1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Do you have Adware, Spyware, Virus/Trojan or a Browser Hijacker?

Discussion in 'Windows - Virus and spyware problems' started by CJC, Nov 21, 2004.

Thread Status:
Not open for further replies.
  1. rx29

    rx29 Member

    Joined:
    Mar 12, 2005
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    16
    Thanks- I rebooted- I didn't know about administrater account; I lost the internet again! It said it couldn't find a server code; strangely, I deleted my ups program and it is back. I got an external memory unit-so if it's screwed I don't have to totally panic. Computers are so touchy! Hey, have you heard of a program that makes a ghost image of one's system- does it work, is it safe? Any way to be completely invisable? Have a good night!
     
  2. eLeCTR0n

    eLeCTR0n Regular member

    Joined:
    Mar 26, 2003
    Messages:
    129
    Likes Received:
    0
    Trophy Points:
    26

    Yes, the best 2 programs known for this are:

    - Acronis True Image
    more info here:
    [bold]http://www.acronis.com/homecomputing/products/trueimage[/bold]

    - Norton Ghost
    more here:
    [bold]http://www.symantec.com/sabu/ghost/ghost_personal[/bold]
     
  3. dipset121

    dipset121 Regular member

    Joined:
    Apr 12, 2005
    Messages:
    183
    Likes Received:
    0
    Trophy Points:
    26
    this is my hijack log file what do i have to take out???

    Logfile of HijackThis v1.99.1
    Scan saved at 12:15:28 AM, on 5/20/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\ASUS\Probe\AsusProb.exe
    C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\Ahead\NEROPH~1\data\xtras\mssysmgr.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\Tonya\LOCALS~1\Temp\Rar$EX00.828\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://free.aol.com/tryaolfree/index.adp?promo=564240&service=aol
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {C370527A-24A7-4583-BE01-72E59000EB17} - C:\WINDOWS\system32\n.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
    O4 - HKLM\..\Run: [Sysnet] C:\WINDOWS\System32\snuninst.exe
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [4F3f3pj] danrrenu.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteyca32.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [LospRfH9V] wpaprop2.exe
    O4 - HKCU\..\Run: [qkmi] C:\PROGRA~1\COMMON~1\qkmi\qkmim.exe
    O4 - Global Startup: AdwareFilter Background Protection.lnk = C:\Program Files\AdwareFilter\adwarefilter.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
    O16 - DPF: {47CD99DF-8BCF-4B9B-94EF-02E51B2F79DA} - http://www.alwaysupdatednews.com/install/aun_0027.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1116477052873
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)

     
  4. eLeCTR0n

    eLeCTR0n Regular member

    Joined:
    Mar 26, 2003
    Messages:
    129
    Likes Received:
    0
    Trophy Points:
    26
    @ dipset121

    Have you thought about doing what has been told to other people on the thread?

     
  5. dipset121

    dipset121 Regular member

    Joined:
    Apr 12, 2005
    Messages:
    183
    Likes Received:
    0
    Trophy Points:
    26
    @eLeCTR0n

    yea i tried everything i dont no how but its not sending me there any more i just cant look at pictures on websites now it keeps saying **page not found or something about changing my browser settings with netscape, internet explorer and firefox none of them will let me view pictures or animation can u tell me how i can fix that problem so that i can view that content again??
     
  6. eLeCTR0n

    eLeCTR0n Regular member

    Joined:
    Mar 26, 2003
    Messages:
    129
    Likes Received:
    0
    Trophy Points:
    26
    ok i am not sure i get what you're saying. Your IE web browser doesnt show any pictures? and you tried different browsers like netscape and firefox and still you cant see any pictures with any browser?

    or do you get the page not found error and cant go to any site?
     
    Last edited: May 20, 2005
  7. CJC

    CJC Regular member

    Joined:
    Aug 23, 2004
    Messages:
    600
    Likes Received:
    1
    Trophy Points:
    26
    Hi
    Sorry have been real busy lately, so if anybody i have missed, just let me know.

