Tech Support banner

Status
Not open for further replies.
1 - 9 of 9 Posts

·
Registered
Joined
·
18 Posts
Discussion Starter #1
hi there guys,
been awhile since i've needed any of your fine help. seems i had a buddy use my comp an hes managed to d/l a malware program..
ive found these in my install/uninstall programs but its not letting me uninstall them
" Home Search assistent"
"search extender"
"shopping wizard"

here is my hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 4:13:49 AM, on 9/17/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1

(6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\Internet

Security\pccguide.exe
C:\Program Files\Trend Micro\Internet

Security\PCClient.exe
C:\Program Files\Trend Micro\Internet

Security\TMOAgent.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program

Files\Creative\SBAudigy\TaskBar\CTLTray.exe
C:\Program

Files\Creative\SBAudigy\TaskBar\CTLTask.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft

Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet

Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet

Security\tmproxy.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Trend Micro\Internet

Security\PccPfw.exe
C:\Program Files\Active Ports\aports.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\iebr32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\atlje32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\byrdbabe\Local

Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Search Bar =

res://C:\WINDOWS\system32\evnxg.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Search Bar =

res://C:\WINDOWS\system32\evnxg.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet

Explorer\Search,SearchAssistant =

res://C:\WINDOWS\system32\evnxg.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet

Explorer\SearchURL,(Default) =

http://red.clientapps.yahoo.com/customize/ie/defa

ults/su/ymsgr/*http://www.yahoo.com
R1 -

HKCU\Software\Microsoft\Windows\CurrentVersion\In

ternet Settings,ProxyServer =

http=http://www.braingell.com/newchat.htm:80
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) -

{53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Class -

{A7405714-D118-DB1E-B64A-2D6E9FB1AC21} -

C:\WINDOWS\system32\d3hm32.dll
O3 - Toolbar: &Radio -

{8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroCheck]

C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Jet Detection] C:\Program

Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program

Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program

Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program

Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program

Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program

Files\Trend Micro\Internet Security\TMOAgent.exe"

/run
O4 - HKLM\..\Run: [UpdateManager] "C:\Program

Files\Common Files\Sonic\Update

Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [atlje32.exe]

C:\WINDOWS\system32\atlje32.exe
O4 - HKCU\..\Run: [ctfmon.exe]

C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [TaskTray] "C:\Program

Files\Creative\SBAudigy\TaskBar\CTLTray.exe"
O4 - HKCU\..\Run: [TaskBar] "C:\Program

Files\Creative\SBAudigy\TaskBar\CTLTask.exe"
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk =

C:\Program Files\Microsoft

Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet

Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet

Explorer\Control Panel present
O9 - Extra button: Trace -

{04849C74-016E-4a43-8AA5-1F01DE57F4A1} -

C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace -

{04849C74-016E-4a43-8AA5-1F01DE57F4A1} -

C:\Program Files\VisualRoute\vrie.dll
O9 - Extra button: AIM -

{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -

C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: ChatSpace Full Java Client 4.0.0.301 -

http://irc.everywherechat.com:8000/Java/cfs40301.

cab
O16 - DPF: ChatSpace Full Java Client 4.0.0.320 -

http://66.117.5.154:8080/Java/cfs40320.cab
O16 - DPF: ChatSpace Java Client 2.0.0.66 -

http://66.117.5.154:8080/Java/cs4ms066.cab
O16 - DPF: Yahoo! Backgammon -

http://download.games.yahoo.com/games/clients/y/a

t0_x.cab
O16 - DPF: Yahoo! Literati -

http://download.games.yahoo.com/games/clients/y/t

t3_x.cab
O16 - DPF: Yahoo! Pool 2 -

http://download.games.yahoo.com/games/clients/y/p

otc_x.cab
O16 - DPF: Yahoo! Pyramids -

http://download.games.yahoo.com/games/clients/y/p

yt1_x.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715}

(Creative Software AutoUpdate) -

http://us.creative.com/support/downloads/su/ocx/1

2119/CTSUEng.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537}

(MSN Photo Upload Tool) -

http://by3fd.bay3.hotmail.msn.com/resources/MsnPU

pld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}

(WUWebControl Class) -

http://update.microsoft.com/windowsupdate/v6/V5Co

ntrols/en/x86/client/wuweb_site.cab?1120592592236
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}

(MUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6/V5

Controls/en/x86/client/muweb_site.cab?11237569199

86
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61}

(HouseCall Control) -

http://a840.g.akamai.net/7/840/537/2004061001/hou

secall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48}

(Yahoo! Webcam Upload Wrapper) -

http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}

(MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/MsnMessengerSet

upDownloader.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29}

(Creative Software AutoUpdate Support Package) -

http://us.creative.com/support/downloads/su/ocx/1

2119/CTPID.cab
O18 - Protocol: msnim -

{828030A1-22C1-4009-854F-8E305202313F} -

"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Workstation NetLogon Service (

11Fßä#·ºÄÖ`I) - Unknown owner -

C:\WINDOWS\system32\iebr32.exe
O23 - Service: Creative Service for CDROM Access

- Creative Technology Ltd -

C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Trend Micro Personal Firewall

(PccPfw) - Trend Micro Incorporated. - C:\Program

Files\Trend Micro\Internet Security\PccPfw.exe
O23 - Service: Trend NT Realtime Service

(Tmntsrv) - Trend Micro Incorporated. -

C:\Program Files\Trend Micro\Internet

Security\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service

(tmproxy) - Trend Micro Incorporated. -

C:\Program Files\Trend Micro\Internet

Security\tmproxy.exe

i see a few things that are def offkey an nothing that i know should be in my comp..

any help on ditching this beast would be much grateful

thnx
byrd
 

·
Registered
Joined
·
18 Posts
Discussion Starter #2
p.s. my trend antivirus keeps popin up with a quarantine of "TROJ_STARTPAG.RE...

heres a text log of the past 12 hours

Log List
"Time","Scan Type","Source Type","Virus Name","Infected Source","First Action","Second Action"
"18:18","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"18:23","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"18:24","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"18:25","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"18:28","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"18:30","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"18:30","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"18:30","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"18:32","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"18:52","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"18:52","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"18:57","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"18:58","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"18:59","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"19:01","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"19:01","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"19:03","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"19:06","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"19:06","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"19:07","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"19:08","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"19:17","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"19:21","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"19:26","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"19:27","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"19:33","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"19:33","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"19:42","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"20:13","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
"20:15","Real-time Scan","File","TROJ_STARTPAG.RE","C:\WINDOWS\system32\evnxg.dll","Quarantine Successful",""
 

·
Registered
Joined
·
18 Posts
Discussion Starter #4
ive already ran spybot, adaware and trend scan, i have already found the virus, looking for a way to ditch it for good tnx :)..all the above only make the problem to be a little more quiet untill next bootup...being able to get to the root of the little jerk and yanking him out totally, would be a plus :):)

kris
 

·
Registered
Joined
·
18 Posts
Discussion Starter #6
i'm gettin a bit tee'd off to say the least. i tried ewido etc etc etc... everytime i open a new ie window the virus changes the file name so i cant catch the jerk,.altho i see the name changes clear as a bell in my task manager process list

seems to be commin from search extender aka smartfinder.com. i'm tryin to uninstall it but its not letting me.
 

·
Registered
Joined
·
18 Posts
Discussion Starter #8
new hijack log. please help!!!

i cant ditch this pig.
..this is the page that comes up when i try to uninstall the program " http://looking-for.cc/smartfinder/uninstall/HomeSearchAssistant.html "

and heres the latest hijackthis log after using 3 different antispyware programs AND running my trend scan again...


