Windows\systems32 Bugs?

Welcome to your place for tech questions! ( Log In or Join today ) Get answers from experts today. (it's 100% free) Virus removal forum

What the Tech > Spyware / Malware / Virus Removal > Virus, Spyware & Malware Removal

Windows\systems32 Bugs?, Why does this keep trying to access net

Options

jay1 View Member Profile	Aug 31 2004, 06:35 AM Post #1
New Member Group: Authentic Member Posts: 6 Joined: 22-August 04 Member No.: 13,017	I am running xp sp2 with Sygate pro, updated, CW shredder clean, Highjack this says too much for my feeble understanding to comprehend. I keep blocking most system32 attenpts especialy when they've been contacted by another machine but they keep trying. Do any of these pose a security threat and if so what should I do. I've just installed sp2 for xp and downloaded the latest updates for S&D and got these results are they because of the sp2 or are these real threats. Also I am running Norton 2004 antivirus newest updates clean. Windows new security pack has a firewall that is supposed to be better but I like my Sygate should I keep this or use the windows firewall, right now I have deactivated the windows firewall and the windows virus program and I have this anoying little warning in my bottom bar which apparently says I'm not properly protected is this just microsoft foolery or should I take this seriously. Spybot S&D says this after the newest update: DSO Exploit: Data source object exploit (Registry change, nothing done) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3 DSO Exploit: Data source object exploit (Registry change, nothing done) HKEY_USERS\S-1-5-21-2583582808-3212271881-3441252980-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3 DSO Exploit: Data source object exploit (Registry change, nothing done) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3 DSO Exploit: Data source object exploit (Registry change, nothing done) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3 DSO Exploit: Data source object exploit (Registry change, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3 SearchForIt: Settings (Registry key, nothing done) HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\activex compatibility\{c109664b-ceb1-420b-b353-d55a561536dd} --- Spybot - Search && Destroy version: 1.3 --- 2004-08-11 Includes\Cookies.sbi 2004-08-30 Includes\Dialer.sbi 2004-08-30 Includes\Hijackers.sbi 2004-08-20 Includes\Keyloggers.sbi 2004-05-12 Includes\LSP.sbi 2004-08-30 Includes\Malware.sbi 2004-08-12 Includes\Revision.sbi 2004-08-11 Includes\Security.sbi 2004-08-30 Includes\Spybots.sbi 2004-08-30 Includes\Tracks.uti 2004-08-30 Includes\Trojans.sbi Highjackthis says: Logfile of HijackThis v1.98.2 Scan saved at 14:32:59, on 31.08.2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Norton AntiVirus\navapsvc.exe C:\Programme\Norton AntiVirus\SAVScan.exe C:\Programme\Analog Devices\SoundMAX\SMAgent.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\AGRSMMSG.exe C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\HP\Digital Imaging\Unload\hpqcmon.exe C:\Programme\HP\HP Share-to-Web\hpgs2wnd.exe C:\WINDOWS\System32\hphmon05.exe C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\HP\HP Share-to-Web\hpgs2wnf.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\wscntfy.exe C:\Programme\GMX Programme\GMX Internet Manager\GMX_Internet_Manager.exe C:\Programme\Sygate\SPF\smc.exe C:\Programme\Internet Explorer\iexplore.exe C:\Dokumente und Einstellungen\jay\Desktop\security\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-de8l.hpwis.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de8l.hpwis.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gmx.de/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Cpqset] C:\Programme\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [CamMonitor] C:\Programme\HP\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\HP\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [HPHUPD05] c:\Programme\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NAV CfgWiz] C:\Programme\Gemeinsame Dateien\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT" O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Fax.lnk = C:\Programme\Teledat\TelFax32.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://de8l.hpwis.com O17 - HKLM\System\CCS\Services\Tcpip\..\{4D1C49CA-9A39-4D7A-97C2-8D787CE0C72F}: NameServer = 217.237.150.225 194.25.2.129 O17 - HKLM\System\CCS\Services\Tcpip\..\{E6F20C37-0E42-4790-8118-E3306012C360}: NameServer = 192.168.121.252,192.168.121.253 Thanks for the help

jay1 View Member Profile	Sep 22 2004, 01:09 AM Post #2
New Member Group: Authentic Member Posts: 6 Joined: 22-August 04 Member No.: 13,017	Is there anybody out there!!!!

Angoid View Member Profile	Sep 22 2004, 01:45 AM Post #3
Slyware Warrior Group: Dev Posts: 207 Joined: 26-June 03 From: Notts, UK Member No.: 113 Operating System: WinXP, Win98, Win8	Hi Jay1, and apologies for letting you slide twice Unfortunately, the problem is that there are more problems than people to help, but you really were deeply unlucky for it to happen twice. Anyway, in terms of malware creeping onto computers, your last log is now quite out-of-date. Can post back a fresh log please - there are one or two items of tidying-up I'd like to do, but we need a fuller picture beforehand. Also, those O17 lines usually give details of your ISP, but in this case I only get one-liners. Can you follow these links and see whether the domain names mean anything to you - as no address or detail is given I'm tempted to say they'll need fixing. I need to do a bit more research before telling you to fix them though! Here they are: 217.237.150.225 94.25.2.129 192.168.121.252 192.168.121.253

jay1 View Member Profile	Sep 22 2004, 03:04 AM Post #4
New Member Group: Authentic Member Posts: 6 Joined: 22-August 04 Member No.: 13,017	Hi there and thanks for the response, I'm sorry about the comment I was just feeling a bit frustrated seeing everyone else but me getting replies. I appeciate you taking the time for me. I'm now on my home p.c. so I'll have to log on with my laptop to give you a fuller pic of what's been going on. I only recognize one of the ID's from t-online but I've since deinstalled all that junk. I can strongly suggest not using anything t-online as I have seen too many wierd things it auto configs and auto reports on a regular basis and no one at support seems to know what I'm talking about or they are told to pretend so?? I've been extensively researching a lot of other issues on the forum and have since downloaded a lot of very helpfull programs I hope I'm on the way to becoming well protected from future issues. Once again many thanks and I'll post a new log as soon as I can get my laptop online. Jay

jay1 View Member Profile	Sep 22 2004, 03:45 AM Post #5
New Member Group: Authentic Member Posts: 6 Joined: 22-August 04 Member No.: 13,017	Here I am I just updated all my stuff and ran a few scans all seems o.k. here's my log: Logfile of HijackThis v1.98.2 Scan saved at 11:42:05, on 22.09.2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Sygate\SPF\smc.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Norton AntiVirus\navapsvc.exe C:\Programme\Norton AntiVirus\SAVScan.exe C:\Programme\Analog Devices\SoundMAX\SMAgent.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\AGRSMMSG.exe C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\HP\Digital Imaging\Unload\hpqcmon.exe C:\Programme\HP\HP Share-to-Web\hpgs2wnd.exe C:\WINDOWS\System32\hphmon05.exe C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\HP\HP Share-to-Web\hpgs2wnf.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe C:\Programme\SpywareGuard\sgmain.exe C:\Programme\SpywareGuard\sgbhp.exe C:\Programme\GMX Programme\GMX Internet Manager\GMX_Internet_Manager.exe C:\WINDOWS\system32\wscntfy.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\NMain.exe C:\Dokumente und Einstellungen\jay\Desktop\security\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-de8l.hpwis.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de8l.hpwis.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gmx.de/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programme\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Cpqset] C:\Programme\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [CamMonitor] C:\Programme\HP\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\HP\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [HPHUPD05] c:\Programme\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NAV CfgWiz] C:\Programme\Gemeinsame Dateien\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT" O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: SpywareGuard.lnk = C:\Programme\SpywareGuard\sgmain.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://de8l.hpwis.com O15 - Trusted Zone: http://Download.Windowsupdate.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093967074955 O17 - HKLM\System\CCS\Services\Tcpip\..\{4D1C49CA-9A39-4D7A-97C2-8D787CE0C72F}: NameServer = 217.237.150.225 217.237.150.141 Thanks again!!! jay

Angoid View Member Profile	Sep 22 2004, 05:53 AM Post #6
Slyware Warrior Group: Dev Posts: 207 Joined: 26-June 03 From: Notts, UK Member No.: 113 Operating System: WinXP, Win98, Win8	Hi Jay, No, I can understand you getting a bit frustrated! It's increasingly the nature of this beast unfortunately. Anyway, here are a few fixes for you. Can you close all programs, leaving only HijackThis running and place a check against the following items: O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O17 - HKLM\System\CCS\Services\Tcpip\..\{4D1C49CA-9A39-4D7A-97C2-8D787CE0C72F}: NameServer = 217.237.150.225 217.237.150.141 (The info you gave about t-online has helped show me that the O17 lines were indeed bad, and one of them has been removed by your other scans leaving just this one now). Click on Fix Checked, and exit HijackThis. Reboot your system. Fire up one Internet Explorer session and close it down again immediately. Post back a fresh HijackThis log, and we'll just make certain. Are you experiencing any hijacking symptoms?

jay1 View Member Profile	Sep 22 2004, 08:07 AM Post #7
New Member Group: Authentic Member Posts: 6 Joined: 22-August 04 Member No.: 13,017	Hi there, Thanks again for your swift and friendly help. Here's my log. my ISDN Internet manager from gmx is doing some weird things when i try to go offline even though I have configured it to not do anything automatically which is it's factory configuration. when I try to go off line it keeps telling me to wait because it is conecting to the gmx server or something like that. my home pc is doing really wierd things now maybe you could have a look at my other post. here's my post after removing what you said and then rebooting and a quick ie trip. Logfile of HijackThis v1.98.2 Scan saved at 15:57:28, on 22.09.2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Sygate\SPF\smc.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Norton AntiVirus\navapsvc.exe C:\Programme\Norton AntiVirus\SAVScan.exe C:\Programme\Analog Devices\SoundMAX\SMAgent.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\AGRSMMSG.exe C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\HP\Digital Imaging\Unload\hpqcmon.exe C:\Programme\HP\HP Share-to-Web\hpgs2wnd.exe C:\WINDOWS\System32\hphmon05.exe C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\HP\HP Share-to-Web\hpgs2wnf.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\GMX Programme\GMX Internet Manager\GMX_Internet_Manager.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe C:\Programme\SpywareGuard\sgmain.exe C:\Programme\SpywareGuard\sgbhp.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\Dokumente und Einstellungen\jay\Desktop\security\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-de8l.hpwis.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de8l.hpwis.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gmx.de/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programme\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Cpqset] C:\Programme\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [CamMonitor] C:\Programme\HP\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\HP\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [HPHUPD05] c:\Programme\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NAV CfgWiz] C:\Programme\Gemeinsame Dateien\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT" O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ProfiDialer] C:\Programme\GMX Programme\GMX Internet Manager\GMX_Internet_Manager.exe -watchermode O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: SpywareGuard.lnk = C:\Programme\SpywareGuard\sgmain.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://de8l.hpwis.com O15 - Trusted Zone: http://Download.Windowsupdate.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093967074955 I notice that 017 is now completely missing????? thanks again jay

Angoid

Sep 22 2004, 10:31 AM

Post #8

Slyware Warrior

Group: Dev
Posts: 207
Joined: 26-June 03
From: Notts, UK
Member No.: 113
Operating System: WinXP, Win98, Win8

Hiya Jay,

QUOTE

Thanks again for your swift and friendly help.

It's what we're here for

That GMX dialer looks as though it's being started up from this entry here:

O4 - HKCU\..\Run: [ProfiDialer] C:\Programme\GMX Programme\GMX Internet Manager\GMX_Internet_Manager.exe -watchermode

It wasn't in your log before, so someone or something has enabled it.

I'm not familiar with that software, so I don't know whether there's a 'console' you can disable it from. If so, turn it off from there.

Otherwise, get HijackThis to fix that line in exactly the same manner as before.

We fixed the O17 line, that's why it has now gone. It pertained to that t-online which was causing you problems, so we got rid of it. However, HijackThis creates backups of everything it fixes so it can always be restored if necessary. In this case, I don't think it will be (unless it's part of your GMX software).

I've got a busy evening so won't be able to look at the other log right now, but I'll check when I can and take a look if nobody else has picked it up beforehand!

jay1 View Member Profile	Sep 22 2004, 11:02 AM Post #9
New Member Group: Authentic Member Posts: 6 Joined: 22-August 04 Member No.: 13,017	Thanks a million great service and I've recomende it to many friends and will continue to do so in the future!!!! 1a Jay1

« Next Oldest · Virus, Spyware & Malware Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies	Topic Starter	Views	Last Action
Virus, Spyware & Malware Removal Windows Explorer Error (hijack This Log)	4	shaitan	2,543	12th November 2004 - 08:03 PM Last post by: little eagle
Microsoft Windows™ Windows XP requires reactivation but gives unacceptable key	1	pitchermark	1,917	19th April 2006 - 10:01 PM Last post by: rand1038
Virus, Spyware & Malware Removal My Computer Is Like A Rotten Apple W Bugs All Over	2	redruthann	1,163	17th September 2005 - 12:18 AM Last post by: Lynchy
Virus, Spyware & Malware Removal Can't Uninstall Nis, Can't Update Windows 12	17	ForMyACDs	4,990	31st August 2004 - 08:27 PM Last post by: ForMyACDs
Virus, Spyware & Malware Removal Advertising Loading Popups Windows 12	18	Teresa	3,190	18th September 2004 - 05:57 AM Last post by: Daemon