View Full Version : fp.pc-on-internet.com
windows security pop up.
keeps poping up and no matter what I do, no program for malware,spyware program I use, Reg cleaning and plus some, it still keeps poping up, firewalled and everything.
windows security pop up and it's on my last nerve now.
I will continue to work on this but if someone knows the solution please tell.
windows Vista.
Aaron.Walkhouse
03-20-2008, 05:19 AM
What is happening? Can you be more precise? I can see that the site you mention is blocked on my
computer, which means it is a security risk, but you ddn't mention what the popup says or what
you were doing at the time.
MoreBandwidthPls
03-20-2008, 11:12 PM
Post some info so we can dig deeper.
1: Download and run BearDiag.exe (http://beardiag.technutopia.net/BearDiag.exe) and post the results in your reply.
2: A MSINFO32 report should show greater detail as well. See How to run the Microsoft troubleshooting reporting tool: MSINFO32 (http://www.technutopia.com/forum/showthread.php?t=5909)
Hi guys.... here we go....
StartupList report, 3/20/2008, 11:24:32 PM
StartupList version: 1.52
Started from : C:\Users\Jay\Downloads\StartupList.EXE
Detected: Unknown Windows (WinNT 6.00.1904)
Detected: Internet Explorer v7.00 (7.00.6000.16609)
* Using default options
==================================================
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Protector Suite QL\upeksvr.exe
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\ZoneLabs\avsys\ScanningProcess.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\System32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
C:\Toshiba\IVP\ISM\pinger.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe
C:\Windows\system32\svchost.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Windows\system32\ThpSrv.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\alg.exe
C:\Program Files\dvd43\DVD43_Tray.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Users\Jay\AppData\Local\leioeb.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jay\Downloads\BearDiag.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Jay\Downloads\StartupList.exe
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\Windows\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
NWEReboot =
SpyHunter Security Suite = C:\Program Files\Enigma Software Group\SpyHunter\SHStartup.exe
dvd43 = C:\Program Files\dvd43\dvd43_tray.exe
MSConfig = "C:\Windows\system32\msconfig.exe" /auto
ZoneAlarm Client = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
leioeb = c:\users\jay\appdata\local\leioeb.exe leioeb
swg = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
TOSCDSPD = C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[OptionalComponents]
=
--------------------------------------------------
Load/Run keys from C:\Windows\WIN.INI:
load=*INI section not found*
run=*INI section not found*
Load/Run keys from Registry:
HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
--------------------------------------------------
Shell & screensaver key from C:\Windows\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - (no file) - {02478D38-C3F9-4efb-9B51-7695ECA05670}
(no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
Symantec Intrusion Prevention - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll - {6D53EC84-6AAE-4787-AEEE-F4628F01010C}
(no name) - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll - {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
(no name) - C:\Program Files\Java\jre1.6.0\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
(no name) - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
--------------------------------------------------
Enumerating Task Scheduler jobs:
Norton AntiVirus - Run Full System Scan - Jay.job
ParetoLogic Update.job
RegCure Program Check.job
RegCure.job
SpywareStop Scheduled Scan.job
--------------------------------------------------
Enumerating Download Program Files:
[{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
CODEBASE = http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
[TSEasyInstallX Control]
InProcServer32 = C:\Windows\DOWNLO~1\TSEASY~1.OCX
CODEBASE = http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
--------------------------------------------------
Enumerating Winsock LSP files:
NameSpace #1: C:\Windows\system32\NLAapi.dll
NameSpace #4: C:\Windows\system32\napinsp.dll
NameSpace #5: C:\Windows\system32\pnrpnsp.dll
NameSpace #6: C:\Windows\system32\pnrpnsp.dll
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
WebCheck: C:\Windows\system32\webcheck.dll
--------------------------------------------------
End of report, 8,604 bytes
Report generated in 0.265 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
Current task list information for JAY-PC, running WIN_VISTA, , build 6000
Details collected on 2008/03/20 23:24:09
PID Process Name File Version Pk Mem Usg. Command line that invoked task
0 System Idle Process 0.0.0.0 0Mb ><
4 System 0.0.0.0 15.38Mb ><
580 smss.exe 0.0.0.0 0.68Mb >\SystemRoot\System32\smss.exe<
648 csrss.exe 6.0.6000.16386 5.26Mb >C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16<
692 wininit.exe 6.0.6000.16386 5.23Mb >wininit.exe<
704 csrss.exe 6.0.6000.16386 14.04Mb >C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16<
736 services.exe 6.0.6000.16386 7.87Mb >C:\Windows\system32\services.exe<
748 lsass.exe 6.0.6000.16386 9.9Mb >C:\Windows\system32\lsass.exe<
756 lsm.exe 6.0.6000.16386 5.16Mb >C:\Windows\system32\lsm.exe<
864 winlogon.exe 6.0.6000.16386 6.29Mb >winlogon.exe<
948 svchost.exe 6.0.6000.16386 7.65Mb >C:\Windows\system32\svchost.exe -k DcomLaunch<
1004 svchost.exe 6.0.6000.16386 7.58Mb >C:\Windows\system32\svchost.exe -k rpcss<
1136 svchost.exe 6.0.6000.16386 11.9Mb >C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted<
1168 svchost.exe 6.0.6000.16386 101.02Mb >C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted<
1180 svchost.exe 6.0.6000.16386 82.32Mb >C:\Windows\system32\svchost.exe -k netsvcs<
1292 audiodg.exe 0.0.0.0 17.71Mb ><
1340 SLsvc.exe 6.0.6000.16509 9.8Mb >C:\Windows\system32\SLsvc.exe<
1412 svchost.exe 6.0.6000.16386 13.13Mb >C:\Windows\system32\svchost.exe -k LocalService<
1612 svchost.exe 6.0.6000.16386 14.75Mb >C:\Windows\system32\svchost.exe -k NetworkService<
1680 upeksvr.exe 5.6.0.3283 9.59Mb >"C:\Program Files\Protector Suite QL\upeksvr.exe" <
1720 vsmon.exe 7.1.248.0 34.47Mb >C:\Windows\System32\ZoneLabs\vsmon.exe -service<
1176 dwm.exe 6.0.6000.16386 92.09Mb >"C:\Windows\system32\Dwm.exe"<
1600 explorer.exe 6.0.6000.16549 55.63Mb >C:\Windows\Explorer.EXE<
1976 ScanningProcess.exe 0.0.0.0 41Mb >"C:\Windows\System32\ZoneLabs\avsys\ScanningProcess.exe" 1720 0 C:\Windows\System32\ZoneLabs\avsys\bases\avp_x.set<
812 spoolsv.exe 6.0.6000.16386 13.28Mb >C:\Windows\System32\spoolsv.exe<
1964 CCSVCHST.EXE 107.0.3.7 107.86Mb >"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon<
1460 taskeng.exe 6.0.6000.16386 10.41Mb >taskeng.exe {5EE4615D-DE72-4FBA-AFB5-EB659AE8EEA9}<
2196 svchost.exe 6.0.6000.16386 76.89Mb >C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork<
2616 agrsmsvc.exe 1.0.0.4 3.62Mb >C:\Windows\system32\agrsmsvc.exe<
2628 AppleMobileDeviceSer 1.14.0.0 4.56Mb >"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"<
2672 ScanningProcess.exe 0.0.0.0 41Mb >"C:\Windows\System32\ZoneLabs\avsys\ScanningProcess.exe" 1720 0 C:\Windows\System32\ZoneLabs\avsys\bases\avp_x.set<
2680 guard.exe 7.5.1.36 49.78Mb >"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe"<
2692 CFSvcs.exe 7.0.1.6 5.74Mb >"C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe"<
2788 EvtEng.exe 11.1.0.4 15.56Mb >"C:\Program Files\Intel\Wireless\Bin\EvtEng.exe"<
2944 GoogleUpdaterService 2.2.824.5515 4.95Mb >"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"<
3016 MediaAgent.exe 2.2.1.329 29.82Mb >"C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe"<
3268 pinger.exe 0.0.0.0 4.32Mb >C:\Toshiba\IVP\ISM\pinger.exe<
3280 svchost.exe 6.0.6000.16386 5.62Mb >C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted<
3292 RegSrvc.exe 11.1.0.0 4.88Mb >"C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe"<
3348 SHService.exe 1.0.9.0 3.97Mb >"C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe" <
3368 svchost.exe 6.0.6000.16386 7.02Mb >C:\Windows\system32\svchost.exe -k imgsvc<
3380 swupdtmr.exe 0.0.0.0 3.64Mb >c:\Toshiba\IVP\swupdate\swupdtmr.exe<
3424 ThpSrv.exe 2.0.0.9 3.87Mb >C:\Windows\system32\ThpSrv.exe<
3468 TNaviSrv.exe 1.0.0.3 3.61Mb >"C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe"<
3484 TODDSrv.exe 1.0.0.3 4.52Mb >C:\Windows\system32\TODDSrv.exe<
3520 TosCoSrv.exe 1.0.0.1 4.49Mb >"C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe"<
3588 ULCDRSvr.exe 1.0.0.4 3.68Mb >"C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe"<
3608 svchost.exe 6.0.6000.16386 3.87Mb >C:\Windows\System32\svchost.exe -k WerSvcGroup<
3632 SearchIndexer.exe 6.0.6000.16386 22.76Mb >C:\Windows\system32\SearchIndexer.exe /Embedding<
3680 nmsrvc.exe 4.5.7274.0 20.11Mb >"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"<
1444 taskeng.exe 6.0.6000.16386 6.14Mb >taskeng.exe {A0383226-1E75-4980-9879-A0C1E3D11105}<
3304 alg.exe 6.0.6000.16386 5.02Mb >C:\Windows\System32\alg.exe<
4008 DVD43_Tray.exe 4.2.0.0 7.41Mb >"C:\Program Files\dvd43\DVD43_Tray.exe" <
4408 SpyHunter3.exe 1.0.13.0 57.48Mb >C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe<
4596 zlclient.exe 7.1.248.0 18.54Mb >"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" <
4620 leioeb.exe 0.0.0.0 22.29Mb >"C:\Users\Jay\AppData\Local\leioeb.exe" leioeb<
4632 GoogleToolbarNotifie 2.0.301.1654 7.34Mb >"C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" <
4656 TOSCDSPD.exe 2.1.1.0 4.49Mb >"C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe" <
5880 OUTLOOK.EXE 12.0.6300.5000 116.46Mb >"C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE" /recycle<
6020 AluSchedulerSvc.exe 3.4.0.162 8.94Mb >"C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe"<
4356 svchost.exe 6.0.6000.16386 6.22Mb >C:\Windows\system32\svchost.exe -k WindowsMobile<
5048 taskeng.exe 6.0.6000.16386 4Mb >taskeng.exe {C8B61118-F67C-44B1-B1F4-6B9CFD4DD3B1}<
6040 TrustedInstaller.exe 6.0.6000.16609 8.12Mb >C:\Windows\servicing\TrustedInstaller.exe<
5080 LuComServer_3_4.EXE 3.4.0.162 18.88Mb >"C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE"<
2540 ieuser.exe 6.0.6000.16609 21.01Mb >"C:\Program Files\Internet Explorer\IEUser.exe" -Embedding<
5348 iexplore.exe 7.0.6000.16609 48.32Mb >"C:\Program Files\Internet Explorer\iexplore.exe" http://www.technutopia.com/forum/showthread.php?t=5978&goto=newpost<
4020 AUPDATE.EXE 3.4.0.162 11.04Mb >"C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE"<
2740 SearchProtocolHost.e 6.0.6000.16386 9.11Mb >"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot) " "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" <
3744 SearchFilterHost.exe 6.0.6000.16386 5.52Mb >"C:\Windows\system32\SearchFilterHost.exe" 0 680 684 692 65536 688 <
5332 BearDiag.exe 1.99.19.0 16.55Mb >"C:\Users\Jay\Downloads\BearDiag.exe" <
3004 WmiPrvSE.exe 6.0.6000.16386 6.96Mb >C:\Windows\system32\wbem\wmiprvse.exe<
Logfile of HijackThis v1.99.1
Scan saved at 11:24:58 PM, on 3/20/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Protector Suite QL\upeksvr.exe
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\ZoneLabs\avsys\ScanningProcess.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\System32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
C:\Toshiba\IVP\ISM\pinger.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe
C:\Windows\system32\svchost.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Windows\system32\ThpSrv.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\alg.exe
C:\Program Files\dvd43\DVD43_Tray.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Users\Jay\AppData\Local\leioeb.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jay\Downloads\BearDiag.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Jay\Downloads\HijackThis2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SHStartup.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [leioeb] c:\users\jay\appdata\local\leioeb.exe leioeb
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: psfus - C:\Windows\system32\psqlpwd.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: McAfee Real-time Scanner (McShield) - MagicISO, Inc. - (no file)
O23 - Service: McAfee SystemGuards (McSysmon) - MagicISO, Inc. - (no file)
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SpyHunter3 Service - Unknown owner - C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe" (file missing)
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\Windows\system32\ThpSrv.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
.
Also here is a pic of the pop up
MoreBandwidthPls
03-21-2008, 04:21 AM
You are running multiple anti-virus programs at the same time - a sure recipe for system instability.
You have the OpenCase Media Agent spyware running. Obviously SpyHunter is not working - it doesn't appear on my recommended list.
What does C:\Program Files\Protector Suite QL\upeksvr.exe do?
How about C:\Users\Jay\AppData\Local\leioeb.exe?
Do you have the latest Java updates installed?
Have you tried to do a full scan for nasties in Windows Safe Mode after you have updated your anti-nasty software to the latest versions?
The MSINFO32 report may be helpful too...
Keep us posted on progress.
You are running multiple anti-virus programs at the same time - a sure recipe for system instability.
You have the OpenCase Media Agent spyware running. Obviously SpyHunter is not working - it doesn't appear on my recommended list.
This all started when I downloaded divx bundle and or Divx Dr. or what ever I thought I needed from the divx world even if it didn't come from the junk as well.
I can say now I'm done with the DivX world, they did it to them selfs.
What does C:\Program Files\Protector Suite QL\upeksvr.exe do?
I have no clue, I don't have the time like I did to play with this new Windows. All I know it came with the computer from the start.
How about C:\Users\Jay\AppData\Local\leioeb.exe?
No clue, will look into this more when time permits.
Do you have the latest Java updates installed?
Yes
Have you tried to do a full scan for nasties in Windows Safe Mode after you have updated your anti-nasty software to the latest versions?
Yes I have tried all the paths and all different programs to no avail, now spydoctor seems to find things and removes it but only for it to pop up after it's done removing things :mymymy: . Firewall doesn't help as well.
The MSINFO32 report may be helpful too...
Keep us posted on progress.
I will tackle this when I can and post when I find the fix, it just might be that media agent spyware that's the problem.
With the help of spyware/virus doctor and superantispyware, this problem is no more.
vBulletin® v3.8.4, Copyright ©2000-2010, Jelsoft Enterprises Ltd.