| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 59331 | 2005-06-28 23:35:00 | pop up virus? problem | jedi (2261) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 367781 | 2005-06-28 23:35:00 | hi there have had a rather annoying pop up (says messenger service) warning me that my system is corrupt or about to fail etc.. and directing me to all sorts of sites to download a reg patch or whatever program. cant for the life of me quite put my finger on the problem.....virus check doesnt pick it up .......can somebody please help!!!! ?? thanks Logfile of HijackThis v1.99.1 Scan saved at 1:31:04 PM, on 6/26/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\brss01a.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe c:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe C:\WINDOWS\system32\ZONELABS\vsmon.exe C:\WINDOWS\ATK0100\Hcontrol.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Trend Micro\PC-cillin 2002\WebTrap.EXE C:\WINDOWS\ATK0100\ATKOSD.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\WISPTIS.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Winamp3\winamp3.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\jayd\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.ht m R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = www.surf2surf.co.nz R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [Power_Gear] C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [pccguide.exe] "c:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe" O4 - HKLM\..\Run: [PCCClient.exe] "c:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe" O4 - HKLM\..\Run: [Pop3trap.exe] "c:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\RunServices: [Microsoft Update Agent] muamgr.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw O15 - Trusted Zone: *.scoobidoo.com O15 - Trusted Zone: *.scoobidoo.com (HKLM) O15 - Trusted IP range: 206.161.125.149 O15 - Trusted IP range: 206.161.125.149 (HKLM) O17 - HKLM\System\CCS\Services\Tcpip\..\{2BBC92D2-D278-424D-8E90-BADDB169EE6C}: NameServer = 202.27.158.40 202.27.156.72 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - c:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - c:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe have since taken of scoobidoo.com as trusted zone (?) |
jedi (2261) | ||
| 367782 | 2005-06-28 23:45:00 | The Windows Messenger Service is not associated with the MSN Messenger chat software that many people use to do online chatting with their friends and family. Disabling the Messenger service to prevent spammers from accessing it should not affect using MSN Messenger. Windows XP Click the Start Button Navigate to Settings > Control Panels > Administrative Tools > Services Now double-click on "Services (Local)" Scroll down to "Messenger" and double-click it to open Click the "Stop" button to turn the Messenger service off Change the "Startup type" to "Disabled" to keep it from restarting when you reboot Click OK and you're done |
Safari (3993) | ||
| 367783 | 2005-06-28 23:55:00 | Tick these and click on fix. C:\Program Files\Winamp3\winamp3.exe This looks suss. Do u have winamp installed at all? I dont think the folder is winamp3 if u have. R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file) O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe This isnt needed on startup O15 - Trusted Zone: *.scoobidoo.com O15 - Trusted Zone: *.scoobidoo.com (HKLM) O15 - Trusted IP range: 206.161.125.149 O15 - Trusted IP range: 206.161.125.149 (HKLM) |
Speedy Gonzales (78) | ||
| 367784 | 2005-07-01 09:33:00 | mate you guys are legends.....thanks for your help dudes | jedi (2261) | ||
| 367785 | 2005-07-01 10:40:00 | this (grc.com) will slove your messager spam problem. i see you dont have SP2 installed, i think you should install it :) |
Prescott (11) | ||
| 1 | |||||