Problems here...

sula · #1 04-12-2005, 03:46 PM

Ok well I'm kind of new to this, and I'm really not that good with computers so anyway...
My computer seems to have a lot of problems. My background is replaced by some sort of ad telling me that I have no spyware protection, lots of pop ups, and many other things... anyway, I really don't know what's going on.

So here's my logs.

Logfile of HijackThis v1.99.1
Scan saved at 15:33:40, on 2005-04-12
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\init32m.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe
C:\WINDOWS\System32\rundll32.exe
C:\windows\system32\taskmg.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\rnai.exe
C:\WINDOWS\System32\m?iexec.exe
C:\Program Files\NetAssistant\bin\mpbtn.exe
C:\Program Files\eMule\emule.exe
C:\DOCUME~1\Olivier\LOCALS~1\Temp\tmp58.tmp
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\shop1004.exe
C:\program files\internet explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\program files\internet explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\init32m.exe
C:\WINDOWS\System32\wisvccz.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\Olivier\LOCALS~1\Temp\Rar$EX00.625\Hij ackThis.exe
C:\program files\internet explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe init32m.exe
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe"
O4 - HKLM\..\Run: [Realtime Audio Engine] mmrtkrnl.exe
O4 - HKLM\..\Run: [Advanced Message Server] rundll32.exe ams491.dat,Execute
O4 - HKLM\..\Run: [wupdate] C:\WINDOWS\System32\wisvccz.exe
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\eliteuvf32.exe
O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\System32\canada.exe -N
O4 - HKLM\..\Run: [ap9h4qmo] C:\WINDOWS\System32\ap9h4qmo.exe
O4 - HKLM\..\Run: [SAHBundle] C:\DOCUME~1\Olivier\LOCALS~1\Temp\shop1004.exe run
O4 - HKLM\..\Run: [1EVnn9e] C:\WINDOWS\exbocthe.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Dosd] C:\WINDOWS\System32\rnai.exe
O4 - HKCU\..\Run: [Ysykt] C:\WINDOWS\System32\m?iexec.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - Startup: winupdate03430305[1].exe
O4 - Startup: winupdate07872521[1].exe
O4 - Startup: winupdate52561670[1].exe
O4 - Global Startup: Assistant Internet.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Universite Laval Client VPN ULaval.lnk = C:\Program Files\UnivLaval\vpngui.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {7A237B81-9A42-404D-89E5-76AA84F49C01} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7A237B81-9A42-404D-89E5-76AA84F49C01} - (no file) (HKCU)
O16 - DPF: v3cab - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {1F01C8C9-C6D3-5AC7-53DF-048E16451A2A} - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {2BA7DF23-C31A-3F24-520C-3EEB36728E80} - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {32E2DEDC-4925-7395-17C7-540131C39AC5} - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {466610E2-93B2-4094-C1B9-6756481BBF1F} - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {5161D29F-FFF7-6AF8-3EAE-3CBA611CD498} - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - [Only Registered and Activated Users Can See Links. Click Here To Register...]

Hope you can help me, thanks in advance....

*Mobo* · #2 04-12-2005, 07:11 PM

Hi sula

Lets start by first having you rescan once again with hijack, insert a check next to each of the following then close all other browser windows and click "fix checked"

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = [Only Registered and Activated Users Can See Links. Click Here To Register...]

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [Only Registered and Activated Users Can See Links. Click Here To Register...]

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Only Registered and Activated Users Can See Links. Click Here To Register...]

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Only Registered and Activated Users Can See Links. Click Here To Register...]

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [Only Registered and Activated Users Can See Links. Click Here To Register...]

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [Only Registered and Activated Users Can See Links. Click Here To Register...]

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [Only Registered and Activated Users Can See Links. Click Here To Register...]