    @dipset121

    Put a tick in, and remove the following:

    O2 - BHO: (no name) - {C370527A-24A7-4583-BE01-72E59000EB17} - C:\WINDOWS\system32\n.dll
    O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
    O4 - HKLM\..\Run: [Sysnet] C:\WINDOWS\System32\snuninst.exe
    O4 - HKLM\..\Run: [4F3f3pj] danrrenu.exe
    O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteyca32.exe
    O4 - HKCU\..\Run: [LospRfH9V] wpaprop2.exe
    O4 - HKCU\..\Run: [qkmi] C:\PROGRA~1\COMMON~1\qkmi\qkmim.exe
    O4 - Global Startup: AdwareFilter Background Protection.lnk = C:\Program Files\AdwareFilter\adwarefilter.exe
    O16 - DPF: {47CD99DF-8BCF-4B9B-94EF-02E51B2F79DA} - http://www.alwaysupdatednews.com/install/aun_0027.exe
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)

    CJC
     
  8. brandonb

    brandonb Regular member

    Joined:
    Sep 23, 2004
    Messages:
    198
    Likes Received:
    0
    Trophy Points:
    26
    i didn't exactly know where to post this but i figure this is the best spot i could find. when i first bought my computer i had it connected to insightbb which is cable internet. i had no problems with pop up ads when i switched from using internet explorer as my default browser to firefox because of its built in pop up blocker. but since then i moved back in with my mom and she has zoomtown broadband internet through her telephone company. i use ad aware se personal and spybot search and destroy frequently, i did have the norton that came with my comp but it expired a month before i moved. i hate pop ups and i dont understand why they are popping up like before when i used internet explorer. it just really urks me, if anyone has any advice on how to keep these pop ups from just popping up like this please inform me. also, all the pop up windows are named aurora no matter what the content of the window is. i also keep getting a message box titled internet explorer script error popping up saying an error has occured in the script on this page and i dont even use internet explorer. line: 104 char: 9 error: syntax error code: 0 url: http//img.gotomypc.com/tr/ss/G2Pers/anthing? target=mm/g25secure4lp.tmpl
     
  9. eLeCTR0n

    eLeCTR0n Regular member

    Joined:
    Mar 26, 2003
    Messages:
    129
    Likes Received:
    0
    Trophy Points:
    26
    @brandonb

    make sure you are running the latest Firefox version. Try uninstalling Firefox then install the newest version.
     
  10. alan84

    alan84 Member

    Joined:
    May 26, 2005
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    11
    hi all.... can anyone please help with this hijack logfile?
    much appreciated

    Logfile of HijackThis v1.99.1
    Scan saved at 12:32:35, on 26/05/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\crypserv.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\S3hotkey.exe
    C:\WINDOWS\system32\S3tray2.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    C:\Program Files\Mzfgm\Owpta.exe
    C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
    C:\WINDOWS\system32\picsvr\picsvr.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\Program Files\Messenger\msmsgs.exe
    c:\windows\system32\efpxjyl.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Alan\Desktop\HJT\hijackthis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://line-plus.com/search/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=153510
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=153510
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.timesupport.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ipdjyg.t.muxa.cc/s.php?aid=581 (obfuscated)
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ipdjyg.t.muxa.cc/h.php?aid=581 (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=153510
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://ipdjyg.t.muxa.cc/h.php?aid=581 (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://ipdjyg.t.muxa.cc/h.php?aid=581 (obfuscated)
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
    O1 - Hosts: 69.20.16.183 auto.search.msn.com
    O1 - Hosts: 69.20.16.183 search.netscape.com
    O1 - Hosts: 69.20.16.183 ieautosearch
    O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing)
    O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll (file missing)
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: CWebDirObj Object - {C003C49F-53E4-4A72-B7D6-0B2B9997392F} - C:\WINDOWS\webdir.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [S3hotkey] S3hotkey.exe
    O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [ESB] C:\WINDOWS\System32\ESB.exe
    O4 - HKLM\..\Run: [Supastatus] C:\Program Files\Internet Explorer\Connection Wizard\status.exe
    O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
    O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\Run: [Vusdu] C:\Program Files\Mzfgm\Owpta.exe
    O4 - HKLM\..\Run: [motoin] C:\WINDOWS\mm15201518.Stub.exe
    O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
    O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\system32\picsvr\picsvr.exe
    O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\system32\dsldbaccess.exe -N
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [szctvvc] c:\windows\system32\efpxjyl.exe
    O4 - HKCU\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\WINDOWS\system32\E_S5F.tmp"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Corel Network monitor worker - {1AA145B5-2BC2-452A-A331-1AA7C80B904F} - C:\WINDOWS\System32\intlmain.dll
    O9 - Extra button: Corel Network monitor worker - {8A02B6AC-5826-4FF8-8D3F-F1D036CE6BAF} - C:\WINDOWS\System32\intlmain.dll
    O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {8A02B6AC-5826-4FF8-8D3F-F1D036CE6BAF} - C:\WINDOWS\System32\intlmain.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Corel Network monitor worker - {1AA145B5-2BC2-452A-A331-1AA7C80B904F} - (no file) (HKCU)
    O9 - Extra button: Corel Network monitor worker - {8A02B6AC-5826-4FF8-8D3F-F1D036CE6BAF} - C:\WINDOWS\System32\intlmain.dll (HKCU)
    O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {8A02B6AC-5826-4FF8-8D3F-F1D036CE6BAF} - C:\WINDOWS\System32\intlmain.dll (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.timesupport.com
    O15 - Trusted Zone: *.media-motor.net
    O15 - Trusted Zone: *.popuppers.com
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/DownloadAccess/ie/bridge-c10.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
    O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} - http://64.158.165.49/output/100039/uk/dbgames/dsldbaccess.exe
    O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/diamond.cab
    O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gbn263.exe
    O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CD} - http://direct.data-line.us/gbn263.exe
    O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

     
  11. eLeCTR0n

    eLeCTR0n Regular member

    Joined:
    Mar 26, 2003
    Messages:
    129
    Likes Received:
    0
    Trophy Points:
    26
    remove

    O4 - HKLM\..\Run: [ESB] C:\WINDOWS\System32\ESB.exe
    O4 - HKLM\..\Run: [Supastatus] C:\Program Files\Internet Explorer\Connection Wizard\status.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [motoin] C:\WINDOWS\mm15201518.Stub.exe
    O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
    O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\system32\picsvr\picsvr.exe
    O4 - HKLM\..\Run: [szctvvc] c:\windows\system32\efpxjyl.exe

    also make sure you follow the insructions told to other people like using: http://housecall.trendmicro.com and firefox and keep up with windows updates.
     
  12. alan84

    alan84 Member

    Joined:
    May 26, 2005
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    11
    okey dokey - cheers for that....
    i still have a virus - ied_s7 which norton cant seem to remove???

    heres the hijack logfile after removing the stuff previously

    cheers

    Logfile of HijackThis v1.99.1
    Scan saved at 17:55:05, on 26/05/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\crypserv.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\system32\S3hotkey.exe
    C:\WINDOWS\system32\S3tray2.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    C:\Program Files\Mzfgm\Owpta.exe
    C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Alan\Desktop\HJT\hijackthis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://line-plus.com/search/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=153510
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=153510
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.timesupport.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ipdjyg.t.muxa.cc/s.php?aid=581 (obfuscated)
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ipdjyg.t.muxa.cc/h.php?aid=581 (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=153510
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://ipdjyg.t.muxa.cc/h.php?aid=581 (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://ipdjyg.t.muxa.cc/h.php?aid=581 (obfuscated)
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
    O1 - Hosts: 69.20.16.183 auto.search.msn.com
    O1 - Hosts: 69.20.16.183 search.netscape.com
    O1 - Hosts: 69.20.16.183 ieautosearch
    O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing)
    O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll (file missing)
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: CWebDirObj Object - {C003C49F-53E4-4A72-B7D6-0B2B9997392F} - C:\WINDOWS\webdir.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [S3hotkey] S3hotkey.exe
    O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
    O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\Run: [Vusdu] C:\Program Files\Mzfgm\Owpta.exe
    O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\system32\dsldbaccess.exe -N
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    O4 - HKLM\..\Run: [htjduse] c:\windows\system32\urfvfj.exe
    O4 - HKCU\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\WINDOWS\system32\E_S5F.tmp"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra button: Corel Network monitor worker - {1AA145B5-2BC2-452A-A331-1AA7C80B904F} - C:\WINDOWS\System32\intlmain.dll
    O9 - Extra button: Corel Network monitor worker - {8A02B6AC-5826-4FF8-8D3F-F1D036CE6BAF} - C:\WINDOWS\System32\intlmain.dll
    O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {8A02B6AC-5826-4FF8-8D3F-F1D036CE6BAF} - C:\WINDOWS\System32\intlmain.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Corel Network monitor worker - {1AA145B5-2BC2-452A-A331-1AA7C80B904F} - (no file) (HKCU)
    O9 - Extra button: Corel Network monitor worker - {8A02B6AC-5826-4FF8-8D3F-F1D036CE6BAF} - C:\WINDOWS\System32\intlmain.dll (HKCU)
    O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {8A02B6AC-5826-4FF8-8D3F-F1D036CE6BAF} - C:\WINDOWS\System32\intlmain.dll (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.timesupport.com
    O15 - Trusted Zone: *.media-motor.net
    O15 - Trusted Zone: *.popuppers.com
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/DownloadAccess/ie/bridge-c10.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
    O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} - http://64.158.165.49/output/100039/uk/dbgames/dsldbaccess.exe
    O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/diamond.cab
    O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gbn263.exe
    O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CD} - http://direct.data-line.us/gbn263.exe
    O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

     
  13. CJC

    CJC Regular member

    Joined:
    Aug 23, 2004
    Messages:
    600
    Likes Received:
    1
    Trophy Points:
    26
    @alan84

    Put a tick in, and remove the following:

    C:\Program Files\Mzfgm\Owpta.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://line-plus.com/search/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=153510
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=153510
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.timesupport.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ipdjyg.t.muxa.cc/s.php?aid=581 (obfuscated)
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ipdjyg.t.muxa.cc/h.php?aid=581 (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=153510
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://ipdjyg.t.muxa.cc/h.php?aid=581 (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://ipdjyg.t.muxa.cc/h.php?aid=581 (obfuscated)
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
    O1 - Hosts: 69.20.16.183 auto.search.msn.com
    O1 - Hosts: 69.20.16.183 search.netscape.com
    O1 - Hosts: 69.20.16.183 ieautosearch
    O2 - BHO: CWebDirObj Object - {C003C49F-53E4-4A72-B7D6-0B2B9997392F} - C:\WINDOWS\webdir.dll
    O4 - HKLM\..\Run: [Vusdu] C:\Program Files\Mzfgm\Owpta.exe
    O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\system32\dsldbaccess.exe -N
    O4 - HKLM\..\Run: [htjduse] c:\windows\system32\urfvfj.exe
    O15 - Trusted Zone: *.media-motor.net
    O15 - Trusted Zone: *.popuppers.com
    O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} - http://64.158.165.49/output/100039/uk/dbgames/dsldbaccess.exe
    O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gbn263.exe
    O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CD} - http://direct.data-line.us/gbn263.exe
    O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

    CJC
     
  14. duraglo

    duraglo Guest

    Okay,i just downloaded ad aware sepersonal and it automatically scan itself.After that,i went to the next page and quarantine itself,some was highly infected.My question is should i delete all those been quarantined files??
    Also,which is better,Privacy mantra or ccleaner??
     
  15. rx29

    rx29 Member

    Joined:
    Mar 12, 2005
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    16
    Hi! I wouldn't delete just yet. Quarantine, backup your files then delete if you want to. Good luck!
     
  16. eLeCTR0n

    eLeCTR0n Regular member

    Joined:
    Mar 26, 2003
    Messages:
    129
    Likes Received:
    0
    Trophy Points:
    26
    if you're not missing anything and everything still works fine after you quarantined the files, it should be safe to delete them.
     
  17. brandonb

    brandonb Regular member

    Joined:
    Sep 23, 2004
    Messages:
    198
    Likes Received:
    0
    Trophy Points:
    26
    *electron
    i uninstalled mozilla firefox and shut down my computer and next time i started it up i installed it. i don't understand where the hell all these pop ups are comming from, they're relentless. i run ad aware se personal, spybot s&d, and spyware blaster almost every time i get on my computer.
     
  18. DopeFreak

    DopeFreak Regular member

    Joined:
    Mar 15, 2004
    Messages:
    201
    Likes Received:
    0
    Trophy Points:
    26
    Get mcaffe antispyware it gets rid of major spyware unlike adaware se and all those other ones.
     
  19. itarroso

    itarroso Member

    Joined:
    Nov 24, 2004
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    11
    can someone help me with this?
    Spybot found some registry keys and values related to backweb lite. It couldn't remove them all, so I removed the remaining 2 by myself. I don't think it's solved yet, so here is my hijackthis log:

    Logfile of HijackThis v1.99.0
    Scan saved at 19:16:26, on 31-05-2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programas\Ficheiros comuns\EPSON\EBAPI\eEBSVC.exe
    C:\Programas\Alwil Software\Avast4\aswUpdSv.exe
    C:\Programas\Alwil Software\Avast4\ashServ.exe
    C:\Programas\Cisco Systems\VPN Client\cvpnd.exe
    C:\Programas\Ficheiros comuns\EPSON\EBAPI\SAgent2.exe
    C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programas\Virtual CD v4 SDK\system\vcssecs.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\system32\4mtcsb.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programas\MSN Messenger\msnmsgr.exe
    C:\Programas\Sitecom\Sitecom WLAN\WLANUTL.exe
    C:\Programas\Alwil Software\Avast4\ashWebSv.exe
    C:\Programas\Cisco Systems\VPN Client\vpngui.exe
    C:\Programas\eMule\Incoming\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy.uminho.pt/proxy.pac
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [ESB] C:\WINDOWS\system32\ESB.exe
    O4 - HKLM\..\Run: [4mtcsb] C:\WINDOWS\system32\4mtcsb.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Programas\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programas\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programas\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Programas\Creative\Shared Files\CAMTRAY.EXE
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Sitecom WLAN Client Utility.lnk = ?
    O4 - Global Startup: VPN Client.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{18E8E64D-1446-4676-8945-E157DD142E0E}: NameServer = 194.100.224.2,194.100.224.4
    O17 - HKLM\System\CCS\Services\Tcpip\..\{775B801D-F9F2-444B-BD42-A6EED89C13F9}: NameServer = 193.137.17.6,193.137.17.46
    O17 - HKLM\System\CS1\Services\Tcpip\..\{18E8E64D-1446-4676-8945-E157DD142E0E}: NameServer = 194.100.224.2,194.100.224.4
    O17 - HKLM\System\CS2\Services\Tcpip\..\{18E8E64D-1446-4676-8945-E157DD142E0E}: NameServer = 194.100.224.2,194.100.224.4
    O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Programas\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - Unknown - C:\Programas\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Cisco Systems, Inc. VPN Service - Cisco Systems, Inc. - C:\Programas\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: EpsonBidirectionalService - Unknown - C:\Programas\Ficheiros comuns\EPSON\EBAPI\eEBSVC.exe
    O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Programas\Ficheiros comuns\EPSON\EBAPI\SAgent2.exe
    O23 - Service: F-Secure Network Request Broker - Unknown - C:\Programas\F-Secure\Common\FNRB32.EXE (file missing)
    O23 - Service: F-Secure Management Agent - Unknown - C:\Programas\F-Secure\Common\FSMA32.EXE (file missing)
    O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)
    O23 - Service: Virtual CD v4 Security service (SDK - Version) - H+H Software GmbH - C:\Programas\Virtual CD v4 SDK\system\vcssecs.exe

    Thanks for any help!
     
  20. JP1357

    JP1357 Guest

    CounterSpy had the highest detection rate in our tests. The most effective scanner--CounterSpy--was also the fastest, taking only a minute to perform a complete scan of a system with 2.7GB of data. Sunbelt Software's CounterSpy proved the most capable of the bunch, finding and stopping 93 percent of all the running processes created by our 45 test programs."
    — PCWorld, April 2005 and they offer a 15 day trial period. It's only $20.00 for a year and you get a 15 day money back guarantee! Check it out at www.sunbelt.com
     
Thread Status:
Not open for further replies.

Share This Page