Technology Two things

[Pittsey]

Anyone got a copy of BitDefender 2008... 1 I don't have to pay for...?



Also... Can someone check my hijack this log....


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\mgrs.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dan Pitts\Desktop\HiJackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {60E2746A-9C2E-45A2-85CE-7E1A8A890961} - C:\WINDOWS\system32\byvttus.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\wteamvnw.dll (file missing)
O2 - BHO: (no name) - {AA619C21-A629-4CA7-A333-9A3664BEE977} - C:\WINDOWS\System32\ursrs.dll (file missing)
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\wteamvnw.dll (file missing)
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [HUAWEI 3G Data Card MTS] C:\PROGRA~1\HUAWEI~1\HUAWEI~1\3 USB Modem.exe
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ols/en/x86/client/wuweb_site.cab?947095033944
O17 - HKLM\System\CCS\Services\Tcpip\..\{0943CCE9-1A14-48F7-9973-DDFBE61A7933}: NameServer = 172.31.140.69 172.30.140.69
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c002D26A.dat
O20 - Winlogon Notify: byvttus - C:\WINDOWS\SYSTEM32\byvttus.dll
O20 - Winlogon Notify: winhhn32 - C:\WINDOWS\SYSTEM32\winhhn32.dll
O20 - Winlogon Notify: wteamvnw - wteamvnw.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



Any tips on how to permanently remove the crap, this isn't my PC btw...



Thanks

 

[Illuminattile]

Have Hijackthis fix the following;

Running processes:
C:\WINDOWS\mgrs.exe

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

O2 - BHO: (no name) - {60E2746A-9C2E-45A2-85CE-7E1A8A890961} - C:\WINDOWS\system32\byvttus.dll

O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\wteamvnw.dll (file missing)

O2 - BHO: (no name) - {AA619C21-A629-4CA7-A333-9A3664BEE977} - C:\WINDOWS\System32\ursrs.dll (file missing)

O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\wteamvnw.dll (file missing)

O4 - HKLM\..\Run: [smgr] mgrs.exe

O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe

O4 - Global Startup: autorun.exe

O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1

O20 - AppInit_DLLs: C:\WINDOWS\system32\__c002D26A.dat
O20 - Winlogon Notify: byvttus - C:\WINDOWS\SYSTEM32\byvttus.dll
O20 - Winlogon Notify: winhhn32 - C:\WINDOWS\SYSTEM32\winhhn32.dll
O20 - Winlogon Notify: wteamvnw - wteamvnw.dll (file missing)

Download Vundofix.exe. Run it, click the "Scan for Vundo" button and once that's finished click the "Remove Vundo" button.

This will reboot your computer, and save a log in C:\vundofix.txt

You also might want to run Panda Active Scan.

 

[Pittsey]

New Log




Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\HUAWEI~1\HUAWEI~1\3 USB Modem.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dan Pitts\Desktop\HiJackThis.exe

O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [HUAWEI 3G Data Card MTS] C:\PROGRA~1\HUAWEI~1\HUAWEI~1\3 USB Modem.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ols/en/x86/client/wuweb_site.cab?947095033944
O17 - HKLM\System\CCS\Services\Tcpip\..\{0943CCE9-1A14-48F7-9973-DDFBE61A7933}: NameServer = 172.31.140.69 172.30.140.69
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe






Still suffering with spyware though!!

 

[Illuminattile]

What kind of spyware are you getting, exactly?

 

[Preach]

that was epic. lol btw illu, are those heroes screens from episode 9? haven't seen it yet.

 

[Illuminattile]

Yep. Great episode, maybe the best so far.

 

[Sirrush]

http://www.safer-networking.org/en/download/

http://free.grisoft.com/

 

[Pittsey]

I keep getting a dialer hit when I scan with ZAlarm...

I have now deleted ZA, as it slows down the computer, and I deleted IE which I was using to get the PANDA activescan...

I seem to get 0 hits now, and computer functions better.