MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Annoying Soyware
November 14, 2019, 09:55:15 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
November 14, 2019, 09:55:15 PM

Login with username, password and session length
 Featured Sites:
News
New  New Poll on our main page!
"My experience with Vista..."
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Annoying Soyware  (Read 1197 times)
theduck
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 2


Bookmark and Share

View Profile
« on: July 29, 2004, 09:30:29 AM »

I have a couple of pesky spyware probs. I have a naughty search engine window come up when i perform a search thru any other search engine and also my home page always reverts to res://jxavf.dll/index.html#96676
even when i have done S & D and Adaware.
Any help would be great, thanks & heres my Hijack this log:

Logfile of HijackThis v1.97.7
Scan saved at 10:17:10, on 29/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\mfcuc32.exe
C:\WINDOWS\System32\BRMFRSMG.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\mHotkey.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\WINDOWS\System32\WUAUMQR.EXE
C:\WINDOWS\system32\mfcbf32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Freeserve\freeserveconnectionkit\atdialler1.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\WINDOWS\System32\msiexec.exe
C:\Documents and Settings\Patrick Smitheman\My Documents\My eBooks\Virus Protection\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jxavf.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://jxavf.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://jxavf.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jxavf.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://jxavf.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\jxavf.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {B8533801-522C-4A69-BB3F-F576785D699F} - C:\WINDOWS\system32\ippw.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\BRMFLPRO\BrDefPrt.exe
O4 - HKLM\..\Run: [Winsock2 driver] WUAUMQR.EXE
O4 - HKLM\..\Run: [mfcbf32.exe] C:\WINDOWS\system32\mfcbf32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [C:\WINDOWS\System32\iuacelu.dll] C:\WINDOWS\System32\iuacelu.dll /c del
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #1 on: July 30, 2004, 01:44:06 AM »

Hi duck, Could you please delete your copy of hijackthis and
download the newest version
download from
HERE or HERE


Could you do one more thing
Copy the contents of the 'QUOTE' box to Notepad, and save as GetServices.vbs (make sure you save as type: 'all files' )

Doubleclick GetServices.vbs, and it will produce a list of all active services on your computer
If you have script blocking installed, you will get a warning when you try to run the script. Please allow it to run. It is only collecting information

 
quote:
set objIdDictionary = CreateObject("Scripting.Dictionary")
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colServices = objWMIService.ExecQuery _
("Select * from Win32_Service Where State <> 'Stopped'")
For Each objService in colServices
If objIdDictionary.Exists(objService.ProcessID) Then
Else
objIdDictionary.Add objService.ProcessID, objService.ProcessID
End If
Next
colProcessIDs = objIdDictionary.Items
For i = 0 to objIdDictionary.Count - 1
Set colServices = objWMIService.ExecQuery _
("Select * from Win32_Service Where ProcessID = '" & _
colProcessIDs(i) & "'")

For Each objService in colServices
msg = msg & vbcrlf & " " & Ucase(objService.DisplayName) & ":" & " " & objService.Name & vbcrlf & objService.PathName & vbcrlf

Next
Next
Dim fso, Services,Wshshell
Set Wshshell = Wscript.CreateObject("Wscript.Shell")
Set fso = Wscript.CreateObject("Scripting.FileSystemObject")
Set Services = fso.CreateTextFile("Active.txt",true)
Services.Write "These are the Current Active Services:"
Services.WriteLine
Services.Write msg
Services.Close
Wshshell.Run "Active.txt"


Could you upload Active.txt----"Insert file attachment"
or post it in a seperate reply, thanx....

EDIT---Also post a Fresh Hijackthis log, thanx...
« Last Edit: July 30, 2004, 06:41:13 AM by benditup » Logged

 
theduck
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 2


Bookmark and Share

View Profile
« Reply #2 on: July 30, 2004, 08:45:19 AM »

Here is the "Active.txt"

These are the Current Active Services:

 APPLICATION LAYER GATEWAY SERVICE: ALG
C:\WINDOWS\System32\alg.exe

 WINDOWS AUDIO: AudioSrv
C:\WINDOWS\System32\svchost.exe -k netsvcs

 BACKGROUND INTELLIGENT TRANSFER SERVICE: BITS
C:\WINDOWS\System32\svchost.exe -k netsvcs

 COMPUTER BROWSER: Browser
C:\WINDOWS\System32\svchost.exe -k netsvcs

 CRYPTOGRAPHIC SERVICES: CryptSvc
C:\WINDOWS\system32\svchost.exe -k netsvcs

 DHCP CLIENT: Dhcp
C:\WINDOWS\System32\svchost.exe -k netsvcs

 ERROR REPORTING SERVICE: ERSvc
C:\WINDOWS\System32\svchost.exe -k netsvcs

 COM+ EVENT SYSTEM: EventSystem
C:\WINDOWS\System32\svchost.exe -k netsvcs

 FAST USER SWITCHING COMPATIBILITY: FastUserSwitchingCompatibility
C:\WINDOWS\System32\svchost.exe -k netsvcs