F2 - REG:system.ini: Shell=Explorer.exe init32m.exe

O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll

O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll

O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Realtime Audio Engine] mmrtkrnl.exe

O4 - HKLM\..\Run: [Advanced Message Server] rundll32.exe ams491.dat,Execute

O4 - HKLM\..\Run: [wupdate] C:\WINDOWS\System32\wisvccz.exe

O4 - HKLM\..\Run: [etbrun] C:\windows\system32\eliteuvf32.exe

O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\System32\canada.exe -N

O4 - HKLM\..\Run: [ap9h4qmo] C:\WINDOWS\System32\ap9h4qmo.exe

O4 - HKLM\..\Run: [SAHBundle] C:\DOCUME~1\Olivier\LOCALS~1\Temp\shop1004.exe run

O4 - HKLM\..\Run: [1EVnn9e] C:\WINDOWS\exbocthe.exe

O4 - HKCU\..\Run: [Dosd] C:\WINDOWS\System32\rnai.exe

O4 - HKCU\..\Run: [Ysykt] C:\WINDOWS\System32\m?iexec.exe

O4 - Startup: winupdate03430305[1].exe

O4 - Startup: winupdate07872521[1].exe

O4 - Startup: winupdate52561670[1].exe

O16 - DPF: v3cab - [Only Registered and Activated Users Can See Links. Click Here To Register...]

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - [Only Registered and Activated Users Can See Links. Click Here To Register...]

O16 - DPF: {1F01C8C9-C6D3-5AC7-53DF-048E16451A2A} - [Only Registered and Activated Users Can See Links. Click Here To Register...]

O16 - DPF: {2BA7DF23-C31A-3F24-520C-3EEB36728E80} - [Only Registered and Activated Users Can See Links. Click Here To Register...]

O16 - DPF: {32E2DEDC-4925-7395-17C7-540131C39AC5} - [Only Registered and Activated Users Can See Links. Click Here To Register...]

O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - [Only Registered and Activated Users Can See Links. Click Here To Register...]

O16 - DPF: {466610E2-93B2-4094-C1B9-6756481BBF1F} - [Only Registered and Activated Users Can See Links. Click Here To Register...]

O16 - DPF: {5161D29F-FFF7-6AF8-3EAE-3CBA611CD498} - [Only Registered and Activated Users Can See Links. Click Here To Register...]

O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]

O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - [Only Registered and Activated Users Can See Links. Click Here To Register...]

Now download this program. [Only Registered and Activated Users Can See Links. Click Here To Register...]
Open it and in the space provided paste this line.
C:\WINDOWS\System32\wisvccz.exe

Then tick the "delete on reboot option"
Then click the red x.
When it asks to reboot select not to reboot at this time.

Now do the same for these lines as well.

C:\windows\system32\eliteuvf32.exe

C:\WINDOWS\System32\canada.exe -N

C:\WINDOWS\System32\ap9h4qmo.exe

C:\WINDOWS\exbocthe.exe

C:\WINDOWS\System32\rnai.exe

C:\WINDOWS\System32\m?iexec.exe

C:\WINDOWS\EliteSideBar

C:\WINDOWS\system32\init32m.exe

C:\windows\system32\taskmg.exe

C:\WINDOWS\shop1004.exe

C:\WINDOWS\System32\wisvccz.exe
Now do this please.
Navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Go to Start > Run and type %temp% in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.

Empty the Recycle Bin

Then this:

Go to Start>Run and type msconfig Press enter.

When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings Link on the left.

Check the box labeled Turn off System restore on all Drives.

Reboot. Go back in and Turn System Restore Back on. A new Restore Point will be created.

Now reboot

escan with hijackthis again and post a fresh log for me please.

sula · #3 04-12-2005, 09:31 PM

Hi, well first thanks for posting a reply so quicly.. really appreciated...

Now, I did as you told me, except for the end part.. with the msconfig thing.. since my window xp is in french.. (yeah i speak french...) I just couldn't translate everything... anyway here's my logs :

Logfile of HijackThis v1.99.1
Scan saved at 21:28:10, on 2005-04-12
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\NetAssistant\bin\mpbtn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\m?iexec.exe
C:\Documents and Settings\Olivier\Application Data\rnai.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Documents and Settings\Olivier\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Loader Class - {2E246FAE-8420-11D9-870D-000C2917DE7F} - C:\WINDOWS\SYSTEM\Loader.dll
O2 - BHO: (no name) - {C3EB1953-D4E3-8D19-CB7A-D8C86A8B2E90} - C:\WINDOWS\System32\pabu.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe"
O4 - HKLM\..\Run: [wupdate] C:\WINDOWS\System32\wisvccz.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Dosd] C:\Documents and Settings\Olivier\Application Data\rnai.exe
O4 - Startup: winupdate03430305[1].exe
O4 - Startup: winupdate07872521[1].exe
O4 - Startup: winupdate52561670[1].exe
O4 - Global Startup: Assistant Internet.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Universite Laval Client VPN ULaval.lnk = C:\Program Files\UnivLaval\vpngui.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {7A237B81-9A42-404D-89E5-76AA84F49C01} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7A237B81-9A42-404D-89E5-76AA84F49C01} - (no file) (HKCU)
O16 - DPF: {1EF4D8BD-9AE1-5236-FA26-62F94F5EFF27} - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {32E2DEDC-4925-7395-17C7-540131C39AC5} - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Hope i did everything right, so what's next ?
thanks again

*Mobo* · #4 04-12-2005, 11:23 PM

Rescan once again now and insert a check next to these then close all other open browser windows and click "fix checked"

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm

O2 - BHO: Loader Class - {2E246FAE-8420-11D9-870D-000C2917DE7F} - C:\WINDOWS\SYSTEM\Loader.dll

O2 - BHO: (no name) - {C3EB1953-D4E3-8D19-CB7A-D8C86A8B2E90} - C:\WINDOWS\System32\pabu.dll

O4 - HKLM\..\Run: [wupdate] C:\WINDOWS\System32\wisvccz.exe

O4 - HKCU\..\Run: [Dosd] C:\Documents and Settings\Olivier\Application Data\rnai.exe

O4 - Startup: winupdate03430305[1].exe

O4 - Startup: winupdate07872521[1].exe

O4 - Startup: winupdate52561670[1].exe

O16 - DPF: {1EF4D8BD-9AE1-5236-FA26-62F94F5EFF27} - [Only Registered and Activated Users Can See Links. Click Here To Register...]

O16 - DPF: {32E2DEDC-4925-7395-17C7-540131C39AC5} - [Only Registered and Activated Users Can See Links. Click Here To Register...]

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - [Only Registered and Activated Users Can See Links. Click Here To Register...]

Once again do the killbox process the same as you did earlier with these files:

C:\WINDOWS\System32\wisvccz.exe

C:\Documents and Settings\Olivier\Application Data\rnai.exe

C:\WINDOWS\System32\pabu.dll

C:\WINDOWS\SYSTEM\Loader.dll

C:\WINDOWS\about.htm

Then when completed :
Get The latest version of Adaware
You can download the free version here:
[Only Registered and Activated Users Can See Links. Click Here To Register...]

or here (alternate download location)
[Only Registered and Activated Users Can See Links. Click Here To Register...]

You need to be logged on as Adminstrator through the installation.
For ease in installation and operation, view the tutorial here [Only Registered and Activated Users Can See Links. Click Here To Register...]

Just download it to your desktop and then to install click on the file you just downloaded (aawsepersonal.exe). You will be guided through the installation. It is recommended to use the default setting of "Protect anyone who uses this computer".

On the main screen of Adaware please look for the *check for updates now* link, just above the start button in the bottom right corner or you can click on the Webupdate button that looks like a globe icon at the top. Press * connect* to let it check for any recent updates. If any are found, please let it download and install them.

Now, configure your settings. Click the gear icon at the top. These are the recommended settings:

AAW SE settings

General Button
Safety:
Check (Green) all three.

Advanced Button
Logfile Detail Level:
All options under this should be checked (Green).

Tweak Button
Check (Green) the following:
Log Files
Include basic Ad-Aware settings in logfile:
Include additional Ad-Aware settings in logfile:
Please do not check (Green): Include Module list in logfile:

On your first scan, use the Full Scan (Perform full system scan) mode.

Let Adaware remove any *bad* objects found. Reboot your PC and scan again. Repeat this process until no more bad items are found. It may take several scans to clean everything, depending on the type of infections found.

Download TDS-3 trojan scanner from [Only Registered and Activated Users Can See Links. Click Here To Register...]

Then you will need to manually update it so follow the instructions given here
[Only Registered and Activated Users Can See Links. Click Here To Register...]

Now open the program, pause until its finished its mini test then click system testing / full scan

If anything is found, right click and select delete to each when the scan completes itself.

Then reboot, rescan with hijack and post a fresh hijack log.

sula · #5 04-13-2005, 07:49 AM

Hi, well thanks again for all your advice.. don't know if everything is ok, but my computer seems to be running fine now...

