Shoutbox

a dialer perhaps?

antivirus and antispy and adware  dont catch dialers??S

Look, Antiviruses don't find everything. They can't detect what they don't know about. So trust us, post a HijackThis log and we'll take a look at it.

I think someones ddosing or mabbe its that cable thing but as seg said i think its better if you post a hijackthis log (i was gonna go for a process's log )

Here You Go Guys

==========================================

Logfile of HijackThis v1.99.1
Scan saved at 10:03:44 AM, on 9/7/2005
Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\LogMeIn\LogMeIn.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
D:\Program Files\Messenger Plus! 3\MsgPlus.exe
D:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\internet explorer\iexplore.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Program Files\AnalogX\Proxy\proxy.exe
D:\Program Files\QuickWiz\EasyLingo\ELINGO.EXE
C:\PROGRA~1\Intuwave\Shared\MROUTE~1\MROUTE~2.EXE
D:\Program Files\QuickWiz\EasyLingo\ELINGO.EXE
C:\Program Files\Common Files\GuruNet Shared\agtserv.exe
D:\Program Files\QuickWiz\EasyLingo\wdtspeak.exe
D:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\DOCUME~1\ZAHER1~1\LOCALS~1\Temp\Rar$EX00.674\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defa...search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defa...tp://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defa...tp://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - d:\Program Files\ReGetDx\iebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MessengerPlus3] "d:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] D:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\is-D3QHT.exe" /REG
O4 - HKCU\..\Run: [MessengerPlus3] "d:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZB
O8 - Extra context menu item: Do&wnload by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Download A&ll by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O16 - DPF: {254AA86E-5655-4518-AA87-185D7CC41801} (Rescue Technician Console) - https://secure.logmeinrescue.com/TechConsole/RescueControl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl...,0,83/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirector...oSwap/PhtPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirector...oSwap/DigWXMSN.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/...0,0,20/mcgdmgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-...0,4561/mcfscan.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DBA56003-4DB2-45E5-B567-4C3DA8B211F2}: NameServer = 194.126.7.2
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: rainit - C:\WINDOWS\SYSTEM32\RAinit.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - 3am Labs, Inc. - D:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - 3am Labs, Inc. - D:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\WINDOWS\System32\S24EvMon.exe


===========================================

And thx alot

quote:

---

Originally posted by zaher1988
C:\WINDOWS\System32\1XConfig.exe

---

quote:

---

Originally posted by zaher1988
C:\PROGRA~1\Intuwave\Shared\MROUTE~1\MROUTE~2.EXE

---

quote:

---

Originally posted by zaher1988
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZB

---

quote:

---

Originally posted by zaher1988
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\is-D3QHT.exe" /REG

---

I have doubts in these ones

quote:

---

Originally posted by zaher1988
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

---

you know, you CAN check 'Do not open msconfig when windows starts' to that dialog you get when starting up...

D:\Program Files\AnalogX\Proxy\proxy.exe

Trojan.AnalagX as found on google.

But symantec and mcaffee both have it on thier online definitions so I assume they should pick it up if thats his scanning engine?

quote:

---

Originally posted by YottabyteWIzard
quote:

Originally posted by zaher1988
C:\PROGRA~1\Intuwave\Shared\MROUTE~1\MROUTE~2.EXE

---

Mroute is nothing it came with my Siemens SX1 it's like a port manager

quote:

---

Originally posted by ShawnZ

quote:

---

Originally posted by zaher1988
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

---

you know, you CAN check 'Do not open msconfig when windows starts' to that dialog you get when starting up...

---

Yes i know but at that time i clicked restart later and i didnt' restart my pc until hours after making the Hijackthis log file

quote:

---

Originally posted by Norma Jean
D:\Program Files\AnalogX\Proxy\proxy.exe

Trojan.AnalagX as found on google.

---

analog proxy is a program is use as a proxy server coz i have 2 pcs at home .

but i have never heard before that it has trojans anyway i will unistall it coz i'm using now another proxy server

quote:

---

Originally posted by YottabyteWIzard


quote:

Originally posted by zaher1988
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZB

---

How to delete this ?

i know how to delete the others but what about this

thanks again in advance

quote:

---

Originally posted by zaher1988
    quoteriginally posted by Norma Jean
    D:\Program Files\AnalogX\Proxy\proxy.exe

    Trojan.AnalagX as found on google.



analog proxy is a program is use as a proxy server coz i have 2 pcs at home .

but i have never heard before that it has trojans anyway i will unistall it coz i'm using now another proxy server

---

As reported by symantec "AnalogX itself, is a perfectly valid company. However, there are modified versions of AnalogX that are considered low level threat trojans." And I thought we were talking about your friends computer , not yours?