 HELP AND SUPPORT: helpsvc
C:\WINDOWS\System32\svchost.exe -k netsvcs

 HID INPUT SERVICE: HidServ
C:\WINDOWS\System32\svchost.exe -k netsvcs

 SERVER: lanmanserver
C:\WINDOWS\System32\svchost.exe -k netsvcs

 WORKSTATION: lanmanworkstation
C:\WINDOWS\System32\svchost.exe -k netsvcs

 NETWORK CONNECTIONS: Netman
C:\WINDOWS\System32\svchost.exe -k netsvcs

 NETWORK LOCATION AWARENESS (NLA): Nla
C:\WINDOWS\System32\svchost.exe -k netsvcs

 REMOTE ACCESS AUTO CONNECTION MANAGER: RasAuto
C:\WINDOWS\System32\svchost.exe -k netsvcs

 REMOTE ACCESS CONNECTION MANAGER: RasMan
C:\WINDOWS\System32\svchost.exe -k netsvcs

 TASK SCHEDULER: Schedule
C:\WINDOWS\System32\svchost.exe -k netsvcs

 SECONDARY LOGON: seclogon
C:\WINDOWS\System32\svchost.exe -k netsvcs

 SYSTEM EVENT NOTIFICATION: SENS
C:\WINDOWS\system32\svchost.exe -k netsvcs

 INTERNET CONNECTION FIREWALL (ICF) / INTERNET CONNECTION SHARING (ICS): SharedAccess
C:\WINDOWS\System32\svchost.exe -k netsvcs

 SHELL HARDWARE DETECTION: ShellHWDetection
C:\WINDOWS\System32\svchost.exe -k netsvcs

 SYSTEM RESTORE SERVICE: srservice
C:\WINDOWS\System32\svchost.exe -k netsvcs

 TELEPHONY: TapiSrv
C:\WINDOWS\System32\svchost.exe -k netsvcs

 TERMINAL SERVICES: TermService
C:\WINDOWS\System32\svchost.exe -k netsvcs

 THEMES: Themes
C:\WINDOWS\System32\svchost.exe -k netsvcs

 DISTRIBUTED LINK TRACKING CLIENT: TrkWks
C:\WINDOWS\system32\svchost.exe -k netsvcs

 UPLOAD MANAGER: uploadmgr
C:\WINDOWS\System32\svchost.exe -k netsvcs

 WINDOWS TIME: W32Time
C:\WINDOWS\System32\svchost.exe -k netsvcs

 WINDOWS MANAGEMENT INSTRUMENTATION: winmgmt
C:\WINDOWS\system32\svchost.exe -k netsvcs

 PORTABLE MEDIA SERIAL NUMBER: WmdmPmSp
C:\WINDOWS\System32\svchost.exe -k netsvcs

 AUTOMATIC UPDATES: wuauserv
C:\WINDOWS\system32\svchost.exe -k netsvcs

 WIRELESS ZERO CONFIGURATION: WZCSVC
C:\WINDOWS\System32\svchost.exe -k netsvcs

 BROTHER POPUP SUSPEND SERVICE FOR RESOURCE MANAGER: brmfrmps
"C:\WINDOWS\system32\Brmfrmps.exe" -service

 DNS CLIENT: Dnscache
C:\WINDOWS\System32\svchost.exe -k NetworkService

 EVENT LOG: Eventlog
C:\WINDOWS\system32\services.exe

 PLUG AND PLAY: PlugPlay
C:\WINDOWS\system32\services.exe

 TCP/IP NETBIOS HELPER: LmHosts
C:\WINDOWS\System32\svchost.exe -k LocalService

 SSDP DISCOVERY SERVICE: SSDPSRV
C:\WINDOWS\System32\svchost.exe -k LocalService

 UNIVERSAL PLUG AND PLAY DEVICE HOST: upnphost
C:\WINDOWS\System32\svchost.exe -k LocalService

 WEBCLIENT: WebClient
C:\WINDOWS\System32\svchost.exe -k LocalService

 MACHINE DEBUG MANAGER: MDM
"C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"

 WINDOWS INSTALLER: MSIServer
C:\WINDOWS\System32\msiexec.exe /V

 VIRTUAL NIC SERVICE: PackethSvc
C:\WINDOWS\System32\PackethSvc.exe

 IPSEC SERVICES: PolicyAgent
C:\WINDOWS\System32\lsass.exe

 PROTECTED STORAGE: ProtectedStorage
C:\WINDOWS\system32\lsass.exe

 SECURITY ACCOUNTS MANAGER: SamSs
C:\WINDOWS\system32\lsass.exe

 REMOTE PROCEDURE CALL (RPC): RpcSs
C:\WINDOWS\system32\svchost -k rpcss

 PRINT SPOOLER: Spooler
C:\WINDOWS\system32\spoolsv.exe

 WINDOWS IMAGE ACQUISITION (WIA): stisvc
C:\WINDOWS\System32\svchost.exe -k imgsvc

 NETWORK SECURITY SERVICE (NSS):
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #3 on: July 31, 2004, 04:01:39 AM »

Download About:Buster from Here
Unzip it to your desktop.
Don't run this yet

Set Windows to Show Hidden Files and Folders

You Have one entry I don't recognize
O4 - HKCU\..\Run: [C:\WINDOWS\System32\iuacelu.dll]
C:\WINDOWS\System32\iuacelu.dll /c del
« Last Edit: July 31, 2004, 04:06:20 AM by benditup » Logged

 
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page September 10, 2018, 10:29:33 AM