Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - hayc59

Pages: 1 ... 4 5 [6] 7 8
76
Analysis and Malware Removal / Need a Check Please...
« on: February 09, 2008, 02:49:33 PM »
My neice was playing round on my pc last night
seems a little weird???
see that I have a thing called 'byxvur.dll'??
also if I dont need anything crucial, would like it outta here :)
thanks for any and all help
G.
============================


Logfile of HijackThis v1.99.1
Scan saved at 7:34:59 AM, on 2/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AutoSizer\AutoSizer.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Gordon&Nancy\Desktop\Junk\HiJack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {42A44A09-3A1E-4BA2-B14C-D8398E0C3317} - C:\WINDOWS\system32\byxvurs.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [trueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [AutoSizer] "C:\Program Files\AutoSizer\AutoSizer.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O20 - Winlogon Notify: byxvurs - C:\WINDOWS\SYSTEM32\byxvurs.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe

77


With Adobe Shockwave Player, you can enjoy multimedia games, learning applications, and product demonstrations on the Web, using exciting new 3D technology.

PLEASE NOTE THAT THIS UPDATE COMES BUNDLED WITH THE YAHOO TOOL BAR. DO REMEMBER TO UN-TICK THE BOX IF YOU DO NOT REQUIRE IT

Product Info: Adobe Shockwave

78
Analysis and Malware Removal / A Little help please
« on: September 16, 2006, 11:33:31 PM »
I am wondering about ctfmon.exe stuff
and why it keeps coming back and do i need it?
and how do i get rid of it?
thanks


Logfile of HijackThis v1.99.1
Scan saved at 5:35:48 PM, on 9/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Gordon&Nancy\Desktop\Junk\HiJack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Welcome
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

79
Web News / Steve Irwin [Crocodile Hunter] Dies at age 44
« on: September 04, 2006, 01:17:41 PM »
-Quote
One of Steve Irwin's close friends and business partners today described the Crocodile Hunter as a wildlife icon who died doing what he loved best.
Mr Irwin, 44, died today after he was fatally wounded by a stingray barb to his heart while filming a sequence on Batt Reef off Port Douglas for his daughter's new TV series.
Mr Irwin's producer and closest friend, John Stainton, said emergency services were called from Cairns Rescue Base and met Croc One - Mr Irwin's rescue vessel - at Low Isle on the Great Barrier Reef.

View Source: The Age


80
LandzDown Lounge / **NEVER FORGET** God Bless All Military Troops
« on: September 01, 2006, 12:17:05 AM »

81
Web News / National Sex Offender Registry
« on: August 25, 2006, 03:24:00 AM »



About Family Watchdog
  • 1 of 5 girls and 1 of 6 boys will be molested before their 18th birthday.
  • 90% of all sexual assaults against children are committed by someone whom the victim knew.
  • The typical sexual predator will assault 117 times before being caught.
  • The re-arrest rate for convicted child molesters is 52%.
These shocking statistcs come from recent studies on the epidemic of sexual assaults that plagues our society today. Our goal at Family Watchdog is to provide you with the information you need to protect your loved ones. Our service allows you to view known registered offenders and predators in your area. Knowing who these people are and what they've done provides you with your best defense to protect your family - awareness.

More Info: Family Watchdog
Locate: Search for them

82
Web News / Code Amber Wireless Amber Alerts
« on: August 14, 2006, 01:01:49 AM »

Code Amber Wireless Amber Alerts

Code Amber now provides Amber Alerts for all 50 US States plus Puerto Rico and Canada delivered to your Cell Phone, Pager and PDA.

Some carriers charge for receipt of text SMS messages. If you choose to receive all Amber Alerts you can expect to get 12 to 15 messages per month per device. If you choose to receive Amber Alerts from individual states you will only get a few messages per year per state selected.

Your information will never be shared with any other third party and you will ONLY receive Amber Alerts from Code Amber as a result of subscribing below.

View Source: More Info
More Info: Previous Amber Alerts

83
Security Alerts & Briefings / RemoveWGA Not Helping Piracy
« on: July 31, 2006, 11:43:11 PM »

Firewall Leak Tester NEWSLETTER
August 1 2006: RemoveWGA Not Helping Piracy

Piracy is Illegal

I have received some complaints from users who said that RemoveWGA was not working on their system. RemoveWGA was saying that WGA notification was not active, despites the WGA popups telling the user their Windows was pirated.

After investigation, it appears that RemoveWGA works well on legit Windows copies (it detects the WgaLogon DLL being loaded) but is unable to see the DLL on pirated Windows, hence saying that WGA notification is not active. In fact, Windows seems to cloak the DLL from RemoveWGA purposefully if it is running on a pirated copy.

At first, as I didn't know that RemoveWGA was not working only on pirated OS, I made a fix to make it to work in all cases, and I posted it on a forum. After discovering that only pirates had the problem, I quickly removed the fix and the manual steps to disable and remove the WGA notification tool on pirated Windows.

While I still think that honest people being wrongly spotted as pirate should be helped, they are a minority, and should contact Microsoft. The other real pirated copies should not receive any help. I do not support piracy, I'm strongly against it, and will stand on this.

RemoveWGA is done to help legit Windows users to remove the WGA Notification update if they installed it inadvertedly, and feel concerned about their privacy and security. It will not work on not genuine copies.

If you are running a pirated Windows, you must buy a valid and legit licence

View Source: RemoveWGA Not Helping Piracy

84
LandzDown Lounge / roddy32 and Jasper New Admins at Killspy
« on: July 30, 2006, 09:46:53 PM »
Congrats to you both!! you look good in red!!
Well Deserved!!
http://forums.subratam.org/index.php?showtopic=13529&pid=67526&st=0&#entry67526

85
Security Software Programs / ewido anti-spyware 4.0 Review
« on: July 29, 2006, 05:27:21 PM »
-Quote
In April, Grisoft acquired ewido networks and its main product, ewido anti-spyware. Version 4.0 is the first post-acquisition release. But although it has a new user interface and a number of added features, I just can't recommend it while there are other apps that cost the same and do a much better job.

Like Grisoft's AVG antivirus, ewido comes in both a free and a more powerful paid edition. The product runs under Microsoft Windows 2000 or XP and claims tested compatibility with 80-odd antivirus products. New users of the free edition get the full product's features for the first 30 days.

View Source: PC.Magazine

86
Microsoft on Monday released Windows Vista Beta Build 5472 to technical beta testers, TAP customers and MSDN subscribers. The interim update is intended to give testers a more recent build, and encourage application and device driver developers to accelerate deployment on Vista.

Quality and performance enhancements are the primary changes in 5472, along with further tweaks to User Account Control. The new build is the second to follow Beta 2, and will not be released to Customer Preview Program participants. Microsoft expects to deliver the next public release of Windows Vista, Release Candidate 1, later this quarter.

View Source: New Vista Beta



87
LandzDown Lounge / What Color Are You?
« on: February 14, 2006, 01:16:57 AM »

88
Jokes / Best Super Bowl Commercials--*Just Incase You Missed Them
« on: February 07, 2006, 02:24:52 AM »
 :thumbsup:
FedEx Gets My Vote For Numero Uno
View: Commercials

89
LandzDown Lounge / Actor Al Lewis Died Today R.I.P
« on: February 04, 2006, 11:30:35 PM »
What A Great Actor!!

Quote
Saturday February 4, 2006 7:31 PM
By LARRY McSHANE
Associated Press Writer
NEW YORK (AP) - Actor Al Lewis, the cigar-chomping patriarch of ``The Munsters'' whose work as a basketball scout, restaurateur and political candidate never eclipsed his role as Grandpa from the television sitcom, died after several years of failing health. He was 95.
News Source: Guardian Unlimited

90
Web News / * New a-squared Forum Up & Running [Update]
« on: February 03, 2006, 01:20:56 AM »
New Forum Is Now Up and Running
Enjoy Padners

Forum: a-squared Support Forum

Pages: 1 ... 4 5 [6] 7 8