Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - ClaireMcC

Pages: [1]

Tech Clinic / need help please

« on: April 15, 2005, 03:19:03 AM »

SORRY ALL THIS IS TAKIN SO LONG

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\'

\' />

BUT HERE IS USER C

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

Logfile of HijackThis v1.99.1
Scan saved at 09:15:50, on 04/15/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\hijackthis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\AGNITUM\OUTPOS~1\outpost.exe /waitservice
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - https://ukplay.toontown.com/download/sv1.0.15.19/ttinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\AGNITUM\OUTPOS~1\outpost.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS

Tech Clinic / need help please

« on: April 13, 2005, 05:08:44 PM »

sorry took so long to repl. gona do this now

Tech Clinic / need help please

« on: April 05, 2005, 07:54:33 PM »

all done. outpost seems to be ok now.

Logfile of HijackThis v1.99.1
Scan saved at 01:52:14, on 06/04/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\AGNITUM\OUTPOS~1\outpost.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\Claire\Desktop\hijackthis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\AGNITUM\OUTPOS~1\outpost.exe /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\AGNITUM\OUTPOS~1\TRASH.EXE (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\AGNITUM\OUTPOS~1\TRASH.EXE (HKCU)
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - https://ukplay.toontown.com/download/sv1.0.15.19/ttinst.cab
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\AGNITUM\OUTPOS~1\outpost.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS

Tech Clinic / need help please

« on: April 05, 2005, 06:47:07 PM »

heres export bat findings

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR"="0"
"DisableConfig"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services]

Tech Clinic / need help please

« on: April 05, 2005, 06:44:51 PM »

sorry took so long there. was having trouble with my outpost firewall. couldnt get onto internet. had to disable it.

anyway here it is

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

Logfile of HijackThis v1.99.1
Scan saved at 00:42:17, on 06/04/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\AGNITUM\OUTPOS~1\outpost.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Claire\Desktop\hijackthis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\AGNITUM\OUTPOS~1\outpost.exe /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\AGNITUM\OUTPOS~1\TRASH.EXE (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\AGNITUM\OUTPOS~1\TRASH.EXE (HKCU)
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - https://ukplay.toontown.com/download/sv1.0.15.19/ttinst.cab
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\AGNITUM\OUTPOS~1\outpost.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS

Tech Clinic / need help please

« on: April 05, 2005, 05:55:17 PM »

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' /> computer is better already.

done everything and downloaded everything. some things i couldnt find

service
name---- ISEXEng (this was not there)

C:\WINDOWS\msmpatch.exe <-file (DELETED)
C:\WINDOWS\System32\awkkej.exe <-file NOT THERE
C:\WINDOWS\System32\sysup.exe <-file (DELETED)
C:\WINDOWS\system32\f3PSSavr.scr <-file (DELETED)
C:\WINDOWS\GreasyPalmUpdate.exe <-file (DELETED)
C:\WINDOWS\System32\1j1dah1.dll <-file (DELETED)
C:\WINDOWS\GPalm.dll (DELETED)
C:\WINDOWS\Downloaded Program Files\ClientAX.dll NOT THERE
C:\dsm.exe (DELETED)
D:\My Docs\My Music\Fat Joe\What's Luv Definition\Whatdoesyournamemean.exe (DELETED)

C:\spywarevanisher-free <-folder NOT THERE
C:\Program Files\SpySpotter <-folder NOT THERE
C:\Program Files\MyWebSearch <-folder (DELETED)

# C:\Windows\System32\msmpatch.exe NOT THERE
# C:\Windows\System32\svosm.exe (DELETED)
# C:\WINDOWS\dsm.exe NOT THERE
# C:\One Eye Granny pic!.pif (DELETED)
# C:\Me drunk at The Sea!.pif (DELETED)
# C:\Punk Lives! lol.pif (DELETED)
# C:\Me Love You Long Time.pif (DELETED)
# C:\Me pic.pif (DELETED)
# C:\HillBilly Chick lol.pif (DELETED)
# C:\Dumb Looking Goth Chick.pif (DELETED)
# C:\Hot Blonde!.pif (DELETED)
# C:\Modelling Her New Bikini.pif (DELETED)
# C:\Crazy Japanese man kicks crazy frog!.pif (DELETED)
# C:\Funny Hitler parody!.pif (DELETED)
# C:\My birthday pic!.pif (DELETED)
# C:\Funny Hitler parody.pif (DELETED)
# C:\Documents and Settings\Claire\Local Settings\Application Data\Microsoft\CD Burning\autorun.exe (DELETED)

Done a Disk Cleanup

just gona post back a log now

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/wink.gif\' class=\'bbc_emoticon\' alt=\'

\' />

Tech Clinic / need help please

« on: April 04, 2005, 07:07:27 PM »

also done a scan with mwav, these r the results

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

File C:\PROGRA~1\MYWEBS~1\SrchAstt\1.bin\MWSSRCAS.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.

File C:\WINDOWS\msmpatch.exe infected by "IM-Worm.Win32.Sumom.a" Virus. Action Taken: No Action Taken.

File C:\WINDOWS\System32\sysup.exe infected by "IM-Worm.Win32.Sumom.a" Virus. Action Taken: No Action Taken.

File C:\WINDOWS\System32\svosm.exe infected by "IM-Worm.Win32.Sumom.a" Virus. Action Taken: No Action Taken.

File C:\WINDOWS\GreasyPalmUpdate.exe infected by "not-a-virus:AdWare.SearchFast.a" Virus. Action Taken: No Action Taken.

File System Found infected by "MyWebSearch Spyware/Adware" Virus. Action Taken: No Action Taken.

File System Found infected by "MyWebSearch Spyware/Adware" Virus. Action Taken: No Action Taken.

File System Found infected by "MyWebSearch Spyware/Adware" Virus. Action Taken: No Action Taken.

File System Found infected by "MyWebSearch Spyware/Adware" Virus. Action Taken: No Action Taken.

File System Found infected by "MyWebSearch Spyware/Adware" Virus. Action Taken: No Action Taken.

File System Found infected by "MyWebSearch Spyware/Adware" Virus. Action Taken: No Action Taken.

File System Found infected by "MyWebSearch Spyware/Adware" Virus. Action Taken: No Action Taken.

File System Found infected by "MyWebSearch Spyware/Adware" Virus. Action Taken: No Action Taken.

File System Found infected by "MyWebSearch Spyware/Adware" Virus. Action Taken: No Action Taken.

File System Found infected by "FunWebProducts Spyware/Adware" Virus. Action Taken: No Action Taken.

File System Found infected by "mywebsearch Spyware/Adware" Virus. Action Taken: No Action Taken.

File System Found infected by "AT-Games Spyware/Adware" Virus. Action Taken: No Action Taken.

File System Found infected by "btgrab Spyware/Adware" Virus. Action Taken: No Action Taken.

File System Found infected by "msbb Spyware/Adware" Virus. Action Taken: No Action Taken.

File C:\WINDOWS\system32\f3PSSavr.scr infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\1j1dah1.dll infected by "Trojan.Win32.Delf.cf" Virus. Action Taken: No Action Taken.

File C:\WINDOWS\system32\f3PSSavr.scr infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.

File C:\WINDOWS\system32\1j1dah1.dll infected by "Trojan.Win32.Delf.cf" Virus. Action Taken: No Action Taken.

File C:\WINDOWS\Downloaded Program Files\ClientAX.dll infected by "not-a-virus:AdWare.180Solutions.b" Virus. Action Taken: No Action Taken.

File C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\CD Burning\autorun.exe infected by "IM-Worm.Win32.Sumom.a" Virus. Action Taken: No Action Taken.

File C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\CD Burning\autorun.exe infected by "IM-Worm.Win32.Sumom.a" Virus. Action Taken: No Action Taken.

File C:\Documents and Settings\Vera\Local Settings\Application Data\Microsoft\CD Burning\autorun.exe infected by "IM-Worm.Win32.Sumom.a" Virus. Action Taken: No Action Taken.

