Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer keeps logging itself off [RESOLVED]


  • This topic is locked This topic is locked

#1
polling

polling

    Member

  • Member
  • PipPipPip
  • 303 posts
I did all the scans all to no avail my computer keeps logging off and sometimes i won't get access to the net unless i log back on and off here's my Hi- Jack Thanks in advance Logfile of HijackThis v1.99.1
Scan saved at 8:45:07 PM, on 6/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\zHotkey.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\frank\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1f029969-62d3-49a1-b5af-d1dc8eb1db2e} - C:\WINDOWS\system32\dpnkui.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://remote.dteen...n0Mq32,CT=java
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.gocyberli...xp/CheckDVD.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.game...aploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...484/mcfscan.cab
O20 - Winlogon Notify: dpnkui - C:\WINDOWS\SYSTEM32\dpnkui.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Edited by polling, 11 June 2006 - 06:47 PM.

  • 0

Advertisements


#2
Jayzeee

Jayzeee

    Member 1K

  • Member
  • PipPipPipPip
  • 1,238 posts
Hi polling and welcome to Geeks to Go :whistling:

I am currently working on a fix for you, as soon as a staff member reviews it, I will post it here.

Thankyou for your patience.
  • 0

#3
polling

polling

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 303 posts
Thanks :whistling:

Edited by polling, 14 June 2006 - 04:04 PM.

  • 0

#4
Jayzeee

Jayzeee

    Member 1K

  • Member
  • PipPipPipPip
  • 1,238 posts
I notice that you have both AVG and Norton Antivirus. Two anti-virus programs running at the same time is a bad idea as they can conflict with each other. Please unistall either AVG or Norton Antivirus.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Put a check next to Run VundoFix as a task.
  • You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
  • When VundoFix re-opens, click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Next, please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction Here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.

  • 0

#5
polling

polling

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 303 posts
Thanks for responding to my Log Jayzee I Uninstalled Nortons about six or seven months ago. If you know how i can get rid of it Norton's for good it will be greatly appreciated. I will post all logs shortly.
  • 0

#6
polling

polling

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 303 posts
Here's my Fsecure Scan



Scanning Report
Thursday, June 15, 2006 00:15:40 - 01:00:26

Computer name: OWNER-84J1T8A8N
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\
Result: 9 malware found
Tracking Cookie (spyware)

* System (Disinfected)
* System
* System

Trojan-Downloader.Win32.ConHook.aa (virus)

* C:\WINDOWS\SYSTEM32\DPNKUI.DLL (Renamed & Submitted)
* C:\!SUBMIT\DPNKUI.DLL (Renamed)

Trojan-Downloader.Win32.ConHook.ab (virus)

* C:\WINDOWS\SYSTEM32\GEEBXUV.DLL (Renamed & Submitted)
* C:\WINDOWS\SYSTEM32\JKKJHIJ.DLL (Renamed)
* C:\WINDOWS\SYSTEM32\SSTTU.EXE (Renamed & Submitted)
* C:\WINDOWS\SYSTEM32\VTSTURO.DLL (Renamed)

Statistics
Scanned:

* Files: 25799
* System: 5183
* Not scanned: 4

Actions:

* Disinfected: 1
* Renamed: 6
* Deleted: 0
* None: 2
* Submitted: 3

Files not scanned:

* C:\HIBERFIL.SYS
* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{3767ABD6-232B-450C-B60E-8383C1DCA51F}.BIN

Options
Scanning engines:

* F-Secure AVP: 6.0.171, 2006-06-14
* F-Secure Libra: 2.4.1, 2006-06-14
* F-Secure Orion: 1.2.37, 2006-06-12
* F-Secure Pegasus: 1.19.0, 0000-00-00
* F-Secure Blacklight: 1.0.31, 0000-00-00
* F-Secure Draco: 1.0.35, 0259-24-212

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
* Use Advanced heuristics

Copyright © 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.
  • 0

#7
polling

polling

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 303 posts
Everytime i try to run VundoFix i keep getting this message: Path/File access error

I will run a hijack and post that log
  • 0

#8
polling

polling

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 303 posts
Here's my new HJT LogLogfile of HijackThis v1.99.1
Scan saved at 1:08:34 AM, on 6/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\zHotkey.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\eMule\emule.exe
C:\WINDOWS\system32\wuauclt.exe
c:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
c:\windows\system32\VundoFix.exe
c:\windows\system32\VundoFix.exe
c:\windows\system32\VundoFix.exe
c:\windows\system32\VundoFix.exe
C:\Documents and Settings\frank\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1f029969-62d3-49a1-b5af-d1dc8eb1db2e} - C:\WINDOWS\system32\dpnkui.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://remote.dteen...n0Mq32,CT=java
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.gocyberli...xp/CheckDVD.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec.../ols3/fscax.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.game...aploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...484/mcfscan.cab
O20 - Winlogon Notify: dpnkui - C:\WINDOWS\SYSTEM32\dpnkui.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#9
Jayzeee

Jayzeee

    Member 1K

  • Member
  • PipPipPipPip
  • 1,238 posts
I need you to upload a file for analysis. It looks like you have a new varient of the Vundo infection.

