Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - Tsowdsun

Pages: [1]

Tech Clinic / Bad popups

« on: May 31, 2005, 10:25:04 AM »

Updated to latest rev and I am only familiar with the Entrust that is a security program for my company for VPN login. The funk software, I have never used it or seen it listed in my programs.

Here is the latest logfile and thanks for your help!

Logfile of HijackThis v1.99.1
Scan saved at 10:22:25 AM, on 5/31/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
c:\Program Files\INSIGHT\TOOLS\AICLIENT.EXE
C:\Program Files\AccessManager\Client\AMBroker.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
C:\WINNT\etlisrv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
c:\Program Files\Network Associates\VirusScan\Mcshield.exe
c:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\AccessManager\PMAC\sp_SWIns.exe
C:\WINNT\System32\vxob\vsqrxp.exe
c:\winnt\software\wcomagent\collectionagent.exe
c:\_integra\bin\ccmagent.exe
C:\Program Files\Funk Software\Proxy Host\PH32SVC.EXE
c:\_integra\bin\shstart.exe
C:\Program Files\Funk Software\Proxy Host\PHOST32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\AccessManager\Client\AccessMgr.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINNT\system32\etlitr50.exe
C:\Program Files\SpamPal\spampal.exe
c:\Program Files\Microsoft Office\Office10\WINWORD.EXE
c:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\explorer.exe
c:\Program Files\WinZip\WINZIP32.EXE
C:\Documents and Settings\bryan.munson\Local Settings\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tertl.mcilink.com/reviewplan.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://tertl.mcilink.com/reviewplan.asp
F2 - REG:system.ini: UserInit=c:\winnt\system32\userinit.exe,c:\_integra\bin\shstart.exe
O1 - Hosts: 216.39.69.102 view.atdmt.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [vsqrxp] C:\WINNT\System32\vxob\vsqrxp.exe
O4 - HKLM\..\Run: [ProxyHostTrayIcon] "C:\Program Files\Funk Software\Proxy Host\PHOST32.EXE" -s
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "c:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AccessManager] C:\Program Files\AccessManager\Client\AccessMgr.exe
O4 - HKLM\..\Run: [ShStatEXE] "c:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [MSMSGS] "c:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe
O4 - Global Startup: Entrust.lnk = C:\WINNT\system32\etlitr50.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: c:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll
O16 - DPF: {1367EE21-17B1-11D2-82E2-00608C62F5A7} (fmbt_nav.Nav) - http://fmbt.mcilink.com/fmbtscripts/fmbt_nav.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1103250210761
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://129.93.44.113/activex/AxisCamControl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = na.dsmain.com
O17 - HKLM\Software\..\Telephony: DomainName = mcilink.com
O23 - Service: Asset Insight Client (AICLIENT) - Unknown owner - c:\Program Files\INSIGHT\TOOLS\AICLIENT.EXE
O23 - Service: Access Manager Configuration Service (AMBroker) - Unknown owner - C:\Program Files\AccessManager\Client\AMBroker.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
O23 - Service: Visual Insight DA Plugin (DAPlugin) - WorldCom - C:\Program Files\AccessManager\Client\DAPlugin.exe
O23 - Service: Entrust Login Interface (ELIService) - Entrust Technologies Ltd. - C:\WINNT\etlisrv.exe
O23 - Service: fyodtmqpyjwc - Unknown owner - C:\WINNT\System32\qpyjwc\fyodtm.exe (file missing)
O23 - Service: gcryrkrg - Unknown owner - C:\WINNT\System32\rkrg\gcry.exe (file missing)
O23 - Service: hmxmnjiwhk - Unknown owner - C:\WINNT\System32\iwhk\hmxmnj.exe (file missing)
O23 - Service: kjunfosftnrlhr - Unknown owner - C:\WINNT\System32\ftnrlhr\kjunfos.exe (file missing)
O23 - Service: ktlmasfsqxd - Unknown owner - C:\WINNT\System32\asfsqxd\ktlm.exe (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - c:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - c:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: nwnwoppbdfff - Unknown owner - C:\WINNT\System32\pbdfff\nwnwop.exe (file missing)
O23 - Service: ofesfulnjef - Unknown owner - C:\WINNT\System32\fulnjef\ofes.exe (file missing)
O23 - Service: Oracleora817ClientCache - Unknown owner - C:\Program Files\Oracle\ora817\bin\ONRSD.EXE
O23 - Service: Proxy Host Service (ProxyHostService) - Funk Software, Inc. - C:\Program Files\Funk Software\Proxy Host\PH32SVC.EXE
O23 - Service: SP Software Installer - Smartpipes, Inc. - C:\Program Files\AccessManager\PMAC\sp_SWIns.exe
O23 - Service: Visual Insight Dial Analysis (sp_spi_da) - Smartpipes, Inc. - C:\Program Files\AccessManager\SMOC\spi_da.exe
O23 - Service: ucucbfrwhb - Unknown owner - C:\WINNT\System32\bfrwhb\ucuc.exe (file missing)
O23 - Service: vsqrxpvxob - Unknown owner - C:\WINNT\System32\vxob\vsqrxp.exe
O23 - Service: WorldCom License and Statistics Agent (WComAgent) - - c:\winnt\software\wcomagent\collectionagent.exe
O23 - Service: WControl - On Technology Corporation - c:\_integra\bin\ccmagent.exe

