Dedi Server

[Geordiehc]

I switched the FW off for like 6 hours to fix a gate for a mir server and now im gettin constant pop ups and making the computer really slow, iv found a few things in msconfig that are proberbly whats causing it but when i take it off they just reinstall themselves, i cant out in anti virus or anti spyware as it wont let me, any1 got any clues on how to fix it please? hes hjt report


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:33:54, on 17/11/2008
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\bmss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\tssdis.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\inf\svchoct.exe
C:\WINDOWS\cmmon32.exe
C:\spolssv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
c:\svhcsots.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O4 - HKLM\..\Run: [nvscsvs32s] C:\spolssv.exe
O4 - HKLM\..\Run: [nvsucvs32s] C:\spolusv.exe
O4 - HKLM\..\Run: [lasassf] c:\svhcsots.exe
O4 - HKLM\..\Policies\Explorer\Run: [mainyust] C:\WINDOWS\system32\inf\svchoct.exe C:\WINDOWS\wftadfi16_081114a.dll d16tan
O4 - HKLM\..\Policies\Explorer\Run: [mysys] C:\WINDOWS\cmmon32.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O15 - ESC Trusted Zone: http://*.update.microsoft.com (HKLM)
O15 - ESC Trusted Zone: http://*.windowsupdate.microsoft.com (HKLM)
O15 - ESC Trusted Zone: http://go.microsoft.com (HKLM)
O15 - ESC Trusted Zone: http://msdn.microsoft.com (HKLM)
O15 - ESC Trusted Zone: http://oca.microsoft.com (HKLM)
O15 - ESC Trusted Zone: http://support.microsoft.com (HKLM)
O15 - ESC Trusted Zone: http://technet.microsoft.com (HKLM)
O15 - ESC Trusted Zone: http://windowsupdate.microsoft.com (HKLM)
O15 - ESC Trusted Zone: http://www.microsoft.com (HKLM)
O15 - ESC Trusted Zone: http://runonce.msn.com (HKLM)
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1209483247893
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A78C7680-F722-4F61-8CC2-EFCD7453B251}: NameServer = 78.40.32.140
--
End of file - 2668 bytes

 

[mapadale]

I switched the FW off for like 6 hours to fix a gate for a mir server and now im gettin constant pop ups and making the computer really slow, iv found a few things in msconfig that are proberbly whats causing it but when i take it off they just reinstall themselves, i cant out in anti virus or anti spyware as it wont let me, any1 got any clues on how to fix it please? hes hjt report


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:33:54, on 17/11/2008
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\bmss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\tssdis.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\inf\svchoct.exe
C:\WINDOWS\cmmon32.exe
C:\spolssv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
c:\svhcsots.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O4 - HKLM\..\Run: [nvscsvs32s] C:\spolssv.exe
O4 - HKLM\..\Run: [nvsucvs32s] C:\spolusv.exe
O4 - HKLM\..\Run: [lasassf] c:\svhcsots.exe
O4 - HKLM\..\Policies\Explorer\Run: [mainyust] C:\WINDOWS\system32\inf\svchoct.exe C:\WINDOWS\wftadfi16_081114a.dll d16tan
O4 - HKLM\..\Policies\Explorer\Run: [mysys] C:\WINDOWS\cmmon32.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O15 - ESC Trusted Zone: http://*.update.microsoft.com (HKLM)
O15 - ESC Trusted Zone: http://*.windowsupdate.microsoft.com (HKLM)
O15 - ESC Trusted Zone: http://go.microsoft.com (HKLM)
O15 - ESC Trusted Zone: http://msdn.microsoft.com (HKLM)
O15 - ESC Trusted Zone: http://oca.microsoft.com (HKLM)
O15 - ESC Trusted Zone: http://support.microsoft.com (HKLM)
O15 - ESC Trusted Zone: http://technet.microsoft.com (HKLM)
O15 - ESC Trusted Zone: http://windowsupdate.microsoft.com (HKLM)
O15 - ESC Trusted Zone: http://www.microsoft.com (HKLM)
O15 - ESC Trusted Zone: http://runonce.msn.com (HKLM)
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1209483247893
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A78C7680-F722-4F61-8CC2-EFCD7453B251}: NameServer = xxx.xxx.xxx.xxx
--
End of file - 2668 bytes

I really must learn to put my Glasses on......................and actually read things properly.....................TY Kaori for below lol

 

[Kaori]

O4 - HKLM\..\Run: [nvscsvs32s] C:\spolssv.exe
O4 - HKLM\..\Run: [nvsucvs32s] C:\spolusv.exe
O4 - HKLM\..\Run: [lasassf] c:\svhcsots.exe
O4 - HKLM\..\Policies\Explorer\Run: [mainyust] C:\WINDOWS\system32\inf\svchoct.exe C:\WINDOWS\wftadfi16_081114a.dll d16tan
O4 - HKLM\..\Policies\Explorer\Run: [mysys] C:\WINDOWS\cmmon32.exe

All of these are potential crap...

You can put your log in this website... see if you can read the result.
http://www.hijackthis.de/

You should start computer in safe mode
run HJT again and clean those
then reboot in normal mode and see if they are still spawning.

 

[mapadale]

O4 - HKLM\..\Run: [nvscsvs32s] C:\spolssv.exe
O4 - HKLM\..\Run: [nvsucvs32s] C:\spolusv.exe
O4 - HKLM\..\Run: [lasassf] c:\svhcsots.exe
O4 - HKLM\..\Policies\Explorer\Run: [mainyust] C:\WINDOWS\system32\inf\svchoct.exe C:\WINDOWS\wftadfi16_081114a.dll d16tan
O4 - HKLM\..\Policies\Explorer\Run: [mysys] C:\WINDOWS\cmmon32.exe

All of these are potential crap...

You can put your log in this website... see if you can read the result.
http://www.hijackthis.de/

You should start computer in safe mode
run HJT again and clean those
then reboot in normal mode and see if they are still spawning.

He's unable to start it in safe mode as its on dedi.

Its his own fault really, used a set of bugged files. Its using an auto exe to load open web pages, though I did manage to get this to stop.

 

[Geordiehc]

He's unable to start it in safe mode as its on dedi.

Its his own fault really, used a set of bugged files. Its using an auto exe to load open web pages, though I did manage to get this to stop.

Hey thems where Vital Elementz files lol il speak to u on msn mapa about it and ty kaori for input