Go to UploadMalware.com
  • Enter your Username
  • Copy and paste the URL of this topic
  • Click the Browse... button and navigate to this file:

    • C:\WINDOWS\system32\dpnkui.dll
  • Then click Send file
Please download the Killbox by Option^Explicit. and Save it to your desktop. (Do not run it yet.)

Note: In the event you already have Killbox, this is a new version that I need you to download.

Re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {1f029969-62d3-49a1-b5af-d1dc8eb1db2e} - C:\WINDOWS\system32\dpnkui.dll
O20 - Winlogon Notify: dpnkui - C:\WINDOWS\SYSTEM32\dpnkui.dll

Now close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Once in safe mode, double-click Killbox.exe on your desktop.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\system32\dpnkui.dll

  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Please download ewido anti-malware it is a free version of the program.
  • Install ewido anti-malware
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido anti-malware.

Post back with the Ewido log and a new HijackThis log.
  • 0

#10
polling

polling

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 303 posts
Hi Jayzee I went to UploadMalware.com i entered my username and i copied and pasted the url but when i clicked on the browse button i couldn't retrieve the file i ended up typing the full file in the box and the only thing i got was that the file didn't exist. Please help.
  • 0

Advertisements


#11
polling

polling

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 303 posts
also i already have ewido on my desktop can i update the defintions or should i download ewido all over again? Thanks
  • 0

#12
Jayzeee

Jayzeee

    Member 1K

  • Member
  • PipPipPipPip
  • 1,238 posts
Okay, I think I know what the problem is...

To make sure you can view Hidden files, please follow these steps:1. Close all programs so that you are at your desktop.
2. Double-click on the My Computer icon.
3. Select the Tools menu and click Folder Options.
4. After the new window appears select the View tab.
5. Put a checkmark in the checkbox labeled Display the contents of system folders.
6. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
7. Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
8. Remove the checkmark from the checkbox labeled Hide protected operating system files.
9. Press the Apply button and then the OK button and close My Computer.
10. Now your computer is configured to show all hidden files.
Once you have done that, follow the instructions in my previous post.

also i already have ewido on my desktop can i update the defintions or should i download ewido all over again? Thanks

Yes, just update it :whistling:
  • 0

#13
polling

polling

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 303 posts
I folowed all the directions regarding the Hidden files but when i went to uploadmalware i got the same message about the file not being there.
  • 0

#14
polling

polling

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 303 posts
here's my Ewido Logewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:53:18 AM, 6/17/2006
+ Report-Checksum: 4F42EBCE

+ Scan result:

C:\!Submit\DPNKUI.0LL -> Downloader.ConHook.aa : Cleaned with backup
C:\Documents and Settings\danyelle willis\Cookies\danyelle [email protected][1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\danyelle willis\Cookies\danyelle [email protected][1].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\danyelle willis\Cookies\danyelle [email protected][1].txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.34:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.45:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.60:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.61:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.62:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.64:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.65:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.75:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.76:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.77:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.78:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.79:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.87:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.88:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.89:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.90:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.93:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.95:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.120:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.121:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.122:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.135:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.137:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.138:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.153:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.167:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned with backup
:mozilla.183:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.220:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> TrackingCookie.Newyorkcasino : Cleaned with backup
:mozilla.221:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> TrackingCookie.Newyorkcasino : Cleaned with backup
:mozilla.222:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> TrackingCookie.Newyorkcasino : Cleaned with backup
:mozilla.253:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.254:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.255:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.259:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.260:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.261:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.262:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
-> : Error during cleaning
:mozilla.281:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.282:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.283:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.284:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.293:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.308:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.309:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.347:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.374:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.425:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.426:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.427:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.428:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.429:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\WINDOWS\system32\GEEBXUV.0LL -> Downloader.ConHook.ab : Cleaned with backup
C:\WINDOWS\system32\JKKJHIJ.0LL -> Downloader.ConHook.ab : Cleaned with backup
C:\WINDOWS\system32\SSTTU.0XE -> Downloader.ConHook.ab : Cleaned with backup
C:\WINDOWS\system32\VTSTURO.0LL -> Downloader.ConHook.ab : Cleaned with backup


::Report End



Here's my new hijack Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\zHotkey.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\eMule\emule.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\frank\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://remote.dteen...n0Mq32,CT=java
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.gocyberli...xp/CheckDVD.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec.../ols3/fscax.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.game...aploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...484/mcfscan.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#15
polling

polling

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 303 posts
Also I keep getting thios message when trying to access other website : You have attempted to establish a connection with "us.js2.yimg.com" however the security certificate presented belongs to "a248.e.akami.net" It is possible, though unlikely, that someone may be trying to intercept your communication with this website


I also got the same message when attempting to get access to Geeks to go it stated that i was attempting to go to Pctools.com


Are these more viruses?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP