MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: dialeradmin: same exact problem as Tom Cross
November 19, 2019, 02:26:52 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
November 19, 2019, 02:26:52 AM

Login with username, password and session length
 Featured Sites:
News
Welcome to MyTechSupport.ca! - Registration is FREE, so why not join our friendly community today?
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: dialeradmin: same exact problem as Tom Cross  (Read 2688 times)
S_Harlem
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 4


Bookmark and Share

View Profile
« on: August 04, 2004, 10:21:09 AM »

running under xp

The dialeradmin error message keeps coming up, along with the s*xx icon, and the websiteviewer folder in program files. Tried to delete it in safe mode, remove it from the running programs in the task manager. Even removed it from msconfig. Another thing that bothers me is that I can't enable my panda firewall, I tick on the box and I click on OK. but when i check again, its turned off. Thanks.
Logged

 
S_Harlem
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 4


Bookmark and Share

View Profile
« Reply #1 on: August 04, 2004, 11:02:07 AM »

Logfile of HijackThis v1.97.7
Scan saved at 13:00:45, on 04/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\STOPzilla!\szntsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\STOPzilla!\Stopzilla.exe
C:\Archivos de programa\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\Archivos de programa\Winamp3\winampa.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Archivos de programa\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Archivos de programa\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\system32\wintime.exe
C:\ARCHIV~1\AIM\aim.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Documents and Settings\Luis\Escritorio\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = V
« Last Edit: August 05, 2004, 04:40:17 AM by benditup » Logged

 
S_Harlem
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 4


Bookmark and Share

View Profile
« Reply #2 on: August 04, 2004, 02:24:53 PM »

heres an update, I used spywareblaster, deleted wintime.exe and things of that nature

Logfile of HijackThis v1.97.7
Scan saved at 16:23:50, on 04/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\STOPzilla!\szntsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\STOPzilla!\Stopzilla.exe
C:\Archivos de programa\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\Archivos de programa\Winamp3\winampa.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Archivos de programa\ScanSoft\OmniPageSE\opware32.exe
C:\Archivos de programa\Messenger Plus! 3\MsgPlus.exe
C:\Archivos de programa\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Luis\Escritorio\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://opti.riviera.cc (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://opti.riviera.cc (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://opti.riviera.cc (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://riviera.cc (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://opti.riviera.cc (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://opti.riviera.cc (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://opti.riviera.cc (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://riviera.cc (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = V
« Last Edit: August 05, 2004, 04:41:38 AM by benditup » Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #3 on: August 05, 2004, 04:54:43 AM »

Access your Add/Remove Programs and Remove P2P Networking if still
there---generally a useless addon by Kazaa

Your Anti-Virus may be compromised
You may want to shut it down and do an onlinescan
at Housecall's---Set to Autoclean
http://housecall.trendmicro.com/

NEXT: Download and save to Desktop---CWShredder
https://ssl.perfora.net/tools.radiosplace.com/CWShredder.exe
Disconnect from the Internet
With only CWShredder open let it FIX all problems
RESTART your computer


NEXT: Download and install 30 day Trial Version of Trojan Hunter
http://www.misec.net/trojanhunter/
After installation---Go to this link
http://www.misec.net/trojanhunter/updating/
Download the Latest Ruleset Update
Unzip it to your TrojanHunter Folder
Allow to overwrite if prompted

Disconnect from the NET
RESTART your Computer in SAFE MODE

Do a Full Scan with TrojanHunter
NEXT:
Download and Install the free version of Ad-Aware
After installation-CHECK FOR UPDATES
Set these additional options for a custom scan
click the gear wheel at the top and check these options:

General> activate these: "Automatically save log-file" and "Automatically quarantine objects prior to removal"

Scanning > activate these: "Scan within archives", "Scan active processes", "Scan registry", "Deep scan registry", "Scan my IE Favorites for banned sites" and "Scan my Hosts file"

Tweaks > Scanning Engine> activate this: "Unload recognized processes during scanning."

Tweaks > Cleaning Engine: activate these: "Automatically try to unregister objects prior to deletion" and "Let Windows remove files in use after reboot."

Click "Proceed" to save your settings, then click "Start", make sure "Activate in-depth scan" is ticked green then scan your system. When the scan is finished, the screen will tell you if anything has been found, click "Next". The bad files will be listed, right click the pane and click "Select all objects" - this will put a check mark in the box at the side, click "Next" again and click "OK" at the prompt "# objects will be removed. Continue?".

RESTART your computer

Your copy of hijackthis is outdated--delete it
My Spanish is not that good, so I hope you can interput
Important---Create a permanent folder hijackthis
EG---- Open MyDocuments----Right click an empty spot and select NEW---Folder----Name the new folder HJT ---this is where you will want to save Hijackthis too, also, backups will be stored there.
Download from https://ssl.perfora.net/tools.radiosplace.com/HijackThis.exe

Do another scan and post back with a fresh hijackthis log afterwards..
« Last Edit: August 05, 2004, 04:57:45 AM by benditup » Logged

 
S_Harlem
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 4


Bookmark and Share

View Profile
« Reply #4 on: August 05, 2004, 02:24:30 PM »

Thanks for taking the time to help me. I did everything just as you advised me. Hope everything looks better now. Thanks again.



Logfile of HijackThis v1.98.1
Scan saved at 16:22:34, on 05/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\STOPzilla!\szntsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\STOPzilla!\Stopzilla.exe
C:\Archivos de programa\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\Archivos de programa\Winamp3\winampa.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Archivos de programa\ScanSoft\OmniPageSE\opware32.exe
C:\Archivos de programa\Messenger Plus! 3\MsgPlus.exe
C:\Archivos de programa\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = V
« Last Edit: August 06, 2004, 04:59:17 AM by benditup » Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #5 on: August 06, 2004, 05:23:16 AM »

Set Windows to Show Hidden Files and Folders

Navigate to these files,
Right click on them---properties---version
Do you know what they are related too?
Could you submit them to Kapersky's for a free virus scan
http://www.kaspersky.com/scanforvirus
Simply use the Browse button to navigate to the file
Right click them-----Select---Submit
I will assume they are bad for now, unless you know what they are related too!

busp32.exe <---this file(I think it's related to Gaobot virus) search for it, when searching click on Advanced options, put a check in "search hidden files and folders"

C:\WINDOWS\System32\jkqui.exe <--this file
C:\WINDOWS\netstat.exe <--this file
C:\WINDOWS\System32\msupdate32e.exe <--this file
C:\WINDOWS\System32\iahlx.exe <--this file

You may not find all the files
Do another Scan with Hijackthis and put a check next to these entries
and then FIX CHECKED when ALL other windows are closed

O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Archivos de programa\MyWay\myBar\2.bin\MYBAR.DLL (file missing)
O4 - HKLM\..\Run: [BUSP Utility 32] busp32.exe
O4 - HKLM\..\Run: [Disk Defragmenter] C:\WINDOWS\System32\jkqui.exe

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [Update Service] C:\WINDOWS\System32\iahlx.exe
O4 - HKLM\..\Run: [updmgr] C:\Archivos de programa\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [MS Sound Config 16bit] sndcfg16.exe
O4 - HKLM\..\Run: [nstat] C:\WINDOWS\netstat.exe
O4 - HKLM\..\Run: [msupdate32] C:\WINDOWS\System32\msupdate32e.exe

O4 - HKLM\..\RunServices: [BUSP Utility 32] busp32.exe
O4 - HKLM\..\RunServices: [MS Sound Config 16bit] sndcfg16.exe

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=168d3f0c8f5ebbd0d83ee5445ae40e55469aa3fdaf2
4dd3540c41ee1ea302c2d59104a57d59aa8baedc40580da1dd4eb01d54f:eeba47ee03d937f4aaa2edc6fc4885a4
O16 - DPF: {4B6015E7-3ABB-45DC-96B7-55A843751F28} (IntRuboskizo2 Class) - http://www.contenidospc.com/ruboskizo2.cab

RESTART your Computer in SAFE MODE

Find and delete these files or folders if they exist
C:\WINDOWS\System32\jkqui.exe <--this file
C:\WINDOWS\System32\iahlx.exe <--this file
C:\WINDOWS\netstat.exe <--this file
C:\WINDOWS\System32\msupdate32e.exe <--this file
busp32.exe <--file
sndcfg16.exe <--file

C:\Archivos de programa\MyWay <--this folder
C:\Archivos de programa\Common files\updmgr <--this folder
C:\WINDOWS\System32\P2P Networking <--this folder

RESTART your computer in Normal Mode
Post back with a Fresh hijackthis log and let me know how your doing

Once we know your clean you will want to Clear your System Restore Points
Don't delete the backups from hijackthis until everything is running good...
 
Logged

 
rebeang
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 2


Bookmark and Share

View Profile
« Reply #6 on: August 15, 2004, 01:35:25 AM »

Computer illiterate here, but found this thread by searching for help to remove a dialer program, 123921.exe, which puts a s*xXX icon on the desktop and attempts to redirect my connection by dialing a number after disconnecting me from my dial-up service. I copied and pasted the above instructions and saved them to my desktop so that I could access the file easily in safe mode. I had a horrendous problem because when I went to "search for files and folders" the items would list but they were not visible to me, except in safe mode. I downloaded "hijack this" and already had ad-aware installed. I need to say that the only program which accurately detected and removed the 60 spyware applications and the 507 traces that resulted from the spyware was Spy Sweeper, which I downloaded as shareware from SnapFiles. I do not have this URL. But I wanted anyone else who was having problems with this that the above suggestions worked to get me far enough that i was able to actually dopwnload a program to eliminate the offending spyware, but that spy sweeper was the only program that was totally effective. It detected and removed a jeem trojan as well, and it also provides spyware guarding while browsing the net. I would hate to see anyone go through what I went through today. Thanks for the help here.
Logged

 
rebeang
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 2


Bookmark and Share

View Profile
« Reply #7 on: August 15, 2004, 04:28:43 PM »

wanted to edit my existing post to include this but couldn't see a way to do it...TrojanHunter with the upgrades found 7 trojans that even trend micro's housecall did not find.
Logged

 
venus17
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 8


Bookmark and Share

View Profile
« Reply #8 on: February 19, 2005, 10:27:47 PM »

Hi,

I'm having the same problems with the s*xXX icon that won't go away.  I have run several virus/adware scans with Ad-Aware, F-Prot, and Spy Sweeper, but the dialer program always comes back.  I ran a Hijack This scan, but I don't want to delete or fix anything until I have the thumbs up from a professional.

