I too have been hit by Lime Wire

[bravenight]

Hi, I’m new to this forum and I’ve run into what seems to be a common problem from the posts I’ve read. I know this has already been covered but my case is slightly different from there’s so I would like some suggestions please. I recently downloaded what was supposed to be a video off of Lime Wire. Immediately after the download, I got hit hard :blackeye: ;MS Antispyware came up with warnings for the following: SurfAccuracy, IST.ISTbar, and YourSiteBar. All of these, I clicked to remove but they come back later. My task manager won’t come up by hitting CTRL-ALT-DEL, right clicking the taskbar, or using Start/run/taskmgr.exe. I tried some of the things that were listed in previous cases, but I didn’t have most of that on my HJT list. I don’t know much about HJT, so I’m afraid to delete anything I’m not sure about. I’ll attach my log to this post. Also, At the same time all of this craziness happened I noticed that my CD burner and my DVD-Rom are gone!! I had the DVD-Rom put in after I bought the computer, so I have the disks for it, but is there a simple way of getting the Cd-burner working? Should I reinstall the DVD or do you think if I fix the other problems, they will come back? Alright, that’s it for now.. please help me if you can. Crap, it's not letting me upload my HJT for some reason, it starts downloading then goes to Page Not Found. Alright, since I'm not supposed to paste it in here, I'll give you'll a link to it. Check my log here http://www.geocities.com/laseringmen/hijackthis.txt Thanks :dead: Oh yes, one last thing, my lime wire reappears a few seconds after I close it everytime. I removed it from my Add/Remove Programs area, so now I get a Startup error every couple of seconds. OK, that's it... thanks again.

 

[RealBlackStuff]

Follow these instructions EXACTLY and put HijackThis in e.g C:\Program Files\HJT and NOT in Temp or on the Desktop!.
Read: How to remove Begin2Search/Coolwebsearch and Other Nasties

Then Read: How to post your Hijackthis log-files as an attachment.

You also need to look after this lot:
Boot in Safe Mode, see how here.
Switch System restore OFF, see how here.
In Windows Explorer, turn on "show all files and folders, including hidden and system". See how here.
Next, open Windows Task Manager by pressing CTRL+ALT+DELETE.
Click the Processes tab, select the process (if there) and click End Process for:
LimeWire.exe as well as
ALL the xxx.EXE files in the O4 - HKLM/HKCU group underneath

Next, click on Start/Run and type in (followed by press Enter):
regsvr32 /u C:\Program Files\DNS\Catcher.dll

Next, click Start/Control Panel/Add/Remove Programs. If there, UNinstall anything to do with:
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\DNS\Catcher.dll

Next, click Start/Run and type services.msc and click OK. Look for the service:
scvhost.exe <<== watch the Spelling!
Doubleclick it, click Stop if it's running, and change the Startup type to Disabled.

Next, run a HJT scan and (if still there) place a tick-mark in the little square before:
...................................................................................................
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webct.darton.edu/webct/ticke...nt_login&request_uri=/webct/homearea/homearea
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Mediacom Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.r21.mchsi.com
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB - (no file)
O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll
O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)
O4 - HKLM\..\Run: [4IqmYAL] C:\documents and settings\nick\local settings\temp\4IqmYAL.exe
O4 - HKLM\..\Run: [GIv] C:\documents and settings\nick\local settings\temp\GIv.exe
O4 - HKLM\..\Run: [h] C:\documents and settings\nick\local settings\temp\h.exe
O4 - HKLM\..\Run: [CEe7Q] C:\documents and settings\nick\local settings\temp\CEe7Q.exe
O4 - HKLM\..\Run: [tZs8Kv] C:\windows\system32\tZs8Kv.exe
O4 - HKLM\..\Run: [qQpZ.exe] c:\windows\system32\qQpZ.exe
O4 - HKLM\..\Run: [ms-update] scvhost.exe <<== watch the Spelling!
O4 - HKLM\..\RunServices: [ms-update] scvhost.exe <<== watch the Spelling!
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-58-12-0000140.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-58-12-0000140.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O14 - IERESET.INF: START_PAGE_URL=http://www.mchsi.com
Fix ALL O16 - DPF: entries
...................................................................................................
Now click on the Fix Checked button in HJT. Exit HJT.

When done, from between the above dotted lines, delete the highlighted bold files.
When a \directory-name\ is bold, delete everything in it, including that directory itself.
Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
Repeat this for ALL [usernames].
Rightclick IE on the desktop, select Properties, click on Delete Cookies, and Delete Files.
Delete ALL files and directories from: C:\WINDOWS\Temp (except files dated from TODAY).
XP only: Delete ALL files from C:\WINDOWS\Prefetch.
Boot normal. When all OK, switch System Restore back on.

 

[bravenight]

Ok, I fixed my task manager problem and all the "nasties." The only problem I'm still having is that my Cd-Burner and DVD-rom are still missing out of My Computer. I pulled up my device manager and they are there, but there is an explanation mark covered with a yellow circle around them. I tried to update my driver and it said that it found no better software. I tried disabling it then reenabling it. I tried uninstalling them, then I clicked the "Scan for Hardware changes" button. Still nothing. I couldn't find driver info on the Dell's or NEC's websites. When I clicked on either of there properties, I get this message in the Device Status text window : "Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)" Can anyone help me out? Thanks for the previous help and hopefully any help with this matter.