Logfile of HijackThis v1.99.1
Scan saved at 07:46:08, on 2005-04-13
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\NetAssistant\bin\mpbtn.exe
C:\Documents and Settings\Olivier\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 64.91.255.87 [Only Registered and Activated Users Can See Links. Click Here To Register...]
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Startup: winupdate03430305[1].exe
O4 - Startup: winupdate07872521[1].exe
O4 - Startup: winupdate52561670[1].exe
O4 - Global Startup: Assistant Internet.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Universite Laval Client VPN ULaval.lnk = C:\Program Files\UnivLaval\vpngui.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {7A237B81-9A42-404D-89E5-76AA84F49C01} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7A237B81-9A42-404D-89E5-76AA84F49C01} - (no file) (HKCU)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Is there anything else I have to do ?
thanks again...

*Mobo* · #6 04-13-2005, 08:51 AM

I now need you to check out this :

Click start / run and type regedit then click ok.
Follow this path HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run
If the key winupdate is present, right click and delete it.

Do the same for these paths as well:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run Once\
HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services\

Then rescan withhijack insert a check next to these then click fix checked:
O1 - Hosts: 64.91.255.87 [Only Registered and Activated Users Can See Links. Click Here To Register...]
O4 - Startup: winupdate03430305[1].exe
O4 - Startup: winupdate07872521[1].exe
O4 - Startup: winupdate52561670[1].exe

Reboot, rescan and lets see one more fresh log.

sula · #7 04-14-2005, 09:31 PM

Hi ok, well I've checked were you told me... no sign of winupdate...son I did the rest...here's my log

Logfile of HijackThis v1.99.1
Scan saved at 21:29:30, on 2005-04-14
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\mocih.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\cmdtel.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe
C:\WINDOWS\System32\ufaticom.exe
C:\windows\system32\taskmg.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Documents and Settings\Olivier\Menu Démarrer\Programmes\Démarrage\winupdate03430305[1].exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\NetAssistant\bin\mpbtn.exe
C:\WINDOWS\System32\rundll32.exe
C:\Documents and Settings\Olivier\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Loader Class - {2E246FAE-8420-11D9-870D-000C2917DE7F} - C:\WINDOWS\SYSTEM\Loader.dll
O2 - BHO: BHOmodObj Class - {7F6828CA-9E42-462C-BC60-418C8144012C} - c:\windows\system\BHOmod.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe"
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [labjyji] c:\windows\xmdwvgd.exe
O4 - HKCU\..\Run: [eydqnxw] c:\windows\xmdwvgd.exe
O4 - HKCU\..\Run: [rbcqgpr] c:\windows\ayqswnt.exe
O4 - HKCU\..\Run: [qidkenp] c:\windows\ayqswnt.exe
O4 - HKCU\..\Run: [lxqqhkt] c:\windows\ayqswnt.exe
O4 - HKCU\..\Run: [qyiygej] c:\windows\ayqswnt.exe
O4 - HKCU\..\Run: [viggfwp] c:\windows\ayqswnt.exe
O4 - HKCU\..\Run: [yircvyf] c:\windows\ayqswnt.exe
O4 - HKCU\..\Run: [umloyqw] c:\windows\ayqswnt.exe
O4 - HKCU\..\Run: [jdrjtks] c:\windows\ayqswnt.exe
O4 - HKCU\..\Run: [grmfvmh] c:\windows\ayqswnt.exe
O4 - HKCU\..\Run: [kxmrqrt] c:\windows\ayqswnt.exe
O4 - HKCU\..\Run: [fdxhwqw] c:\windows\ayqswnt.exe
O4 - HKCU\..\Run: [ekfiwra] c:\windows\peqygva.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - Startup: winupdate03430305[1].exe
O4 - Startup: winupdate07872521[1].exe
O4 - Startup: winupdate52561670[1].exe
O4 - Global Startup: Assistant Internet.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Universite Laval Client VPN ULaval.lnk = C:\Program Files\UnivLaval\vpngui.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {7A237B81-9A42-404D-89E5-76AA84F49C01} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7A237B81-9A42-404D-89E5-76AA84F49C01} - (no file) (HKCU)
O16 - DPF: {08BF6530-81D5-32FF-D4A6-33AC59A50AA4} - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {63AFB621-C329-083B-14AF-79670A3CC662} - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O23 - Service: Trace network connections (ACCRA) - Unknown owner - C:\WINDOWS\System32\mocih.exe
O23 - Service: Loading Outpost Connections (KDE) - Unknown owner - C:\WINDOWS\System32\cmdtel.exe

winupdate is still here...don't know what is the problem... hope you can still help me...and again.. thanks for all your advice..

