Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Controlling my internet address & removing it

Started by Classy2 , Mar 19 2005 02:34 AM

  • This topic is locked This topic is locked

#61
Classy2
Posted 14 April 2005 - 09:07 PM

Classy2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 242 posts
I installed CWShredder only to click on fix.
My Search showed Shredder exe showed up in Program files but was nowhere to be found.
But I clicked on ''FIX'' anyway CWShedder and is Shedder's Log;

**** Run Keys ****

RUN: [hpsysdrv] c:\windows\system\hpsysdrv.exe
RUN: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
RUN: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
RUN: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
RUN: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
RUN: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
RUN: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
RUN: [srmclean] C:\Cpqs\Scom\srmclean.exe
RUN: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
RUN: [kmw_run.exe] kmw_run.exe
RUN: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
RUN: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
RUN: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
RUN: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
RUN: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
RUN: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
RUN: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe


**** Browser Helper Objects ****

BHO: [SpywareGuardDLBLOCK.CBrowserHelper] C:\Program Files\SpywareGuard\dlprotect.dll
BHO: [] C:\PROGRA~1\SPYBOT~1\SDHelper.dll


**** IE Toolbars ****

TOOLBAR: []


**** IE Extensions ****

IEExt: [Messenger]
IEExt: [AIM] C:\Program Files\AIM\aim.exe


**** Hosts File Entries ****

HOSTS: 127.0.0.1 localhost
HOSTS: 127.0.0.1 localhost


**** IE Settings ****

Default Search: http://www.google.com
Local Page: http://www.google.com
Search Page: http://home.microsof...ss/allinone.asp


**** IE Context Menu (Right click) ****



**** Layered Service Providers ****

LSP: MSAFD Tcpip [TCP/IP]
LSP: MSAFD Tcpip [UDP/IP]
LSP: RSVP UDP Service Provider
LSP: RSVP TCP Service Provider
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{448EBD2A-3D73-4EC0-BFA2-D40882CDF538}] SEQPACKET 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{448EBD2A-3D73-4EC0-BFA2-D40882CDF538}] DATAGRAM 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B477CD21-9A4D-4539-9330-CE1C248E9261}] SEQPACKET 4
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B477CD21-9A4D-4539-9330-CE1C248E9261}] DATAGRAM 4
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{44FBB619-E53D-49B0-B1A8-513BB5EBBE44}] SEQPACKET 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{44FBB619-E53D-49B0-B1A8-513BB5EBBE44}] DATAGRAM 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F1F55999-07DC-4AC6-A33A-F9F16BBA4BA5}] SEQPACKET 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F1F55999-07DC-4AC6-A33A-F9F16BBA4BA5}] DATAGRAM 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7D8D8EB9-0E1C-4832-96E1-822801CEFE12}] SEQPACKET 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7D8D8EB9-0E1C-4832-96E1-822801CEFE12}] DATAGRAM 2


**** Blocked Control Panel Items ****

BLOCKED: [ncpa.cpl] No
BLOCKED: [odbccp32.cpl] No


**** Downloaded Program Files ****

Microsoft XML Parser for Java [file://C:\WINDOWS\Java\classes\xmldso.cab]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [http://www.apple.com...x/qtplugin.cab]
{166B1BCA-3F9C-11CF-8075-444553540000} [http://download.macr...irector/sw.cab]
{19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} [http://protect.micro...?1113268228062] C:\WINDOWS\System32\mssecadv.dll
{74D05D43-3236-11D4-BDCD-00C04F9A3B61} [http://a840.g.akamai...ll/xscan53.cab] C:\WINDOWS\System32\mfc42.dll C:\WINDOWS\loadhttp.dll C:\WINDOWS\aucfg.ini C:\WINDOWS\tmupdate.ini C:\WINDOWS\runtsckl.exe C:\WINDOWS\patchw32.dll C:\WINDOWS\Downloaded Program Files\xscan53.ocx
{8AD9C840-044E-11D1-B3E9-00805F499D93} [http://java.sun.com/...ll-131-win.cab]
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} [http://www.pandasoft...as5/asinst.cab]
{A17E30C4-A9BA-11D4-8673-60DB54C10000} [http://www.pandasoft...as5/asinst.cab]
{A93D84FD-641F-43AE-B963-E6FA84BE7FE7} [http://www.linksysfi...l/gtdownls.cab]
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} [http://messenger.msn...Downloader.cab]
{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} [http://java.sun.com/...ll-131-win.cab]
{D27CDB6E-AE6D-11CF-96B8-444553540000} [http://download.macr...sh/swflash.cab]


