1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

tcpsvcs.exe

Discussion in 'Virus & Other Malware Removal' started by witchblade, Sep 10, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. witchblade

    witchblade Thread Starter

    Joined:
    Sep 10, 2003
    Messages:
    3
    Pls help me solve this... when i got connected to the internet there's always a pop-up message saying that a certain application is cannot be read (that is the tcpsvcs.exe) what seems to be the problem? and also, when i first open the ie,browse or click on a link it always says that "the page cannot be display" but sometimes it is working,is there any connection with that tcpsvcs.exe?:(
     
  2. witchblade

    witchblade Thread Starter

    Joined:
    Sep 10, 2003
    Messages:
    3
    i've already downloaded the hijackthis & follow the instuctions & these are the scanned programs...
    Logfile of HijackThis v1.96.4
    Scan saved at 5:50:40 PM, on 9/10/2003
    Platform: Windows 2000 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\msdtc.exe
    C:\Program Files\NavNT\defwatch.exe
    C:\WINNT\system32\Dfssvc.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\System32\ismserv.exe
    C:\WINNT\System32\llssrv.exe
    C:\Program Files\NavNT\rtvscan.exe
    C:\WINNT\system32\ntfrs.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\System32\locator.exe
    C:\WINNT\system32\MSTask.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\dns.exe
    C:\WINNT\System32\inetsrv\inetinfo.exe
    C:\WINNT\System32\MsgSys.EXE
    C:\WINNT\System32\svchost.exe
    C:\WINNT\Explorer.exe
    C:\WINNT\htpatch.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\NavNT\vptray.exe
    C:\DOCUME~1\ADMINI~1\APPLIC~1\ieuooshs.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Qot1.exe
    C:\WINNT\System32\P2P Networking\P2P Networking.exe
    C:\WINNT\System32\rundll32.exe
    C:\winnt\system32\fsg_4104.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX05.343\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://sbvr.com/searchbar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://sbvr.com/searchbar.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sbvr.com/passthrough/index.html?http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://sbvr.com/searchbar.html
    O1 - Hosts: 216.177.73.139 auto.search.msn.com
    O1 - Hosts: 216.177.73.139 search.netscape.com
    O1 - Hosts: 216.177.73.139 ieautosearch
    O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
    O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet4_85.dll
    O2 - BHO: Natural Language Navigation - {60E78CAC-E9A7-4302-B9EE-8582EDE22FBF} - C:\WINNT\System\BHO001.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
    O4 - HKLM\..\Run: [HTpatch] C:\WINNT\htpatch.exe
    O4 - HKLM\..\Run: [SiS KHooker] C:\WINNT\System32\khooker.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb07.exe
    O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
    O4 - HKLM\..\Run: [explorer] C:\WINNT\System32\explorer.exe
    O4 - HKLM\..\Run: [gflumln] "C:\WINNT\System32\gflumln.exe"
    O4 - HKLM\..\Run: [brcheec] C:\DOCUME~1\ADMINI~1\APPLIC~1\ieuooshs.exe -QuieT
    O4 - HKLM\..\Run: [WinStart001.EXE] C:\WINNT\System\WinStart001.EXE -b
    O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
    O4 - HKLM\..\Run: [Trickler] "c:\winnt\system32\fsg_4104.exe"
    O4 - HKLM\..\Run: [SAHAgent] C:\WINNT\System32\SahAgent.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O10 - Hijacked Internet access by New.Net
    O10 - Broken Internet access because of LSP provider 'lsp.dll' missing
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: {8522F9B3-38C5-4AA4-AE40-7401F1BBC851} - http://www.mp3s4free.net/Searchmp3s.exe
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37865.3712152778
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E6A3C1E2-F792-483E-9133-596215172BE9} (AcceptLang Class) - http://runonce.msn.com/setacceptlang.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MAMONTESSORI.local
    O17 - HKLM\System\CCS\Services\Tcpip\..\{015E3EE8-84DA-479E-A1D8-B76EC31203C7}: NameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FC4CBF7C-308E-411D-9682-56BEFFC59AD9}: NameServer = 203.172.11.21 203.172.11.25
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = MAMONTESSORI.local
    O17 - HKLM\System\CS1\Services\Tcpip\..\{015E3EE8-84DA-479E-A1D8-B76EC31203C7}: NameServer = 127.0.0.1
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = MAMONTESSORI.local
    O17 - HKLM\System\CS2\Services\Tcpip\..\{015E3EE8-84DA-479E-A1D8-B76EC31203C7}: NameServer = 192.168.1.1
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = MAMONTESSORI.local
    O17 - HKLM\System\CS3\Services\Tcpip\..\{015E3EE8-84DA-479E-A1D8-B76EC31203C7}: NameServer = 192.168.1.1
     
  3. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,769
    Moved you to Security, where you may get more responses

    eddie
     
  4. Die Hard

    Die Hard

    Joined:
    Apr 5, 2003
    Messages:
    267
    witchblade Hi :)

    You have a couple of virus there.

    Do this first:

    Go to "Start>Control Panel>Add/Remove programs " and uninstall "NewDotNet" .
    When that is done, do this.....

    visit any of these sites for an online virus scan:

    Symantec/Norton
    http://security.symantec.com/defaul...FCSGFZVDTPSOERZ

    Panda ActiveScan http://www.pandasoftware.com/activescan/

    Trend Micro HouseCall http://housecall.trendmicro.com

    then.......

    Download AdAware6 181 and see THIS page for instructions on how to configure the program.
    Remember to use the webupdate before your first scan.



    When you have done this, make another scan with HiJack This and let´s have a look again.

    Also go HERE and download AVG free antivirus program.

    Die Hard
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/163664