*Mobo* · #8 04-14-2005, 10:28 PM

Click here [Only Registered and Activated Users Can See Links. Click Here To Register...] to download eScan's mwav application. Double-click it to run it, select all local drives, scan all files, press 'scan' and when it is completed, anything found will be displayed in the lower pane. Highlight it, CTRL C and paste it in your next reply.

sula · #9 04-14-2005, 10:45 PM

Help... more problems here... everything start running bad again... And I can'T even use spyware doctor or ad-aware anymore.. they don't seem to work... here a fresher log :

Logfile of HijackThis v1.99.1
Scan saved at 22:44:05, on 2005-04-14
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\mocih.exe
C:\WINDOWS\System32\cmdtel.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe
C:\WINDOWS\System32\ufaticom.exe
C:\windows\system32\taskmg.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Documents and Settings\Olivier\Menu Démarrer\Programmes\Démarrage\winupdate03430305[1].exe
C:\Program Files\NetAssistant\bin\mpbtn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Olivier\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Loader Class - {2E246FAE-8420-11D9-870D-000C2917DE7F} - C:\WINDOWS\SYSTEM\Loader.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe"
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [labjyji] c:\windows\xmdwvgd.exe
O4 - HKCU\..\Run: [eydqnxw] c:\windows\xmdwvgd.exe
O4 - HKCU\..\Run: [rbcqgpr] c:\windows\ayqswnt.exe
O4 - HKCU\..\Run: [qidkenp] c:\windows\ayqswnt.exe
O4 - HKCU\..\Run: [lxqqhkt] c:\windows\ayqswnt.exe
O4 - HKCU\..\Run: [qyiygej] c:\windows\ayqswnt.exe
O4 - HKCU\..\Run: [viggfwp] c:\windows\ayqswnt.exe
O4 - HKCU\..\Run: [yircvyf] c:\windows\ayqswnt.exe
O4 - HKCU\..\Run: [umloyqw] c:\windows\ayqswnt.exe
O4 - HKCU\..\Run: [jdrjtks] c:\windows\ayqswnt.exe
O4 - HKCU\..\Run: [grmfvmh] c:\windows\ayqswnt.exe
O4 - HKCU\..\Run: [kxmrqrt] c:\windows\ayqswnt.exe
O4 - HKCU\..\Run: [fdxhwqw] c:\windows\ayqswnt.exe
O4 - HKCU\..\Run: [ekfiwra] c:\windows\peqygva.exe
O4 - HKCU\..\Run: [ybscoyt] c:\windows\vejuouo.exe
O4 - HKCU\..\Run: [tqghire] c:\windows\vejuouo.exe
O4 - HKCU\..\Run: [fhpoumf] c:\windows\vejuouo.exe
O4 - HKCU\..\Run: [lrqrcyj] c:\windows\vejuouo.exe
O4 - HKCU\..\Run: [dgrklwd] c:\windows\vejuouo.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - Startup: winupdate03430305[1].exe
O4 - Startup: winupdate07872521[1].exe
O4 - Startup: winupdate52561670[1].exe
O4 - Global Startup: Assistant Internet.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Universite Laval Client VPN ULaval.lnk = C:\Program Files\UnivLaval\vpngui.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {7A237B81-9A42-404D-89E5-76AA84F49C01} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7A237B81-9A42-404D-89E5-76AA84F49C01} - (no file) (HKCU)
O16 - DPF: v3cab - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {08BF6530-81D5-32FF-D4A6-33AC59A50AA4} - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O23 - Service: Trace network connections (ACCRA) - Unknown owner - C:\WINDOWS\System32\mocih.exe
O23 - Service: Loading Outpost Connections (KDE) - Unknown owner - C:\WINDOWS\System32\cmdtel.exe

Hope you can help me thanks...

*Mobo* · #10 04-15-2005, 08:46 PM

Click here [Only Registered and Activated Users Can See Links. Click Here To Register...] to download eScan's mwav application. Double-click it to run it, select all local drives, scan all files, press 'scan' and when it is completed, anything found will be displayed in the lower pane. Highlight it, CTRL C and paste it in your next reply.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)