**** Windows Services ****

[Alerter] %SystemRoot%\System32\svchost.exe -k LocalService
[ALG] %SystemRoot%\System32\alg.exe
[AppMgmt] %SystemRoot%\system32\svchost.exe -k netsvcs
[aswUpdSv] "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
[AudioSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[avast! Antivirus] "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
[avast! Mail Scanner] "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
[avast! Web Scanner] "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
[BITS] %SystemRoot%\System32\svchost.exe -k netsvcs
[Browser] %SystemRoot%\System32\svchost.exe -k netsvcs
[cisvc] C:\WINDOWS\System32\cisvc.exe
[ClipSrv] %SystemRoot%\system32\clipsrv.exe
[Compaq_RBA] C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
[COMSysApp] C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
[CryptSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[Dhcp] %SystemRoot%\System32\svchost.exe -k netsvcs
[dmadmin] %SystemRoot%\System32\dmadmin.exe /com
[dmserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[Dnscache] %SystemRoot%\System32\svchost.exe -k NetworkService
[ERSvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[Eventlog] %SystemRoot%\system32\services.exe
[EventSystem] C:\WINDOWS\System32\svchost.exe -k netsvcs
[ewido security suite control] C:\Program Files\ewido\security suite\ewidoctrl.exe
[ewido security suite guard] C:\Program Files\ewido\security suite\ewidoguard.exe
[FastUserSwitchingCompatibility] %SystemRoot%\System32\svchost.exe -k netsvcs
[Fax] %systemroot%\system32\fxssvc.exe
[helpsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[HidServ] %SystemRoot%\System32\svchost.exe -k netsvcs
[ImapiService] C:\WINDOWS\System32\imapi.exe
[lanmanserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[lanmanworkstation] %SystemRoot%\System32\svchost.exe -k netsvcs
[LmHosts] %SystemRoot%\System32\svchost.exe -k LocalService
[Messenger] %SystemRoot%\System32\svchost.exe -k netsvcs
[mnmsrvc] C:\WINDOWS\System32\mnmsrvc.exe
[msCMTSrvc] C:\WINDOWS\system32\msCMTSrvc.exe
[MSDTC] C:\WINDOWS\System32\msdtc.exe
[MSIServer] C:\WINDOWS\System32\msiexec.exe /V
[NetDDE] %SystemRoot%\system32\netdde.exe
[NetDDEdsdm] %SystemRoot%\system32\netdde.exe
[Netlogon] %SystemRoot%\System32\lsass.exe
[Netman] %SystemRoot%\System32\svchost.exe -k netsvcs
[Nla] %SystemRoot%\System32\svchost.exe -k netsvcs
[NtLmSsp] %SystemRoot%\System32\lsass.exe
[NtmsSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[NVSvc] %SystemRoot%\System32\nvsvc32.exe
[PlugPlay] %SystemRoot%\system32\services.exe
[PolicyAgent] %SystemRoot%\System32\lsass.exe
[ProtectedStorage] %SystemRoot%\system32\lsass.exe
[RasAuto] %SystemRoot%\System32\svchost.exe -k netsvcs
[RasMan] %SystemRoot%\System32\svchost.exe -k netsvcs
[RDSessMgr] C:\WINDOWS\system32\sessmgr.exe
[RemoteAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
[RpcLocator] %SystemRoot%\System32\locator.exe
[RpcSs] %SystemRoot%\system32\svchost -k rpcss
[RSVP] %SystemRoot%\System32\rsvp.exe
[SamSs] %SystemRoot%\system32\lsass.exe
[SCardDrv] %SystemRoot%\System32\SCardSvr.exe
[SCardSvr] %SystemRoot%\System32\SCardSvr.exe
[Schedule] %SystemRoot%\System32\svchost.exe -k netsvcs
[seclogon] %SystemRoot%\System32\svchost.exe -k netsvcs
[SENS] %SystemRoot%\system32\svchost.exe -k netsvcs
[SharedAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
[ShellHWDetection] %SystemRoot%\System32\svchost.exe -k netsvcs
[Spooler] %SystemRoot%\system32\spoolsv.exe
[srservice] %SystemRoot%\System32\svchost.exe -k netsvcs
[SSDPSRV] %SystemRoot%\System32\svchost.exe -k LocalService
[stisvc] %SystemRoot%\System32\svchost.exe -k imgsvc
[SwPrv] C:\WINDOWS\System32\dllhost.exe /Processid:{257F6730-5785-45C9-B620-CD36C3832448}
[SysmonLog] %SystemRoot%\system32\smlogsvc.exe
[TapiSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[TermService] %SystemRoot%\System32\svchost.exe -k netsvcs
[Themes] %SystemRoot%\System32\svchost.exe -k netsvcs
[TrkWks] %SystemRoot%\system32\svchost.exe -k netsvcs
[uploadmgr] %SystemRoot%\System32\svchost.exe -k netsvcs
[upnphost] %SystemRoot%\System32\svchost.exe -k LocalService
[UPS] %SystemRoot%\System32\ups.exe
[VSS] %SystemRoot%\System32\vssvc.exe
[W32Time] %SystemRoot%\System32\svchost.exe -k netsvcs
[WebClient] %SystemRoot%\System32\svchost.exe -k LocalService
[winmgmt] %systemroot%\system32\svchost.exe -k netsvcs
[WmdmPmSN] %SystemRoot%\System32\svchost.exe -k netsvcs
[WmiApSrv] C:\WINDOWS\System32\wbem\wmiapsrv.exe
[wuauserv] %systemroot%\system32\svchost.exe -k netsvcs
[WZCSVC] %SystemRoot%\System32\svchost.exe -k netsvcs


**** Custom IE Search Items ****

SEARCH: [SearchAssistant] http://ie.search.msn...st/srchasst.htm
SEARCH: [CustomizeSearch] http://ie.search.msn...st/srchcust.htm
SEARCH: [CustomSearch] http://rd.yahoo.com/.../search/ie.html


**** Complete IE Options ****

IEOPT: [NoUpdateCheck]
IEOPT: [NoJITSetup]
IEOPT: [Disable Script Debugger] yes
IEOPT: [Show_ChannelBand] No
IEOPT: [Anchor Underline] yes
IEOPT: [Cache_Update_Frequency] Once_Per_Session
IEOPT: [Display Inline Images] yes
IEOPT: [Do404Search]
IEOPT: [Local Page]
IEOPT: [Save_Session_History_On_Exit] no
IEOPT: [Show_FullURL] no
IEOPT: [Show_StatusBar] yes
IEOPT: [Show_ToolBar] yes
IEOPT: [Show_URLinStatusBar] yes
IEOPT: [Show_URLToolBar] yes
IEOPT: [Start Page] http://login.passpor...gin.srf?id=6528
IEOPT: [Use_DlgBox_Colors] yes
IEOPT: [Search Page] http://home.microsof...ss/allinone.asp
IEOPT: [Check_Associations] No
IEOPT: [Use Custom Search URL]
IEOPT: [FullScreen] no
IEOPT: [Window_Placement] ,
IEOPT: [NotifyDownloadComplete] yes
IEOPT: [Error Dlg Displayed On Every Error] no
IEOPT: [Use FormSuggest] yes
IEOPT: [AddToFavoritesExpanded]
IEOPT: [Default_Search_URL] http://www.google.com/search?q=%s
IEOPT: [FormSuggest PW Ask] no
IEOPT: [Use Search Asst] yes
IEOPT: [AutoSearch]
IEOPT: [ShowedCheckBrowser] Yes
IEOPT: [Default_Search_URL] http://www.google.com
IEOPT: [Search Page] http://home.microsof...ss/allinone.asp
IEOPT: [Enable_Disk_Cache] yes
IEOPT: [Cache_Percent_of_Disk]
IEOPT: [Delete_Temp_Files_On_Exit] yes
IEOPT: [Local Page] %SystemRoot%\system32\blank.htm
IEOPT: [Anchor_Visitation_Horizon]
IEOPT: [Use_Async_DNS] yes
IEOPT: [Placeholder_Width]
IEOPT: [Placeholder_Height]
IEOPT: [Start Page] about:blank
IEOPT: [Wizard_Version] 6.00.2600.0000
IEOPT: [FullScreen] no
IEOPT: [Use_DlgBox_Colors] yes
IEOPT: [Enable Browser Extensions] yes
IEOPT: [SearchAssistant]
IEOPT: [IEWatsonEnabled]
IEOPT: [Search Bar] http://rd.yahoo.com/.../search/ie.html

In the Safe mode, I deleted two of the three files you listed. The line that said " Software\......internet\ main page" was deleted and only found in "Regular Mode"]
Heres HJT Log;

Logfile of HijackThis v1.99.1
Scan saved at 10:20:19 PM, on 4/14/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\WINDOWS\System32\kmw_run.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\System32\KMW_SHOW.EXE
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passpor...gin.srf?id=6528
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/.../search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [Compaq_RBA] C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe -z
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} -
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfi...ll/gtdownls.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