Logfile of HijackThis v1.99.1
Scan saved at 8:13:45 AM, on 9/17/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\Program Files\Trend Micro\Internet Security\pccguide.exe
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe
C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Active Ports\aports.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\iemi.exe
C:\WINDOWS\appht.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

res://C:\WINDOWS\system32\evnxg.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

res://C:\WINDOWS\system32\evnxg.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet

Explorer\Search,SearchAssistant =

res://C:\WINDOWS\system32\evnxg.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)

=

http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*ht

tp://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyServer =

http=http://www.braingell.com/newchat.htm:80
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {26E902A0-CEDD-955D-4562-FC8012F9AFA9} -

C:\WINDOWS\mswn.dll
O2 - BHO: Class - {A489B1F3-100E-16A2-FA75-AF3CFD059260} -

C:\WINDOWS\apiul.dll
O2 - BHO: Class - {A7405714-D118-DB1E-B64A-2D6E9FB1AC21} -

C:\WINDOWS\system32\d3hm32.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Jet Detection] C:\Program

Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash

Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program

Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend

Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend

Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend

Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common

Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [mswn.exe] C:\WINDOWS\mswn.exe
O4 - HKLM\..\Run: [javacl32.exe] C:\WINDOWS\system32\javacl32.exe
O4 - HKLM\..\Run: [netsv32.exe] C:\WINDOWS\system32\netsv32.exe
O4 - HKLM\..\Run: [nettj32.exe] C:\WINDOWS\nettj32.exe
O4 - HKLM\..\Run: [crep32.exe] C:\WINDOWS\crep32.exe
O4 - HKLM\..\Run: [appmr32.exe] C:\WINDOWS\system32\appmr32.exe
O4 - HKLM\..\Run: [iemi.exe] C:\WINDOWS\iemi.exe
O4 - HKLM\..\RunOnce: [ipwg32.exe] C:\WINDOWS\ipwg32.exe
O4 - HKLM\..\RunOnce: [mfcae32.exe] C:\WINDOWS\mfcae32.exe
O4 - HKLM\..\RunOnce: [appht.exe] C:\WINDOWS\appht.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [TaskTray] "C:\Program

Files\Creative\SBAudigy\TaskBar\CTLTray.exe"
O4 - HKCU\..\Run: [TaskBar] "C:\Program

Files\Creative\SBAudigy\TaskBar\CTLTask.exe"
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program

Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WorldAntiSpy.lnk = C:\Program

Files\WorldAntiSpy\WorldAntiSpy.exe
O6 - HKCU\Software\Policies\Microsoft\Internet

Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control

Panel present
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1}

- C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace -

{04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program

Files\VisualRoute\vrie.dll
O16 - DPF: ChatSpace Full Java Client 4.0.0.320 -

http://66.117.5.154:8080/Java/cfs40320.cab
O16 - DPF: ChatSpace Java Client 2.0.0.66 -

http://66.117.5.154:8080/Java/cs4ms066.cab
O16 - DPF: Yahoo! Backgammon -

http://download.games.yahoo.com/games/clients/y/at0_x.cab
O16 - DPF: Yahoo! Literati -

http://download.games.yahoo.com/games/clients/y/tt3_x.cab
O16 - DPF: Yahoo! Pool 2 -

http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: Yahoo! Pyramids -

http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative

Software AutoUpdate) -

http://us.creative.com/support/downloads/su/ocx/12119/CTSUEng.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo

Upload Tool) -

http://by3fd.bay3.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl

Class) -

http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cli

ent/wuweb_site.cab?1120592592236
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl

Class) -

http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/c

lient/muweb_site.cab?1123756919986
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall

Control) -

http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro

.com/housecall/xscan53.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam

Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}

(MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative

Software AutoUpdate Support Package) -

http://us.creative.com/support/downloads/su/ocx/12119/CTPID.cab
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) -

Unknown owner - C:\WINDOWS\system32\iebr32.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative

Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks -

C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks -

C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend

Micro Incorporated. - C:\Program Files\Trend Micro\Internet

Security\PccPfw.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro

Incorporated. - C:\Program Files\Trend Micro\Internet

Security\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro

Incorporated. - C:\Program Files\Trend Micro\Internet

Security\tmproxy.exe
 

·
Registered
Joined
·
6,168 Posts
ok then
i noticed you sent it to the hyjack section
give them some time, its the weekend, after awhile we can bump the thread up.
good luck
 
1 - 9 of 9 Posts
Status
Not open for further replies.
Top