Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WinMoviePlugin


  • Please log in to reply
1 reply to this topic

#1 catman

catman

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 04 April 2005 - 02:18 PM

The pop-up and the dialler have not been around for 24 hrs. now so perhaps all the advice that I followed from your forums has helped.
Please check my log and comment anyway.
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\System32\drivers\CDAC11BA.EXE
F:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
F:\WINDOWS\system32\gearsec.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\Program Files\NewAce Corporation\PlanetRemote\pdshell.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE
F:\PROGRAM FILES\FAXTALK COMMUNICATOR\FTCtrl32.exe
F:\WINDOWS\system32\carpserv.exe
F:\Program Files\iolo\System Mechanic 5 Professional\StartupGuard.exe
F:\PROGRAM FILES\FAXTALK COMMUNICATOR\FAPIEXE.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
F:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
F:\Program Files\Warez P2P Client\warez.exe
F:\WINDOWS\system32\ntvdm.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\PROGRA~1\DVDREG~1\DVDRegionFree.exe
F:\Program Files\Windows Media Player\wmplayer.exe
F:\Program Files\Mozilla Thunderbird\thunderbird.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Documents and Settings\Colin Levin\Desktop\Virus & Spyware Tools\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mweb.co.za/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.dogpile.com/info.dogpl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mweb.co.za/home/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - F:\Program Files\ReGetDx\iebar.dll
O3 - Toolbar: &Translator Internet - {8E4AA109-7239-4B85-8196-7377A53DDEFF} - F:\PROGRA~1\Antadis\TRANSL~1\DELPHI~1.DLL
O4 - HKLM\..\Run: [WinPatrol] F:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [VOBID] F:\Program Files\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe /remount
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] F:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NetCheck] netcheck.exe
O4 - HKLM\..\Run: [IW ControlCenter] F:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [CallControl 4.5] F:\PROGRAM FILES\FAXTALK COMMUNICATOR\FTCtrl32.exe /autoload
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [MOD] C:\Program Files\muamgr.exe
O4 - HKLM\..\Run: [Babylon Client] F:\Program Files\Babylon\Babylon.exe -AutoStart
O4 - HKCU\..\Run: [warez] "F:\Program Files\Warez P2P Client\warez.exe" -h
O4 - HKCU\..\Run: [System Mechanic Startup Guard] "F:\Program Files\iolo\System Mechanic 5 Professional\StartupGuard.exe"
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = ?
O4 - Global Startup: Service Manager.lnk = F:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O10 - Broken Internet access because of LSP provider 'f:\program files\newdotnet\newdotnet6_38.dll' missing

BC AdBot (Login to Remove)

 


#2 rstones12

rstones12

    Malware Expert


  • Members
  • 227 posts
  • OFFLINE
  •  
  • Location:Tempe, Arizona
  • Local time:08:28 AM

Posted 04 April 2005 - 07:05 PM

catman,

Welcome to the Bleeping Computer Forums.

I will be reviewing your HJT log. I need for you to do a few things first.
Please read the following thread, it contains information on to post HJT logs to this forum. It also contains some preliminary instructions that you can do prior to submission of your HJT log.

http://www.bleepingcomputer.com/forums/How...s_Log-t956.html

Once you have done this please post back a new HJT log, make sure to post all of the contents of the log.

Thanks,
rstones12
"Security is a Process not a Product"

Posted Image Version 3.6
Help here is always free, but if you want to donate to help me continue my fight against malware -- Click Here




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users