Tech Support Forum banner
Cancel

malware problem

1291 Views 8 Replies 2 Participants Last post by  whodat
B
hi there guys,
been awhile since i've needed any of your fine help. seems i had a buddy use my comp an hes managed to d/l a malware program..
ive found these in my install/uninstall programs but its not letting me uninstall them
" Home Search assistent"
"search extender"
"shopping wizard"

here is my hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 4:13:49 AM, on 9/17/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1

(6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\Internet

Security\pccguide.exe
C:\Program Files\Trend Micro\Internet

Security\PCClient.exe
C:\Program Files\Trend Micro\Internet

Security\TMOAgent.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program

Files\Creative\SBAudigy\TaskBar\CTLTray.exe
C:\Program

Files\Creative\SBAudigy\TaskBar\CTLTask.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft

Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet

Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet

Security\tmproxy.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Trend Micro\Internet

Security\PccPfw.exe
C:\Program Files\Active Ports\aports.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\iebr32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\atlje32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\byrdbabe\Local

Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Search Bar =

res://C:\WINDOWS\system32\evnxg.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Search Bar =

res://C:\WINDOWS\system32\evnxg.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet

Explorer\Search,SearchAssistant =

res://C:\WINDOWS\system32\evnxg.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet

Explorer\SearchURL,(Default) =

http://red.clientapps.yahoo.com/customize/ie/defa

ults/su/ymsgr/*http://www.yahoo.com
R1 -

HKCU\Software\Microsoft\Windows\CurrentVersion\In

ternet Settings,ProxyServer =

http=http://www.braingell.com/newchat.htm:80
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) -

{53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Class -

{A7405714-D118-DB1E-B64A-2D6E9FB1AC21} -

C:\WINDOWS\system32\d3hm32.dll
O3 - Toolbar: &Radio -

{8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroCheck]

C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Jet Detection] C:\Program

Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program

Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program

Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program

Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program

Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program

Files\Trend Micro\Internet Security\TMOAgent.exe"

/run
O4 - HKLM\..\Run: [UpdateManager] "C:\Program

Files\Common Files\Sonic\Update

Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [atlje32.exe]

C:\WINDOWS\system32\atlje32.exe
O4 - HKCU\..\Run: [ctfmon.exe]

C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [TaskTray] "C:\Program

Files\Creative\SBAudigy\TaskBar\CTLTray.exe"
O4 - HKCU\..\Run: [TaskBar] "C:\Program

Files\Creative\SBAudigy\TaskBar\CTLTask.exe"
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk =

C:\Program Files\Microsoft

Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet

Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet

Explorer\Control Panel present
O9 - Extra button: Trace -

{04849C74-016E-4a43-8AA5-1F01DE57F4A1} -

C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace -

{04849C74-016E-4a43-8AA5-1F01DE57F4A1} -

C:\Program Files\VisualRoute\vrie.dll
O9 - Extra button: AIM -

{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -

C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: ChatSpace Full Java Client 4.0.0.301 -

http://irc.everywherechat.com:8000/Java/cfs40301.

cab
O16 - DPF: ChatSpace Full Java Client 4.0.0.320 -

http://66.117.5.154:8080/Java/cfs40320.cab
O16 - DPF: ChatSpace Java Client 2.0.0.66 -

http://66.117.5.154:8080/Java/cs4ms066.cab
O16 - DPF: Yahoo! Backgammon -

http://download.games.yahoo.com/games/clients/y/a

t0_x.cab
O16 - DPF: Yahoo! Literati -

http://download.games.yahoo.com/games/clients/y/t

t3_x.cab
O16 - DPF: Yahoo! Pool 2 -

http://download.games.yahoo.com/games/clients/y/p

otc_x.cab
O16 - DPF: Yahoo! Pyramids -

http://download.games.yahoo.com/games/clients/y/p

yt1_x.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715}

(Creative Software AutoUpdate) -

http://us.creative.com/support/downloads/su/ocx/1

2119/CTSUEng.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537}

(MSN Photo Upload Tool) -

http://by3fd.bay3.hotmail.msn.com/resources/MsnPU

pld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}

(WUWebControl Class) -

http://update.microsoft.com/windowsupdate/v6/V5Co

ntrols/en/x86/client/wuweb_site.cab?1120592592236
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}

(MUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6/V5

Controls/en/x86/client/muweb_site.cab?11237569199

86
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61}

(HouseCall Control) -

http://a840.g.akamai.net/7/840/537/2004061001/hou

secall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48}

(Yahoo! Webcam Upload Wrapper) -

http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}

(MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/MsnMessengerSet

upDownloader.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29}

(Creative Software AutoUpdate Support Package) -

http://us.creative.com/support/downloads/su/ocx/1

2119/CTPID.cab
O18 - Protocol: msnim -

{828030A1-22C1-4009-854F-8E305202313F} -

"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Workstation NetLogon Service (

11Fßä#·ºÄÖ`I) - Unknown owner -

C:\WINDOWS\system32\iebr32.exe
O23 - Service: Creative Service for CDROM Access

- Creative Technology Ltd -

C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Trend Micro Personal Firewall

(PccPfw) - Trend Micro Incorporated. - C:\Program

Files\Trend Micro\Internet Security\PccPfw.exe
O23 - Service: Trend NT Realtime Service

(Tmntsrv) - Trend Micro Incorporated. -

C:\Program Files\Trend Micro\Internet

Security\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service

(tmproxy) - Trend Micro Incorporated. -

C:\Program Files\Trend Micro\Internet

Security\tmproxy.exe

i see a few things that are def offkey an nothing that i know should be in my comp..

any help on ditching this beast would be much grateful

thnx
byrd
See less See more
Save
Like
Status
Not open for further replies.
1 - 9 of 9 Posts
B
p.s. my trend antivirus keeps popin up with a quarantine of "TROJ_STARTPAG.RE...

heres a text log of the past 12 hours

Log List
"Time","Scan Type","Source Type","Virus Name","Infected Source","First Action","Second Action"
"18:18","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"18:23","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"18:24","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"18:25","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"18:28","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"18:30","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"18:30","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"18:30","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"18:32","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"18:52","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"18:52","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"18:57","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"18:58","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"18:59","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"19:01","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"19:01","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"19:03","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"19:06","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"19:06","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"19:07","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"19:08","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"19:17","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"19:21","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"19:26","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"19:27","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"19:33","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"19:33","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"19:42","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"20:13","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"20:15","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
See less See more
Save
Like
W
try ewido -- link below -- on the first find, click box to fix rest
Save
Like
B
ive already ran spybot, adaware and trend scan, i have already found the virus, looking for a way to ditch it for good tnx :)..all the above only make the problem to be a little more quiet untill next bootup...being able to get to the root of the little jerk and yanking him out totally, would be a plus :):)

kris
Save
Like
W
did you try it in safemode?
Save
Like
B
i'm gettin a bit tee'd off to say the least. i tried ewido etc etc etc... everytime i open a new ie window the virus changes the file name so i cant catch the jerk,.altho i see the name changes clear as a bell in my task manager process list

seems to be commin from search extender aka smartfinder.com. i'm tryin to uninstall it but its not letting me.
Save
Like
W
ok
repost your hyjack log in the hyjack section in the forum so the security people can have a look.
Save
Like
B
new hijack log. please help!!!

i cant ditch this pig.
..this is the page that comes up when i try to uninstall the program " http://looking-for.cc/smartfinder/uninstall/HomeSearchAssistant.html "

and heres the latest hijackthis log after using 3 different antispyware programs AND running my trend scan again...


Logfile of HijackThis v1.99.1
Scan saved at 8:13:45 AM, on 9/17/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\Program Files\Trend Micro\Internet Security\pccguide.exe
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe
C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Active Ports\aports.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\iemi.exe
C:\WINDOWS\appht.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

res://C:\WINDOWS\system32\evnxg.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

res://C:\WINDOWS\system32\evnxg.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet

Explorer\Search,SearchAssistant =

res://C:\WINDOWS\system32\evnxg.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)

=

http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*ht

tp://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyServer =

http=http://www.braingell.com/newchat.htm:80
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {26E902A0-CEDD-955D-4562-FC8012F9AFA9} -

C:\WINDOWS\mswn.dll
O2 - BHO: Class - {A489B1F3-100E-16A2-FA75-AF3CFD059260} -

C:\WINDOWS\apiul.dll
O2 - BHO: Class - {A7405714-D118-DB1E-B64A-2D6E9FB1AC21} -

C:\WINDOWS\system32\d3hm32.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Jet Detection] C:\Program

Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash

Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program

Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend

Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend

Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend

Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common

Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [mswn.exe] C:\WINDOWS\mswn.exe
O4 - HKLM\..\Run: [javacl32.exe] C:\WINDOWS\system32\javacl32.exe
O4 - HKLM\..\Run: [netsv32.exe] C:\WINDOWS\system32\netsv32.exe
O4 - HKLM\..\Run: [nettj32.exe] C:\WINDOWS\nettj32.exe
O4 - HKLM\..\Run: [crep32.exe] C:\WINDOWS\crep32.exe
O4 - HKLM\..\Run: [appmr32.exe] C:\WINDOWS\system32\appmr32.exe
O4 - HKLM\..\Run: [iemi.exe] C:\WINDOWS\iemi.exe
O4 - HKLM\..\RunOnce: [ipwg32.exe] C:\WINDOWS\ipwg32.exe
O4 - HKLM\..\RunOnce: [mfcae32.exe] C:\WINDOWS\mfcae32.exe
O4 - HKLM\..\RunOnce: [appht.exe] C:\WINDOWS\appht.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [TaskTray] "C:\Program

Files\Creative\SBAudigy\TaskBar\CTLTray.exe"
O4 - HKCU\..\Run: [TaskBar] "C:\Program

Files\Creative\SBAudigy\TaskBar\CTLTask.exe"
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program

Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WorldAntiSpy.lnk = C:\Program

Files\WorldAntiSpy\WorldAntiSpy.exe
O6 - HKCU\Software\Policies\Microsoft\Internet

Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control

Panel present
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1}

- C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace -

{04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program

Files\VisualRoute\vrie.dll
O16 - DPF: ChatSpace Full Java Client 4.0.0.320 -

http://66.117.5.154:8080/Java/cfs40320.cab
O16 - DPF: ChatSpace Java Client 2.0.0.66 -

http://66.117.5.154:8080/Java/cs4ms066.cab
O16 - DPF: Yahoo! Backgammon -

http://download.games.yahoo.com/games/clients/y/at0_x.cab
O16 - DPF: Yahoo! Literati -

http://download.games.yahoo.com/games/clients/y/tt3_x.cab
O16 - DPF: Yahoo! Pool 2 -

http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: Yahoo! Pyramids -

http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative

Software AutoUpdate) -

http://us.creative.com/support/downloads/su/ocx/12119/CTSUEng.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo

Upload Tool) -

http://by3fd.bay3.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl

Class) -

http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cli

ent/wuweb_site.cab?1120592592236
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl

Class) -

http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/c

lient/muweb_site.cab?1123756919986
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall

Control) -

http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro

.com/housecall/xscan53.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam

Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}

(MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative

Software AutoUpdate Support Package) -

http://us.creative.com/support/downloads/su/ocx/12119/CTPID.cab
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) -

Unknown owner - C:\WINDOWS\system32\iebr32.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative

Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks -

C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks -

C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend

Micro Incorporated. - C:\Program Files\Trend Micro\Internet

Security\PccPfw.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro

Incorporated. - C:\Program Files\Trend Micro\Internet

Security\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro

Incorporated. - C:\Program Files\Trend Micro\Internet

Security\tmproxy.exe
See less See more
Save
Like
W
ok then
i noticed you sent it to the hyjack section
give them some time, its the weekend, after awhile we can bump the thread up.
good luck
Save
Like
1 - 9 of 9 Posts
Status
Not open for further replies.
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support

Top Contributors this Month

View All
spunk.funk
SpywareDr
Gary R
Recommended Communities
Community avatar for SkyscraperCity
SkyscraperCity
1M+ members
Community avatar for AVS Forum
AVS Forum
1M+ members
Community avatar for Climbing
Climbing
NEW!
30+ members
Top