Urban75 Home About Offline BrixtonBuzz Contact

*** read this before posting any problems with your pc ***

Status
Not open for further replies.
im not lord hugh but....

right click on your 'my computer' ( or whatever youve got it named agnus ? :p ) on your desktop and click the tab that says system restore...theres a box to tick to turn it off.
 
Fuckers just got me last night - twats - even with Sygate running (and checking "no" when anything even slightly untoward tried to access the network) and XP with all critical updates......

So, this system restore bussiness - after unchecking the box and running CWshredder etc - do you re-check the box, or leave it with system restore permenantly unchecked?
 
Sure it's not a case of you forgetting not to re-visit whatever dodgy porn site you picked it up from to begin with? ;)
 
Best Way To Avoid These Things Is Not To Use Internet Explorer.

Aol Is A Custom Built Version Of Ie.

Firefox And Opera Cannot Be Hijacked.

DAMN. WROTE ALL OF THAT IN CAPITAL LETTERS FOR EXTRA EMPHASIS BUT VBULLETIN DOESN'T LIKE PEOPLE SHOUTING!!!
 
past caring said:
Sure it's not a case of you forgetting not to re-visit whatever dodgy porn site you picked it up from to begin with? ;)
Click to expand...
That would've been funny a week ago. Seeing as it's evaded every single attempt I've made to get rid of it, it's not.

And you can recheck system restore if you want, as long as you're sure it's gone.
 
miss minnie said:
Best Way To Avoid These Things Is Not To Use Internet Explorer.

Aol Is A Custom Built Version Of Ie.

Firefox And Opera Cannot Be Hijacked.

DAMN. WROTE ALL OF THAT IN CAPITAL LETTERS FOR EXTRA EMPHASIS BUT VBULLETIN DOESN'T LIKE PEOPLE SHOUTING!!!
Click to expand...

I use Opera but for some reason whenever I try logging into u75 with Opera it freezes. So I use IE for u75. I also use it for Live Journal because for whatever reason my LJ doesn't show up properly with Opera.
 
i can view urban75 in ie, opera, mozilla and firefox on each of my w2k, xp and 98 machines. suggest you check your opera settings and reinstall if necessary. or try firefox.
 
Lord Hugh said:
That would've been funny a week ago. Seeing as it's evaded every single attempt I've made to get rid of it, it's not.
Click to expand...

It is funny, 'cos I've got the same problem myself - in fact I've "caught" something so new and unusual that even the folks over at Security Forums don't know what to do with it......

So when I get home this evening I'm set for a complete re-install and all that entails....... :D :D
 
Lord Hugh said:
That would've been funny a week ago. Seeing as it's evaded every single attempt I've made to get rid of it, it's not.

And you can recheck system restore if you want, as long as you're sure it's gone.
Click to expand...


download hijack this and run it then can you post the log file itcreates up so we can see it, some one may be able to tell what the problem is
 
Adstartup

Well adstartup is causing endless grief. I have run all of the spyware removal diagnostic progranms to no avail. The registry entries replicate themselves if you delete them. Hijack this came up with this log file...

Logfile of HijackThis v1.97.7
Scan saved at 16:08:06, on 18/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\Windows\System32\NMSSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Windows\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\Webscanx.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Windows\System32\PROMon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\VVSN\VVSN.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.transportforlondon.gov.uk/dial-a-ride/capitalcall.shtml
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/0409/bl7.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5FA6752A-C4A0-4222-88C2-928AE5AB4966} - C:\Windows\System32\SWin32.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pmcpdj] C:\Windows\System32\odxnqgau.exe
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [Adstartup] C:\Windows\System32\automove.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\windows\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\windows\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\windows\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\windows\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Create Mobile Favorite (HKLM)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hctl.local
O17 - HKLM\Software\..\Telephony: DomainName = hctl.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = hctl.local

HELP! :)
 
GarfieldLeChat said:
download hijack this and run it then can you post the log file itcreates up so we can see it, some one may be able to tell what the problem is
Click to expand...
Nah there ain't nothing in hijackthis, believe me I've checked. Everything in it is accounted for (except for when CWS decides to drop a dll into my system directory which then goes & takes over my home page :mad: ) I wish it was simple as that... I can't even find any dodgy dlls loaded in IE. I honestly haven't got a fucking clue where it keeps coming from :confused:
 
TopCat said:
Well adstartup is causing endless grief. I have run all of the spyware removal diagnostic progranms to no avail. The registry entries replicate themselves if you delete them. Hijack this came up with this log file...

Logfile of HijackThis v1.97.7
Scan saved at 16:08:06, on 18/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

.......

O4 - HKLM\..\Run: [pmcpdj] C:\Windows\System32\odxnqgau.exe
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [Adstartup] C:\Windows\System32\automove.exe
HELP! :)
Click to expand...
start menu -> run -> type 'regedit' -> HKEY_LOCAL_MACHINE -> SOFTWARE -> microsoft -> windows -> current version -> run ->

delete the key : "Adstartup" with the value : "C:\Windows\System32\automove.exe"

then reboot your machine. the process should not be running on reboot allowing you to run whatever spyware proggy you use and it should be able to actually remove the files and other bits that make up the parasite.

you could also use explorer to delete the file "C:\Windows\System32\automove.exe" manually.

(not totally sure about those other two registry entries either...)
 
C:\Windows\System32\odxnqgau.exe is def spyware / a virus of some sort.

C:\Windows\System32\SWin32.dll is part of adstartup too, it seems.
 
http://www.wilderssecurity.com/showpost.php?p=162440&postcount=4

Just found this & am in the process of trying to fix it. Fucking fucking fucking bastard. Almost certain it's that file I put a post up about the other day.

...

It's gone. It was that file. Motherfuckingfuckshitter. Jesus. I commend whatever cunt built that on its resistance to anything, but if I ever meet him I would consider 3 consecutive kicks to the bollocks getting off lightly. CWS. All I can hope is that this is the final "version", but I doubt that very much...

Anyone who's having troubles following that gimme a pm, it's not the best explanation but the software they recommend is v useful.
 
I had the "your-searcher" start page and the "Winmin" whilst trying to shut down the computer....:(
Went to http://www.spywareinfo.com/~merijn/donate.html after afriend had the same problem, it allows you to run CWshredder (apparently gets rid of the problem).
Have a read, if it does not work there is something called HiJackThis which is way more complicated than I would pretend to know about....
To cut a long story short, my homepage was taken over and I had a strange "winmin" message (twice in a row) message when I tried to shut down...:(
All is good now, and I hope that I am in line when it is time for the (hard) kick to the bloocks for the people who come up with this crap...
Info (and possible fix): http://www.spywareinfo.com/~merijn/donate.html (again)
 
I have cool web search again. Adaware deletes it but then it comes back, cwshredder does the same. I have installed zonealarm and I have sophos antivirus. I am using IE, but am going to install another browser soon. I hope someone can help by looking at my Hijack this log file:

Logfile of HijackThis v1.97.7
Scan saved at 12:12:44, on 29/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D0EF3AD8-1A98-41C0-BC88-237B3ECC1CF9}: NameServer = 158.152.1.43 158.152.1.58
Click to expand...
 
Having massive probs with my pc, is barely useable at all :( HELP ME PLEASE!!!!

logfile from hijack this:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Canon\BJCard\Bjmcmng.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Documents and Settings\Drew\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\hxuee.dll/sp.html#26980
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://hxuee.dll/index.html#26980
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\hxuee.dll/sp.html#26980
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\hxuee.dll/sp.html#26980
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 14
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.aldi.com/
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {F59883E7-E8EA-BFEE-4598-1015E0706EB5} - C:\WINDOWS\system32\mfcqc32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_1_6_0.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\Run: [sdkci32.exe] C:\WINDOWS\system32\sdkci32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Red Swoosh EDN Client] C:\Program Files\RSNet\RSEDNClient.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Money Viewer (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.com
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - http://64.156.31.98/058716uk.exe
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37670.4321064815
O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} (Pulse V5 ActiveX Control) - http://a320.g.akamai.net/7/320/1456...players/english/5.0/win/PulsePlayer5AxWin.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://info.blueyonder.co.uk/TelewestPreQual/files/MotivePreQual.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://www.smgradio.com/core/player/abasetup.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
O16 - DPF: {FEC3E5A3-50F7-4B0C-97D8-01CF69DFBFC7} (Measurement Service Client) - http://ccon.madonion.com/global/msc.cab
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} - http://download.redswoosh.net/Installer/104/rsinstaller.cab
Click to expand...
 
GarfieldLeChat said:
seems a bit odd what's that for then ?

you have a start up key for it as well?
Click to expand...

I did a google (it's not dodgy):

Process File: bcmsmmsg or bcmsmmsg.exe
Process Name: BCMSMMSG
Description: Background task used as a BCM voice modem driver and required for dial-up modems.
Company: Broadcom Corporation.
System Process: No
Security Risk ( Virus/Trojan/Worm/Adware/Spyware ): No
Common Errors: N/A

Thanks anyway!
 
Hovis read my link above, I don't see anything suspicious in your log, so I'm guessing it's the supersecret CWS files I had a problem with.

Drew, C:\WINDOWS\system32\hxuee.dll is something dodge on your pc. Also, go here for more advice on how to remove "lop", which is what C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe is. I think it's linked to the first dll, but check if that's still there after removal (there's a link to an auto-remover on that site) just in case.

Oh you have CleverIeHooker too, there's removal instructions there.

Get rid of http://download.redswoosh.net/Installer/104/rsinstaller.cab with hijackthis. Not sure what system it's part of, but it's identified as spyware here. Get rid of http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab.

http://64.156.31.98/058716uk.exe looks supremely dodgy, unless you know what it is. The site is just a huge list of files with numerical names.

Ok do all that (including te removals on the sites above) then come back & post a new log & we'll see what's left or not. Your pc's fuckin suffering though!
 
Status
Not open for further replies.

Similar threads

teuchter
Cross-platform posting: any recommended apps/services?
Replies
24
Views
620
teuchter
teuchter
Eric Jarvis
Farcebork problems
Replies
19
Views
450
geminisnake
geminisnake
P
Cleansing a work laptop before returning it?
Replies
5
Views
314
Kid_Eternity
Kid_Eternity
R
Help gaming PC advice
Replies
5
Views
251
rutabowa
R
editor
Recommendations: best internal HDD with 12TB+ capacity
Replies
5
Views
211
editor
editor
Back
Top Bottom