM\BCMWLTRY
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EnsoniqMixer] C:\WINDOWS\starter.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKCU\..\RunServices: [aupd] C:\WINDOWS\SYSTEM\sywsvcs.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Filter: text/html - {5168FA0C-671D-4BE9-A081-9D2A9A8F7CDA} - C:\WINDOWS\SYSTEM\PDCK.DLL
O18 - Filter: text/plain - {5168FA0C-671D-4BE9-A081-9D2A9A8F7CDA} - C:\WINDOWS\SYSTEM\PDCK.DLL
O21 - SSODL: iiwjFhsYzFV - {402912D9-EA83-B873-DFFD-280269AA8C3E} - C:\WINDOWS\SYSTEM\CQ.DLL
O21 - SSODL: iiwjFhsYzFV - {402912D9-EA83-B873-DFFD-280269AA8C3E} - C:\WINDOWS\SYSTEM\CQ.DLL

[KOZMO]

please help
my computer is going to die of rabies
HELP

[GTO]

Hi, KOZMO.

It looks like your system is badly infected with dangerous parasites like password stealing trojans and infamous browser hijackers. Please follow these steps in order to clean up your computer:

1. First of all install a reliable firewall. I recommend Zone Labs ZoneAlarm. Then setup a powerful antivirus program. I suggest NOD32, Kaspersky Anti-Virus and AVG Anti-Virus. Perform full system scan. Then you can go further with manual removal.

2. Use HijackThis to fix the following entries:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/space.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/space.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {3E1168D9-7199-42B3-A96C-D68F30C3E70C} - C:\WINDOWS\SYSTEM\PDCK.DLL
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKCU\..\RunServices: [aupd] C:\WINDOWS\SYSTEM\sywsvcs.exe
O21 - SSODL: iiwjFhsYzFV - {402912D9-EA83-B873-DFFD-280269AA8C3E} - C:\WINDOWS\SYSTEM\CQ.DLL
O21 - SSODL: iiwjFhsYzFV - {402912D9-EA83-B873-DFFD-280269AA8C3E} - C:\WINDOWS\SYSTEM\CQ.DLL

3. Download the KillBox utility.

4. Now reboot your system into Safe Mode. This step is very important!

5. Use KillBox to delete these files:
C:\WINDOWS\TEMP\se.dll
C:\WINDOWS\SYSTEM\PDCK.DLL
C:\WINDOWS\SYSTEM\sywsvcs.exe
C:\WINDOWS\SYSTEM\CQ.DLL

6. After you get done, restart your computer, run another HijackThis scan and post a fresh log here.

[KOZMO]

when I go to the site to download zonealarm
it has the "Scan for spyware first" (recommended)
but no matter what I do it won't work
it says it needs me to enable the activex
and I follow the instructions
but it still doesn't work
I think this is cause of all the viruses and the spyware
what should I do?
install zonealarm anyway?

[GTO]

ActiveX is a script technology, which is not supported by Mozilla Firefox. It works only in Microsoft Internet Explorer. To download a firewall you don't need to run through the online Scan for spyware. You can download the program simply bypassing this step.

You said that manual removal didn't work. What problems you are experiencing now? Please describe them in more details.

[KOZMO]

I beleive you are reffering to the post in the other section
what I am saying is if I go to run
then type regedit
it won't work
if I type cmd
it wont work
it says "this program has performed an illegal operation"
if I click details it says "Fault Location: 0C10:0C15"

[KOZMO]

are you saying I should download all of those antivirus programs
or pick one?
so far I have zonealarm and NOD32

[KOZMO]

also I have the trial version of zonealarm pro right now
it has a spyware scan
when I run it it says "Vsmon has caused an error in SRESCAN.DLL
Vsmon will now close."
do you know anything about that?
and how does Mcafee rate wth those other antiviruses
thank you

[GTO]

Your setup (NOD32 and Zone Alarm) is very fine and sufficient enough. You don't need any other firewall or antivirus software. However, a reliable anti-spyware is highly recommended. Take a look on the list of legitimate spyware removers and choose one you like. I recommend Spyware Doctor, Microsoft AntiSpyware, Spy Sweeper and CounterSpy. Paid version of ZoneAlarm also comes with powerful anti-spyware.

As for all those error messages you are getting, I think it's time to reinstall your Windows. Although such advice may look quite unprofessional, I really believe that reinstalling the entire operating system would take less time than repairing your current installation. Furthermore, you should use Microsoft Windows XP or at least Microsoft Windows 2000. Windows Millenium is being considered as an outdated legacy release.

However, you should do this only if you are sure that system problems are not caused by parasites. You didn't post your fresh HijackThis log as I've asked you to. This log may shed the light on your system troubles.

As for McAfee, I wouldn't recommend their software. I think that NOD32, Kaspersky Anti-Virus or even Symantec AntiVirus are much better products that McAfee VirusScan or McAfee Security Suite. But that's just my personal opinion.

[KOZMO]

here is my new log
Logfile of HijackThis v1.99.1
Scan saved at 4:06:26 PM, on 1/12/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\ESET\NOD32KRN.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\BCMWLTRY.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\STARTER.EXE
C:\PROGRAM FILES\ESET\NOD32KUI.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\MY DOCUMENTS\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 129.170.214.191:8888
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [Motorola Wireless Configuration Utility] C:\WINDOWS\SYSTEM\BCMWLTRY
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EnsoniqMixer] C:\WINDOWS\starter.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\RunServices: [NOD32kernel] "C:\Program Files\Eset\nod32krn.exe"
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Filter: text/html - {5168FA0C-671D-4BE9-A081-9D2A9A8F7CDA} - C:\WINDOWS\SYSTEM\PDCK.DLL
O18 - Filter: text/plain - {5168FA0C-671D-4BE9-A081-9D2A9A8F7CDA} - C:\WINDOWS\SYSTEM\PDCK.DLL

and as far as windows xp
I am fully aware of that
unfortunately I am unable to afford it

[GTO]

One malicious file is still in your system. Please follow these steps to delete it:

1. Use HijackThis to fix the following entries:
O18 - Filter: text/html - {5168FA0C-671D-4BE9-A081-9D2A9A8F7CDA} - C:\WINDOWS\SYSTEM\PDCK.DLL
O18 - Filter: text/plain - {5168FA0C-671D-4BE9-A081-9D2A9A8F7CDA} - C:\WINDOWS\SYSTEM\PDCK.DLL

2. Now use KillBox to delete the C:\WINDOWS\SYSTEM\PDCK.DLL file.

[loukas30]

p.s: your computer is not up-to-date you must download sp2 for your computer.

[GTO]

loukas30, there is no Service Pack 2 for Microsoft Windows Me or Microsoft Internet Explorer 6 running on the latter system.