Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Spy problem on server [CLOSED]

Started by herlinde , Nov 23 2005 03:49 PM

  • This topic is locked This topic is locked

#1
herlinde
Posted 23 November 2005 - 03:49 PM

herlinde

    New Member

  • Member
  • Pip
  • 2 posts
Hi,

I have a problem on my computer. Every morning a lot of internet windows or opened with strange sites. It started all with winfixer. I have runned a lot of spyware tools, but they keep coming. Any toughts.
I did a hijackthis log.

Logfile of HijackThis v1.99.1
Scan saved at 9:50:54, on 21.11.2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
D:\Program Files\VERITAS\Backup Exec\NT\beremote.exe
C:\WINNT\System32\CpqRcmc.exe
C:\Compaq\vcagent\vcagent.exe
C:\WINNT\system32\Dfssvc.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
C:\WINNT\System32\svchost.exe
d:\Program Files\GFI\FAXmaker\fmserver.exe
C:\WINNT\System32\ismserv.exe
C:\WINNT\System32\llssrv.exe
C:\WINNT\LogWatNT.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$BKUPEXEC\Binn\sqlservr.exe
C:\WINNT\system32\ntfrs.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\locator.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\snmp.exe
C:\compaq\survey\Surveyor.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\CPQNiMgt\cpqnimgt.exe
C:\WINNT\System32\CPQMgmt\CqMgServ\cqmgserv.exe
C:\WINNT\System32\CPQMgmt\CqMgStor\cqmgstor.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
C:\WINNT\System32\dns.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
D:\Program Files\Exchsrvr\bin\exmgmt.exe
D:\Program Files\Exchsrvr\bin\mad.exe
C:\WINNT\System32\sysdown.exe
C:\WINNT\System32\CPQMgmt\CqMgHost\cqmghost.exe
C:\WINNT\System32\CPQMgmt\cpqwmgmt.exe
D:\Program Files\Exchsrvr\bin\store.exe
D:\Program Files\Exchsrvr\bin\emsmta.exe
d:\Program Files\GFI\FAXmaker\fmexgway.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\CPQTEAM.EXE
D:\Program Files\VERITAS\VxUpdate\VxTaskbarMgr.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
D:\PROGRA~1\MICROS~1\Office\OUTLOOK.EXE
C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE
C:\WINNT\msagent\AgentSvr.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
D:\Program Files\VERITAS\Backup Exec\NT\BkupExec.exe
D:\Program Files\VERITAS\Backup Exec\NT\beserver.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {11111111-2222-408A-9842-CDBE1C6D37EB} - C:\WINNT\netdde.dll
O2 - BHO: (no name) - {16875E09-927B-4494-82BD-158A1CD46BA0} - C:\WINNT\prflbmsgp32.dll
O2 - BHO: C:\WINNT\system32\st3.dll - {1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5} - C:\WINNT\system32\st3.dll
O2 - BHO: C:\WINNT\adsldpbd.dll - {826B2228-BC09-49F2-B5F8-42CE26B1B711} - C:\WINNT\adsldpbd.dll
O2 - BHO: (no name) - {DA223E41-3F7F-4B2B-8CC8-22C6A1197EEB} - C:\WINNT\mpatrol.dll
O3 - Toolbar: (no name) - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - (no file)
O4 - HKLM\..\Run: [CPQTEAM] CPQTEAM.EXE
O4 - HKLM\..\Run: [VxTaskbarMgr] D:\Program Files\VERITAS\VxUpdate\VxTaskbarMgr.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: *.coolwebsearch.com
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: *.searchmeup.com
O15 - Trusted Zone: www.skymasters.biz
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = SPARTANPANEL.BE
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF460A44-7D0E-4E5A-8616-6D110A86D612}: NameServer = 127.0.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = SPARTANPANEL.BE
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = SPARTANPANEL.BE
O20 - Winlogon Notify: PCANotify - C:\WINNT\SYSTEM32\PCANotify.dll
O20 - Winlogon Notify: st3 - C:\WINNT\system32\st3.dll
O23 - Service: Adaptive Server Anywhere - LGT (ASANYs_LGT) - Unknown owner - c:\program files\sybase\adaptive server anywhere 6.0\win32\dbsrv6.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Backup Exec Remote Agent for Windows Servers (BackupExecAgentAccelerator) - VERITAS Software Corporation - D:\Program Files\VERITAS\Backup Exec\NT\beremote.exe
O23 - Service: Backup Exec Agent Browser (BackupExecAgentBrowser) - VERITAS Software Corporation - D:\Program Files\VERITAS\Backup Exec\NT\benetns.exe
O23 - Service: Backup Exec Device & Media Service (BackupExecDeviceMediaService) - VERITAS Software Corporation - D:\Program Files\VERITAS\Backup Exec\NT\pvlsvr.exe
O23 - Service: Backup Exec Job Engine (BackupExecJobEngine) - VERITAS Software Corporation - D:\Program Files\VERITAS\Backup Exec\NT\bengine.exe
O23 - Service: Backup Exec Server (BackupExecRPCService) - VERITAS Software Corporation - D:\Program Files\VERITAS\Backup Exec\NT\beserver.exe
O23 - Service: NIC Agent (CPQNicMgmt) - Hewlett-Packard Company - C:\WINNT\System32\CPQNiMgt\cpqnimgt.exe
O23 - Service: Compaq Remote Monitor Service (CpqRcmc) - Compaq - C:\WINNT\System32\CpqRcmc.exe
O23 - Service: Version Control Agent (cpqvcagent) - Hewlett-Packard Company - C:\Compaq\vcagent\vcagent.exe
O23 - Service: Web Agent (CpqWebMgmt) - HP Corporation - C:\WINNT\System32\CPQMgmt\cpqwmgmt.exe
O23 - Service: Foundation Agent (CqMgHost) - Hewlett-Packard Company - C:\WINNT\System32\CPQMgmt\CqMgHost\cqmghost.exe
O23 - Service: Server Agents (CqMgServ) - Hewlett-Packard Company - C:\WINNT\System32\CPQMgmt\CqMgServ\cqmgserv.exe
O23 - Service: Storage Agents (CqMgStor) - Hewlett-Packard Company - C:\WINNT\System32\CPQMgmt\CqMgStor\cqmgstor.exe
O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
O23 - Service: Logical Disk Manager Administrative-service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: FAXmaker FAX Server - GFI FAX & VOICE - d:\Program Files\GFI\FAXmaker\fmservic.exe
O23 - Service: FAXmaker Exchange Connector (FAXmaker Gateway) - GFI - d:\Program Files\GFI\FAXmaker\fmexgway.exe
O23 - Service: FAXmaker Message Transfer Agent (FAXmaker MTA Service) - Unknown owner - d:\Program Files\GFI\FAXmaker\fmgwinet.exe" -service (file missing)
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINNT\LogWatNT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Surveyor - Hewlett-Packard Development Group, L.P. - C:\compaq\survey\Surveyor.EXE
O23 - Service: HP ProLiant System Shutdown Service (sysdown) - Compaq Computer Corporation - C:\WINNT\System32\sysdown.exe