When logging back from "Safe Mode" to Regular mode
I recieved "Spybot box Warning" asking if I wanted to change my Default page from "about" to "None.com"? Knowing I was to delete the "about line in HJT". I clicked on change default page to "None" in the Spybot warning.
Kc, I hope I clicked the right choice. My daufault page OK. :tazz:
Question; I want to make a fresh attempt at downloading Yahoo Messenger.
Would it help to delete all lines that mention Yahoo?
Did you mean update my Explorer to SP1A, Or just update critical files. I thought you told me not to download SP1A until my sysytem was all clean?????
  • 0

Advertisements

#62
Classy2
Posted 14 April 2005 - 10:30 PM

Classy2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 242 posts
Good Morning Kc,
The good news is that Panda and Trend Micro scan showed NO viruses ;)
The BAD news is I went to Microsoft to update some critical updates. This time my Error said " NO INTERNET CONNECTION" I tried following the error instructions but Im in very unfamilar territory when I have to type in the "Command Prompt" ipconfig. :tazz: Testing my TCP\IP and pinging?.
Faithfully finishing,
Classy
  • 0

#63
Guest_thatman_*
Posted 15 April 2005 - 05:48 AM

Guest_thatman_*
  • Guest
Hi Classy2

Download the Hoster from here Press "Restore Original Hosts. and press "OK". Exit Program.

Download and unzip cwsserviceremove to your desktop.
cwsserviceremove
Double click on the cwsserviceremove and when asked to merge say yes.

Reboot

Now try and in stall the windows SP_2 update

Kc :tazz:
  • 0

#64
Classy2
Posted 15 April 2005 - 06:03 AM

Classy2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 242 posts
ERROR:---- Saying the following...
Internet Explorer cannot download hoster.zip from memembers.aol.com
Internet Explorer was not able to open this Internet site. The requisted site is either unavailable
or cannot be found. Please try again.
  • 0

#65
Classy2
Posted 15 April 2005 - 06:41 AM

Classy2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 242 posts
I tried the host link again and recieved the same error.
Have a nice weekend.
Take Care,
Classy
  • 0

#66
Guest_thatman_*
Posted 16 April 2005 - 04:38 AM

Guest_thatman_*
  • Guest
Hi Classy2

Try this link
Press "Restore Original Hosts. and press "OK". Exit Program.

Kc :tazz:
  • 0

#67
Classy2
Posted 17 April 2005 - 10:28 PM

Classy2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 242 posts
Good Morning Kc,
This time I clicked on the Host file it Extracted. ;) And I clicked On "change Host, then OK" ;)
This program said "my host was editable" and would I like to change it to "Read only file" I left as a "editable" ??? until you tell me to change it or not.

This weekend I was getting errors saying,

"Would you like to work offline or try to connect to the Internet"
What problem did the "Host repair program' fix?

Thank you very much for your time and help And So close to the finish :tazz:
Classy
  • 0

#68
Classy2
Posted 18 April 2005 - 07:49 PM

Classy2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 242 posts
On your post# 66

1. You asked me to;.. Download the Hoster from here Press "Restore Original Hosts. and press "OK". Exit Program. :tazz:

(Since downloading the ) " Host and pressing "OK".. My error all day is that my ISP cable is not connected. My connecting to here was extreely slow. It almost wouldnt open my topic up. When I clicked on the Internet icon, it brought me to to check with my internet connection. My Internet connection has alwas been on and lit modem showing its connected.

Suddenly I have two computers in my launch bar with an red X going through them. Can you tell me whats my problem? ;)
Classy
  • 0

#69
Classy2
Posted 20 April 2005 - 03:08 AM

Classy2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 242 posts
Good Morning Kc,
In the ''Host program...it asked me if I wanted to change my host name to.. ''read only''?
Kc, I've been coping files before I download SP2.

Im wondering one thing..
If you ever heard of your computer neding to be free from all malware before installing a firewall?

If so do you need a copy of my HJT Log, or anything else before installing SP2.
Do you have any expert advise on installing SP2?
Microsoft gives plenty advice before installing the SP1 ad 2, but the techinical language goes right over my head. So if you can kindly advise me, Id very much appreciate it
Classy
  • 0

#70
Guest_thatman_*
Posted 21 April 2005 - 08:30 AM

Guest_thatman_*
  • Guest
Hi Classy2

Have been ill the last few weeks sorry you have had to wait

Please post an new HJT.log

Kc :tazz:
  • 0

Advertisements

#71
Classy2
Posted 22 April 2005 - 12:54 AM

Classy2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 242 posts
Kc, Im very sorry you are sick. I would be insensitive if asked for help while you are sick. Please no appologies but please do accept mine.
Please when your feeling better, possibly these errors may give you additional help in helping me & my computer;
1. ERROR ---When Updating Spybot;
Error; This program will not send any info about your computer to me or anyone else!
It will just load and display a textile from my server.
( You'll need to open internet connection to do this) <______Where,How??

