| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 58296 | 2005-05-27 21:47:00 | grr... task.exe is slowing me down! | DaveBritton (7395) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 359022 | 2005-05-28 09:04:00 | all seems to be good, task.exe hasnt run yet. once again thanks for the help guys. |
DaveBritton (7395) | ||
| 359023 | 2005-06-01 13:02:00 | Hi guys, I'm having the same problem. I have this task.exe that keeps starting and slowing me down. i did everything you were saying in the forum already, but i don't know what to make of the HJT report. could someone help me out? thanks Roger Logfile of HijackThis v1.99.1 Scan saved at 8:42:20 PM, on 6/1/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\mcafee.com\agent\mcagent.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Sony\HotKey Utility\HKserv.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Sony\HotKey Utility\HKWnd.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\msnmsgr.exe c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Roger&Michelle.REETZ-E7SVWU391\Desktop\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = red.clientapps.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file) O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\ycomp5_5_7_0.d ll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: ShowBarObj Class - {79A002FB-C126-462D-B4A7-81D6B42D1666} - C:\Program Files\ZUM\acrbat.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll O2 - BHO: {92E1B3F7-0546-421E-9835-904D25B7BA66} - {C4F147D7-BF25-488E-A12B-EFD43E7029BF} - C:\WINDOWS\system32\winvbie.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\ycomp5_5_7_0.d ll O3 - Toolbar: VisuExplorer - {92E1B3F7-0546-421E-9835-904D25B7BA66} - C:\WINDOWS\system32\msiev32.dll O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [RDLL] RunDll16.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup O4 - HKLM\..\RunServices: [RDLL] RunDll16.exe O4 - HKCU\..\Run: [Firefly] "C:\Program Files\Firefly\Firefly.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O15 - Trusted Zone: http://ny.contentmatch.net (HKLM) O16 - DPF: {04E7BADF-F3B9-420D-B82D-8D8CADEFE4F9} (CyImage2Ctl Class) - cyimg6.cyworld.nate.com O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - www.ipix.com O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - messenger.zone.msn.com O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - www.onnuritv.com O16 - DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} - t5pib.wooribank.com O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - by104fd.bay104.hotmail.msn.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - v5.windowsupdate.microsoft.com O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - download.softforum.com O16 - DPF: {85AF9A98-3423-45E4-8BAD-85645F16AC31} (P3 Bugs VoD Loader Class) - player.bugs.co.kr O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - cafeimg.hanmail.net O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - player.bugs.co.kr O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} (Web Camera Server Control) - 61.80.30.115 O16 - DPF: {AD906BA4-9679-4A50-94C6-D677526BB92A} (CyImageCtl Class) - cyimg2.cyworld.nate.com O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - messenger.msn.com O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - sympatico.zone.msn.com O16 - DPF: {C296DB5F-4B01-47E1-AB57-C590BE769111} (MOPlayerWnd Class) - www.melon.com O16 - DPF: {C854C4D1-ED53-4B1F-AA45-783B3CF3315C} (DacomUpload Control) - program.webhard.co.kr O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - www.live365.com O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - update.nprotect.net O16 - DPF: {D19781C5-2051-44F8-8445-DDC82933C191} (VacPro.internazionale_ver11) - advnt03.com O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - update.nprotect.net O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - www.popcap.com O16 - DPF: {E0BF7A2B-2F7C-497A-B50F-292D3F317965} (CongnamulMap Control) - www.congnamul.com O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - by21fd.bay21.hotmail.msn.com O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe (file missing) |
rogreetz (8220) | ||
| 359024 | 2005-06-01 18:59:00 | Doing a search in google they say the instructions of removing it www.trendmicro.com You can do the manual instructions removal instruction or download the scan software to get rid of it www.trendmicro.com Damage CleanUp Engine |
Ninjabear (2948) | ||
| 359025 | 2005-06-01 19:02:00 | I think task.exe is from a worm than a spyware securityresponse.symantec.com |
Ninjabear (2948) | ||
| 359026 | 2005-06-01 19:05:00 | Hmm..Actually the website at symantec says it came from emails as a worm but then the other website says its a virus,worm,spyware etc...So its a mix of all? | Ninjabear (2948) | ||
| 359027 | 2005-06-01 23:25:00 | Close all programs Rog, then tick the following and click on fix . Then reboot . Might be safer doing this in safe mode . If some of those cab files are needed, they'll reinstall . Post an updated HJT log back here . R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file) O2 - BHO: ShowBarObj Class - {79A002FB-C126-462D-B4A7-81D6B42D1666} - C:\Program Files\ZUM\acrbat . dll O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho . dll (file missing) - As below . Part of Istbar - Adware O2 - BHO: {92E1B3F7-0546-421E-9835-904D25B7BA66} - {C4F147D7-BF25-488E-A12B-EFD43E7029BF} - C:\WINDOWS\system32\winvbie . dll O3 - Toolbar: VisuExplorer - {92E1B3F7-0546-421E-9835-904D25B7BA66} - C:\WINDOWS\system32\msiev32 . dll O4 - HKLM\ . . \Run: [RDLL] RunDll16 . exe This is a trojan/backdoor . . symantec . com/avcenter/venc/data/backdoor . sdbot . f . html" target="_blank">securityresponse . symantec . com O4 - HKLM\ . . \RunServices: [RDLL] RunDll16 . exe Same as above O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind . dll (file missing) This is part of adware . com/avcenter/venc/data/pf/adware . istbar . html" target="_blank">sarc . com O12 - Plugin for . mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3 . dll O15 - Trusted Zone: http://ny . contentmatch . net (HKLM) O16 - DPF: {04E7BADF-F3B9-420D-B82D-8D8CADEFE4F9} (CyImage2Ctl Class) - . cyworld . nate . com/Imag . . . mageUpload2 . cab" target="_blank">cyimg6 . cyworld . nate . com O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - . onnuritv . com/ActiveX/AlwaysOn . CAB" target="_blank">www . onnuritv . com O16 - DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} - . wooribank . com/pib/cus/bio/scsk4 . cab" target="_blank">t5pib . wooribank . com O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4 . 0 Client Control) - . softforum . com/Publi . . . /xw_install . cab" target="_blank">download . softforum . com O16 - DPF: {85AF9A98-3423-45E4-8BAD-85645F16AC31} (P3 Bugs VoD Loader Class) - . bugs . co . kr/install/mv/p3bvset . cab" target="_blank">player . bugs . co . kr O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - . hanmail . net/cab9/dmcc2 . cab" target="_blank">cafeimg . hanmail . net O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - . bugs . co . kr/install/mv/XTools . cab" target="_blank">player . bugs . co . kr O16 - DPF: {AD906BA4-9679-4A50-94C6-D677526BB92A} (CyImageCtl Class) - . cyworld . nate . com/Imag . . . ImageUpload . cab" target="_blank">cyimg2 . cyworld . nate . com O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - . zone . msn . com/binFr . . . ro . cab33902 . cab" target="_blank">sympatico . zone . msn . com O16 - DPF: {C296DB5F-4B01-47E1-AB57-C590BE769111} (MOPlayerWnd Class) - . melon . com/cab/Melon . cab" target="_blank">www . melon . com O16 - DPF: {C854C4D1-ED53-4B1F-AA45-783B3CF3315C} (DacomUpload Control) - . webhard . co . kr/Plus/a . . . DacomUpload . cab" target="_blank">program . webhard . co . kr O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - . live365 . com/players/play365 . cab" target="_blank">www . live365 . com O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - . nprotect . net/nprotect/module/npx . cab" target="_blank">update . nprotect . net O16 - DPF: {D19781C5-2051-44F8-8445-DDC82933C191} (VacPro . internazionale_ver11) - . com/dialer/internazionale_ver11 . CAB" target="_blank">advnt03 . com This maybe a dialer as it says O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - . nprotect . net/keycrypt/keb/npkcx . cab" target="_blank">update . nprotect . net O16 - DPF: {E0BF7A2B-2F7C-497A-B50F-292D3F317965} (CongnamulMap Control) - . congnamul . com/ActiveX/CongnamulMap_V11 . cab" target="_blank">www . congnamul . com O23 - Service: npkcsvc - INCA Internet Co . , Ltd . - C:\WINDOWS\system32\npkcsvc . exe Leave this entry in for now . The npkcsvc . exe one . O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta . exe (file missing) |
Speedy Gonzales (78) | ||
| 359028 | 2005-06-02 15:56:00 | Yeah i did what you said, but i didn't remove a couple of them, because i knew them for sure that they were safe. and for a day things have been good. so thanks for your help so far. here is the new system scan. thanks again Roger Logfile of HijackThis v1.99.1 Scan saved at 11:39:47 PM, on 6/2/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Sony\HotKey Utility\HKserv.exe C:\Program Files\D-Tools\daemon.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Sony\HotKey Utility\HKWnd.exe C:\WINDOWS\System32\svchost.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Roger&Michelle.REETZ-E7SVWU391\Desktop\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = red.clientapps.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file) O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\ycomp5_5_7_0.d ll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: ShowBarObj Class - {79A002FB-C126-462D-B4A7-81D6B42D1666} - C:\Program Files\ZUM\acrbat.dll (file missing) O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll O2 - BHO: {92E1B3F7-0546-421E-9835-904D25B7BA66} - {C4F147D7-BF25-488E-A12B-EFD43E7029BF} - C:\WINDOWS\system32\winvbie.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\ycomp5_5_7_0.d ll O3 - Toolbar: VisuExplorer - {92E1B3F7-0546-421E-9835-904D25B7BA66} - C:\WINDOWS\system32\msiev32.dll O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup O4 - HKCU\..\Run: [Firefly] "C:\Program Files\Firefly\Firefly.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O15 - Trusted Zone: http://ny.contentmatch.net (HKLM) O16 - DPF: {04E7BADF-F3B9-420D-B82D-8D8CADEFE4F9} (CyImage2Ctl Class) - cyimg6.cyworld.nate.com O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - www.ipix.com O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - messenger.zone.msn.com O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - www.onnuritv.com O16 - DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} - t5pib.wooribank.com O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - by104fd.bay104.hotmail.msn.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - v5.windowsupdate.microsoft.com O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - download.softforum.com O16 - DPF: {85AF9A98-3423-45E4-8BAD-85645F16AC31} (P3 Bugs VoD Loader Class) - player.bugs.co.kr O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - cafeimg.hanmail.net O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - player.bugs.co.kr O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} (Web Camera Server Control) - 61.80.30.115 O16 - DPF: {AD906BA4-9679-4A50-94C6-D677526BB92A} (CyImageCtl Class) - cyimg2.cyworld.nate.com O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - messenger.msn.com O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - sympatico.zone.msn.com O16 - DPF: {C296DB5F-4B01-47E1-AB57-C590BE769111} (MOPlayerWnd Class) - www.melon.com O16 - DPF: {C854C4D1-ED53-4B1F-AA45-783B3CF3315C} (DacomUpload Control) - program.webhard.co.kr O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - www.live365.com O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - update.nprotect.net O16 - DPF: {D19781C5-2051-44F8-8445-DDC82933C191} (VacPro.internazionale_ver11) - advnt03.com O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - update.nprotect.net O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - www.popcap.com O16 - DPF: {E0BF7A2B-2F7C-497A-B50F-292D3F317965} (CongnamulMap Control) - www.congnamul.com O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - by21fd.bay21.hotmail.msn.com O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe (file missing) |
rogreetz (8220) | ||
| 359029 | 2005-06-02 22:00:00 | Tick these entries and click on fix. R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file) O2 - BHO: ShowBarObj Class - {79A002FB-C126-462D-B4A7-81D6B42D1666} - C:\Program Files\ZUM\acrbat.dll (file missing) O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll (file missing) O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll (file missing) O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe (file missing) This bottom one looks like this securityresponse.symantec.com |
Speedy Gonzales (78) | ||
| 359030 | 2005-06-02 23:22:00 | R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file) O2 - BHO: {92E1B3F7-0546-421E-9835-904D25B7BA66} - {C4F147D7-BF25-488E-A12B-EFD43E7029BF} - C:\WINDOWS\system32\winvbie.dll O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll (file missing) O15 - Trusted Zone: http://ny.contentmatch.net (HKLM) O16 - DPF: {D19781C5-2051-44F8-8445-DDC82933C191} (VacPro.internazionale_ver11) - advnt03.com those can go for starters. not to sure about the others yet. it looks like you have a dailer so check your phone bill. |
tweak'e (69) | ||
| 1 2 | |||||