File C:\Documents and Settings\Aidan\Local Settings\Application Data\Microsoft\CD Burning\autorun.exe infected by "IM-Worm.Win32.Sumom.a" Virus. Action Taken: No Action Taken.

File C:\Documents and Settings\Claire\Local Settings\Application Data\Microsoft\CD Burning\autorun.exe infected by "IM-Worm.Win32.Sumom.a" Virus. Action Taken: No Action Taken.

File C:\Documents and Settings\Christina\Local Settings\Application Data\Microsoft\CD Burning\autorun.exe infected by "IM-Worm.Win32.Sumom.a" Virus. Action Taken: No Action Taken.

File C:\Documents and Settings\Daniel\Local Settings\Application Data\Microsoft\CD Burning\autorun.exe infected by "IM-Worm.Win32.Sumom.a" Virus. Action Taken: No Action Taken.

File C:\Documents and Settings\Dee\Local Settings\Application Data\Microsoft\CD Burning\autorun.exe infected by "IM-Worm.Win32.Sumom.a" Virus. Action Taken: No Action Taken.
File C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL infected by "not-a-virus:AdWare.FunWeb.d" Virus. Action Taken: No Action Taken.

File C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.

File C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.

File C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.

File C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.

File C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.

File C:\dsm.exe infected by "IM-Worm.Win32.Sumom.a" Virus. Action Taken: No Action Taken.

File C:\One Eye Granny pic!.pif infected by "IM-Worm.Win32.Sumom.a" Virus. Action Taken: No Action Taken.

File C:\Me drunk at The Sea!.pif infected by "IM-Worm.Win32.Sumom.a" Virus. Action Taken: No Action Taken.

File C:\Punk Lives! lol.pif infected by "IM-Worm.Win32.Sumom.a" Virus. Action Taken: No Action Taken.

File C:\Me Love You Long Time.pif infected by "IM-Worm.Win32.Sumom.a" Virus. Action Taken: No Action Taken.

File C:\Me pic.pif infected by "IM-Worm.Win32.Sumom.a" Virus. Action Taken: No Action Taken.

File C:\HillBilly Chick lol.pif infected by "IM-Worm.Win32.Sumom.a" Virus. Action Taken: No Action Taken.

File C:\Recycled\Q330995.exe infected by "Trojan-Downloader.Win32.Agent.hr" Virus. Action Taken: No Action Taken.

File C:\Dumb Looking Goth Chick.pif infected by "IM-Worm.Win32.Sumom.a" Virus. Action Taken: No Action Taken.

File C:\Hot Blonde!.pif infected by "IM-Worm.Win32.Sumom.a" Virus. Action Taken: No Action Taken.

File C:\Modelling Her New Bikini.pif infected by "IM-Worm.Win32.Sumom.a" Virus. Action Taken: No Action Taken.

File C:\Crazy Japanese man kicks crazy frog!.pif infected by "IM-Worm.Win32.Sumom.a" Virus. Action Taken: No Action Taken.

File C:\Funny Hitler parody!.pif infected by "IM-Worm.Win32.Sumom.a" Virus. Action Taken: No Action Taken.

File C:\My birthday pic!.pif infected by "IM-Worm.Win32.Sumom.a" Virus. Action Taken: No Action Taken.

File D:\hp\bin\Terminator.exe tagged as not-a-virus:RiskWare.Tool.KillApp. No Action Taken.

File D:\hp\bin\WIN32ALL-125.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

File D:\My Docs\My Music\Fat Joe\What's Luv Definition\Whatdoesyournamemean.exe infected by "not-virus:Joke.Win32.Anywork" Virus. Action Taken: No Action Taken.

thanks very much guestolo

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' />

Tech Clinic / need help please

« on: April 04, 2005, 06:30:09 PM »

This is first time i have been able to get into this site in ages!!!!!!!!!!

sorry never replied b4 guestolo.

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\'

\' />

heres my new log if u think u can still help me

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/rolleyes.gif\' class=\'bbc_emoticon\' alt=\':rolleyes:\' />

Logfile of HijackThis v1.99.1
Scan saved at 23:17:35, on 04/04/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\AGNITUM\OUTPOS~1\outpost.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\msmpatch.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
C:\Documents and Settings\Claire\Desktop\hijackthis.exe

O1 - Hosts: 213.199.154.54 www.symantec.com
O1 - Hosts: 213.199.154.54 www.sophos.com
O1 - Hosts: 213.199.154.54 www.mcafee.com
O1 - Hosts: 213.199.154.54 www.viruslist.com
O1 - Hosts: 213.199.154.54 www.f-secure.com
O1 - Hosts: 213.199.154.54 www.avp.com
O1 - Hosts: 213.199.154.54 www.kaspersky.com
O1 - Hosts: 213.199.154.54 www.networkassociates.com
O1 - Hosts: 213.199.154.54 www.ca.com
O1 - Hosts: 213.199.154.54 www.my-etrust.com
O1 - Hosts: 213.199.154.54 www.nai.com
O1 - Hosts: 213.199.154.54 www.trendmicro.com
O1 - Hosts: 213.199.154.54 www.grisoft.com
O1 - Hosts: 213.199.154.54 securityresponse.symantec.com
O1 - Hosts: 213.199.154.54 symantec.com
O1 - Hosts: 213.199.154.54 sophos.com
O1 - Hosts: 213.199.154.54 mcafee.com
O1 - Hosts: 213.199.154.54 liveupdate.symantecliveupdate.com
O1 - Hosts: 213.199.154.54 viruslist.com
O1 - Hosts: 213.199.154.54 f-secure.com
O1 - Hosts: 213.199.154.54 kaspersky.com
O1 - Hosts: 213.199.154.54 kaspersky-labs.com
O1 - Hosts: 213.199.154.54 avp.com
O1 - Hosts: 213.199.154.54 networkassociates.com
O1 - Hosts: 213.199.154.54 ca.com
O1 - Hosts: 213.199.154.54 mast.mcafee.com
O1 - Hosts: 213.199.154.54 my-etrust.com
O1 - Hosts: 213.199.154.54 download.mcafee.com
O1 - Hosts: 213.199.154.54 dispatch.mcafee.com
O1 - Hosts: 213.199.154.54 secure.nai.com
O1 - Hosts: 213.199.154.54 nai.com
O1 - Hosts: 213.199.154.54 update.symantec.com
O1 - Hosts: 213.199.154.54 updates.symantec.com
O1 - Hosts: 213.199.154.54 us.mcafee.com
O1 - Hosts: 213.199.154.54 liveupdate.symantec.com
O1 - Hosts: 213.199.154.54 customer.symantec.com
O1 - Hosts: 213.199.154.54 rads.mcafee.com
O1 - Hosts: 213.199.154.54 trendmicro.com
O1 - Hosts: 213.199.154.54 grisoft.com
O1 - Hosts: 213.199.154.54 sandbox.norman.no
O1 - Hosts: 213.199.154.54 www.pandasoftware.com
O1 - Hosts: 213.199.154.54 uk.trendmicro-europe.com
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: Band Class - {8272B062-BD4D-4EAD-A149-45B3CE3F5CDA} - C:\WINDOWS\GPalm.dll
O2 - BHO: (no name) - {FAF4BD81-3B6B-4216-8EFA-7D9B8D64CEFB} - C:\WINDOWS\System32\pkcbmg.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Band Class - {8272B062-BD4D-4EAD-A149-45B3CE3F5CDA} - C:\WINDOWS\GPalm.dll
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [mzfouoyq] C:\WINDOWS\System32\awkkej.exe
O4 - HKLM\..\Run: [SpySpotter] C:\PROGRA~1\SPYSPO~1\SpySpotter.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [GreasyPalmUpdate] C:\WINDOWS\GreasyPalmUpdate.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [rollbk] C:\WINDOWS\msmpatch.exe
O4 - HKLM\..\Run: [AvSer] C:\WINDOWS\msmpatch.exe
O4 - HKLM\..\Run: [DsmSer] C:\WINDOWS\System32\sysup.exe
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\AGNITUM\OUTPOS~1\outpost.exe /waitservice
O4 - HKLM\..\RunServices: [rollbk] C:\WINDOWS\msmpatch.exe
O4 - HKLM\..\RunServices: [AvSer] C:\WINDOWS\msmpatch.exe
O4 - HKLM\..\RunServices: [DsmSer] C:\WINDOWS\System32\sysup.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Vanisher] C:\spywarevanisher-free\FreeScanner.exe -FastScan
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZBzeb032YYGB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\AGNITUM\OUTPOS~1\TRASH.EXE (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\AGNITUM\OUTPOS~1\TRASH.EXE (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...up1.0.0.8-2.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - https://ukplay.toontown.com/download/sv1.0.15.19/ttinst.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/...tterInstall.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing)
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\AGNITUM\OUTPOS~1\outpost.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS

Tech Clinic / Guestolo can u help me

« on: March 24, 2005, 05:03:46 PM »

p.s. im using windows xp but for sum reason i dont seem to be able to access system restore. its not there in my computer>properties

Tech Clinic / Guestolo can u help me

« on: March 24, 2005, 04:56:08 PM »

Here is the log

* DLLCompare Log version(1.0.0.127)
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________

O^E says: "There were no files found

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />"
________________________________________________

1,202 items found: 1,202 files, 0 directories.
Total of file sizes: 237,724,706 bytes 226.71 M

Administrator Account = True

--------------------End log---------------------

nothing was in the lower pane. the files which infected my computer were in c; and were hidden. they were "shortcuts to MSDOS mode"

I delete them and they come straight back. Sometimes i manage to delete them and then i can get into this forum but when i restart they r back again and it closes the window everytime i try and get into this forum or download a firewall or something like that

Tech Clinic / Guestolo can u help me

« on: March 21, 2005, 07:11:09 AM »

guestolo can u help meplease ?

this is my hijackthis log, is my coputer in a bad way? ive already paid sum a few times but it keeps breaking they dont seem to know wat theyre doin

Logfile of HijackThis v1.99.1
Scan saved at 12:05:33, on 21/03/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Documents and Settings\Claire\Desktop\hijackthis.exe
C:\Program Files\HP\hpcoretech\comp\hpdarc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Claire\LOCALS~1\Temp\sp.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O1 - Hosts: 213.199.154.54 www.symantec.com
O1 - Hosts: 213.199.154.54 www.sophos.com
O1 - Hosts: 213.199.154.54 www.mcafee.com
O1 - Hosts: 213.199.154.54 www.viruslist.com
O1 - Hosts: 213.199.154.54 www.f-secure.com
O1 - Hosts: 213.199.154.54 www.avp.com
O1 - Hosts: 213.199.154.54 www.kaspersky.com
O1 - Hosts: 213.199.154.54 www.networkassociates.com
O1 - Hosts: 213.199.154.54 www.ca.com
O1 - Hosts: 213.199.154.54 www.my-etrust.com
O1 - Hosts: 213.199.154.54 www.nai.com
O1 - Hosts: 213.199.154.54 www.trendmicro.com
O1 - Hosts: 213.199.154.54 www.grisoft.com
O1 - Hosts: 213.199.154.54 securityresponse.symantec.com
O1 - Hosts: 213.199.154.54 symantec.com
O1 - Hosts: 213.199.154.54 sophos.com
O1 - Hosts: 213.199.154.54 mcafee.com
O1 - Hosts: 213.199.154.54 liveupdate.symantecliveupdate.com
O1 - Hosts: 213.199.154.54 viruslist.com
O1 - Hosts: 213.199.154.54 f-secure.com
O1 - Hosts: 213.199.154.54 kaspersky.com
O1 - Hosts: 213.199.154.54 kaspersky-labs.com
O1 - Hosts: 213.199.154.54 avp.com
O1 - Hosts: 213.199.154.54 networkassociates.com
O1 - Hosts: 213.199.154.54 ca.com
O1 - Hosts: 213.199.154.54 mast.mcafee.com
O1 - Hosts: 213.199.154.54 my-etrust.com
O1 - Hosts: 213.199.154.54 download.mcafee.com
O1 - Hosts: 213.199.154.54 dispatch.mcafee.com
O1 - Hosts: 213.199.154.54 secure.nai.com
