MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Something wrong with the internet..!
December 09, 2019, 07:38:48 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
December 09, 2019, 07:38:48 AM

Login with username, password and session length
 Featured Sites:
News
New  New Poll on our main page!
"My experience with Vista..."
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Something wrong with the internet..!  (Read 3231 times)
DwArK
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 8


Bookmark and Share

View Profile
« on: November 19, 2004, 02:13:49 PM »

Hi, i have some problems with the internet, i have a 512/128 but it is slow and sometimes i cant open any sites, just says that it couldt open the site.. i have tryied with different types of spyware remover, Spy Sweeper, Bulletproof, Trojanremover, Panda antivirus.... I have zone alarm and it says that Explorer.exe is using the internet a lot, if i
Logged

 
jvic
Visiting Administrator
Hero Member
*****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 1238


Bookmark and Share

View Profile
« Reply #1 on: November 19, 2004, 02:15:26 PM »

Your hijack this is outdated.Please download the newest version
From Here

Make sure you unzip hijack this to its own folder such as C:\Program files as this is where the backups will be created.Run Hijack this but do NOT fix anything.Click save log and a log will open in notepad.Copy and paste your log here.
Logged

John Vickers
DwArK
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 8


Bookmark and Share

View Profile
« Reply #2 on: November 19, 2004, 02:32:01 PM »

Ok, now i have downloaded Hijackthis from the link and MAde a folder for it...
Heres the new log..


Logfile of HijackThis v1.98.2
Scan saved at 15:35:47, on 19-11-2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\RECYCLER\service.exe
C:\RECYCLER\service.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\Winupdsys.exe
C:\WINDOWS\System32\klsuicbn.exe
C:\WINDOWS\System32\scman.exe
C:\WINDOWS\System32\rsvc32.exe
D:\programmer\Winamp\winampa.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
D:\programmer\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Programmer\Agnitum\Outpost Firewall\outpost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis19802.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Network Administration Service] rsvc32.exe
O4 - HKLM\..\Run: [WinampAgent] d:\programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [Yahoo Update] Yahoo.exe
O4 - HKLM\..\Run: [WinAC v4] klsuicbn.exe
O4 - HKLM\..\Run: [ScManager] scman.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\izumrq.exe
O4 - HKLM\..\Run: [DHCP Server] regsvr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DIABLO666] Winupdsys.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [THGuard] "D:\programmer\TrojanHunter 4.0\THGuard.exe"
O4 - HKLM\..\Run: [Outpost Firewall] D:\Programmer\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\RunServices: [DIABLO666] Winupdsys.exe
O4 - HKLM\..\RunServices: [Network Administration Service] rsvc32.exe
O4 - HKLM\..\RunServices: [Yahoo Update] Yahoo.exe
O4 - HKLM\..\RunServices: [WinAC v4] klsuicbn.exe
O4 - HKLM\..\RunServices: [ScManager] scman.exe
O4 - HKLM\..\RunServices: [DHCP Server] regsvr.exe
O4 - HKLM\..\RunOnce: [DIABLO666] Winupdsys.exe
O4 - HKLM\..\RunOnce: [WinAC v4] klsuicbn.exe
O4 - HKLM\..\RunOnce: [ScManager] scman.exe
O4 - HKLM\..\RunOnce: [WMC_0] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\System32\wmpcore.dll"
O4 - HKLM\..\RunOnce: [WMC_1] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\System32\msdxm.ocx"
O4 - HKLM\..\RunOnce: [WMC_2] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\System32\dxmasf.dll"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpySweeper] d:\programmer\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [DIABLO666] Winupdsys.exe
O4 - HKCU\..\Run: [WinAC v4] klsuicbn.exe
O4 - HKCU\..\Run: [ScManager] scman.exe
O4 - HKCU\..\Run: [Yahoo Update] Yahoo.exe
O4 - HKCU\..\RunOnce: [DIABLO666] Winupdsys.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - D:\PROGRA~1\Agnitum\OUTPOS~1\TRASH.EXE (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - D:\PROGRA~1\Agnitum\OUTPOS~1\TRASH.EXE (HKCU)
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100810115747

Logged

 
jvic
Visiting Administrator
Hero Member
*****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 1238


Bookmark and Share

View Profile
« Reply #3 on: November 19, 2004, 02:50:30 PM »

Ok yahoo.exe is a WORM_RBOT.WF

Run An Online Virus Scan At Trendmicro!!!
Remove anything it finds and write down any files it says are uncleanable
(Write down the name and path)

 post a new hijack this log


Logged

John Vickers
DwArK
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 8


Bookmark and Share

View Profile
« Reply #4 on: November 19, 2004, 03:26:08 PM »

Just made a new Hijack this scan:

Logfile of HijackThis v1.98.2
Scan saved at 16:28:55, on 19-11-2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\RECYCLER\service.exe
C:\RECYCLER\service.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\Winupdsys.exe
C:\WINDOWS\System32\klsuicbn.exe
C:\WINDOWS\System32\scman.exe
C:\WINDOWS\System32\rsvc32.exe
D:\programmer\Winamp\winampa.exe
C:\WINDOWS\System32\Yahoo.exe
C:\WINDOWS\System32\regsvr.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
D:\programmer\Webroot\Spy Sweeper\SpySweeper.exe
D:\Programmer\Agnitum\Outpost Firewall\outpost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\EXPLORER.EXE
d:\games\counter-strike source\SteamEngine.exe
C:\WINDOWS\System32\notepad.exe
C:\Program Files\Hijackthis\HijackThis19802.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Network Administration Service] rsvc32.exe
O4 - HKLM\..\Run: [WinampAgent] d:\programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [Yahoo Update] Yahoo.exe
O4 - HKLM\..\Run: [WinAC v4] klsuicbn.exe
O4 - HKLM\..\Run: [ScManager] scman.exe
O4 - HKLM\..\Run: [DHCP Server] regsvr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DIABLO666] Winupdsys.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [THGuard] "D:\programmer\TrojanHunter 4.0\THGuard.exe"
O4 - HKLM\..\Run: [Outpost Firewall] D:\Programmer\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\RunServices: [DIABLO666] Winupdsys.exe
O4 - HKLM\..\RunServices: [Network Administration Service] rsvc32.exe
O4 - HKLM\..\RunServices: [Yahoo Update] Yahoo.exe
O4 - HKLM\..\RunServices: [WinAC v4] klsuicbn.exe
O4 - HKLM\..\RunServices: [ScManager] scman.exe
O4 - HKLM\..\RunServices: [DHCP Server] regsvr.exe
O4 - HKLM\..\RunOnce: [DIABLO666] Winupdsys.exe
O4 - HKLM\..\RunOnce: [WinAC v4] klsuicbn.exe
O4 - HKLM\..\RunOnce: [ScManager] scman.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpySweeper] d:\programmer\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [DIABLO666] Winupdsys.exe
O4 - HKCU\..\Run: [WinAC v4] klsuicbn.exe
O4 - HKCU\..\Run: [ScManager] scman.exe
O4 - HKCU\..\Run: [Yahoo Update] Yahoo.exe
O4 - HKCU\..\RunOnce: [DIABLO666] Winupdsys.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - D:\PROGRA~1\Agnitum\OUTPOS~1\TRASH.EXE (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - D:\PROGRA~1\Agnitum\OUTPOS~1\TRASH.EXE (HKCU)
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100810115747
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

and i checked my system with Housecall virus scan it found 4 items it couldnt clean..

WORM RBOT.ABH \windows\system32\rsvc32.exe
WORM RBOT.WN  \windows\system32\regsvr.exe
WORM KORGO.V  \windows\system32\ftpupd.exe
WORM KORGO.V  \Windows\system32\config\systemprofile\local settings\Tempory internet files\Content.IE5\CPIFW92J\x[1].exe
Logged

 
jvic
Visiting Administrator
Hero Member
*****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 1238


Bookmark and Share

View Profile
« Reply #5 on: November 19, 2004, 04:12:32 PM »

Ok first disable system restore,you can enable it when you are clean
Using System Restore Windows XP

Run hijack this and place a check beside the following:

O4 - HKLM\..\Run: [Network Administration Service] rsvc32.exe
O4 - HKLM\..\Run: [Yahoo Update] Yahoo.exe
O4 - HKLM\..\Run: [WinAC v4] klsuicbn.exe
O4 - HKLM\..\Run: [DHCP Server] regsvr.exe
O4 - HKLM\..\Run: [DIABLO666] Winupdsys.exe
O4 - HKLM\..\RunServices: [DIABLO666] Winupdsys.exe
O4 - HKLM\..\RunServices: [Network Administration Service] rsvc32.exe
O4 - HKLM\..\RunServices: [Yahoo Update] Yahoo.exe
O4 - HKLM\..\RunServices: [WinAC v4] klsuicbn.exe
O4 - HKLM\..\RunServices: [ScManager] scman.exe
O4 - HKLM\..\RunServices: [DHCP Server] regsvr.exe
O4 - HKLM\..\RunOnce: [DIABLO666] Winupdsys.exe
O4 - HKLM\..\RunOnce: [WinAC v4] klsuicbn.exe
O4 - HKLM\..\RunOnce: [ScManager] scman.exe
O4 - HKCU\..\Run: [DIABLO666] Winupdsys.exe
O4 - HKCU\..\Run: [WinAC v4] klsuicbn.exe
O4 - HKCU\..\Run: [ScManager] scman.exe
O4 - HKCU\..\Run: [Yahoo Update] Yahoo.exe
O4 - HKCU\..\RunOnce: [DIABLO666] Winupdsys.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

Boot Into Safe Mode Making Sure You Can see Hidden files And Folders

How To Boot Into SafeMode


How To Show Hidden Files And Folders

Delete the following:


C:\WINDOWS\System32\Winupdsys.exe
C:\WINDOWS\System32\klsuicbn.exe
C:\WINDOWS\System32\rsvc32.exe
C:\WINDOWS\System32\Yahoo.exe
C:\WINDOWS\System32\regsvr.exe
and the files that Trendmicro found

Restart your computer and post a new hijack this log
Logged

John Vickers
DwArK
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 8


Bookmark and Share

View Profile
« Reply #6 on: November 19, 2004, 04:38:21 PM »

heres the new log..

Logfile of HijackThis v1.98.2
Scan saved at 17:38:57, on 19-11-2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\RECYCLER\service.exe
C:\RECYCLER\service.exe
C:\WINDOWS\System32\nvsvc32.exe
D:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe
C:\WINDOWS\System32\scman.exe
C:\WINDOWS\System32\rsvc32.exe
D:\programmer\Winamp\winampa.exe
C:\WINDOWS\System32\Yahoo.exe
C:\WINDOWS\System32\regsvr.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
D:\programmer\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis19802.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Network Administration Service] rsvc32.exe
O4 - HKLM\..\Run: [WinampAgent] d:\programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [Yahoo Update] Yahoo.exe
O4 - HKLM\..\Run: [WinAC v4] klsuicbn.exe
O4 - HKLM\..\Run: [ScManager] scman.exe
O4 - HKLM\..\Run: [DHCP Server] regsvr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DIABLO666] Winupdsys.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [THGuard] "D:\programmer\TrojanHunter 4.0\THGuard.exe"
O4 - HKLM\..\Run: [Outpost Firewall] D:\Programmer\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\RunServices: [DIABLO666] Winupdsys.exe
O4 - HKLM\..\RunServices: [Network Administration Service] rsvc32.exe
O4 - HKLM\..\RunServices: [Yahoo Update] Yahoo.exe
O4 - HKLM\..\RunServices: [WinAC v4] klsuicbn.exe
O4 - HKLM\..\RunServices: [ScManager] scman.exe
O4 - HKLM\..\RunServices: [DHCP Server] regsvr.exe
O4 - HKLM\..\RunOnce: [ScManager] scman.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpySweeper] d:\programmer\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [DIABLO666] Winupdsys.exe
O4 - HKCU\..\Run: [WinAC v4] klsuicbn.exe
O4 - HKCU\..\Run: [ScManager] scman.exe
O4 - HKCU\..\Run: [Yahoo Update] Yahoo.exe
O4 - HKCU\..\RunOnce: [ScManager] scman.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - D:\PROGRA~1\Agnitum\OUTPOS~1\TRASH.EXE (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - D:\PROGRA~1\Agnitum\OUTPOS~1\TRASH.EXE (HKCU)
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100810115747
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

couldnt find:


WORM RBOT.WN  \windows\system32\regsvr.exe
C:\WINDOWS\System32\Yahoo.exe
C:\WINDOWS\System32\regsvr.exe
Logged

 
DwArK
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 8


Bookmark and Share

View Profile
« Reply #7 on: November 19, 2004, 04:51:39 PM »

Should i try to fix it with hijack this???
Logged

 
jvic
Visiting Administrator
Hero Member
*****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 1238


Bookmark and Share

View Profile
« Reply #8 on: November 19, 2004, 04:57:20 PM »

Did you disable system restore
Did you set to show hidden files and folders because they are still there
Logged

John Vickers
DwArK
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 8


Bookmark and Share

View Profile
« Reply #9 on: November 19, 2004, 04:59:17 PM »

oh forgot to disable system restore... where do i disable the System restore
Logged

 
jvic
Visiting Administrator
Hero Member
*****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 1238


Bookmark and Share

View Profile
« Reply #10 on: November 19, 2004, 05:01:48 PM »

Follow the instructions in my previous post.It tells you how to disable system restore and what to fix with hijack this
Logged

John Vickers
DwArK
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 8


Bookmark and Share

View Profile
« Reply #11 on: November 19, 2004, 05:10:12 PM »

Logfile of HijackThis v1.98.2
Scan saved at 18:13:27, on 19-11-2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\programmer\Winamp\winampa.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
D:\programmer\Webroot\Spy Sweeper\SpySweeper.exe
C:\RECYCLER\service.exe
C:\RECYCLER\service.exe
C:\WINDOWS\System32\nvsvc32.exe
D:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
d:\programmer\Winamp\winamp.exe
C:\Program Files\Hijackthis\HijackThis19802.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] d:\programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [THGuard] "D:\programmer\TrojanHunter 4.0\THGuard.exe"
O4 - HKLM\..\Run: [Outpost Firewall] D:\Programmer\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\RunServices: [Network Administration Service] rsvc32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpySweeper] d:\programmer\Webroot\Spy Sweeper\SpySweeper.exe /0
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - D:\PROGRA~1\Agnitum\OUTPOS~1\TRASH.EXE (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - D:\PROGRA~1\Agnitum\OUTPOS~1\TRASH.EXE (HKCU)
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100810115747
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

Thx, for the help... now it works again...

Logged

 
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page June 21, 2018, 03:31:35 PM