tcpsvcs.exe

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

witchblade

Thread Starter
Joined
Sep 10, 2003
Messages
3
Pls help me solve this... when i got connected to the internet there's always a pop-up message saying that a certain application is cannot be read (that is the tcpsvcs.exe) what seems to be the problem? and also, when i first open the ie,browse or click on a link it always says that "the page cannot be display" but sometimes it is working,is there any connection with that tcpsvcs.exe?:(
 

witchblade

Thread Starter
Joined
Sep 10, 2003
Messages
3
i've already downloaded the hijackthis & follow the instuctions & these are the scanned programs...
Logfile of HijackThis v1.96.4
Scan saved at 5:50:40 PM, on 9/10/2003
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\ismserv.exe
C:\WINNT\System32\llssrv.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\ntfrs.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\locator.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\dns.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\MsgSys.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.exe
C:\WINNT\htpatch.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\NavNT\vptray.exe
C:\DOCUME~1\ADMINI~1\APPLIC~1\ieuooshs.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Qot1.exe
C:\WINNT\System32\P2P Networking\P2P Networking.exe
C:\WINNT\System32\rundll32.exe
C:\winnt\system32\fsg_4104.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX05.343\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://sbvr.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://sbvr.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sbvr.com/passthrough/index.html?http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://sbvr.com/searchbar.html
O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet4_85.dll
O2 - BHO: Natural Language Navigation - {60E78CAC-E9A7-4302-B9EE-8582EDE22FBF} - C:\WINNT\System\BHO001.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [HTpatch] C:\WINNT\htpatch.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINNT\System32\khooker.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [explorer] C:\WINNT\System32\explorer.exe
O4 - HKLM\..\Run: [gflumln] "C:\WINNT\System32\gflumln.exe"
O4 - HKLM\..\Run: [brcheec] C:\DOCUME~1\ADMINI~1\APPLIC~1\ieuooshs.exe -QuieT
O4 - HKLM\..\Run: [WinStart001.EXE] C:\WINNT\System\WinStart001.EXE -b
O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [Trickler] "c:\winnt\system32\fsg_4104.exe"
O4 - HKLM\..\Run: [SAHAgent] C:\WINNT\System32\SahAgent.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O10 - Hijacked Internet access by New.Net
O10 - Broken Internet access because of LSP provider 'lsp.dll' missing
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {8522F9B3-38C5-4AA4-AE40-7401F1BBC851} - http://www.mp3s4free.net/Searchmp3s.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37865.3712152778
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6A3C1E2-F792-483E-9133-596215172BE9} (AcceptLang Class) - http://runonce.msn.com/setacceptlang.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MAMONTESSORI.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{015E3EE8-84DA-479E-A1D8-B76EC31203C7}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC4CBF7C-308E-411D-9682-56BEFFC59AD9}: NameServer = 203.172.11.21 203.172.11.25
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = MAMONTESSORI.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{015E3EE8-84DA-479E-A1D8-B76EC31203C7}: NameServer = 127.0.0.1
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = MAMONTESSORI.local
O17 - HKLM\System\CS2\Services\Tcpip\..\{015E3EE8-84DA-479E-A1D8-B76EC31203C7}: NameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = MAMONTESSORI.local
O17 - HKLM\System\CS3\Services\Tcpip\..\{015E3EE8-84DA-479E-A1D8-B76EC31203C7}: NameServer = 192.168.1.1
 

eddie5659

Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,298
Moved you to Security, where you may get more responses

eddie
 
Joined
Apr 5, 2003
Messages
267
witchblade Hi :)

You have a couple of virus there.

Do this first:

Go to "Start>Control Panel>Add/Remove programs " and uninstall "NewDotNet" .
When that is done, do this.....

visit any of these sites for an online virus scan:

Symantec/Norton
http://security.symantec.com/defaul...FCSGFZVDTPSOERZ

Panda ActiveScan http://www.pandasoftware.com/activescan/

Trend Micro HouseCall http://housecall.trendmicro.com

then.......

Download AdAware6 181 and see THIS page for instructions on how to configure the program.
Remember to use the webupdate before your first scan.



When you have done this, make another scan with HiJack This and let´s have a look again.

Also go HERE and download AVG free antivirus program.

Die Hard
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Top