PC Pals Forum
Technical Help & Discussion => Broadband, Networking, PC Security, Internet & ISPs => Topic started by: Michelle on October 05, 2008, 18:23
-
Hi guys,
it doesn't take me long to come back with another problem does it lol
I'll tell you what i think happened....... I was on msn - and someone sent a picture saying can i add this pic of you to my myspace, i thought thats odd, i accepted it and it was in a zip file - I didn't open the zip file cos i thought well thats odd. BUT mysuperspyware thing said change to registry to u wish to accept and i wasn't thinking and clicked yes.... i think thats what did it.
Now what is happening is the same person keeps trying to send me that picture (now deleted him lol) and non of his other friends were getting this. And Msn keeps logging off every few mins, and so does a game that i play though IE. And its all a bit slower.
So i've done all the usual scans (avg, adware,malwarebyes, ccleaner, superspyware, lol and afewmore) - and i was going to scan in safe mode with restore off but I couldn't find the button for safe mode, lol - i never remember - its not f8 f9 or f10 - so i thought well I'll just scan it with restore off, but its still happening......
oh something i noticed trying to get me to accept was Jupious, i did a google on it but nothing came up its in system32 any idea?
Anyway so please can u help, what should i do next, try finding safemode again?
thanks Michelle xxx
-
Safe mode should be from pressing f8 just after the POST sequence, Michelle.
-
yeah thanks i know it should be but its not on this computer, (medion) I'll look back at my other posts I might have said.... :blush:
-
i found the post i was remembering, but it was f8 i was doing it wrong and still am lol thanks rik :blush: :)x
but will that do it you think, is that the next thing to try?
what about that jupious.exe, any ideas?
-
Michelle you might try this one
it does a good job of finding things embedded in win32
It is slow it took 8 hours for me to scan 20 gig of programs
it is free
A Squared
http://www.emsisoft.com/en/software/free/
-
Hi Michelle,
I saw this recommended the other day, but have never tried it:
http://www.exterminate-it.com/
Although, I would be surprised if anything was there that none of your other scans have managed to remove.
As for 'jupious', I've also drawn a blank on that one. :(
-
I made a mistake the other day and went surfing without a firewall
I got a similar virus and it was embedded in win32
It didnt allow my anti-virus or spybot nor any of my other tools to even see it
I finally had to use A squar and it quarenteened it
I got the recomendation from this help site
http://www.bleepingcomputer.com/forums/index.php?
-
ok thanks guys, i will try those, i just managed to scan it in safemode with restore off so i am hoping that did the trick on and i delete msn before that, so I'll reinstall and try that.
that jupious was in win32 did I say?
funny that there is nothing on google about it.
thanks again
-
You could run hijack this and post the results.
-
Try doing a system restore to before you opened the dodgy file. Its changed the registry so an AV scan probably wont fix it. With later PCs safe mode can be a bit harder to get into than on earlier ones due to having SATA hard drives. Pressing F8 too early uses brings up the BBS menu (boot order), you need to wait until the first screen with text has shown and gone then hit F8 straight away before the second screen has fully loaded.
Just thought, you probably cant restore now as you turned it off to do a scan in safe mode.
The best thing you can do now will be to put your XP CD in the drive and go to startr, then run and type in SFC /SCANNOW dont forget the space between the letters SFC and the /
Hopefully that will repair the file thats been damaged/removed or replaced.
-
hmmm xp cd...... do i have one of those..... sounds like a great idea thanks sandra, I'll have to look.
I thought that was a mistake turning of system restore, i don't know why i didn't restore it first, its normally first thing i do :(
-
Yay i found the XP Disc it was in an unopened packet - like a recovery one, and i did what you said, all went well so fingers crossed, its sorted it out. It does seem quicker already, but that could be me hoping lol - If not i will post the hijack this I did do a scan last night but I didn't see anything staring out at me lol.
Oh and and thats exactly it with the f8 i have to wait sometime before I can press it.
Thanks again Sandra, and fingers crossed ;D
-
ok :( that didn't work. So it made me think it might be something else - so i searched on msn disconnecting and someone had a problem with Java, i think i downloaded an update for Java recently ? And that game i use uses Java..... just a thought.
Anyway I've been trying to post the hijack this here but it keeps going to another page about the webmaster? :dunno:
-
How are you trying to post it, Michelle? You should be able to save the scan results as a text file, then just copy and paste the text into a post. Just try to make sure it doesn't reveal any personal details, such as IP address, etc. :)
-
ogfile of HijackThis v1.99.1
Scan saved at 18:59:54, on 06/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\PROGRA~1\AVG\AVG8\avgscanx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\CNYHKey.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\jupous.exe
C:\WINDOWS\system32\lexpps.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Creative\MediaSource5\CTDetctu.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\CPdeSrvU.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lexmark.com/MD/?func=newreg&lang=0&prtr=4476001&ctry=00000809&os=5&src=1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [evsfun] C:\WINDOWS\evsfun.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [fybo] C:\WINDOWS\system32\jupous.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [fybo] C:\WINDOWS\system32\jupous.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Creative Detector U] "C:\Program Files\Creative\MediaSource5\CTDetctu.exe" /R
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.79\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 3.79\MediaManager\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Michelle\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.toysrus.co.uk/
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.toysrus.co.uk/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {13991839-0420-11D5-BDA3-00A0C982BA51} (PDAnalyzeCtrl Class) - http://www.raxco.com/analyze/PDWeb.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1117004803140
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {82B56B47-90DC-4F58-9A7D-D27BA46D3C0F} (MyPhotoAlbum Easy Upload Tool Combo Control) - http://michelledh4.myphotoalbum.com/ImageUploader4.cab
O16 - DPF: {88E48871-88E6-4480-9921-F1EC4EB9AB74} (FileReadCtrl Class) - http://www.raxco.com/fileaccesstimer/WebTimedRead.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.telewest.co.uk/motive/files/MotivePreQual.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15034/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: AOL Connectivity Service (uttagaad8umai) - Unknown owner - C:\WINDOWS\system32\wofyzacouz.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
-
I'm no expert on these, but it seems that these could be the entries we're concerned about, yes?
C:\WINDOWS\system32\jupous.exe
O4 - HKLM\..\Run: [fybo] C:\WINDOWS\system32\jupous.exe
O4 - HKLM\..\RunServices: [fybo] C:\WINDOWS\system32\jupous.exe
Did you do the analysis thing, and did it come back with anything? Any idea what 'fybo' is? Anything to do with Facebook, by any chance? Trouble is, with nothing coming up on Google, it's difficult to know if the files are legit or not. All I would say is, if they are genuine, they probably would have come up on Google. It definitely looks like those [fybo] things are set to start with Windows.
-
oh i dunno - but they are blocked at firewall - and facebook works
mcafee said that its part of houvoov.exe or wofyzarouz.exe, and nothing about those either lol
But it might be fine, i just wondered what they were.........and it did try to access the system again, but not since.
-
It does look like something's there that shouldn't be, but until we can find out what it is, we can't tell if it's harmful or not. It could be one of those things that just installs itself with a random name, which is why it might not be appearing on Google. If they are blocked by your firewall, I guess that should offer some protection, but if it were me, I'd be happier if they were out of the system altogether. :(
-
yeah thanks Simon i feel the same, funny though if they are blocked and i'm still have problems. Some thing else isn't right. I'd say it was the new router but this happened a week after it was installed.
Maybe someone who knows about these logs will explain more :)
-
Indeed, but as I mentioned, you can send the log file off to HJT for analysis, and it should come back with what's good, bad, or unknown. Might be useful to try that until someone else comes along.
-
What router do you have? Does it show any strange activity in the firewall logs? Just wondering if something's hogging your connection.
-
Get CCcleaner from www.filehippo.com Michelle.
Click on Registry at the side then on Scan now. Hopefully that will find any problems with the registry and will bring up a list of "issues". Click on Fix Issues after it has scanned, say no when asked if you want to back up the registry, as I think its corrupted so theres no point in saving it. Then click on Fix All. After its done it run the scan again and repeat from Click on Fix Issues as sometimes it cant fix everything in one or even 2 or 3 runs. Repeat the scans until it shows no issues then close it.
-
Try Malwarebytes free edition ;) then follow the prompts
-
Okay I've done the Malwarebytes one.
And one called CCleaner too not sure its the same one so I'll look at that.
The router is a belkin and its secure.
I'll try the hijack thing as well Simon, I didn't see the option when I scanned it before. I only posted it here as someone said to, as i know before we only had one person that could read them and they left.
It really just seems to be Msn and the game, i don't seem to be losing connection any other way, although its for such a short time maybe I wouldn't notice.
Okay I'll try those things anyway, have a good day everyone and thanks for advice :)
-
Go here http://virusscan.jotti.org/ and copy and past these two pathes into the scan bar. That site scans uploaded files with a dozen or so antivirus programs.
C:\WINDOWS\system32\jupous.exe
C:\WINDOWS\system32\lexpps.exe
You can search any other suspicious looking files that you find on your computer using that site too. If you think you have a virus in your windows/systems32 folder, open the folder and organize by last modified. If the last few files are 238dskjfhiiueh or something similar chances are they are infections. Scan them with this site and post the results.
-
Here are a couple of programs that might help
the first one allows a seach of what is running in task managerI did the search for the names in your problem but no luck
http://www.processlibrary.com/quicklink/
This one will replace task manager and give more information of whats running it does show a bit more than windows task manager I used them both in getting rid of adwar4e on my machine
process explorer
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
-
Go here http://virusscan.jotti.org/ and copy and past these two pathes into the scan bar. That site scans uploaded files with a dozen or so antivirus programs.
Okay this looks like a good site, it scans with 20 different programmes, - I found out that that jupious and the other one wofyzacouz.eve were both modified on the day i started having problems, and in that scan only Sophos thought could be a problem Sus/Unpacker.
C:\WINDOWS\system32\lexpps.exe was clean and I think its for my lexmark printer.
The only other things after that in the system32 folder were clean - perfc009.dat ... wpa.dbl and status.mpf
Nothing with that number you said Reno.
That CCleaner was the same one I'd done already but i ran it again and it deleted a further 48mb of stuff lol so god knows what happened last time maybe i didn't complete it? it couldn't be 48mb's more since sunday!
Oh duh i just looked again and there are two settings "windows" and applications I'd not ran the applications cleaner.
Okay I'll see if thats made any difference if not I think i might just delete those Jupious files what u think? They are still there in 32 :(
-
Zip them up, Michelle. Then if you need them back, it's easy.
-
Oh good idea rik
Every time i do these scan things I have to remember my pals password which i never use and i keep having to look it up lol
-
IIRC, wpa.dbl is the activation file for Windows. It's worth making a copy of that.
-
oh maybe that was from when i ran the xpdisc
ah well it didn't work its still acting strange........ go back to try those other things tomorrow :(
unless i needed a restart.... we'll see
Goodnight all, and thanks for your help so far :)
-
Did you try malwarebytes
-
http://www.pandasecurity.com/homeusers/solutions/activescan/
That will scan your computer using panda and remove viruses, but it does take a few hours. Run it right before you go to sleep.
-
Did you try malwarebytes
Yeah I've got that one TR thanks
-
oh thanks reno that looks good, I'll try that tonight.
Strange thing is ..... I deleted MSN and As much Java as I could and reinstalled Java and the game is running fine........ dare I try installing windows messenger again lol Can u not just get plain old msn now?
Oh and that wofyzarcouz.exe which is part of Jupious is to do with AOL (or maybe aim) they are still annoying me and I've not used them for like 2 years lol - but why was it in recent in windows32? hmmm
ah and I'd zipped that jupious but the file stayed in win32 and it wouldn't let me delete it.
-
oh thanks reno that looks good, I'll try that tonight.
Strange thing is ..... I deleted MSN and As much Java as I could and reinstalled Java and the game is running fine........ dare I try installing windows messenger again lol Can u not just get plain old msn now?
you could always give Pidgin a go... http://www.pidgin.im/
-
Try here it has all the older versions
http://oldversion.com/program.php?n=msnm
-
ooo thanks guys - now I dont know which one to get lol
I ran that panda and it found 1 virus - but then i had to sign up - so i had to run it again lol - and it wasn't finished when I got home (it had stopped for some reason) from work so I stopped it and it had listed 4 suspects, 2 of which were the files we've been talking about so I actioned them and I'll have to run it again now and see if it says about the virus again.
-
hey me again,
Just to let u know that Panda found a virus last night, I took the name down wrong but something like
HGstan-a-usa.exe. And it disinfected it. lol So I'm hoping that is that........ still yet to try it out.
I tried downloading a previous msn but it won't let u, u have to then update it.
That pidgin thing is great! ...... but I couldn't really get used to it cos it was still disconnecting, but I'll try tonight and see how it goes.
Thanks again for all your help, keep you informed lol Don't sigh like that :P
-
update.....
it wasn't that virus that was causing the problem as it was still the same.........
i looked in task manager and that jupous was still running, so i stopped it and ..... no problems!!!
even though i'd fixed it on hijack this and its blocked on mcafee...... And i deleted it from add and remove programmes!
so how do i get rid of it? ........ do i have to do it in safemode?
any idea's please ?
-
Turn system restore off again Michelle, go into safe mode and run any scans or do whatever you did to remove it, while still in safe mode. That should fix it :)
-
Try using this tool. Go to where the file is and drag it into the white area to be fixed. It'll restart the computer if the file is locked. It takes a little while, but it'll remove it if taking it out in safemode doesn't.
http://www.atribune.org/public-beta/VundoFix.exe
-
okay thanks I will do that.
Its seems now I got another problem, my mp3's are skipping and so are tracks on utube? lol omg !!
ok i restored to tuesday which was when i started deleting stuff lol - and its okay again i think - now I'll have to see if its anything to do with jupous .....
Off to the beach now, have a good weekend :)
-
Just thought I'd let u know,
Its all fixed now, thanks for all of your help :thumbs:
that Vundofix got rid of it - i tried it first without going to safemode, and gone! ....... and everything is working fine now .............touchwood :o:
-
At last! That was a tough one to get rid of. Well done, Michelle!
-
It's great when you get a big problem like that sorted :thumbs:
Just be careful what you accept and from who ;)