| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 66612 | 2006-03-01 10:29:00 | unwanted sheet | jedi (2261) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 434813 | 2006-03-01 10:29:00 | hallo would love somebody to help me sort out a couple of new things that my firewall started blocking after my brother connected to net with it turned off briefly. sysmgr64.exe and dllsys64.exe specificly annoy trying to constantly connect to net but i cant seem to find and delet e from registry. can anyone tell me where to find and get rid of these ? thanks Logfile of HijackThis v1.99.1 Scan saved at 11:22:38 PM, on 3/1/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\brss01a.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\sysmgr64.exe c:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\ZONELABS\vsmon.exe C:\WINDOWS\ATK0100\Hcontrol.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe C:\WINDOWS\System32\dllsys64.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Trend Micro\PC-cillin 2002\WebTrap.EXE C:\WINDOWS\ATK0100\ATKOSD.exe C:\Program Files\Winamp3\winamp3.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Acrobat.exe C:\WINDOWS\System32\WISPTIS.EXE C:\Documents and Settings\jayd\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.ht m R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = www.surf2surf.co.nz R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [Power_Gear] C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [pccguide.exe] "c:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe" O4 - HKLM\..\Run: [PCCClient.exe] "c:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe" O4 - HKLM\..\Run: [Pop3trap.exe] "c:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD O4 - HKLM\..\Run: [MS DLL Library Manager] C:\WINDOWS\System32\dllsys64.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\RunServices: [Microsoft Update Agent] muamgr.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw O15 - Trusted IP range: 206.161.125.149 O15 - Trusted IP range: 206.161.125.149 (HKLM) O17 - HKLM\System\CCS\Services\Tcpip\..\{2BBC92D2-D278-424D-8E90-BADDB169EE6C}: NameServer = 202.27.158.40 202.27.156.72 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - c:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: sysmgr64 - Unknown owner - C:\WINDOWS\sysmgr64.exe O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - c:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe |
jedi (2261) | ||
| 434814 | 2006-03-01 10:47:00 | C:\WINDOWS\sysmgr64.exe (might be sdbot trojen) O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file) C:\WINDOWS\System32\dllsys64.exe O4 - HKLM\..\Run: [MS DLL Library Manager] C:\WINDOWS\System32\dllsys64.exe O15 - Trusted IP range: 206.161.125.149 O15 - Trusted IP range: 206.161.125.149 (HKLM) O23 - Service: sysmgr64 - Unknown owner - C:\WINDOWS\sysmgr64.exe you should be ok to remove those. one thing to watch tho is you seem to be running two firewalls. it is NOT a good thing to do exspecially as i think so vers of PC-cillain config majorly with zonealarm. also update your AV and anti spyware and give them a run in safe mode. |
tweak'e (69) | ||
| 434815 | 2006-03-01 10:50:00 | You've got a trojan virus. I'll leave it to Speedy to clean it since I'm about to enter the land of nod. |
bob_doe_nz (92) | ||
| 434816 | 2006-03-03 08:32:00 | yes thanks....but anti virus doens get rid of them and i dont know how to get rid of off.....sysmgr.exe just starts again straight away and dllsys.exe is back after restarting. the question is how do get rid of them permanently.ta |
jedi (2261) | ||
| 434817 | 2006-03-03 08:38:00 | Hmm try the following site... www.help2go.com jackers.html |
bob_doe_nz (92) | ||
| 434818 | 2006-03-03 08:42:00 | Boot into safe mode Jedi, then run hijackthis again, and tick these entries and tick fix checked. C:\WINDOWS\sysmgr64.exe C:\WINDOWS\System32\dllsys64.exe R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file) O4 - HKLM\..\Run: [MS DLL Library Manager] C:\WINDOWS\System32\dllsys64.exe O4 - HKCU\..\RunServices: [Microsoft Update Agent] muamgr.exe O15 - Trusted IP range: 206.161.125.149 O15 - Trusted IP range: 206.161.125.149 (HKLM) Then reboot, then get trojan remover (dl.filekicker.com) from here (www.simplysup.com) Download it / install it, run it then click on scan, then select the 3rd - 7th option under the utilities menu. |
Speedy Gonzales (78) | ||
| 434819 | 2006-03-03 23:40:00 | orrr you ripper .. .im such a noddy. didnt even see the fix function in hujack this .! worked fine nnow running like normal again.thanks 4that :o | jedi (2261) | ||
| 434820 | 2006-03-03 23:55:00 | No worries there Jedi. Good to hear everything is back to normal :) | Speedy Gonzales (78) | ||
| 1 | |||||