0

hi

i'm also facing the same problem in my laptop. i'm using windows vista. after every 5 minutes ie automatically opens & the page in http://clickmanu.com...i can't change my home page even my taskmanager gone. pop up block disabled & it's not possible to enable. i'm doomed, man. what can i do?:(

please help...i use CA internet security & I do update frequently but it does no work...it's totally shit, man. the spyware remover included can find the spyware but it appear every time i scan & quarantine. pls help me any body pls.... :'(

pol
lakemba, sydney

4
Contributors
14
Replies
15
Views
9 Years
Discussion Span
Last Post by caperjack
0

lol you try an help em and they dont wanna know!!

most ask the same ? in so many forums, that they just forget to come back or just don't care if they come back ,also some times things get worse and they can't get back .

0

most ask the same ? in so many forums, that they just forget to come back or just don't care if they come back ,also some times things get worse and they can't get back .

Hello All;
i have been having this issue since 1 month. i formatted my laptop first time, and after 4-5 days i got the same symptoms once again. i guess my USB Flash memory stick was infected, and it carries this virus ( or spyware or whatever).
i am a mechanical engineer and my knowledge in IT world is very minimal...

the main symptoms for this problem are:
1- a pop up webpage showing clickmanu.com, then either opening google.com or like nowadays, opening Music of Star
2- it disabels the TASK MANAGER button
3- it disabels fixing your homepage, it will be by default clickmanu.com
4- it disabels opening the C drive, you can right click and press EXPLORE but double cliking will not work
5- it disabels antiviruses, i am using Symantic, and it totally 'freezes' it. i mean, the antivirus is found on the C drive and on the list of Programs, but it does not work.

i used the HIJACKTHIS and i will paste below the contents of this text file.
i will really appreciate any response.
for the time being, i am not willing to format my laptop again, and i am living with the pain of this interrupting clickmanu.com!
i wish you all nice weekend and see you on monday:)
Regards

****************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:01:02 PM, on 08-03-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\PROGRA~1\MICROS~3\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft Office\OFFICE11\MSACCESS.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60327
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ISASERVER:8080
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, System
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe, System
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
O1 - Hosts: <HTML dir=ltr><HEAD><TITLE>The page cannot be displayed</TITLE>
O1 - Hosts: <STYLE>A:link {
O1 - Hosts: FONT: 8pt/11pt verdana; COLOR: #ff0000
O1 - Hosts: }
O1 - Hosts: A:visited {
O1 - Hosts: FONT: 8pt/11pt verdana; COLOR: #4e4e4e
O1 - Hosts: }
O1 - Hosts: </STYLE>
O1 - Hosts: <META content=NOINDEX name=ROBOTS>
O1 - Hosts: <META http-equiv=Content-Type content="text-html; charset=Windows-1252">
O1 - Hosts: <SCRIPT>
O1 - Hosts: function Homepage(){
O1 - Hosts: <!--
O1 - Hosts: // in real bits, urls get returned to our script like this:
O1 - Hosts: // res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
O1 - Hosts: //For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
O1 - Hosts: DocURL=document.URL;
O1 - Hosts: //this is where the http or https will be, as found by searching for :// but skipping the res://
O1 - Hosts: protocolIndex=DocURL.indexOf("://",4);
O1 - Hosts: //this finds the ending slash for the domain server
O1 - Hosts: serverIndex=DocURL.indexOf("/",protocolIndex + 3);
O1 - Hosts: //for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
O1 - Hosts: //of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
O1 - Hosts: //urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
O1 - Hosts: BeginURL=DocURL.indexOf("#",1) + 1;
O1 - Hosts: urlresult=DocURL.substring(BeginURL,serverIndex);
O1 - Hosts: //for display, we need to skip after http://, and go to the next slash
O1 - Hosts: displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
O1 - Hosts: document.write('<A HREF="' + urlresult + '">' + displayresult + "</a>");
O1 - Hosts: }
O1 - Hosts: //-->
O1 - Hosts: </SCRIPT>
O1 - Hosts: <META content="MSHTML 5.50.4522.1800" name=GENERATOR></HEAD>
O1 - Hosts: <BODY bgColor=#ffffff>
O1 - Hosts: <TABLE cellSpacing=5 cellPadding=3 width=410>
O1 - Hosts: <TBODY>
O1 - Hosts: <TR>
O1 - Hosts: <TD vAlign=center align=left width=360>
O1 - Hosts: <H1 style="FONT: 13pt/15pt verdana; COLOR: #000000"><!--Problem-->The page
O1 - Hosts: cannot be displayed</H1></TD></TR>
O1 - Hosts: <TR>
O1 - Hosts: <TD width=400 colSpan=2><FONT
O1 - Hosts: style="FONT: 8pt/11pt verdana; COLOR: #000000">There is a problem with the
O1 - Hosts: page you are trying to reach and it cannot be displayed.</FONT></TD></TR>
O1 - Hosts: <TR>
O1 - Hosts: <TD width=400 colSpan=2><FONT
O1 - Hosts: style="FONT: 8pt/11pt verdana; COLOR: #000000">
O1 - Hosts: <HR color=#c0c0c0 noShade>
O1 - Hosts: <P>Please try the following:</P>
O1 - Hosts: <UL>
O1 - Hosts: <LI>Click the <A href="javascript:location.reload()">Refresh</A> button,
O1 - Hosts: or try again later.<BR>
O1 - Hosts: <LI>Open the
O1 - Hosts: <SCRIPT>
O1 - Hosts: <!--
O1 - Hosts: if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
O1 - Hosts: {
O1 - Hosts: Homepage();
O1 - Hosts: }
O1 - Hosts: //-->
O1 - Hosts: </SCRIPT>
O1 - Hosts: home page, and then look for links to the information you want.</LI>
O1 - Hosts: <LI>If you believe you should be able to view this directory or page,
O1 - Hosts: please contact the Web site administrator by using the e-mail address or
O1 - Hosts: phone number listed on the
O1 - Hosts: <SCRIPT> Homepage();</SCRIPT>
O1 - Hosts: home page. </LI></UL>
O1 - Hosts: <H2 style="FONT: 8pt/11pt verdana; COLOR: #000000">10060 - Connection timeout<BR>Internet Security and Acceleration Server</H2>
O1 - Hosts: <HR color=#c0c0c0 noShade>
O1 - Hosts: <P>Technical Information (for support personnel)</P>
O1 - Hosts: <UL>
O1 - Hosts: <LI>Background:<BR>The gateway could not receive a timely response from the Web site you are trying to access. This might indicate that the network is congested, or that the Web site is experiencing technical difficulties.<P></P></LI>
O1 - Hosts: <LI>ISA Server: isaserver.ph.beamintl.com<BR>
O1 - Hosts: Via: <BR>URL: http://216.246.30.66/~mkshost/forums/templates/subSilver/upgrade.pdf<BR>Time: 3/8/2008 10:57:56 AM GMT
O1 - Hosts: </LI></UL></FONT></TD></TR></TBODY></TABLE></BODY></HTML>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [StorageGuard] "c:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Explorer.exe
O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\ThinkPad\PkgMgr\\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1183725318915
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ph.beamintl.com
O17 - HKLM\Software\..\Telephony: DomainName = ph.beamintl.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ph.beamintl.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ph.beamintl.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 16849 bytes
************************

0

Hello All;
i have been having this issue since 1 month. i formatted my laptop first time, and after 4-5 days i got the same symptoms once again. i guess my USB Flash memory stick was infected, and it carries this virus ( or spyware or whatever).
i am a mechanical engineer and my knowledge in IT world is very minimal...

--
End of file - 16849 bytes
************************

follow my suggestions in post #2 good luck.
only other suggestion i have is hostfix to fix the 01 host file problem ,it will return the host file to normal.link to file here .
http://www.bleepingcomputer.com/files/hostfix.php

ans Spybot S&D to help remove the infarction ! But the log readers in the virus forum will tell you more !
http://www.safer-networking.org/en/index.html

0

thanks 'caperjack' for ur trial to help.i went to thread # 2 on this page and wen to that hijack this and downloaded it, but the thread there is closed so i could not post there the txt file. then i tried ur other suggection of hostfix, i downloaded it and it told me successfully done after runningit for 3 seconds only. then i tried ur 3rd suggestion, of Spybot S and D, and it took like 1 hr to 'Fix It', yet when the scanning is done, the laptop is just turning off! i mean i tried it three times, i waited three hours trying this approach, but it did not tell me any statement when scanning was finished and it did not ask me whether i want to fix or ignore ( more than 70 items were in red though).is there any possible help?

0

if you could post a log in the security forum it would be better for you ,i use to read logs but got away from it awhile back so i don't know the bad stuff any more , you do have a lot of 04's ,program that run at startup ,you need to stop some of them ,but you need to research them as to what you need and don't need .also hostfix would only take a few seconds as all it did was fix the host file by removing all un-necessary stuff , the 01's in the log .

0

thanks 'caperjack' for your trials to help...
unfortuantely because i am new to this site and forum way, i am finding it a little bit confusing to jump from one link to another...
i tried: run-->ms config and chose startup and stopped many of useles files to startup with my laptop
i also tried hostfix many times ..
i went to thread # 2 in the previous page and folowed the link to see that the thread is 'CLOSED'...
u told me in thread # 10, the one on first page, that there is no problem there...i know, but the problem is from my side, i duno how to post my log there:(
also, i dunno what is the difference between replyw/qupte and reply to thread, but i think this is enough to reach you,is not it?
sorry for inconvieince
i downloaded windows defender since my windows is genuine but sure it did not help too:(
i will appreciate if you give me a link that i go to and directly paste my log of hijackthis ...
regards

0

link to spyware ,viruses and other nasties .when you get there you will see start a new thread ,on the left side above all the post there .as for reply /quotes usage, if you just want to make a general reply to a topic you would use reply, if you want to make a comment on a single post in the thread ,you use reply with quote so the people know what you comment is for ,something like that
http://www.daniweb.com/forums/forum64.html

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.