Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Shave_uk

Pages: [1]
1
Tech Clinic / Worm 32 problem. Hijack This log
« on: April 18, 2005, 04:30:48 PM »
Here is my Hijack This log file. can anyone please help, i dont know how i picked up this virus.

muchos apprecianos friends:

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
D:\WINNT\System32\svchost.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton Utilities\NPROTECT.EXE
D:\WINNT\System32\nvsvc32.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\Program Files\Speed Disk\nopdb.exe
D:\WINNT\Explorer.exe
D:\PROGRA~1\NORTON~1\navapw32.exe
D:\Program Files\Media Access\MediaAccK.exe
D:\Program Files\Media Access\MediaAccess.exe
D:\WINNT\loadqm.exe
D:\WINNT\System32\task.exe
D:\Program Files\QuickTime\qttask.exe
D:\WINNT\System32\wins.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINNT\System32\sssqcx.exe
D:\WINNT\System32\internat.exe
D:\WINNT\System32\umaolss.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Microsoft Office\Office\FINDFAST.EXE
D:\Program Files\ISTsvc\istsvc.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Documents and Settings\Administrator\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx
O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - D:\Program Files\ISTbar\istbarcm.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NAV Agent] D:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Windows Monitor] winmon.exe
O4 - HKLM\..\Run: [Windows Compliant] winole.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [FireWire Services] nvcsv32.exe
O4 - HKLM\..\Run: [Media Access] D:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [gah95on6] D:\WINNT\System32\gah95on6.exe
O4 - HKLM\..\Run: [WindowsRegKey update] winupdate.exe
O4 - HKLM\..\Run: [ErrorGuard] D:\Program Files\ErrorGuard\ErrorGuard.Exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Microsoft Windows Updata] scvhost.exe
O4 - HKLM\..\Run: [SGe3nVfFM] D:\WINNT\dwovowp.exe
O4 - HKLM\..\Run: [ùõ€-‚²‘ÆßfÏNb‰»9õñD:\Program Files\ISTsvc\istsvc.exe] D:\WINNT\dwovowp.exe
O4 - HKLM\..\Run: [SGe3nVä{$] D:\WINNT\dwovowp.exe
O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] winreg32.exe
O4 - HKLM\..\Run: [EXPLORER MICROSOFT SYSTEM] task.exe
O4 - HKLM\..\Run: [w77f3ml] useap.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sygate Personal Firewall] wins.exe
O4 - HKLM\..\Run: [iTunesHelper] D:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [DoS 0WN3D YOU] sssqcx.exe
O4 - HKLM\..\Run: [IST Service] D:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\RunServices: [Windows Monitor] winmon.exe
O4 - HKLM\..\RunServices: [Windows Compliant] winole.exe
O4 - HKLM\..\RunServices: [FireWire Services] nvcsv32.exe
O4 - HKLM\..\RunServices: [WindowsRegKey update] winupdate.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Updata] scvhost.exe
O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] winreg32.exe
O4 - HKLM\..\RunServices: [EXPLORER MICROSOFT SYSTEM] task.exe
O4 - HKLM\..\RunServices: [Sygate Personal Firewall] wins.exe
O4 - HKLM\..\RunServices: [DoS 0WN3D YOU] sssqcx.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Windows Monitor] winmon.exe
O4 - HKCU\..\Run: [hwopRgJtS] umaolss.exe
O4 - HKCU\..\Run: [Spyware Cleaner] "D:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - HKCU\..\Run: [WindowsRegKey update] winupdate.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Microsoft Windows Updata] scvhost.exe
O4 - HKCU\..\Run: [Steam] C:\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [NTSF MICROSOFT SYSTEM] winreg32.exe
O4 - HKCU\..\Run: [EXPLORER MICROSOFT SYSTEM] task.exe
O4 - HKCU\..\Run: [Sygate Personal Firewall] wins.exe
O4 - HKCU\..\Run: [DoS 0WN3D YOU] sssqcx.exe
O4 - HKCU\..\RunServices: [Windows Monitor] winmon.exe
O4 - Startup: Microsoft Find Fast.lnk = D:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Norton System Doctor.lnk = D:\Program Files\Norton Utilities\SYSDOC32.EXE
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971C.../bridge-c18.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple...iTunesSetup.exe
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/gamc19-gb/gb...s4.cab?fgiocv=1
O16 - DPF: {AD0B8220-7DA4-4C0A-8532-B25A9F631D3D} (VacPro.internazionale_ver10) - http://advnt01.com/dialer/internazionale_ver10.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINNT\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - D:\Program Files\Speed Disk\nopdb.exe
O23 - Service: SpywareCleanerService - Unknown owner - D:\Program Files\Spyware Cleaner\SCService.exe (file missing)

2
Software / Internet explorer warning message
« on: October 11, 2004, 07:57:24 AM »
[color=\"purple\"]
Hi everyone.
I would like to know how to disable the warning message in internet explorer that comes when you try to refresh a webpage that needs the information resending. I would like it to be set to automatic resend so that the warning box doesnt pop up, propmting me to click retry.
I have looked through the advanced options in internet explorer but cant find it. Advice would be much appreciated. Thankyou  
 [/color]

Pages: [1]