Any help is welkom, Thanks.
  • 0

Advertisements

#2
loophole
Posted 24 November 2005 - 10:25 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hello :tazz:

Sorry for the delayed response, it has been very busy lately.

If you still require help please post a new Hijack log in this
thread and I will help you. If your problem has been fixed please
respond and let us know.

Thanks
  • 0

#3
herlinde
Posted 25 November 2005 - 01:48 AM

herlinde

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Hi Thanks,
Yes it is still a problem. If you could help.

Logfile of HijackThis v1.99.1
Scan saved at 8:42:58, on 25.11.2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
D:\Program Files\VERITAS\Backup Exec\NT\beremote.exe
C:\WINNT\System32\CpqRcmc.exe
C:\Compaq\vcagent\vcagent.exe
C:\WINNT\system32\Dfssvc.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\ismserv.exe
C:\WINNT\System32\llssrv.exe
C:\WINNT\LogWatNT.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$BKUPEXEC\Binn\sqlservr.exe
C:\WINNT\system32\ntfrs.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\locator.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\snmp.exe
C:\compaq\survey\Surveyor.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\CPQNiMgt\cpqnimgt.exe
C:\WINNT\System32\CPQMgmt\CqMgServ\cqmgserv.exe
C:\WINNT\System32\CPQMgmt\CqMgStor\cqmgstor.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
C:\WINNT\System32\dns.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\sysdown.exe
C:\WINNT\System32\CPQMgmt\CqMgHost\cqmghost.exe
C:\WINNT\System32\CPQMgmt\cpqwmgmt.exe
D:\Program Files\VERITAS\Backup Exec\NT\beserver.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\CPQTEAM.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\rdpclip.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\CPQTEAM.EXE
D:\Program Files\VERITAS\VxUpdate\VxTaskbarMgr.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\program files\internet explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
D:\Program Files\Exchsrvr\bin\mad.exe
D:\Program Files\Exchsrvr\bin\store.exe
D:\Program Files\Exchsrvr\bin\exmgmt.exe
D:\Program Files\Exchsrvr\bin\emsmta.exe
d:\Program Files\GFI\FAXmaker\fmserver.exe
d:\Program Files\GFI\FAXmaker\fmexgway.exe
C:\program files\internet explorer\iexplore.exe
C:\WINNT\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Bureaublad\HijackThis1991.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {11111111-2222-408A-9842-CDBE1C6D37EB} - C:\WINNT\netdde.dll
O2 - BHO: (no name) - {16875E09-927B-4494-82BD-158A1CD46BA0} - C:\WINNT\prflbmsgp32.dll
O2 - BHO: C:\WINNT\system32\st3.dll - {1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5} - C:\WINNT\system32\st3.dll
O2 - BHO: C:\WINNT\adsldpbd.dll - {826B2228-BC09-49F2-B5F8-42CE26B1B711} - C:\WINNT\adsldpbd.dll
O2 - BHO: (no name) - {DA223E41-3F7F-4B2B-8CC8-22C6A1197EEB} - C:\WINNT\mpatrol.dll
O4 - HKLM\..\Run: [CPQTEAM] CPQTEAM.EXE
O4 - HKLM\..\Run: [VxTaskbarMgr] D:\Program Files\VERITAS\VxUpdate\VxTaskbarMgr.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKCU\..\Run: [ClearCookies] C:\WINNT\cc.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O15 - Trusted Zone: *.coolwebsearch.com
O15 - Trusted Zone: *.searchmeup.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = SPARTANPANEL.BE
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF460A44-7D0E-4E5A-8616-6D110A86D612}: NameServer = 127.0.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = SPARTANPANEL.BE
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = SPARTANPANEL.BE
O20 - Winlogon Notify: PCANotify - C:\WINNT\SYSTEM32\PCANotify.dll
O20 - Winlogon Notify: st3 - C:\WINNT\system32\st3.dll
O23 - Service: Adaptive Server Anywhere - LGT (ASANYs_LGT) - Unknown owner - c:\program files\sybase\adaptive server anywhere 6.0\win32\dbsrv6.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Backup Exec Remote Agent for Windows Servers (BackupExecAgentAccelerator) - VERITAS Software Corporation - D:\Program Files\VERITAS\Backup Exec\NT\beremote.exe
O23 - Service: Backup Exec Agent Browser (BackupExecAgentBrowser) - VERITAS Software Corporation - D:\Program Files\VERITAS\Backup Exec\NT\benetns.exe
O23 - Service: Backup Exec Device & Media Service (BackupExecDeviceMediaService) - VERITAS Software Corporation - D:\Program Files\VERITAS\Backup Exec\NT\pvlsvr.exe
O23 - Service: Backup Exec Job Engine (BackupExecJobEngine) - VERITAS Software Corporation - D:\Program Files\VERITAS\Backup Exec\NT\bengine.exe
O23 - Service: Backup Exec Server (BackupExecRPCService) - VERITAS Software Corporation - D:\Program Files\VERITAS\Backup Exec\NT\beserver.exe
O23 - Service: NIC Agent (CPQNicMgmt) - Hewlett-Packard Company - C:\WINNT\System32\CPQNiMgt\cpqnimgt.exe
O23 - Service: Compaq Remote Monitor Service (CpqRcmc) - Compaq - C:\WINNT\System32\CpqRcmc.exe
O23 - Service: Version Control Agent (cpqvcagent) - Hewlett-Packard Company - C:\Compaq\vcagent\vcagent.exe
O23 - Service: Web Agent (CpqWebMgmt) - HP Corporation - C:\WINNT\System32\CPQMgmt\cpqwmgmt.exe
O23 - Service: Foundation Agent (CqMgHost) - Hewlett-Packard Company - C:\WINNT\System32\CPQMgmt\CqMgHost\cqmghost.exe
O23 - Service: Server Agents (CqMgServ) - Hewlett-Packard Company - C:\WINNT\System32\CPQMgmt\CqMgServ\cqmgserv.exe
O23 - Service: Storage Agents (CqMgStor) - Hewlett-Packard Company - C:\WINNT\System32\CPQMgmt\CqMgStor\cqmgstor.exe
O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
O23 - Service: Logical Disk Manager Administrative-service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: FAXmaker FAX Server - GFI FAX & VOICE - d:\Program Files\GFI\FAXmaker\fmservic.exe
O23 - Service: FAXmaker Exchange Connector (FAXmaker Gateway) - GFI - d:\Program Files\GFI\FAXmaker\fmexgway.exe
O23 - Service: FAXmaker Message Transfer Agent (FAXmaker MTA Service) - Unknown owner - d:\Program Files\GFI\FAXmaker\fmgwinet.exe" -service (file missing)
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINNT\LogWatNT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Surveyor - Hewlett-Packard Development Group, L.P. - C:\compaq\survey\Surveyor.EXE
O23 - Service: HP ProLiant System Shutdown Service (sysdown) - Compaq Computer Corporation - C:\WINNT\System32\sysdown.exe
  • 0

#4
loophole
Posted 25 November 2005 - 03:34 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hello herlinde :tazz:

RIGHT-CLICK HERE and Save As (In IE it's "Save Target As") in order to download DelDomains.inf to your desktop.
To use: RIGHT-CLICK DelDomains.inf and select: Install (no need to restart)
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.


Download win32delfkil.exe.
Save it on your desktop.
Double click on win32delfkil.exe and install it. This creates a new folder on your desktop: win32delfkil.
Close all windows, open the win32delfkil folder and double click on fix.bat.
The computer will reboot automatically.
Post the contents of the logfile c\windelf.txt, along with a new hijackhis log and we can clean up whats left

Thanks

Edited by loophole, 25 November 2005 - 03:35 PM.

  • 0

#5
loophole
Posted 06 December 2005 - 11:16 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP