1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

suspecting virus

Discussion in 'Virus & Other Malware Removal' started by tins_84, Jan 25, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. tins_84

    tins_84 Thread Starter

    Joined:
    Sep 7, 2005
    Messages:
    18
    facing auto shutdown problem everytime i try to strt the comp plz help ...i suspect a virus....following is my log

    Logfile of HijackThis v1.99.1
    Scan saved at 10:34:08 PM, on 1/24/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Sify Broadband\BBImpSec.exe
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    D:\yahoomsgn\Messenger\ymsgr_tray.exe
    C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
    C:\Program Files\Sify Broadband\BBClient.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    D:\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sifymax.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [RevertSettings] 8o”
    O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe"
    O4 - HKLM\..\Run: [MVS Splash] C:\PROGRA~1\McAfee\MANAGE~1\VScan\Splash.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [sfbkwimx] c:\windows\system32\sfbkwimx.exe -start
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [iolo System Mechanic Utility Bar] "D:\sysmech\SMUtilityBar.exe"
    O4 - HKCU\..\Run: [Yahoo! Pager] "D:\yahoomsgn\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\YAHOOM~1\MESSEN~1\YPAGER.EXE
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\YAHOOM~1\MESSEN~1\YPAGER.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dmde.com
    O17 - HKLM\Software\..\Telephony: DomainName = dmde.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4E1B6125-945B-4CD1-817F-85F484E506B4}: NameServer = 202.144.105.4,202.144.10.50
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dmde.com
    O17 - HKLM\System\CS1\Services\Tcpip\..\{4E1B6125-945B-4CD1-817F-85F484E506B4}: NameServer = 202.144.105.4,202.144.10.50
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = dmde.com
    O17 - HKLM\System\CS2\Services\Tcpip\..\{4E1B6125-945B-4CD1-817F-85F484E506B4}: NameServer = 202.144.105.4,202.144.10.50
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = dmde.com
    O17 - HKLM\System\CS3\Services\Tcpip\..\{4E1B6125-945B-4CD1-817F-85F484E506B4}: NameServer = 202.144.105.4,202.144.10.50
    O18 - Protocol: myrm - {4D034FC3-013F-4B95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\MyRmProt3.5.0.476.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    O23 - Service: McShield - McAfee Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
    O23 - Service: McAfee Managed Services Agent (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe
    O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Click here to download the trial version of Ewido Security Suite:
    http://www.ewido.net/en/download/

    · Install Ewido.
    · During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    · Launch ewido.
    · It will prompt you to update click the OK button and it will go to the main screen.
    · On the left side of the main screen click update.
    · Click on Start and let it update.
    · DO NOT run a scan yet.

    Restart your computer into Safe Mode now.
    (Start tapping the F8 key at Startup, before the Windows logo screen).
    Perform the following steps in Safe Mode:

    * Run Ewido:
    Click on scanner
    Click Complete System Scan and the scan will begin.
    During the scan it will prompt you to clean files, click OK.
    When the scan is finished, look at the bottom of the screen and click the Save report button.
    Save the report to your desktop.

    Reboot.

    Post a new Hijack This log and the results of the Ewido scan.
     
  3. tins_84

    tins_84 Thread Starter

    Joined:
    Sep 7, 2005
    Messages:
    18
    well i did wut u asked me to...but there was no infectious object found ......also i did notice one thing....i had my comp switch for a while abt an hour and then switched it on.....and its been working fine since then......so wut do u think is the prob......i am senidng the reports

    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 1:19:51 AM, 1/25/2006
    + Report-Checksum: 60CA0FAC

    + Scan result:

    No infected objects found.


    ::Report End



    hijackthislog

    Logfile of HijackThis v1.99.1
    Scan saved at 11:17:48 AM, on 1/25/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Sify Broadband\BBImpSec.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    D:\ewido\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe
    C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
    C:\Program Files\Sify Broadband\BBClient.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    D:\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sifymax.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [RevertSettings] 8o”
    O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe"
    O4 - HKLM\..\Run: [MVS Splash] C:\PROGRA~1\McAfee\MANAGE~1\VScan\Splash.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [sfbkwimx] c:\windows\system32\sfbkwimx.exe -start
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [iolo System Mechanic Utility Bar] "D:\sysmech\SMUtilityBar.exe"
    O4 - HKCU\..\Run: [Yahoo! Pager] "D:\yahoomsgn\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\YAHOOM~1\MESSEN~1\YPAGER.EXE
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\YAHOOM~1\MESSEN~1\YPAGER.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dmde.com
    O17 - HKLM\Software\..\Telephony: DomainName = dmde.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4E1B6125-945B-4CD1-817F-85F484E506B4}: NameServer = 202.144.105.4,202.144.10.50
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dmde.com
    O17 - HKLM\System\CS1\Services\Tcpip\..\{4E1B6125-945B-4CD1-817F-85F484E506B4}: NameServer = 202.144.105.4,202.144.10.50
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = dmde.com
    O17 - HKLM\System\CS2\Services\Tcpip\..\{4E1B6125-945B-4CD1-817F-85F484E506B4}: NameServer = 202.144.105.4,202.144.10.50
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = dmde.com
    O17 - HKLM\System\CS3\Services\Tcpip\..\{4E1B6125-945B-4CD1-817F-85F484E506B4}: NameServer = 202.144.105.4,202.144.10.50
    O18 - Protocol: myrm - {4D034FC3-013F-4B95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\MyRmProt3.5.0.476.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    O23 - Service: ewido security suite control - ewido networks - D:\ewido\ewido anti-malware\ewidoctrl.exe
    O23 - Service: McShield - McAfee Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
    O23 - Service: McAfee Managed Services Agent (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe
    O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
     

    Attached Files:

  4. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Download KillBox here: http://www.downloads.subratam.org/KillBox.exe
    Save it to your desktop.
    DO NOT run it yet.

