nav search tool bar

Unknown
edited April 2005 in Spyware & Virus Removal
Hi I was having problems with nav search tool bar..I think that it's over now but sometimes, zonealarm shows this message saying tha there's this "riodaspedras.gov" trying to acess internet from my pc. how can I find this entire and destroy it?(sending screen shot)

one more...

There's this banner from stansford university on short media's page (http://www.joinfolding.com/) , asking everybory to install fold for life. Can u tell me if is it really safe? It really doesn't slow down the pc? Doesn't share my folders?
thanx again :thumbsup:
Adriano

Comments

  • primesuspectprimesuspect Beepin n' Boopin Detroit, MI Icrontian
    edited March 2005
    is it possible that the brazilian government checks up on certain ISPs? I'm not sure how it works in your country.

    And yes, folding is totally safe. You should join our team, it's a lot of fun!

    Post a HJT log just in case, and we'll take a look at it to make sure.
  • adrianoc
    edited March 2005
    Well..I never heard about this gov checks...it's really wired... :eek: secret government system invasions?(lol) By the way, there goes hjt:

    Logfile of HijackThis v1.99.0
    Scan saved at 19:22:48, on 29/3/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RunDll32.exe
    C:\ARQUIV~1\PESTPA~1\PPControl.exe
    C:\ARQUIV~1\PESTPA~1\PPMemCheck.exe
    C:\ARQUIV~1\PESTPA~1\CookiePatrol.exe
    C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
    C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Arquivos de programas\Microsoft AntiSpyware\gcasServ.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Arquivos de programas\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Arquivos de programas\Internet Explorer\iexplore.exe
    C:\Arquivos de programas\Skype\Phone\Skype.exe
    C:\DOCUME~1\ADRIAN~1\CONFIG~1\Temp\Diretório temporário 1 para hijackthis99.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.my.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.my.yahoo.com/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [PestPatrol Control Center] C:\ARQUIV~1\PESTPA~1\PPControl.exe
    O4 - HKLM\..\Run: [PPMemCheck] C:\ARQUIV~1\PESTPA~1\PPMemCheck.exe
    O4 - HKLM\..\Run: [CookiePatrol] C:\ARQUIV~1\PESTPA~1\CookiePatrol.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [gcasServ] "C:\Arquivos de programas\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
    O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{62663EDD-B513-4768-948B-A6D6A3AD89D8}: NameServer = 200.196.238.10,200.193.238.34
    O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: TrueVector Internet Monitor - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



    I'll try this fold4life :thumbsup:
    and firefox too...the phrase in the banner above is very very convincent... :D ( is the google toolbar that comes with firefox really good? I have a certain afraid of toolbars (they never come alone).
    One last...if this hjt log is all right, can use it to compare with future scan?
    tks...see ya :thumbsup:
  • adrianoc
    edited March 2005
    All right...Firefox rules!!! :thumbsup: And I'm folding too...but may I ask a question about folding program?
    There's a option to choose a team....what teams are avaible? What is it about?
    thanks again...firefoxfox is really nice..
  • DexterDexter Vancouver, BC Canada
    edited April 2005
    Short-Media's team number is 93. We invite you to fold with us. Folding for a team is fun, because we compete against other websites / organizations to see how can fold the most work units the fastest!

    I am going to close this thread, any questions you have about folding should go in the Team Short-Media Folding Forum.

    Dexter...
This discussion has been closed.