Here's a copy of my Hijack This scan log:

Logfile of HijackThis v1.98.2
Scan saved at 5:14:09 PM, on 2/19/2005
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\FSI\F-Prot\fpavupdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\crss2.exe
C:\WINDOWS\System32\cstr.exe
C:\WINDOWS\System32\actboost.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\WINDOWS\SYSTEM32\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\Lfomhl.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - C:\WINDOWS\cerbmod.dll
O2 - BHO: SafeGuard Protect PCShield - {564FFB73-9EEF-4969-92FA-5FC4A92E2C2A} - C:\WINDOWS\System32\KDP1cda.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll
O2 - BHO: Core Library - {F281FFC7-6C63-4bf9-83F2-AB7A6157B109} - C:\WINDOWS\System32\kdpupd.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Kazaa Download Accelerator Updater] regsvr32 /s C:\WINDOWS\System32\kdpupd.dll
O4 - HKLM\..\Run: [WindowsRegKey update] iyjlypcycr.exe
O4 - HKLM\..\Run: [crss3 manager] crss2.exe
O4 - HKLM\..\Run: [starter] scvhosuing.exe
O4 - HKLM\..\Run: [Mcafee Auto Protect] mcafeshield.exe
O4 - HKLM\..\Run: [SCikc] C:\WINDOWS\plccnr.exe
O4 - HKLM\..\Run: [Windows Loader Service] civsc.exe
O4 - HKLM\..\Run: [clfmon] C:\WINDOWS\clfmon.exe
O4 - HKLM\..\Run: [MsnExplorer] C:\WINDOWS\svchst.exe /i
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [nvsv32.exe] cstr.exe
O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\KDP1cda.dll"
O4 - HKLM\..\Run: [AtiDisplayDrv] atidrvxx.exe
O4 - HKLM\..\Run: [cfgboost] cfgboot.exe
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Program Files\FSI\F-Prot\F-Sched.exe STARTUP
O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [Microsoft boot system cfg32] actboost.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\RunServices: [WindowsRegKey update] iyjlypcycr.exe
O4 - HKLM\..\RunServices: [crss3 manager] crss2.exe
O4 - HKLM\..\RunServices: [starter] scvhosuing.exe
O4 - HKLM\..\RunServices: [Mcafee Auto Protect] mcafeshield.exe
O4 - HKLM\..\RunServices: [Windows Loader Service] civsc.exe
O4 - HKLM\..\RunServices: [nvsv32.exe] cstr.exe
O4 - HKLM\..\RunServices: [AtiDisplayDrv] atidrvxx.exe
O4 - HKLM\..\RunServices: [cfgboost] cfgboot.exe
O4 - HKLM\..\RunServices: [Microsoft boot system cfg32] actboost.exe
O4 - HKLM\..\RunOnce: [crss3 manager] crss2.exe
O4 - HKLM\..\RunOnce: [starter] scvhosuing.exe
O4 - HKLM\..\RunOnce: [nvsv32.exe] cstr.exe
O4 - HKLM\..\RunOnce: [cfgboost] cfgboot.exe
O4 - HKLM\..\RunOnce: [Microsoft boot system cfg32] actboost.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [crss3 manager] crss2.exe
O4 - HKCU\..\Run: [starter] scvhosuing.exe
O4 - HKCU\..\Run: [WindowsRegKey update] iyjlypcycr.exe
O4 - HKCU\..\Run: [Mcafee Auto Protect] mcafeshield.exe
O4 - HKCU\..\Run: [Windows Loader Service] civsc.exe
O4 - HKCU\..\Run: [NvCplScan] nvsc32.exe
O4 - HKCU\..\Run: [nvsv32.exe] cstr.exe
O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\KDP1cda.dll"
O4 - HKCU\..\Run: [cfgboost] cfgboot.exe
O4 - HKCU\..\Run: [AtiDisplayDrv] atidrvxx.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [Microsoft boot system cfg32] actboost.exe
O4 - HKCU\..\RunServices: [AtiDisplayDrv] atidrvxx.exe
O4 - HKCU\..\RunOnce: [cfgboost] cfgboot.exe
O4 - HKCU\..\RunOnce: [Microsoft boot system cfg32] actboost.exe
O4 - HKCU\..\RunOnce: [crss3 manager] crss2.exe
O4 - HKCU\..\RunOnce: [starter] scvhosuing.exe
O4 - HKCU\..\RunOnce: [nvsv32.exe] cstr.exe
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: Win32 Classes -
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E4093FF-214C-476D-B2B9-07D908D69EC5}: NameServer = 4.2.2.2,4.2.2.3


What do I do now?Huh?

Thanks so much!
Logged

 
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page May 26, 2017, 12:39:46 PM