O1 - Hosts: 213.199.154.54 nai.com
O1 - Hosts: 213.199.154.54 update.symantec.com
O1 - Hosts: 213.199.154.54 updates.symantec.com
O1 - Hosts: 213.199.154.54 us.mcafee.com
O1 - Hosts: 213.199.154.54 liveupdate.symantec.com
O1 - Hosts: 213.199.154.54 customer.symantec.com
O1 - Hosts: 213.199.154.54 rads.mcafee.com
O1 - Hosts: 213.199.154.54 trendmicro.com
O1 - Hosts: 213.199.154.54 grisoft.com
O1 - Hosts: 213.199.154.54 sandbox.norman.no
O1 - Hosts: 213.199.154.54 www.pandasoftware.com
O1 - Hosts: 213.199.154.54 uk.trendmicro-europe.com
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: Band Class - {8272B062-BD4D-4EAD-A149-45B3CE3F5CDA} - C:\WINDOWS\GPalm.dll
O2 - BHO: (no name) - {FAF4BD81-3B6B-4216-8EFA-7D9B8D64CEFB} - C:\WINDOWS\System32\pkcbmg.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Band Class - {8272B062-BD4D-4EAD-A149-45B3CE3F5CDA} - C:\WINDOWS\GPalm.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [mzfouoyq] C:\WINDOWS\System32\awkkej.exe
O4 - HKLM\..\Run: [SpySpotter] C:\PROGRA~1\SPYSPO~1\SpySpotter.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [GreasyPalmUpdate] C:\WINDOWS\GreasyPalmUpdate.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [rollbk] C:\WINDOWS\msmpatch.exe
O4 - HKLM\..\Run: [AvSer] C:\WINDOWS\System32\svosm.exe
O4 - HKLM\..\Run: [DsmSer] C:\WINDOWS\System32\svosm.exe
O4 - HKLM\..\RunServices: [rollbk] C:\WINDOWS\msmpatch.exe
O4 - HKLM\..\RunServices: [AvSer] C:\WINDOWS\System32\svosm.exe
O4 - HKLM\..\RunServices: [DsmSer] C:\WINDOWS\System32\svosm.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Vanisher] C:\spywarevanisher-free\FreeScanner.exe -FastScan
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZBzeb032YYGB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...up1.0.0.8-2.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - https://ukplay.toontown.com/download/sv1.0.15.19/ttinst.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/...tterInstall.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing)
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS

Tech Clinic / Another Ist svc problem.

« on: March 12, 2005, 01:13:42 PM »

Hi Claire McC
Can I get you to repost your Hijackthis log
In your other post, thanks

~guestolo~

Here's a link
Click Here

Tech Clinic / HELP ME GUESTOLO

« on: March 12, 2005, 12:32:54 PM »

CAN U HELP ME!!!!!!!!!!!!!

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/blink.gif\' class=\'bbc_emoticon\' alt=\':blink:\' />

Pages: [1]

TheTechGuide Forum

News:

Show Posts

Messages - ClaireMcC

Tech Clinic / need help please

Tech Clinic / need help please

Tech Clinic / need help please

Tech Clinic / need help please

Tech Clinic / need help please

Tech Clinic / need help please

Tech Clinic / need help please

Tech Clinic / need help please

Tech Clinic / Guestolo can u help me

Tech Clinic / Guestolo can u help me

Tech Clinic / Guestolo can u help me

Tech Clinic / Another Ist svc problem.

Tech Clinic / HELP ME GUESTOLO