| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 79635 | 2007-05-27 02:16:00 | Trojan dialer? | manu (8770) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 553474 | 2007-05-27 02:16:00 | I'm (still) on Go Large. Recently, when browsing heavily and with several downloads on the go, the 'network connection' dialog box pops up (options for each of my dialup services - GPRS, XTRA etc). I dismiss it. Would this be one of those micro-drop outs on ADSL? - or more worryingly a trojan dialer trying to set itself up? Spybot is on and has been run several times. Speedy? - could you check this out please? Hijack log is: Logfile of HijackThis v1.99.1 Scan saved at 12:45:14, on 27/05/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\EpsonNet\common\bin\ensrvmgr.exe C:\Program Files\EpsonNet\common\bin\emwchsrv.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\EpsonNet\EpsonNet SOAP Server\bin\emsoaprr.exe C:\Program Files\EpsonNet\EpsonNet Web Pages Service\bin\ewpsrr.exe C:\Program Files\EpsonNet\common\bin\emalmmon.exe C:\Program Files\EpsonNet\EpsonNet Information Center\bin\emntfsrv.exe C:\Program Files\EpsonNet\EpsonNet HTTP Server\bin\apache.exe C:\Program Files\EpsonNet\EpsonNet HTTP Server\bin\apache.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\WinFax\WFXSWTCH.exe C:\WINDOWS\system32\wfxsnt40.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\WINDOWS\vsnpstd3.exe C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DynDNS Updater\DynDNS.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\WinFax\WFXCTL32.EXE C:\Program Files\EPSON\Creativity Suite\PageManager\LicenseCheck.exe C:\Program Files\Tclock\tclock.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\Microsoft Office\Office10\msoffice.exe C:\Program Files\WinFax\WFXMOD32.EXE C:\Program Files\uTorrent\utorrent.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Adobe\Adobe InDesign CS3\InDesign.exe C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\Ahead\NeroVision\NeroVision.exe C:\WINDOWS\system32\imapi.exe C:\Documents and Settings\Neil\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = redir.windowsmedia.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\WinFax\WFXSWTCH.exe O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VER SIO~2.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DynDNS Updater] "C:\Program Files\DynDNS Updater\DynDNS.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Neil\Application Data\Mozilla\Firefox\Profiles\lermmgeh.default\ext ensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Neil\Application Data\Mozilla\Firefox\Profiles/lermmgeh.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}" O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe O4 - Global Startup: Controller.LNK = C:\Program Files\WinFax\WFXCTL32.EXE O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV0 2.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Shortcut to tclock.exe.lnk = C:\Program Files\Tclock\tclock.exe O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com O17 - HKLM\System\CCS\Services\Tcpip\..\{B7A2B2FD-3712-4DC9-B378-9DFD2216E337}: NameServer = 202.27.184.3,203.109.252.42 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Version Cue CS3 - Unknown owner - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service (file missing) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe O23 - Service: EpsonNet Primitive Service (EpsonNet_Primitive_Service) - Unknown owner - C:\Program Files\EpsonNet\common\bin\ensrvmgr.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe |
manu (8770) | ||
| 553475 | 2007-05-27 02:28:00 | Log doesnt look too bad, but put HJT in its own folder then run it click on scan and save a log. Tick these entries then tick fix checked. Close browser/s. None of these are nasty tho. O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Controller.LNK = C:\Program Files\WinFax\WFXCTL32.EXE I cant see anything to do with any diallers. I dont think diallers can use an ADSL line anyway. What version of Itunes is installed? |
Speedy Gonzales (78) | ||
| 553476 | 2007-05-27 02:44:00 | Speedy you missed something: manu you should also remove: O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing) |
stu161204 (123) | ||
| 553477 | 2007-05-27 07:47:00 | Itunes 7; but I don't have an ipod - am I the only person in the universe without one? As an aside: Why does this reply page now not resize to fit the window? - I'm having to scroll over to the right. Is it these new super-intrusive adverts? (Squash that hideous green thing please)... Fixed the Hijack stuff- thank you. Good to have a flush out of garbage. BTW what is all that Macrovision stuff? There's nothing in 'remove programs' listings. Is this sort of thing becoming more common? I am guessing that somewhere in the EULAs I click on without reading, there's mention of "and we will install hidden monitoring programs which you cannot delete without removing the main software package"... Network Connections problem: I now see that the network connections dialog pops up if I type in just the name of website w/o the www prefix into the address bar (FFox) AND FFox hasn't recorded that site previously. I hit the Cancel button and FFox then finds the site for me... adding all the www, .com or whatever stuff. Odd? cheers |
manu (8770) | ||
| 553478 | 2007-05-27 07:53:00 | Itunes 7; but I don't have an ipod - am I the only person in the universe without one? iTunes plays music and is a free download which works cross platform, its only when you want to take the music with you that you need an iPod. |
winmacguy (3367) | ||
| 553479 | 2007-05-27 08:01:00 | Itunes 7; but I don't have an ipod - am I the only person in the universe without one? lol no . If u dont use it uninstall V7 . As an aside: Why does this reply page now not resize to fit the window? - I'm having to scroll over to the right . Is it these new super-intrusive adverts? (Squash that hideous green thing please) . . . That happens here sometimes . Dont know why tho . Even tho I'm using flashblock/adblock . So have no ads atm . Fixed the Hijack stuff- thank you . Good to have a flush out of garbage . Good! BTW what is all that Macrovision stuff? There's nothing in 'remove programs' listings . Is this sort of thing becoming more common? I am guessing that somewhere in the EULAs I click on without reading, there's mention of "and we will install hidden monitoring programs which you cannot delete without removing the main software package" . . . Pass . But it looks like its some kind of activation belonging to Adobe Acrobat Pro . Network Connections problem: I now see that the network connections dialog pops up if I type in just the name of website w/o the www prefix into the address bar (FFox) AND FFox hasn't recorded that site previously . I hit the Cancel button and FFox then finds the site for me . . . adding all the www, . com or whatever stuff . Odd? Most probably an option in FF somewhere . |
Speedy Gonzales (78) | ||
| 553480 | 2007-05-27 09:19:00 | O4 - HKLM\ . . \Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm . exe" -startup O4 - HKLM\ . . \Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch . exe" -start This one has an unistaller available from their website . |
apsattv (7406) | ||
| 553481 | 2007-05-27 11:34:00 | nope, I dont use an Ipod either lol, you can relax. My IPAQ is more than enough. | beeswax34 (63) | ||
| 553482 | 2007-05-28 04:16:00 | iTunes plays music and is a free download which works cross platform, its only when you want to take the music with you that you need an iPod. Yep - I use it... very stylish. Interestingly I saw a review of the latest Apple TV gizmo (BeebWorld) - again very stylish and easy to use BUT it only likes Apple media files - hits a big stop with XVid/DivX or the other non-Apple-friendly stuff. |
manu (8770) | ||
| 1 | |||||