a.Need Trojan Help..

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Unregistered

Thread Starter
Joined
Jul 30, 2002
Messages
27
I feel like their is something running. I have done online checks, but nothing. I have also downloaded ZoneAlarm. I keep getting wierd outgoing requests to a IP.
-Here is my startup sequence...


Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

NvCplDaemon = RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
zBrowser Launcher = C:\Program Files\Logitech\iTouch\iTouch.exe
EM_EXEC = C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
GWMDMMSG = GWMDMMSG.exe
GWMDMpi = C:\WINDOWS\GWMDMpi.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*ETM = C:\Documents and Settings\All Users\Documents\ETM

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
HXDL.EXE = C:\Program Files\BestBuy\HelpExpress\HXDL.EXE -from="HXIUL.EXE" -to="HXIUL.EXE" -run

--------------------------------------------------


Enumerating Download Program Files:

[BrowseFolderPopup Class]
InProcServer32 = C:\WINDOWS\MCBin\Shared\MGBrwFld.dll
CODEBASE = http://download.mcafee.com/molbin/Shared/MGBrwFld.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

--------------------------------------------------

[email protected] someone can help me with what I have. Also Im attaching this screenshot of what I believe is malicious....
 

Attachments

Joined
Oct 9, 2001
Messages
9,396
firstly go to add/remove programs and uninstall(if they are there) "helpexpress" andor "attune"...then you need to go here: http://beam.to/spybotsd
and download "spybot" click the online tab and download all updates,then hit check all.
let spybot kill everything(fix selected problems) it highlights in red.

then post another FULL startuplist.the 1st was not complete.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top