Trojan/Worm/Virus issue?

Background information:

My husband tried loading software for his new PDA. Quicktime wouldn't load and he got Error 2738. Some quick research showed this was a known problem (MSI BVScript) and tried to download...but then got an error msg Error registering the OCX C:\WINDOWS\system32\jscript.dll.

So I tried running some scans and spybot picked up a few things. Tried reinstalling...same error.

So...came here.

My system is only a year old and I'm running XP Pro.

Safemode:
Ran Ccleaner
ran MS Windows Malicious SRT...nothing found
ran Spybot...nothing found

In normal mode:
MS Windows Defender


Then I tried both Bitdefender and Panda Active scan. I couldn't use either.

I did run the GetrunKey and Shownew programs and Hijackthis scan.

Along with this driving me crazy....I have noticed the Quicktime icon on my tray...even when I had removed it using msconfig...it still shows up.

 

If you have followed the procedures in the Read Me First, post what logs you have and we will work with what information is avaiable.

 

Thank you.

 

Do you have any idea what program this is: "BOLD WIPE HECK MAIL"="C:\\Documents and Settings\\All Users\\Application Data\\save camp bold wipe\\logknob.exe"

Normally programs running from this location are malicious in nature.

 

ARG! That's back! It is nasty. I had that about 6 months ago and thanks to this site, I had eliminated it. It was causing pop ups and browser redirects....except we haven't had that going on (this time).

 

Run HijackThis. Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

Boot to Safe Mode

Delete the following:
C:\b0320840fda6945fbb
C:\Documents and Settings\All Users\Application Data\save camp bold wipe

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.
Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Try running the BitDefender and Panda ActiveScan online scanners.

Post a fresh HijackThis log.

 

Ok. Followed the steps above. I made sure to do it for each window account (we have separate accounts for the kids).

Was able to find/remove everything except:

 

Had to go to FF to upload file. Using IE7, I wasn't getting the button. I was also not able to run Bitdefender and Panda. Could this also be due to IE7?

Also...now when everything is first loading, I'm getting:

The procedure entry point GetProcessImageFileName could not be locate in teh dynamic link library PSAPI.DLL. (This is the software I loaded when I got my SBC DSL)

 

Your HijackThis log appears to be clean.

For the PSAPI.DLL error; using the search feature in start menu and search for *.manifest. Look for a manifest file with the same name as the dll, if one exists, delete it.

Reboot. Getting the same error?

If the manifest file is not there or you are getting the same error message; conduct a search for PSAPI.DLL. Tell me where each copy was found and the version number for each. There are probably 2 copies one in the System32 folder and one in the SBC folder.

 

I am unable to run a search. It comes up automatically as a web search. I took a screenie to show you what I mean.

On a whim, I tried downloading the palm software again and got the Error 2738 again. Went to the MS site and got the Error registering the OCX C:\WINDOWS\system32vbscript.dll error. (which is a slight variation of the earlier error message)

 

Click Start -> Run
type cmd
click "OK"

at the command prompt enter the following commands, make sure to press the ENTER key after each command:

regsvr32 jscript.dll
regsvr32 vbscript.dll

You should get a message saying the the file was succesfully registered for each file. If not look in the Windows/System32 folder and make sure both are present. It's entirely possible that you may have to rollback your installation of IE7 to IE6 and reinstall IE7.

 

I totally uninstalled IE7.0. I mostly use firefox so I figure I can wait to reinstall.

I got to use the search function once...now it's back to what it was doing before. The PSAPI.DLL error isn't popping up, but the sbc menu is blank when pulled up. Again, I don't use this either so I'm not overly concerned...other than it is a symptom of something going on.

I am getting error msgs for vbscript on my account:

LoadLibrary("vbscipt.dll") failed-The specific module could not be found.

On hubby's account...both had error msgs.

DllRegister Server in jscript.dll failed return code 0x80004005

and

DllRegister Server in vbscript.dll failed return code 0x80004005

Going to the C:\WINDOWS...I was able to locate both files.

 

You're going to need IE for windows updates.

Do this:

Start -> Run
type sfc /scannow
click "OK"

You may need your Windows XP CD for this operation and you may need to run Windows Update after completetion. What I am having you do is invoke Windows File Protection with the System File Checker. If you have any missing or bad windows system files this should replace them.