Tech Clinic / Bad popups

« on: May 26, 2005, 02:49:30 PM »

I have had no success in getting my computer spyware free. I can't totally remove FlashEnhancer and FlashTracker which is only found when I am running my PC normally and not in safe mode. In safe mode they can't be found.

Here is my HJT log file and would appreciate any and all help in getting this PC cleaned up!

Logfile of HijackThis v1.97.7
Scan saved at 2:39:35 PM, on 5/26/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
c:\Program Files\INSIGHT\TOOLS\AICLIENT.EXE
C:\Program Files\AccessManager\Client\AMBroker.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
C:\WINNT\etlisrv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
c:\Program Files\Network Associates\VirusScan\Mcshield.exe
c:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\AccessManager\PMAC\sp_SWIns.exe
C:\WINNT\System32\vxob\vsqrxp.exe
c:\winnt\software\wcomagent\collectionagent.exe
c:\_integra\bin\ccmagent.exe
C:\Program Files\Funk Software\Proxy Host\PH32SVC.EXE
c:\_integra\bin\shstart.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Funk Software\Proxy Host\PHOST32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\AccessManager\Client\AccessMgr.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINNT\system32\etlitr50.exe
C:\Program Files\SpamPal\spampal.exe
c:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
c:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\bryan.munson\My Documents\Desktop Items\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tertl.mcilink.com/reviewplan.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://tertl.mcilink.com/reviewplan.asp
F2 - REG:system.ini: UserInit=c:\winnt\system32\userinit.exe,c:\_integra\bin\shstart.exe
O1 - Hosts: 216.39.69.102 view.atdmt.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [vsqrxp] C:\WINNT\System32\vxob\vsqrxp.exe
O4 - HKLM\..\Run: [ProxyHostTrayIcon] "C:\Program Files\Funk Software\Proxy Host\PHOST32.EXE" -s
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "c:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AccessManager] C:\Program Files\AccessManager\Client\AccessMgr.exe
O4 - HKLM\..\Run: [ShStatEXE] "c:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKCU\..\Run: [MSMSGS] "c:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe
O4 - Global Startup: Entrust.lnk = C:\WINNT\system32\etlitr50.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)
O12 - Plugin for .spop: c:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {1367EE21-17B1-11D2-82E2-00608C62F5A7} (fmbt_nav.Nav) - http://fmbt.mcilink.com/fmbtscripts/fmbt_nav.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1103250210761
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://129.93.44.113/activex/AxisCamControl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = na.dsmain.com
O17 - HKLM\Software\..\Telephony: DomainName = mcilink.com

Tech Clinic / Green links? Float over and says "Sponsored Link"

« on: March 30, 2005, 03:49:20 PM »

LOG REMOVED

Pages: [1]

TheTechGuide Forum

News:

Show Posts

Messages - Tsowdsun

Tech Clinic / Bad popups

Tech Clinic / Bad popups

Tech Clinic / Green links? Float over and says "Sponsored Link"