Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Can't get rid of those alerts
   
BullGuard Antivirus Forum > General Security > Spyware > Can't get rid of those alerts  
Forum Quick Jump
 
New Topic Post reply to : Can't get rid of those alerts Printable version of : Can't get rid of those alerts
[ << Previous Thread | Next Thread >> ]

Lalla32
New Member


Date Joined Dec 2005
Total Posts : 2
  		   Posted 12-29-2005 11:11 (GMT +1)    Quote: Can't get rid of those alertsAlert an admin about: Can't get rid of those alerts
Hello! My name is Lalla! :)
 
Hope I did everything right... here is my log...
They keep telling me my PC is running slow because od spyware and all the usual annoying stuff...
 
Logfile of HijackThis v1.97.7
Scan saved at 23.07.05, on 29/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\system32\UAService7.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Programmi\ewido anti-malware\ewidoguard.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\IncrediMail\bin\IncMail.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\BitTornado\btdownloadgui.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Standard\Documenti\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Collegamenti a ritroso - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{3DB33122-FF91-432F-8360-6AF376F2E0D9}: NameServer = 151.99.125.1 212.216.172.62
 
Thank you for all the help you will be able to give me! :) Grazie!
 
Back to Top
 

­
Trusted Member




Date Joined Dec 2005
Total Posts : 113
  		   Posted 12-29-2005 11:26 (GMT +1)    Quote: Can't get rid of those alertsAlert an admin about: Can't get rid of those alerts
Hi Lalla,

C:\WINDOWS\system32\mssearchnet.exe <- WARN: COULD BE A SPYWARE
C:\WINDOWS\htpatch.exe <- GOOD SiS Multimedia
C:\WINDOWS\system32\UAService7.exe <- GOOD SecuROM User Access Service
C:\Programmi\File comuni\Real\Update_OB\realsched.exe <- GOOD: Real Player
C:\Programmi\QuickTime\qttask.exe <- GOOD: Quick Time
C:\WINDOWS\system32\rundll32.exe <- GOOD but It depends arguments passed...
C:\Programmi\BitTornado\btdownloadgui.exe <- NORMALLY GOOD: Bit Torrent Download Manager

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTAR
It's a part of P2P Networking AdWare (ok only if it's you that install it)

O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
It's a part of AdslTaskBar, only if you're using Italia Telecom, this application monitoring the state of ADSL line and modem.
You said "Grazie!" i think it's good ;)

DNS ARE OK

ns1.tin.it (212.216.172.62)
ns.interbusiness.it (151.99.125.1)
Telecom Italia Net
PROVIDER
NOC Roma


In fact, you have just one suspect process "C:\WINDOWS\system32\mssearchnet.exe"
Ctrl + Alt + Suppr & kill it, then delete the file.

@++
Back to Top
 

Lalla32
New Member


Date Joined Dec 2005
Total Posts : 2
  		   Posted 12-30-2005 12:16 (GMT +1)    Quote: Can't get rid of those alertsAlert an admin about: Can't get rid of those alerts
YAY! :Dhop
It really worked! mssearchnet.exe was my problem! :D I deleted it and everything looks fine now! :)
Grazie, grazie, grazie! :)


PS: Yeah, and I'm using Telecom Italia! So everything is fine with that! :)
Thank you again! :)


Back to Top
 

­
Trusted Member




Date Joined Dec 2005
Total Posts : 113
  		   Posted 12-30-2005 12:24 (GMT +1)    Quote: Can't get rid of those alertsAlert an admin about: Can't get rid of those alerts
Grazie a tutte le belle donne dell'Italia che me hanno gradita !
Hu ? I'm joking ;)
Back to Top
 
New Topic Post reply to : Can't get rid of those alerts Printable version of : Can't get rid of those alerts
 
Forum Information
Currently it is Thursday, November 20, 2008 10:59 AM (GMT +1)
There are a total of 63.922 posts in 15.821 threads.
In the last 3 days there were 34 new threads and 150 reply posts. View Active Threads
Who's Online
This forum has 27172 registered members. Please welcome our newest member, Kenku.
53 Guest(s), 1 Registered Member(s) are currently online.  Details
il_principe
5 Latest Threads
Google and Yahoo redirect and associated malfunctions (10)20-11-2008 09:38:19 (il_principe)
What's wrong with my computer? (3)20-11-2008 09:07:37 (Touch)
Generic.PWS.WoW.B7078E0 (11)20-11-2008 08:33:19 (Touch)
Performance dive (6)20-11-2008 06:40:36 (Touch)
Internet Redircet Virus on Vista (7)20-11-2008 05:56:10 (Touch)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard