Tom's Guide | Tom's Hardware | Tom's Games

Computing.Net > Forums > Windows XP > All-In-One-Telcom Registry Key and

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

All-In-One-Telcom Registry Key and

Reply to Message Icon

Name: Pam
Date: July 26, 2003 at 00:00:16 Pacific
OS: Windows XP Home SP1
CPU/Ram: Intel Celeron 1200MHz/256
Comment:

When I run Spybot S&D I get a Registry Key from All-In-One-Telcom that returns every day. I ran Hijack This and I received this log and I do not know what to delete and what to keep:

Logfile of HijackThis v1.95.1
Scan saved at 2:33:35 AM, on 7/26/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\windows\system32\win32us.exe
C:\Program Files\2Wire\HomePortal\2PortalMon.exe
C:\Program Files\syslog\syslog.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Documents and Settings\Pam\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.superwebsearch.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.superwebsearch.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.superwebsearch.com/ie/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.superwebsearch.com/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.rr.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.superwebsearch.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Roadrunner
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://my.yahoo.com/"); (C:\Documents and Settings\Pam\Application Data\Mozilla\Profiles\default\9ucnudeh.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Pam\Application Data\Mozilla\Profiles\default\9ucnudeh.slt\prefs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /nosystray /deaf
O4 - HKLM\..\Run: [MS Updates] C:\WINDOWS\mscache.exe

Also, I get loaded with Spyware everyday and I delete my cookies and I run Spybot S&D and I still have at least 40 a day. What can I do to stop this?




Sponsored Link
Ads by Google

Response Number 1
Name: Hooner
Date: July 26, 2003 at 03:21:02 Pacific
Reply:

Stop visiting shoddy websites!! :-)


0

Response Number 2
Name: blender
Date: July 26, 2003 at 07:45:41 Pacific
Reply:

ok...I'm just learning to read tyhese logs so please wait till ya hear from Tom41 or likely Kevin b4 fixin this stuff..I just wanna see if I'm right..this is what I would do...
first end processes using ctrl+alt+del to get task manager..
win32us.exe
syslog.exe
close task manager

start hijack this and again hit scan and check the following entries

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.superwebsearch.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.superwebsearch.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.superwebsearch.com/ie/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.superwebsearch.com/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.rr.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.superwebsearch.com/ie/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm

close all your browser windows and then hit fix checked
Reboot your computer after

to help prevent this crap from dl on your puter in the first place you can download spyware blaster. It will block alot of junk and spybot won't have to work so hard. This is also a free program and needs updating like spybot does.

when you reboot look in your program files...C:\windows\program files and delete the syslog file
look in the system32 folder...C:\windows\system32 and delete the sys32us.exe

Goog luck



0

Response Number 3
Name: Pam
Date: July 27, 2003 at 23:05:26 Pacific
Reply:

Hooner,
What do you consider shoddy websites? I used to have Kazaa which introduced me to all this great spyware but that is gone. I just can't get rid of what is left over.

I mostly look at RN websites, Oncology issues and I shop. If I can't do that much, why have the internet?

But, thank you Dr. Phil for the advice!

Blender,
Thank you for your time and the advice! I'll see if that helps. I'll let you know!



0

Response Number 4
Name: Setter
Date: July 29, 2003 at 11:12:40 Pacific
Reply:

Hi Pam, I see you were busy trying to remove stuff, LOL and some incorrect steps or procedures were probably completed.

Running processes:

C:\windows\system32\win32us.exe
I’m pretty sure you had this item at one time: O4 - HKLM\..\Run: [win32us] c:\windows\system32\win32us.exe /noconnect which is the All-In-One-Telcom (adult content dialer) variant

C:\Program Files\syslog\syslog.exe
I’m pretty sure you had this item at one time: O4 - HKLM\..\Run: [syslog lptt01] "c:\program files\syslog\syslog.exe" represents Rapid Blaster. Did you did run Rapidblaster Killer? From http://www.wilderssecurity.net/specialinfo/rapidblaster.html

-----------------

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.superwebsearch.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.superwebsearch.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.superwebsearch.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.superwebsearch.com/ie/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.superwebsearch.com/ie/

O4 - HKLM\..\Run: [MS Updates] C:\WINDOWS\mscache.exe
ISTbar is an IE toolbar, homepage- and search-hijacker http://www.doxdesk.com/parasite/ISTbar.html This is what probably installed Rapidblaster

Anyway I would run Rapidblaster Killer, then reboot. Then fix the items that are left using HijackThis after closing all browser windows and reboot. Then remove the running processes (you may have to use “Ctrl-Alt-Delete” and click the “Task Manager” go to the “Processes” tab and find the files “win32us.exe” and “syslog.exe” and click “End Process” for each. After doing so, then navigate to:

c:\windows\system32\win32us.exe and delete the file win32us.exe
c:\program files\syslog\syslog.exe" and delete the syslog folder

For the future see: So how did I get infected in the first place? http://www.net-integration.net/cgi-bin/forum/ikonboard.cgi?;act=ST;f=38;t=3051 In addition to using SpywareBlaster (mentioned in the thread) I would also use SpywareGuard http://www.wilderssecurity.net/spywareguard.html
Four of the most recommended anti-spyware programs are SpywareBlaster and SpywareGuard and Spybot S&D and Ad-aware. If you install all four programs, keep them updated, and scan with Spybot S&D and Ad-aware periodically, you will be fairly well-protected from spyware.
SpywareBlaster does not stop already installed malware from running, but does stop the installation by installing a killbit. Make sure as it mentions in the thread “So how did I get infected in the first place? http://www.net-integration.net/cgi-bin/forum/ikonboard.cgi?;act=ST;f=38;t=3051” to tighten up your IE ActiveX settings so you won’t get drive-by installations of ActiveX malware.

Good Luck!


0

Response Number 5
Name: Setter
Date: July 29, 2003 at 11:30:48 Pacific
Reply:

Pam, also navigate to C:\WINDOWS\mscache.exe and delete the file "mscache.exe" if it is still there.


0

Related Posts

See More



Sponsored Link
Ads by Google
Reply to Message Icon



Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.


Go to Windows XP Forum Home


Sponsored links
Ads by Google


Results for: All-In-One-Telcom Registry Key and
HP 2100 all-in-one reinstallation www.computing.net/answers/windows-xp/hp-2100-allinone-reinstallation/157236.html

XP and HP All in One Printer Issue www.computing.net/answers/windows-xp/xp-and-hp-all-in-one-printer-issue/18012.html

XP and HP T-45 all in one and DELL www.computing.net/answers/windows-xp/xp-and-hp-t45-all-in-one-and-dell/37769.html