unkown agent at work [CLOSED], gray messenger service box |
Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!
 Jun 4 2005, 01:10 PM
Post
#1
|
|
|
Member  Posts: 13 OS: Windows XP  |
hello and thank you for taking the time to help. Ive followed the steps outlined by your site and have been successfull to a point. For a couple of days now i have been getting a gray messenger service box that tells me to go to various sites, Winregfix.com is among one of them. Ive noticed others with the same problem and have tried following the advice given, but was unsucessful. I would appreciate whatever help you can provide.
Here is my hijack this log. Logfile of HijackThis v1.99.1 Scan saved at 11:15:02 AM, on 6/4/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Documents and Settings\Slace\My Documents\hikackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com F3 - REG:win.ini: load=C:\\oer3sh.exe O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Windows Wizard] msnsgn.exe O4 - HKLM\..\Run: [Windows Processe Manager] mspn32.exe O4 - HKLM\..\Run: [Services] C:\cache.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe O4 - HKLM\..\Run: [yjobqnwb] C:\WINDOWS\yjobqnwb.exe O4 - HKLM\..\Run: [Registry Value Name] sms.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\RunServices: [Windows Processe Manager] mspn32.exe O4 - HKLM\..\RunServices: [Registry Value Name] sms.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [Sygate32 Firewall] Sygate32.exe O4 - HKCU\..\Run: [Windows Processe Manager] mspn32.exe O4 - HKCU\..\Run: [Windows32 Net Database] msnd32.exe O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [Windows Messenger Messenger] winmsg.exe O4 - HKCU\..\Run: [Internet Services] interserv.exe O4 - HKCU\..\Run: [BullGuard 5.0] "C:\Program Files\BullGuard Software\BullGuard 5.0\bullguard.exe" O4 - HKCU\..\RunServices: [Windows Processe Manager] mspn32.exe O4 - HKCU\..\RunServices: [Windows32 Net Database] msnd32.exe O4 - HKCU\..\RunServices: [Windows Messenger Messenger] winmsg.exe O4 - HKCU\..\RunServices: [Internet Services] interserv.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple...iTunesSetup.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Windows Taskbar Manager (wtaskbarmngr) - Unknown owner - C:\WINDOWS\taskbarmngr.exe (file missing) |
 |
 
|
Posts in this topic
Slace unkown agent at work [CLOSED] Jun 4 2005, 01:10 PM
thatman Hi Slace
Please read through the instructions bef... Jun 7 2005, 07:21 PM Slace Hi and thank you for helping me out with my proble... Jun 7 2005, 09:41 PM thatman Hi Slace
Please read through the instructions bef... Jun 8 2005, 02:12 AM Slace woot!
id just like to let you know that my sy... Jun 8 2005, 01:42 PM thatman Hi Slace
Congratulations! Your system is CLEA... Jun 8 2005, 02:19 PM Slace woot woot!
thanks so much for your help!
... Jun 8 2005, 03:07 PM thatman Hi Slace
We have a hardware forum you will get al... Jun 8 2005, 03:49 PM thatman Since this issue appears to be resolved ... this T... Jun 8 2005, 03:49 PM thatman Topic reopened.
Kc Jun 15 2005, 03:46 PM Slace hey thanks for reopening this.
Seems the bug is b... Jun 15 2005, 03:56 PM Slace just an update to let you guys know. I think i h... Jun 15 2005, 10:18 PM thatman Hi Slace
Please read through the instructions bef... Jun 16 2005, 02:11 AM Slace kk did that
Logfile of HijackThis v1.99.1
Scan s... Jun 16 2005, 09:02 AM thatman Hi Slace
Please read through the instructions bef... Jun 16 2005, 09:52 AM Slace Logfile of HijackThis v1.99.1
Scan saved at 2:11:5... Jun 16 2005, 03:14 PM thatman Hi Slace
Please download SilentRunners from here:... Jun 17 2005, 04:34 AM Slace "Silent Runners.vbs", revision 38, http:... Jun 17 2005, 01:24 PM thatman Hi Slace
This file don't look right, please c... Jun 17 2005, 02:33 PM Slace i checked it out but its just my current wall pape... Jun 17 2005, 03:11 PM thatman Hi Slace
Please RIGHT-CLICK here and go to Save A... Jun 18 2005, 04:55 AM Slace --------------------------------------------------... Jun 18 2005, 01:05 PM thatman Hi Slace
Now they have come out off the woodwork ... Jun 19 2005, 08:11 AM Slace Logfile of HijackThis v1.99.1
Scan saved at 11:53:... Jun 19 2005, 12:54 PM thatman Hi Slace
Please read through the instructions bef... Jun 19 2005, 01:38 PM Slace b.) Save the file as RemoveTrustedZone.reg
before... Jun 20 2005, 02:22 AM thatman Hi Slace
When a system has been invaded by malwar... Jun 20 2005, 08:47 AM
thatman Due to lack of feedback, this topic has been close... Jun 23 2005, 11:02 AM  |
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
Similar Topics
| Topic Title | Replies / Views | Topic Information | |||||
|---|---|---|---|---|---|---|---|
 |
16 / 1,532 | 11th August 2005 - 11:02 PM Skidroc started - last by Kristy |
|||||
 |
2 / 212 | 15th February 2009 - 06:36 AM TheSobrietysRule started - last by Essexboy |
|||||
|
16 / 390 | 2nd March 2010 - 12:21 AM Monique6ft started - last by mpascal |
|||||
|
2 / 153 | 1st March 2010 - 04:49 PM kyuukyuu started - last by myrti |
|||||
|
Time is now: 12th March 2010 - 12:37 PM |
Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks mentioned on this page are the property of their respective owners.
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy | Advertising