Transponder.abetterinternet

A

akumag2

Joined
Aug 20, 2005
Messages
1
Reaction score
0
Ive downloaded the microsoft anti-spyware application and have adaware and spybot and they keep finding transponder.abetterinternet but cannot remove it

here is my hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 8:59:43 PM, on 8/19/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\phh\phhorce\PHHSRV.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\System32\QosServM.exe
C:\progra~1\NICESy~1\bin\winNT4\LafServiceNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\OnePointAgent\OnePointAgent.exe
C:\WINDOWS\suss.exe
C:\WINDOWS\vesbnik.exe
C:\WINDOWS\System32\CCM\CcmExec.exe
c:\WeblogicClient\RMIRegistry\srvany.exe
c:\WeblogicClient\rmiregistry\rmiregistry.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\rgveqip.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Tactical Software\DialOutIP\DialoutIPTray.exe
C:\Program Files\RightFax\faxctrl.exe
C:\WINDOWS\yougyjd.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\NetIQ\DRA\UserConsole.exe
Z:\HelpdeskAssistant\HelpdeskAssistant.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\elliotg\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.mortgagesvcs.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.mortgagesvcs.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by PHH Mortgage
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: LANBridge Class - {71D1708F-973D-4600-AF01-AD86688403AE} - C:\WINDOWS\System32\ccmjttli.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [DialOut/IP] C:\Program Files\Tactical Software\DialOutIP\DialoutIPTray.exe
O4 - HKLM\..\Run: [RightFAX Print-to-Fax Driver] C:\Program Files\RightFax\faxctrl.exe
O4 - HKLM\..\Run: [lmu] C:\WINDOWS\LMU.exe
O4 - HKLM\..\Run: [lanbrup] C:\WINDOWS\System32\lanbrup.exe
O4 - HKLM\..\Run: [yougyjd] C:\WINDOWS\yougyjd.EXE
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [grpsga] C:\WINDOWS\System32\rgveqip.exe r
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: pwreset.lnk = C:\Program Files\Avaya\DEFINITY IP Service Provider\pwreset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-12.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1101840157220
O16 - DPF: {7DF31DC0-8A0F-11D0-B320-00A0C90825E1} (Microsoft SNA Server 3270 Web Client Download) - http://cpi/3270full.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.3.1_02) - https://mytime.cendant.com/WFC/plugins/j2re-1_3_1_02-win.exe
O16 - DPF: {CAFEEFAC-0013-0001-00042-ABCDEFFEDCBA} -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mortgage.corp.cendant.org
O17 - HKLM\Software\..\Telephony: DomainName = mortgage.corp.cendant.org
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = mortgage.corp.cendant.org
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = mortgage.corp.cendant.org
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: ctcphh Service (ctcphhService) - Unknown owner - c:\phh\phhorce\PHHSRV.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe
O23 - Service: iClarityQoSService - AVAYA Communication - C:\WINDOWS\System32\\QosServM.exe
O23 - Service: LafService - Nice Systems - C:\progra~1\NICESy~1\bin\winNT4\LafServiceNT.exe
O23 - Service: NetIQ Administration Service (MCSAdminSvc) - NetIQ Corporation - C:\Program Files\NetIQ\DRA\MCSAdminSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NetIQ DRA Agent (OnePointAgent) - NetIQ Corporation - C:\Program Files\OnePointAgent\OnePointAgent.exe
O23 - Service: OracleDEFAULT_HOMEClientCache - Unknown owner - C:\ORANT\BIN\ONRSD.EXE
O23 - Service: RMIRegistry - Unknown owner - c:\WeblogicClient\RMIRegistry\srvany.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\vesbnik.exe

Please help this a major no no on this PC
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Transponder spyware removal Hijackthis 3
sluggish computer 2
Hijackthis report please help 3
Virtumonde 0
Howzit!!! :) 2
Windows 7 "Windows cannot find svchost.exe?" 1
Windows XP Windows XP Malware, Please Help. 2
winfixer and virtumundo.C HELP! 2

Top