|
Search Tech-Forums - link takes you to our Forum's search page. Note: The following is only a text archive! To view the actual forum discussion, please visit our website at http://www.tech-forums.net Pages:1 another virus issue: internet stopped working(Click here to view the original thread with full colors/images)Posted by: gengen I know. For a new guy I´m becoming a little annoying... But what can I do? Viruses are a common issue nowadays... Anyway, my brother is very...how can I say...reckless towards internet, surfing the web as if there were no sharks bitting his ankles. I mean, he just clicks about anything, which makes his PC a perfect habitat for viruses :) Yesterday I ran Spybot and Ad-aware SE in his PC and found out 6 or 7 viruses. Erased them. The problem is that internet on his PC doesn´t work properly, or doesn´t work at all in fact. It connects, but when i start a browser (mozilla) or even IE it doesn´t actually open the homepage or any page at all because it´s to slow. How can I fix it? and there is something on the registry called xdcc.exe. what is it? Posted by: Warez Monster Go to start, run, type msconfig, disable all startup items and reboot. Run your AV, SWP, etc.. This malicious batch file connects to the remote machine (acbdefg.nailed.org) via FTP. It copies the file XDCC.EXE, which Trend Micro detects as TROJ_XDCC.A, from the said host and creates the file named SL.TXT in the current directory. The file SL.TXT is a log file which records all the commands used by the malware. When the file XDCC.EXE has been copied to the local host, it executes the file, leaving the system vulnerable to remote attacks. Posted by: gengen Warez Monster: thank you for helping me. Had no ideia what XDCC.exe was really, all I know it was some kind of virus. Still haven´t been able to correct it though, because when I "Go to start, run, type msconfig" it shows a message that the file or one of its components can´t be located, check the path, and all that. Can you tell me were the file is exactly? And how do I disable the startup items? Can I do it with TuneUp? My OS is W2000. Sorry for being such a newbie and for my bad english. Thanks again. Posted by: southernlady gengen, I've just looked up xdcc.exe and there is a thread that caught my attention. [B][COLOR=red]Take your brother's PC OFFLINE and leave it there til he is clean. [/COLOR][/B]You are going to have to download and transfer all programs to his PC from yours. And do NOT copy back anything to yours except logs and scan those before putting them on your machine. It's been nicknamed *The Beast*and here is a quote from that board: [quote]Tested the beast a couple of minutes ago..Within a couple of seconds, it located both my anti-virus, and my personal firewall and disabled both..[/quote] What you need to do now is to give us a HiJack Log. Also, download and put onto a cd these programs for your brother: I will tell you which ones to run now and which reports I want...some are [B][COLOR=indigo]*JUST IN CASE*[/COLOR][/B] [URL=http://www.majorgeeks.com/download506.html]Adaware Se[/URL] [B][COLOR=red]Run Now[/COLOR][/B] [URL=http://www.lavasoft.de/software/addons/vx2cleaner.shtml]VX2 Cleaner[/URL][B][COLOR=red]Run Now[/COLOR][/B] [URL=http://www.majorgeeks.com/download2471.html]Spybot Search & Destroy[/URL][B][COLOR=red]Run Now[/COLOR][/B] [URL=http://www.spyware911.net/downloads/HijackThis.exe]HijackThis[/URL][B][COLOR=red]Run Now[/COLOR][/B] [URL=http://www.spyware911.net/cwshredder.htm]Coolweb Shredder[/URL][B][COLOR=red]Run Now[/COLOR][/B] [URL=http://www.spyware911.net/downloads/cws_smartkiller.exe]CWS SmartKiller[/URL] [URL=http://www.spyware911.net/downloads/FINDnFIX.exe]Find "N" Fix[/URL] [URL=http://www.spyware911.net/downloads/FindIt.zip]Find it.zip[/URL] [URL=http://www.spyware911.net/HomePageUnlock.reg]Home page unlock.reg[/URL] [URL=http://www.spyware911.net/downloads/Kill2Me.exe]Kill2Me[/URL] [URL=http://www.spyware911.net/downloads/LSPFix.exe]Lsp Fix[/URL] The rest are JUST in case we need them, you want have to download them later. Post the reports from the ones I have asked you to run now: [b][u]Security Steps for a Security Forum[/u][/b] Please perform the following prior to posting an HJT log, The following steps will likely clean most of the garbage from your system, First Start Ad-Aware SE Use the: “Check for Updates Now” option and download the latest reference files Use the Start button, and on the next window, select: Perform Full System Scan Press Next, and let Ad-aware scan the hard drive When finished, right-click the window with the entries, choose: Select All from the menu, and click Next Once AdAware has removed the entries, close the program Restart the computer Next StartSpybot 1.3. Please check it for updates, Run the program and have it fix anything it finds in Red. Restart your computer, Next Update your Anti Virus Next Reboot to safe mode see [url]http://www.spyware911.net/safemode.htm[/url] Delete the entire contents of the below Temp folders, but not the TEMP folder itself. Remove all the files and sub-folders from the below TEMP Folders: C:\Documents and Settings\ \Local Settings\Temp C:\temp C:\windows\temp The TIF ( Temporary Internet Files) can also be emptied via: Internet Explorer--Tools--Internet Options--General tab--"Delete Files", Also tick the "delete all offline content" box . Clean out your Recycle Bin Next Run a full system scan with your Anti Virus, Run a scan with Ad-aware, Have it fix anything it finds, Run a scan with Spybot, Again have it fix anything it finds Next Restart your computer, Next Please create a directory on your [b]C:\[/b] drive called [b]C:\HJT[/b], download and unzip HijackThis into that directory. Run the program from that directory from now on. [b][color=green][size=3]STEPS For Creating Folder[/size][/color][/b] [list=1] [b]1.[/b] Please go to My Computer, open your [b]C:\[/b] drive, Select: New >> Folder and name the folder [b]HJT[/b]. [b]2.[/b] Download HijackThis to the new folder: [b]3.[/b] Double Click on 'HijackThis.zip' to extract and install HijackThis.exe to the new folder. [b]4.[/b] Close ALL windows except HJT [b]5.[/b] SCAN with HJT and SAVE LOG. (a notepad window will open with the log in it when you click Save Log) (Ctrl-A to'select all', Ctrl-C to 'copy') [b]6.[/b] POST the log in this thread using 'Add Reply' (Ctrl-V to 'paste') [/list] [color=red]Please make sure you post the entire log including the top portion:[/color] [b]DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS SOME OF THE FILES ARE LEGIT AND VITAL TO THE FUNCTION OF YOUR COMPUTER[/b] Take the log you generate from his computer ON a floppy or cd and scan it, then post it to us from your computer. Liz Posted by: SHAWN ^ you must have a lot of time on your hands to post alot on all your posts. Posted by: southernlady Shawn, are you talking to me? No, I don't...I just make very good use of my time and I have some of these in what we call *canned* speeches. Liz Posted by: SHAWN gotcha ;) Posted by: gengen Liz, you have prooven to be a great helper. your time taken to solve other people´s problems is very meritable. If only everybody was such a concerned person such as yourself, I´m sure we wouldn´t be here discussing "time taking issues" like viruses... Thanks for the help. __________________________________________________ ____ Getting into business: -followed your advices. I already had most of those utilities(the "run now" ones), except for CWshredder; the other ones I don´t have a single one :) and haven´t tried them yet, I´m still waiting for the response on the reports I´m about to send. I already had previous reports of HijackThis from both PC´s (my Brother´s and mine) but the ones I´m posting are the ones that refer to the state of the machines after proceeding with your suggestions. -CWshredder didn´t report nothing to fix; -Ad-Aware Pro didn´t showed nothing and neither did SpyBot. But that doesn´t mean much, because I run them very often and they are almost daily updated; My Anti-virus is Avast Home Edition 4.6. Daily Uptaded. Still after Full scans(I usually only perform "smart scans") it reported : In my Brother´s PC: -VBS:Malware [Gen] In my PC: -Win32:Rbot-SF [Trj] __________________________________________________ ____ Here are the reports on my BROTHER pc: CWShredder: __________________________________________________ ____ **** Run Keys **** RUN: [Synchronization Manager] mobsync.exe /logon RUN: [LoadQM] loadqm.exe RUN: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe RUN: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe RUN: [AWMON] "C:\PROGRA~1\LAVASOFT\AD-AWA~1\Ad-Watch.exe" RUN: [WindowsRegKey update] lwzaweoxdd.exe RUN: [SpeedTouch USB Diagnostics] "C:\Programas\Thomson\SpeedTouch USB\Dragdiag.exe" /icon RUN: [Start Upping] xdcc.exe RUN: [FreeRAM XP] "C:\Programas\FreeRAM XP Pro 1.40.exe" -win RUN: [WindowsRegKey update] lwzaweoxdd.exe RUN: [LeechGet] RUN: [STManager] "C:\Programas\SpeedTouch\Dr SpeedTouch\drst.exe" -b RUN: [Start Upping] xdcc.exe **** Browser Helper Objects **** BHO: [] C:\PROGRA~1\SPYBOT~1\SDHelper.dll **** IE Toolbars **** TOOLBAR: [&Rádio] C:\WINNT\system32\msdxm.ocx **** IE Extensions **** IEExt: [Web Browser Applet Control] C:\WINNT\system32\msjava.dll **** Hosts File Entries **** HOSTS: 127.0.0.1 localhost **** IE Settings **** Default Page: [url]http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome[/url] Default Search: [url]http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch[/url] Local Page: C:\WINNT\system32\blank.htm Search Page: [url]http://www.microsoft.com/is&api/redir.dll?prd=iear=iesearch[/url] **** IE Context Menu (Right click) **** IEContext: [Analisar com LeechGet] file://C:\Programas\LeechGet 2004\\Parser.html IEContext: [Download usando Assistente LeechGet] file://C:\Programas\LeechGet 2004\\Wizard.html IEContext: [Download usando LeechGet] file://C:\Programas\LeechGet 2004\\AddUrl.html IEContext: [E&xportar para o Microsoft Excel] res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 **** Layered Service Providers **** LSP: MSAFD Tcpip [TCP/IP] LSP: MSAFD Tcpip [UDP/IP] LSP: RSVP UDP Service Provider LSP: RSVP TCP Service Provider LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7F8AD29C-AEF2-40B0-8108-5A4D9B4B4624}] SEQPACKET 0 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7F8AD29C-AEF2-40B0-8108-5A4D9B4B4624}] DATAGRAM 0 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9532A504-2EA5-45DD-A1F2-49515F02C0AB}] SEQPACKET 1 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9532A504-2EA5-45DD-A1F2-49515F02C0AB}] DATAGRAM 1 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C93A4E74-2798-4D17-94D0-7A4A64162615}] SEQPACKET 2 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C93A4E74-2798-4D17-94D0-7A4A64162615}] DATAGRAM 2 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DE1EF39C-BBDC-4FA4-9C76-2BEDB4D17E7D}] SEQPACKET 3 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DE1EF39C-BBDC-4FA4-9C76-2BEDB4D17E7D}] DATAGRAM 3 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0B4F7CB3-A58F-4447-BA89-67D54778DDBD}] SEQPACKET 4 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0B4F7CB3-A58F-4447-BA89-67D54778DDBD}] DATAGRAM 4 **** Blocked Control Panel Items **** BLOCKED: [ncpa.cpl] No BLOCKED: [odbccp32.cpl] No **** Downloaded Program Files **** DirectAnimation Java Classes [file://C:\WINNT\Java\classes\dajava.cab] Microsoft XML Parser for Java [file://C:\WINNT\Java\classes\xmldso.cab] {33564D57-0000-0010-8000-00AA00389B71} [[url]http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB[/url]] **** Windows Services **** [Alerter] %SystemRoot%\System32\services.exe [AppMgmt] %SystemRoot%\system32\services.exe [aswUpdSv] "C:\Programas\Alwil Software\Avast4\aswUpdSv.exe" [avast! Antivirus] "C:\Programas\Alwil Software\Avast4\ashServ.exe" [avast! Mail Scanner] "C:\Programas\Alwil Software\Avast4\ashMaiSv.exe" /service [avast! Web Scanner] "C:\Programas\Alwil Software\Avast4\ashWebSv.exe" /service [BITS] %SystemRoot%\System32\svchost.exe -k BITSgroup [Browser] %SystemRoot%\System32\services.exe [cisvc] C:\WINNT\System32\cisvc.exe [ClipSrv] %SystemRoot%\system32\clipsrv.exe [Dhcp] %SystemRoot%\System32\services.exe [dmadmin] %SystemRoot%\System32\dmadmin.exe /com [dmserver] %SystemRoot%\System32\services.exe [Dnscache] %SystemRoot%\System32\services.exe [Eventlog] %SystemRoot%\system32\services.exe [EventSystem] C:\WINNT\System32\svchost.exe -k netsvcs [Fax] %systemroot%\system32\faxsvc.exe [KPF4] C:\Programas\Kerio\Personal Firewall 4\kpf4ss.exe [lanmanserver] %SystemRoot%\System32\services.exe [lanmanworkstation] %SystemRoot%\System32\services.exe [LmHosts] %SystemRoot%\System32\services.exe [Messenger] %SystemRoot%\System32\services.exe [mnmsrvc] C:\WINNT\System32\mnmsrvc.exe [MSDTC] C:\WINNT\System32\msdtc.exe [MSIServer] C:\WINNT\System32\MsiExec.exe /V [NetDDE] %SystemRoot%\system32\netdde.exe [NetDDEdsdm] %SystemRoot%\system32\netdde.exe [Netlogon] %SystemRoot%\System32\lsass.exe [Netman] %SystemRoot%\System32\svchost.exe -k netsvcs [NtLmSsp] %SystemRoot%\System32\lsass.exe [NtmsSvc] %SystemRoot%\System32\svchost.exe -k netsvcs [PlugPlay] %SystemRoot%\system32\services.exe [PolicyAgent] %SystemRoot%\System32\lsass.exe [ProtectedStorage] %SystemRoot%\system32\services.exe [RasAuto] %SystemRoot%\System32\svchost.exe -k netsvcs [RasMan] %SystemRoot%\System32\svchost.exe -k netsvcs [RemoteAccess] %SystemRoot%\System32\svchost.exe -k netsvcs [RemoteRegistry] %SystemRoot%\system32\regsvc.exe [RpcLocator] %SystemRoot%\System32\locator.exe [RpcSs] %SystemRoot%\system32\svchost -k rpcss [RSVP] %SystemRoot%\System32\rsvp.exe -s [SamSs] %SystemRoot%\system32\lsass.exe [SCardDrv] %SystemRoot%\System32\SCardSvr.exe [SCardSvr] %SystemRoot%\System32\SCardSvr.exe [Schedule] %SystemRoot%\system32\MSTask.exe [seclogon] %SystemRoot%\system32\services.exe [SENS] %SystemRoot%\system32\svchost.exe -k netsvcs [SharedAccess] %SystemRoot%\System32\svchost.exe -k netsvcs [Spooler] %SystemRoot%\system32\spoolsv.exe [SysmonLog] %SystemRoot%\system32\smlogsvc.exe [TapiSrv] %SystemRoot%\System32\svchost.exe -k netsvcs [TlntSvr] %SystemRoot%\system32\tlntsvr.exe [TrkWks] %SystemRoot%\system32\services.exe [UPS] %SystemRoot%\System32\ups.exe [UtilMan] %SystemRoot%\System32\UtilMan.exe [W32Time] %SystemRoot%\System32\services.exe [WinMgmt] %SystemRoot%\System32\WBEM\WinMgmt.exe [WmdmPmSN] %SystemRoot%\System32\svchost.exe -k netsvcs [Wmi] %SystemRoot%\system32\Services.exe [wuauserv] %systemroot%\system32\svchost.exe -k wugroup [WZCSVC] %SystemRoot%\System32\svchost.exe -k netsvcs **** Custom IE Search Items **** SEARCH: [SearchAssistant] [url]http://ie.search.msn.com/[/url]{SUB_RFC1766}/srchasst/srchasst.htm SEARCH: [CustomizeSearch] [url]http://ie.search.msn.com/[/url]{SUB_RFC1766}/srchasst/srchcust.htm **** Complete IE Options **** IEOPT: [NoUpdateCheck] IEOPT: [NoJITSetup] IEOPT: [Show_ChannelBand] No IEOPT: [Anchor Underline] yes IEOPT: [Cache_Update_Frequency] Once_Per_Session IEOPT: [Display Inline Images] yes IEOPT: [Do404Search] IEOPT: [Local Page] C:\WINNT\system32\blank.htm IEOPT: [Save_Session_History_On_Exit] no IEOPT: [Show_FullURL] no IEOPT: [Show_StatusBar] yes IEOPT: [Show_ToolBar] yes IEOPT: [Show_URLinStatusBar] yes IEOPT: [Show_URLToolBar] yes IEOPT: [Start Page] [url]http://www.sapo.pt/[/url] IEOPT: [Use_DlgBox_Colors] yes IEOPT: [Search Page] [url]http://www.microsoft.com/is&api/redir.dll?prd=iear=iesearch[/url] IEOPT: [ShowedCheckBrowser] Yes IEOPT: [Check_Associations] No IEOPT: [FullScreen] no IEOPT: [Window_Placement] , IEOPT: [Q261272] yes IEOPT: [Disable Script Debugger] yes IEOPT: [Use FormSuggest] no IEOPT: [Error Dlg Displayed On Every Error] no IEOPT: [Friendly http errors] no IEOPT: [Default_Page_URL] [url]http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome[/url] IEOPT: [Default_Search_URL] [url]http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch[/url] IEOPT: [Search Page] [url]http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch[/url] IEOPT: [Enable_Disk_Cache] yes IEOPT: [Cache_Percent_of_Disk] IEOPT: [Delete_Temp_Files_On_Exit] yes IEOPT: [Local Page] %SystemRoot%\system32\blank.htm IEOPT: [Anchor_Visitation_Horizon] IEOPT: [Use_Async_DNS] yes IEOPT: [Placeholder_Width] IEOPT: [Placeholder_Height] IEOPT: [Start Page] [url]http://www.microsoft.com/isapi/redir.dll?prd=[/url]{SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home IEOPT: [CompanyName] Microsoft Corporation IEOPT: [Custom_Key] MICROSO IEOPT: [Wizard_Version] 6.00.2800.1106 IEOPT: [FullScreen] no __________________________________________________ ___ My BROTHER´s HJT report Logfile of HijackThis v1.99.1 Scan saved at 19:47:05, on 11-03-2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Programas\Alwil Software\Avast4\aswUpdSv.exe C:\Programas\Alwil Software\Avast4\ashServ.exe C:\WINNT\System32\svchost.exe C:\Programas\Kerio\Personal Firewall 4\kpf4ss.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\Programas\Kerio\Personal Firewall 4\kpf4gui.exe C:\WINNT\Explorer.EXE C:\Programas\Alwil Software\Avast4\ashWebSv.exe C:\Programas\Alwil Software\Avast4\ashMaiSv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programas\Kerio\Personal Firewall 4\kpf4gui.exe C:\PROGRA~1\LAVASOFT\AD-AWA~1\Ad-Watch.exe C:\Programas\Thomson\SpeedTouch USB\Dragdiag.exe C:\Programas\FreeRAM XP Pro 1.40.exe C:\Programas\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.sapo.pt/[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\LAVASOFT\AD-AWA~1\Ad-Watch.exe" O4 - HKLM\..\Run: [WindowsRegKey update] lwzaweoxdd.exe O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programas\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [Start Upping] xdcc.exe O4 - HKLM\..\RunServices: [WindowsRegKey update] lwzaweoxdd.exe O4 - HKLM\..\RunServices: [Start Upping] xdcc.exe O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINNT\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\ADMINI~1\DEFINI~1\Temp\IXP000.TMP\" O4 - HKLM\..\RunOnce: [MSPQM] RUNDLL32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196} O4 - HKLM\..\RunOnce: [MSPCLOCK] RUNDLL32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000} O4 - HKLM\..\RunOnce: [MigrateMMDrivers] rundll32.exe mmsys.cpl,mmseRunOnce O4 - HKCU\..\Run: [FreeRAM XP] "C:\Programas\FreeRAM XP Pro 1.40.exe" -win O4 - HKCU\..\Run: [WindowsRegKey update] lwzaweoxdd.exe O4 - HKCU\..\Run: [STManager] "C:\Programas\SpeedTouch\Dr SpeedTouch\drst.exe" -b O4 - HKCU\..\Run: [Start Upping] xdcc.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Analisar com LeechGet - file://C:\Programas\LeechGet 2004\\Parser.html O8 - Extra context menu item: Download usando Assistente LeechGet - file://C:\Programas\LeechGet 2004\\Wizard.html O8 - Extra context menu item: Download usando LeechGet - file://C:\Programas\LeechGet 2004\\AddUrl.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0\bin\npjpi150.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Serviço administrativo de gestão de discos lógicos (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Programas\Kerio\Personal Firewall 4\kpf4ss.exe __________________________________________________ ___ Hope you can find something useful in these reports. One question: after analysing these could you check my own PC reports? I won´t put them in here without asking because it might get confusing for you. Thanks. PS: about XDCC.exe I´ve searched my PC and there is no file with this name. Still, it appears on the registry and on startup. I´ve tried to erradicate it before, in TuneUp and in Startup but it always appears again after refresh. vBulletin Copyright ©2000 - 2003, Jelsoft Enterprises Limited. PPC Management vB Easy Archive Final - Created by Xenon |