Clicking on the link to cwsservivcemove.....
ERROR.... Are you sure you want to add the following information in;
C:PROGRA~1\CWSSER~1\CWSSER~1.REG to the registry?
YES NO
It did not say "Merge" as you said to click on. So I clicked ''no'' since it looked like a corrupt path. I hope I did the right thing.

And heres my HJT Log running in "Safe Mode"

Logfile of HijackThis v1.99.1
Scan saved at 1:08:11 AM, on 4/22/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://store.presari...&c=2c02&lc=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} -
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfi...ll/gtdownls.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

I see many programs say "Unknown Owner" what does this mean??

Avast have found the following trojans;

NAME--Win32:Qoologic-B
VPS version 0516-2, 04/19/2005
path cuddles\local settings\Temporary internet
C;\DOCUME~1Cuddles\LOCALS~1\Temp\tp7453.exe

FILE winup2date.dll
Path C:Windows\System32
Infection; Spyware.Small.et
(Although I stopped this from running, It still pops up in Avast) Im not sure if both can be safely deleted.

Please feel better. I'll keep posting to keep my topic open.
Take care,
Classy
  • 0

#72
Guest_thatman_*
Posted 22 April 2005 - 03:33 AM

Guest_thatman_*
  • Guest
Hi Classy2

Download and unzip cwsserviceremove to your desktop only. use either link below:
cwsserviceremove
cwsserviceremove.zip

I see many programs say "Unknown Owner" what does this mean
msCMTSrvc.exe is an application that gets bundled with a particular series of the Compaq Presario systems. msCMTSrvc is called the Content Monitoring Tool Service (CMTS). The Compaq Offer Zone, displayed on the desktop as the Hot Deals icon, uses the CMTS to update the computer when new merchandise is available for purchase by the user.
Suggested Action

Allow this program access the Internet (if you want this particular feature) and configure your firewalls accordingly. Or, disable the application/service using Services.msc if you no longer plan to use this feature of Compaq / HP systems.

Please post all HJT.Log in regular mode :tazz:

Thank you

Kc ;)
  • 0

#73
Classy2
Posted 22 April 2005 - 06:29 AM

Classy2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 242 posts
Good Morning Kc,
I hope you are feeling better. Im glad to see your post.

I disabled the CMT Service :tazz:

I extracted and save CWSERVICEMOVE and this is what ist asked...
C:\DOCUM~1\Cuddles\LOCALS~1\TEMPOR~1\Content.IE5\0D6NWTY7\2004~1\CWSSER~REG to the registry. YES OR NO
Not much of a program and not sure if thats what is should say ???

Here is my HJT Log; Next time can I delete the lineS which say "MISSING FILE"?????"

Logfile of HijackThis v1.99.1
Scan saved at 8:18:37 AM, on 4/22/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\WINDOWS\System32\kmw_run.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\KMW_SHOW.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\WINDOWS\System32\locator.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\WINDOWS\System32\vssvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.geekstogo...&st=60&p=87648
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/.../search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\RunOnce: [Compaq_RBA] C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe -z
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Outlook Express.lnk = C:\Program Files\Outlook Express\msimn.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} -
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfi...ll/gtdownls.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

I'll be here for a while, in case you have time maybe we can clean up more, or work on my host problem. Kc, did someone steal my identidy, whats this Host problem? I like learning.
Take care,
Classy
  • 0

#74
Guest_thatman_*
Posted 22 April 2005 - 06:57 AM

Guest_thatman_*
  • Guest
Hi Classy2

cwsserviceremove you only have the yes and no links: that is OK.
What the program will do it remove's all hidden links that may block you
from using legal program I.E virus scans, windows update's, and many other site's that are safe to use.

Now it is time to Update your windows to SP2 do it now.

Kc :tazz:
  • 0

#75
Classy2
Posted 24 April 2005 - 12:39 AM

Classy2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 242 posts
Good Morning Kc,
I extracted the files from csservicemove.. clicked ok a few days ago.
Tonight I went to windows update and the
error said... to enable my popups????? ;) I do not have any popup blockers. ;)
Maybe it will be easier just to install another kind of firewall :tazz:
What else can be done?
Take Care,
Classy
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP