Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

CLEANING TOONCOM

Status
Not open for further replies.
Xugus

Xugus

Technical User
Jan 15, 2004
3
ES
i'm seen to be infected with tooncom. it could be another virus. it get connected by many ports so my bandwith is strongly reduce. i've past The cleaner, founding Tooncom trojan. how can i fix it?? i've read other post, and i execute hijackthis. this is the log.
Logfile of HijackThis v1.97.7
Scan saved at 23:13:25, on 15/01/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Archivos de programa\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Archivos de programa\Sound Control\Sc.exe
C:\Archivos de programa\eMule\emule.exe
C:\Samuel\Descargas\Temporal\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = O1 - Hosts: 198.65.160.24 auto.search.msn.com
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Archivos de programa\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Archivos de programa\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Archivos de programa\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [tcactive] C:\Archivos de programa\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Archivos de programa\The Cleaner\tcm.exe
O4 - Startup: Sound Control.lnk = C:\Archivos de programa\Sound Control\SC.EXE
O4 - Startup: Adobe Gamma Loader.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Archivos de programa\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: Yahoo! Chat - O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - O17 - HKLM\System\CCS\Services\Tcpip\..\{947EDE6D-7C95-4D76-8742-8EE6FFC8C1D5}: NameServer = 212.166.64.1 212.166.64.2

thanks
 
Sort by date Sort by votes
C:\Archivos de programa\eMule\emule.exe
You need to Add/Remove programs this one.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O1 - Hosts: 198.65.160.24 auto.search.msn.com
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Archivos de programa\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Archivos de programa\MyWay\myBar\1.bin\MYBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{947EDE6D-7C95-4D76-8742-8EE6FFC8C1D5}: NameServer = 212.166.64.1 212.166.64.2

Have Hijack This remove the settings above. Also make sure you have done the usual Spybot/Adaware routine as outlined by Bill here:
 
Upvote 0 Downvote
Just my 2 cents...I think this is Xugus' ISP

O17 - HKLM\System\CCS\Services\Tcpip\..\{947EDE6D-7C95-4D76-8742-8EE6FFC8C1D5}: NameServer = 212.166.64.1 212.166.64.2

and deleting it is going to leave him unable to connect.(It comes back to Tiscali Telecommunications)

"'Tis an ill wind that blows no minds." - Malaclypse the Younger
 
Upvote 0 Downvote
no so right, i deleted it and i'm still avaible to connect, but i'm worry about svchost.exe and spoolsv.exe. i don't know what kind of iles are they, could they be the trojan??. i've read that some trojan delete a system file like spoolsv.exe and try to connect under its name. now my computer seems to be desinfected but i'm still worry abour those files, can you help me guys?
thanks
 
Upvote 0 Downvote
those files are ok, and you definetly need svchost.exe or no onternet
 
Upvote 0 Downvote
those files are ok. you need them especially svchost.exe or
no internet.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Glenn9999
  • Locked
  • Question
Process for Scanning/Cleaning Another Computer
Replies
9
Views
163
kjv1611
kjv1611
SeisaT
  • Locked
  • Question
Cleaning Quarantined Files
Replies
0
Views
42
SeisaT
SeisaT
strider2929
  • Locked
  • Question
Trouble cleaning network environment of Mytob variants:
Replies
4
Views
51
strider2929
strider2929
RiazAhamed
  • Locked
  • Question
Cleaning CWS.Look2Me on my PC
Replies
6
Views
53
pechenegs
pechenegs
aquias
  • Locked
  • Question
Cleaning Spyware...How DO they do it?! 12
Replies
5
Views
52
WZUP
WZUP

Part and Inventory Search

Sponsor

Back
Top