Main Page 
PC Review
Forums
Newsgroups
Microsoft AntiSpyware
Spyware Discussion
Transponder.abetterinternet
Forums
Newsgroups
Microsoft AntiSpyware
Spyware Discussion
Transponder.abetterinternet
 |
Transponder.abetterinternet |
|
|
Thread Tools | Rate Thread |
20-08-2005, 02:13 AM
|
#1 |
|
Junior Member
|
Transponder.abetterinternet
Ive downloaded the microsoft anti-spyware application and have adaware and spybot and they keep finding transponder.abetterinternet but cannot remove it
here is my hijack this log Logfile of HijackThis v1.99.1 Scan saved at 8:59:43 PM, on 8/19/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\phh\phhorce\PHHSRV.EXE C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe C:\WINDOWS\System32\QosServM.exe C:\progra~1\NICESy~1\bin\winNT4\LafServiceNT.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe C:\Program Files\OnePointAgent\OnePointAgent.exe C:\WINDOWS\suss.exe C:\WINDOWS\vesbnik.exe C:\WINDOWS\System32\CCM\CcmExec.exe c:\WeblogicClient\RMIRegistry\srvany.exe c:\WeblogicClient\rmiregistry\rmiregistry.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\System32\rgveqip.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\Program Files\Tactical Software\DialOutIP\DialoutIPTray.exe C:\Program Files\RightFax\faxctrl.exe C:\WINDOWS\yougyjd.EXE C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\NetIQ\DRA\UserConsole.exe Z:\HelpdeskAssistant\HelpdeskAssistant.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\elliotg\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id= R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.mortgagesvcs.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id= R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.mortgagesvcs.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id= R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id= R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q= R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by PHH Mortgage F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll O2 - BHO: LANBridge Class - {71D1708F-973D-4600-AF01-AD86688403AE} - C:\WINDOWS\System32\ccmjttli.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [DialOut/IP] C:\Program Files\Tactical Software\DialOutIP\DialoutIPTray.exe O4 - HKLM\..\Run: [RightFAX Print-to-Fax Driver] C:\Program Files\RightFax\faxctrl.exe O4 - HKLM\..\Run: [lmu] C:\WINDOWS\LMU.exe O4 - HKLM\..\Run: [lanbrup] C:\WINDOWS\System32\lanbrup.exe O4 - HKLM\..\Run: [yougyjd] C:\WINDOWS\yougyjd.EXE O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [grpsga] C:\WINDOWS\System32\rgveqip.exe r O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: pwreset.lnk = C:\Program Files\Avaya\DEFINITY IP Service Provider\pwreset.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/act...l_v1-0-3-12.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...b?1101840157220 O16 - DPF: {7DF31DC0-8A0F-11D0-B320-00A0C90825E1} (Microsoft SNA Server 3270 Web Client Download) - http://cpi/3270full.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JA...loadManager.ocx O16 - DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.3.1_02) - https://mytime.cendant.com/WFC/plug..._3_1_02-win.exe O16 - DPF: {CAFEEFAC-0013-0001-00042-ABCDEFFEDCBA} - O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mortgage.corp.cendant.org O17 - HKLM\Software\..\Telephony: DomainName = mortgage.corp.cendant.org O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = mortgage.corp.cendant.org O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = mortgage.corp.cendant.org O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll O23 - Service: ctcphh Service (ctcphhService) - Unknown owner - c:\phh\phhorce\PHHSRV.EXE O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe O23 - Service: iClarityQoSService - AVAYA Communication - C:\WINDOWS\System32\\QosServM.exe O23 - Service: LafService - Nice Systems - C:\progra~1\NICESy~1\bin\winNT4\LafServiceNT.exe O23 - Service: NetIQ Administration Service (MCSAdminSvc) - NetIQ Corporation - C:\Program Files\NetIQ\DRA\MCSAdminSvc.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe O23 - Service: NetIQ DRA Agent (OnePointAgent) - NetIQ Corporation - C:\Program Files\OnePointAgent\OnePointAgent.exe O23 - Service: OracleDEFAULT_HOMEClientCache - Unknown owner - C:\ORANT\BIN\ONRSD.EXE O23 - Service: RMIRegistry - Unknown owner - c:\WeblogicClient\RMIRegistry\srvany.exe O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\vesbnik.exe Please help this a major no no on this PC |
|
|
|
|
| Thread Tools | |
| Rate This Thread | |
|
|