    Rescan with Hijack This.
    Close all browser windows except Hijack This.
    Put a check mark beside these entries and click "Fix Checked".

    R3 - Default URLSearchHook is missing

    O4 - HKLM\..\Run: [sfbkwimx] c:\windows\system32\sfbkwimx.exe -start


    Boot into Safe Mode.

    * Double click on Killbox.exe to run it.

    Put a tick by Standard File Kill.
    In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time:

    c:\windows\system32\sfbkwimx.exe

    Click on the button that has the red circle with the X in the middle after you enter each file.
    It will ask for confirmation to delete the file.
    Click Yes.
    Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
    Killbox may tell you that one or more files do not exist.
    If that happens, just continue on with all the files. Be sure you don't miss any.
    Next in Killbox go to Tools > Delete Temp Files
    In the window that pops up, put a check by ALL the options there except these three:
    XP Prefetch
    Recent
    History

    Now click the Delete Selected Temp Files button.
    Exit the Killbox.

    Finally go to Control Panel > Internet Options.
    On the General tab under "Temporary Internet Files" Click "Delete Files".
    Put a check by "Delete Offline Content" and click OK.
    Click on the Programs tab then click the "Reset Web Settings" button.
    Click Apply then OK.

    Empty the Recycle Bin.

    Reboot, post a new Hijack This log.
     
  5. tins_84

    tins_84 Thread Starter

    Joined:
    Sep 7, 2005
    Messages:
    18
    this is the latest hijack log....also i feel i have the kamasutra virus on my comp ...since tom eing 3 would be knowing it but is there any ways i can detect and remove this virus......also tht prob of automatic shutdown though fine rite now but when i put my system on virus scan then it shutsdown automatically i am not able to complete the scan...plzzzzzzzzzz advice asap

    Logfile of HijackThis v1.99.1
    Scan saved at 11:42:34 AM, on 2/1/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    D:\ewido\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Sify Broadband\BBImpSec.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    D:\yahoomsgn\Messenger\ymsgr_tray.exe
    C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
    C:\WINDOWS\system32\wuauclt.exe
    D:\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [RevertSettings] 8o”
    O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe"
    O4 - HKLM\..\Run: [MVS Splash] C:\PROGRA~1\McAfee\MANAGE~1\VScan\Splash.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [iolo System Mechanic Utility Bar] "D:\sysmech\SMUtilityBar.exe"
    O4 - HKCU\..\Run: [Yahoo! Pager] "D:\yahoomsgn\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\YAHOOM~1\MESSEN~1\YPAGER.EXE
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\YAHOOM~1\MESSEN~1\YPAGER.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dmde.com
    O17 - HKLM\Software\..\Telephony: DomainName = dmde.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4E1B6125-945B-4CD1-817F-85F484E506B4}: NameServer = 202.144.105.4,202.144.10.50
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dmde.com
    O17 - HKLM\System\CS1\Services\Tcpip\..\{4E1B6125-945B-4CD1-817F-85F484E506B4}: NameServer = 202.144.105.4,202.144.10.50
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = dmde.com
    O17 - HKLM\System\CS2\Services\Tcpip\..\{4E1B6125-945B-4CD1-817F-85F484E506B4}: NameServer = 202.144.105.4,202.144.10.50
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = dmde.com
    O17 - HKLM\System\CS3\Services\Tcpip\..\{4E1B6125-945B-4CD1-817F-85F484E506B4}: NameServer = 202.144.105.4,202.144.10.50
    O18 - Protocol: myrm - {4D034FC3-013F-4B95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\MyRmProt3.5.0.476.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    O23 - Service: ewido security suite control - ewido networks - D:\ewido\ewido anti-malware\ewidoctrl.exe
    O23 - Service: McShield - McAfee Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
    O23 - Service: McAfee Managed Services Agent (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe
    O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
     
  6. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Why do you feel you have that virus?
     
  7. tins_84

    tins_84 Thread Starter

    Joined:
    Sep 7, 2005
    Messages:
    18
    thts coz few days back when i was unaware of tht virus i had a mail form my friend's account with tht MISS LEBANON 2006 thing wich i opened and tried to dl but if i remember correctly i had an alert tht time thru Mcfee-my anti -virus for the same so i deleted it ...but me still not sure whether tht alert was for tht or somehting else and i strted facing the shutdown prob after tht and now as such comp is ok and operates fine but when i try to scan the system then it shuts down so i ahve the doubt....but well u see now tht its feb3 already me files are opening fine tht means my comp is not infected.....so i am confused another thing i would like to know is tht does htis virus infects the PC only if we open a mail containing it.....and is it fine to use the net on 3 of evry month if we r careful not to open such mail if at all we receive 1....plz advice
     
  8. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
  9. tins_84

    tins_84 Thread Starter

    Joined:
    Sep 7, 2005
    Messages:
    18
    well thnx i have updated my AV....so u mean it is ok if i continue to use the net carefully on 3 also
     
  10. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    That virus is set to surface today, so do a scan with your AV and see if it picks it up.
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/437172

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice