|
WE HAVE MOVED. Please see our NEW Computer Forums |
11-8-2009: Sorry for the inconvenience. We finally upgraded to vBulletin 3 !! See you there, Larry Topantispyware helpGo to the Tech-Forums Discussion Home PagePosted by: tylers Hey I recently got something which pops up on my screen and presents a spyware warning and brings me to a page called topantispyware .com i can't seem to get rid of this thing. I"ve scanned with adaware as well as spybot search and destroy. this is my highjackthis log. my background is totally white and when i right click the background it gives me the adress file://C:\WINDOWS\Web\desktop.html. i tried highjack this and obtained the following result: Logfile of HijackThis v1.99.1 Scan saved at 5:34:16 PM, on 02/05/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\Ati2evxx.exe C:\Program Files\Sophos\Remote Update\cachemgr.exe C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\system32\cmdtel.exe C:\WINDOWS\system32\ahtun.exe C:\WINDOWS\System32\QCONSVC.EXE C:\WINDOWS\System32\RegSrvc.exe C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe C:\WINDOWS\system32\RunDll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe C:\PROGRA~1\ThinkPad\UTILIT~1\NPDTray.exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\IBM\Messages By IBM\ibmmessages.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\isrvs\desktop.exe C:\DOCUME~1\TYLERS~1\LOCALS~1\Temp\gpginst.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\picsvr\picsvr.exe C:\WINDOWS\system32\nsvsvc\nsvsvc.exe C:\WINDOWS\system32\terprovi.exe C:\Program Files\Sophos SWEEP for NT\ICMON.EXE C:\Program Files\Sophos\Remote Update\imonitor.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Tyler Sheasby\My Documents\Program Installs\HijackThis.exe R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE O4 - HKLM\..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe O4 - HKLM\..\Run: [TP4EX] tp4ex.exe O4 - HKLM\..\Run: [NPDTray] C:\PROGRA~1\ThinkPad\UTILIT~1\NPDTray.exe O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe O4 - HKLM\..\Run: [StorageGuard] "c:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [EPSON Stylus C82 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE /P23 "EPSON Stylus C82 Series" /O6 "USB001" /M "Stylus C82" O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe O4 - HKLM\..\Run: [Video Process] wincert32.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe O4 - HKLM\..\Run: [lexplore] lexplore.exe O4 - HKLM\..\Run: [Upsfctl] C:\DOCUME~1\TYLERS~1\LOCALS~1\Temp\gpginst.exe O4 - HKLM\..\Run: [Grokster] C:\PROGRA~1\Grokster\Grokster.exe /SYSTRAY O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\system32\picsvr\picsvr.exe O4 - HKLM\..\Run: [FlnCPY] "C:\Program Files\Common Files\Java\flncpy.exe" O4 - HKLM\..\Run: [ap9h4qmo] C:\WINDOWS\system32\ap9h4qmo.exe O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\system32\nsvsvc\nsvsvc.exe O4 - HKLM\..\RunServices: [Video Process] wincert32.exe O4 - HKLM\..\RunServices: [lexplore] lexplore.exe O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe O4 - HKCU\..\Run: [f0qnRUd3O] terprovi.exe O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Remote Update Monitor.lnk = C:\Program Files\Sophos\Remote Update\imonitor.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Microsoft AntiSpyware helper - {43D2BA08-7A84-4664-BEEA-22CA852B9534} - (no file) (HKCU) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {43D2BA08-7A84-4664-BEEA-22CA852B9534} - (no file) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - [url]http://software-dl.real.com/13f602ceff654da4c223/netzip/RdxIE601.cab[/url] O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - [url]http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab[/url] O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - (no file) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Sophos Cache Manager (CacheMgr) - SOPHOS Plc - C:\Program Files\Sophos\Remote Update\cachemgr.exe O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Loading Outpost Connections (KDE) - Unknown owner - C:\WINDOWS\system32\cmdtel.exe O23 - Service: Debug oupost relations (LAGOS) - Unknown owner - C:\WINDOWS\system32\ahtun.exe O23 - Service: PLSRemote Service (PLSRemoteSvc) - Unknown owner - C:\WINDOWS\SYSTEM32\PLSRemote.exe O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS I"m sorry its soo long. Can anyone help with this. Any help is appreciated. Thanks. -Tyler S. Posted by: Lobos Hi tylers Welcome to Tech forums Be sure to look this solution over before you begin. There are a some item(s) i'm not familar with. If you recognze any, then just omit them from this fix. =============== Go to [b]Add/Remove programs[/b] and remove(uninstall) the following, if present: [b][color=#ff0000]Desktop Search[/color][/b] The above could appear anywhere within the entry. Be careful not to remove any [i]personal[/i] or [i]system[/i] software. =============== Download [url=http://www.cexx.org/lspfix.htm ]LSPFix[/url] and unzip to your desktop, then run it. Now, we need to: 1. check(tick) "[b][i]I know what i'm doing[/i][/b]". 2. click on (highlight) each occurance of the following, one at a time: [color=#ff0000][b]flsmngr.dll[/b][/color] 3. then click "[b][i]>>[/i][/b]", mo'ing each one, individually, to the 'Remove' pane. 4. [color=#ff0000][i](double-check, and make sure that only the above files are in the 'Remove'pane.)[/i][/color] 5. click "[b][i]Finish >>[/i][/b]" =============== Run [b]HiJackThis[/b] then: 1. Click "[b][i]Config...[/i][/b]" 2. Click "[b][i]Misc Tools[/i][/b]" 3. Click "[b][i]Open Process manager[/i][/b]" - Next, while holding down the [b]CTRL[/b] key, locate ([i]if present[/i]) and click on ([i]highlight[/i]) each of the following: [b][color=#000000]C:\WINDOWS\isrvs\[/color][color=#ff0000]desktop.exe[/color][/b] [b][color=#000000]C:\DOCUME~1\TYLERS~1\LOCALS~1\Te mp\[/color][color=#ff0000]gpginst.exe[/color][/b] [b][color=#000000]C:\WINDOWS\system32\picsvr\[/color][color=#ff0000]picsvr.exe[/color][/b] [b][color=#000000]C:\WINDOWS\system32\nsvsvc\[/color][color=#ff0000]nsvsvc.exe[/color][/b] [b][color=#000000]C:\WINDOWS\system32\[/color][color=#ff0000]terprovi.exe[/color][/b] Now double-check and make sure that only those item(s) above are highlighted, then click "[b][i]Kill process[/i][/b]". Now, click "[b][i]Refresh[/i][/b]", check again, and repeat this step if any remain. =============== Now, let's open a [b]command prompt[/b] and unregister the dll(s) we're going to remove, by entering the following: [b][color=#000099]regsvr32 /u[/color] [color=#ff0000]sysupd.dll[/color][/b] It's ok, if these aren't found or 'error' out. If you want, just copy and paste the individual lines to the command prompt to save on the typing. =============== Run [b]HiJackThis[/b] and click "[b][i]Scan[/i][/b]", then check(tick) the following, if present: [color=#9933cc][b] R3 - Default URLSearchHook is missing [/b][/color] [color=#9933cc][b] O2 - BHO: (no name) - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - (no file) [/b][/color] [color=#9933cc][b] O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll [/b][/color] [color=#9933cc][b] O4 - HKLM\..\Run: [Video Process] wincert32.exe [/b][/color] [color=#9933cc][b] O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe [/b][/color] [color=#9933cc][b] O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe [/b][/color] [color=#9933cc][b] O4 - HKLM\..\Run: [lexplore] lexplore.exe [/b][/color] [color=#9933cc][b] O4 - HKLM\..\Run: [Upsfctl] C:\DOCUME~1\TYLERS~1\LOCALS~1\Temp\gpginst.exe [/b][/color] [color=#9933cc][b] O4 - HKLM\..\Run: [Grokster] C:\PROGRA~1\Grokster\Grokster.exe /SYSTRAY [/b][/color] [color=#9933cc][b] O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\system32\picsvr\picsvr.exe [/b][/color] [color=#9933cc][b] O4 - HKLM\..\Run: [FlnCPY] "C:\Program Files\Common Files\Java\flncpy.exe" [/b][/color] [color=#9933cc][b] O4 - HKLM\..\Run: [ap9h4qmo] C:\WINDOWS\system32\ap9h4qmo.exe [/b][/color] [color=#9933cc][b] O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\system32\nsvsvc\nsvsvc.exe [/b][/color] [color=#9933cc][b] O4 - HKLM\..\RunServices: [Video Process] wincert32.exe [/b][/color] [color=#9933cc][b] O4 - HKLM\..\RunServices: [lexplore] lexplore.exe [/b][/color] [color=#9933cc][b] O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe [/b][/color] [color=#9933cc][b] O4 - HKCU\..\Run: [f0qnRUd3O] terprovi.exe [/b][/color] [color=#9933cc][b] O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe [/b][/color] [color=#9933cc][b] O9 - Extra button: Microsoft AntiSpyware helper - {43D2BA08-7A84-4664-BEEA-22CA852B9534} - (no file) (HKCU) [/b][/color] [color=#9933cc][b] O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {43D2BA08-7A84-4664-BEEA-22CA852B9534} - (no file) (HKCU) [/b][/color] [color=#9933cc][b] O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - [url]http://software-dl.real.com/13f602c...ip/RdxIE601.cab[/url] [/b][/color] [color=#9933cc][b] O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - (no file) [/b][/color] Now, with all windows closed except [b]HiJackThis[/b], click "[b][i]Fix checked[/i][/b]". =============== Locate and [color=#ff0000][i]delete the following item(s)[/i][/color], if present. Make sure your able to view system and hidden files/ folders: [i]folders...[/i] [b]C:\WINDOWS\[color=#ff0000]isrvs[/color][/b] [b]C:\WINDOWS\system32\[color=#ff0000]picsvr[/color][/b] [b]C:\WINDOWS\system32\[color=#ff0000]nsvsvc[/color][/b] [b]C:\PROGRA~1\[color=#ff0000]Grokster[/color][/b] [i]files...[/i] [b]C:\DOCUME~1\TYLERS~1\LOCALS~1\Temp\[color=#ff00 00]gpginst.exe[/color][/b] [b]C:\WINDOWS\system32\[color=#ff0000]terprovi.exe[/color][/b] [b]C:\Program Files\Common Files\Java\[color=#ff0000]flncpy.exe[/color][/b] [b]C:\WINDOWS\system32\[color=#ff0000]ap9h4qmo.exe[/color][/b] [b]C:\WINDOWS\System32\[color=#ff0000]spoolsrv32.exe[/color][/b] [b]c:\windows\system32\[color=#ff0000]flsmngr.dll[/color][/b] [b]C:\WINDOWS\system32\[color=#ff0000]terprovi.exe[/color][/b] [i]Search for...[/i] [b][color=#ff0000]wincert32.exe[/color][/b] [b][color=#ff0000]lexplore.exe[/color][/b] ...using "[b][i]Start | Search...[/i][/b]". - Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're '[i]in use[/i]', try deleting them from "[url=http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406?OpenDocument&src=sec_doc_nam]Safe Mode[/url]". =============== Post back a new log, and let me know how everything goes. - Lobos. Posted by: tylers Hey thanks for the reply. I've done all the steps up to and including the highjack this step but for some reason now my internet connection, which is wireless, is now not working. So im' not sure how to fix that since it seems to be related. So i am unable to post a new highjackthis log since my connection is no longer functionany. Any advice? -Tyler Posted by: Lobos Hi tylers some how i missed you i'm sorry about that what happens when you try and connect will it just not connect? Do you get an error when you try and connect? try this copy this file on to a floppy and transfer it to your computer Download WinsockFix [url]http://www.greyknight17.com/spy/WinsockFix.zip[/url] and unzip it. Then double-click on it to run it. Posted by: Warez Monster Remove entries at your own risk 2.EXE running process. (2.EXE) Backdoor Trojaner, Beispiel Win32/Aicau.Downloader This is a nasty process! You should fix it and try to delete it manually! Probably safe.! According to our database this process runs normally in c:\! Check if you know this process and arrange a viruscheck where required. C:\WINDOWS\system32\picsvr\picsvr.exe running process. (picsvr.exe) Adware.DelFin This is a nasty process! You should fix it and try to delete it manually R3 - Default URLSearchHook is missing Should be fixed if you do not know the application or if no application is mentioned. This entry should be fixed O2 - BHO: (no name) - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - (no file) Entries found in this registry zone are potentially nasty. This application ([0AD937E7-2F37-4873-A05E-548A67EF1D0E] - Result: ) has been checked. O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll Entries found in this registry zone are potentially nasty. This application ([5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993] - Result: 5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993) has been checked. O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe Trojan-Downloader.Win32.Ieser.a Must be fixed! O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe O4 - HKLM..Run: [ffis] C:WINNTisrvsffisearch.exe Must be fixed! O4 - HKLM\..\Run: [lexplore] lexplore.exe Added as a result of the SODABOT VIRUS! Must be fixed! O4 - HKLM\..\RunServices: [lexplore] lexplore.exe Added as a result of the SODABOT VIRUS! Must be fixed! O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll This entry should not be fixed! Your best bet to repair it is to try the LSPFix from Cexx.org. O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll This entry should not be fixed! Your best bet to repair it is to try the LSPFix from Cexx.org. O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll This entry should not be fixed! Your best bet to repair it is to try the LSPFix from Cexx.org. Please Visit the Online Configurator, Email Hosting, Internet Marketing , Computer Schools , Software for Real Estate , AAOutlook , Search Engine Site |