Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT Log: Please Help Diagnose


  • Please log in to reply
31 replies to this topic

#1 Blastedw0lf4

Blastedw0lf4

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 22 August 2005 - 10:46 PM

seemz that i have contracted something new ..heres the log:

Logfile of HijackThis v1.99.1
Scan saved at 11:43:06 PM, on 8/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\INF\MSI\SlowDownCPU\SlowDownCPU.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Daily Weather Forecast\weather.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\xdxybsp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll
O4 - HKLM\..\Run: [SlowDownCPU] C:\WINDOWS\INF\MSI\SlowDownCPU\SlowDownCPU.exe
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -lock
O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\ls4lss.exe reg_run
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [jjwbhqm] C:\WINDOWS\system32\xdxybsp.exe r
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [areslite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\Steam.exe -silent
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {A80F2DB2-80A9-4834-8F5A-4AB70F4EF4C3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: IMI - {A80F2DB2-80A9-4834-8F5A-4AB70F4EF4C3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://www.qoolaid.com/download/224/installer.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {84A31672-371A-4CBF-8785-DCE55CDC7370} (DownLoad Control) - http://24.39.125.186/ocxfile/DownLoad.ocx
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

i'll check back at this 2marro gnite ya'll :thumbsup:

BC AdBot (Login to Remove)

 


#2 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:59 PM

Posted 23 August 2005 - 08:08 AM

BEFORE BEGINNING, Please read completely through the instructions below and download the files from the links provided. You may want to save or print out these instructions for easier reference.

First, download Ewido Security Suite.

Next, download Lavasoft's Ad-Aware and the VX2 Cleaner Plug-in. Install Ad-Aware using the default options, then unzip the VX2 plugin to the directory C:\Program Files\Lavasoft\Ad-Aware SE Personal\Plugins. There should be two files in the Plugins directory called "vx2cleaner.dll" and "vx2cleaner.dlx" when properly installed.

Run Ad-Aware, update to the latest definitions, then click on Add-ons in the lefthand column. Select VX2 Cleaner V2.0 and click Run Tool. Click "OK", then, if something is found, click "Clean" as in the directions given. Click "Close", and exit Ad-Aware.

Reboot your PC and run Ad-Aware again. This time, click on the Start button in Ad-Aware, select "Perform smart system scan" and click Next. Once the scan finishes, click "Next" again. Select all objects found (right click anywhere in the list of found objects and click "Select All Objects"). Click "Next" one more time, then "OK" to confirm the removal.

You will be prompted to set Ad-Aware to run on reboot, click "OK". Exit Ad-Aware and restart your PC once again.

When Ad-Aware starts up, click on "Start", then "Next". Follow the steps above if anything is found, or click "Finish", then exit Ad-Aware.

For a final cleanup, please install and run Ewido.
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • From the main ewido screen, click on update in the left menu, then click the Start update button.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.
Please finish up by rebooting your system once more, and posting a new HijackThis log and the log from the Ewido scan.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#3 Blastedw0lf4

Blastedw0lf4
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 23 August 2005 - 02:56 PM

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 3:51:02 PM, 8/23/2005
+ Report-Checksum: A6497FC2

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-789336058-1563985344-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
HKU\S-1-5-21-789336058-1563985344-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{86227D9C-0EFE-4F8A-AA55-30386A3F5686} -> Spyware.YourSiteBar : Cleaned with backup
HKU\S-1-5-21-789336058-1563985344-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-789336058-1563985344-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-789336058-1563985344-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
HKU\S-1-5-21-789336058-1563985344-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{69135BDE-5FDC-4B61-98AA-82AD2091BCCC} -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-789336058-1563985344-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{86227D9C-0EFE-4F8A-AA55-30386A3F5686} -> Spyware.YourSiteBar : Cleaned with backup
HKU\S-1-5-21-789336058-1563985344-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-789336058-1563985344-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
[1452] VM_01650000 -> Adware.BetterInternet : Error during cleaning
[504] C:\WINDOWS\system32\pgzfhil.exe -> Trojan.Agent.cp : Cleaned with backup
[564] C:\Program Files\Daily Weather Forecast\weather.exe -> TrojanDownloader.Centim.ao : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.218:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Ysbweb : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.264:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
:mozilla.267:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Realtracker : Cleaned with backup
:mozilla.268:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Realtracker : Cleaned with backup
:mozilla.316:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.336:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.337:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.338:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.339:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.391:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.393:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
:mozilla.394:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.395:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.396:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.397:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.419:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.437:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.X10 : Cleaned with backup
:mozilla.447:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.476:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.480:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.481:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.493:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.494:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.506:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.507:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.509:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.510:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.522:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.548:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.549:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.558:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.567:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.573:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.574:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.577:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.591:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.595:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.602:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
:mozilla.604:C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\0o7g0uj6.default\cookies.txt -> Spyware.Cookie.Bpath : Cleaned with backup
C:\Documents and Settings\Danny\Cookies\danny@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Danny\Cookies\danny@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Danny\Cookies\danny@adtrak[1].txt -> Spyware.Cookie.Adtrak : Cleaned with backup
C:\Documents and Settings\Danny\Cookies\danny@www.popuptraffic[2].txt -> Spyware.Cookie.Popuptraffic : Cleaned with backup
C:\Documents and Settings\Danny\Cookies\danny@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Danny\Local Settings\Temporary Internet Files\Content.IE5\0TUV0P23\ActiveX[1].ocx -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Daily Weather Forecast\weather.exe -> TrojanDownloader.Centim.ao : Cleaned with backup
C:\WINDOWS\dinst.exe -> TrojanDownloader.Intexp.d : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\YSBactivex.dll -> TrojanDownloader.IstBar : Cleaned with backup
C:\WINDOWS\dsr.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\dsr.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\invitessk.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\Nail.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\svcproc.exe -> Trojan.Stervis.d : Cleaned with backup
C:\WINDOWS\system32\pgzfhil.exe -> Trojan.Agent.ay : Cleaned with backup
C:\WINDOWS\system32\pkbpw.dat -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\WINDOWS\system32\Wbzzei.exe -> Spyware.DealHelper : Cleaned with backup
C:\WINDOWS\tnxnqifcrw.exe -> Adware.BetterInternet : Cleaned with backup


::Report End

------------------------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 3:53:49 PM, on 8/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\INF\MSI\SlowDownCPU\SlowDownCPU.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Winamp\Winamp.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O4 - HKLM\..\Run: [SlowDownCPU] C:\WINDOWS\INF\MSI\SlowDownCPU\SlowDownCPU.exe
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -lock
O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\ls4lss.exe reg_run
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [areslite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\Steam.exe -silent
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {84A31672-371A-4CBF-8785-DCE55CDC7370} (DownLoad Control) - http://24.39.125.186/ocxfile/DownLoad.ocx
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

:thumbsup:

#4 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:59 PM

Posted 23 August 2005 - 05:59 PM

Did you use the VX2 plugin?

Make sure that you have no browser windows open as this could prevent the fix from working properly. Open HijackThis, scan and when complete, remove the following entries by checking the box to the left and clicking 'fixed checked':

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\ls4lss.exe reg_run
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab


Exit HijackThis when done. Reboot into Safe Mode by tapping F8 after the BIOS has loaded. Using Windows Explorer, find and delete the following:

C:\WINDOWS\system32\ls4lss.exe

Exit Explorer and reboot into Normal Mode. Rescan with HijackThis and post a new log here.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#5 Blastedw0lf4

Blastedw0lf4
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 23 August 2005 - 08:01 PM

Logfile of HijackThis v1.99.1
Scan saved at 8:58:34 PM, on 8/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\INF\MSI\SlowDownCPU\SlowDownCPU.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\hijackthis.exe

O2 - BHO: IE5BarLauncherBHO Class - {1ADBCCE8-CF84-441E-9B38-AFC7A19C06A4} - C:\Program Files\DealBar\BarLcher.dll (file missing)
O4 - HKLM\..\Run: [SlowDownCPU] C:\WINDOWS\INF\MSI\SlowDownCPU\SlowDownCPU.exe
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -lock
O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\ls4lss.exe reg_run
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [areslite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\Steam.exe -silent
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

#6 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:59 PM

Posted 24 August 2005 - 02:18 AM

Download the attachment to your desktop
Find_Q.zip: http://forums.net-integration.net/index.ph...=post&id=153912
Extract the files inside to C:\ that will create a folder find q , open it and run the batch file find q.bat, Post the results

Download the attachment to your desktop, extract the file inside also to the desktop, Double left click Track qoo 1.vbs (This script is by Mosiac1)
http://forums.subratam.org/index.php?act=A...e=post&id=39295
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#7 Blastedw0lf4

Blastedw0lf4
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 24 August 2005 - 10:58 AM

»»»»» Search by size and name...
»»»»» Files found by this method are not necessarily bad...
»»»»» Example PNGFILT.DLL is a windows file...

C:\WINDOWS\SYSTEM32\CONRES.CPL
C:\WINDOWS\SYSTEM32\DATADX.DLL
C:\WINDOWS\SYSTEM32\JAOJE.DLL
C:\WINDOWS\SYSTEM32\SSKSFFS.DLL
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\STARTUP\NIPN.EXE

»»»»»2K XP 9X and ME Misc check's...


»»»»» 9X and ME check's...

for some reason i can't run the track qoo1.vbs file ... my pc i guess does not have windows script 5.6 .. ( which i tried to download but i dont have a "genuine" version of xp ) ..w/e that meanz.. idk .. but i was able to post the log so ..let me kno :thumbsup:

#8 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:59 PM

Posted 24 August 2005 - 03:35 PM

How can you be updated to SP2 if you don't have a genuine version of XP?
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#9 Blastedw0lf4

Blastedw0lf4
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 24 August 2005 - 06:26 PM

the cd key i entered is invalid or something was like that ... the cd my bro gave me came w/ the key idk .. but is there ne way i can get around this .. can u download and upload windows script 5.6 to an ftp??

#10 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:59 PM

Posted 25 August 2005 - 01:45 AM

What you are suggesting is contravening the message board rules:

Pornography, warez, or any other illegal transactions may NOT be linked in any shape or form.


We need to run those scripts to identify the pest you have. If that means you need to get a legitimate copy of XP then that is the first step.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#11 Blastedw0lf4

Blastedw0lf4
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 25 August 2005 - 02:56 PM

g0t it !!!

------------------------------------------------------------------------------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SlowDownCPU"="C:\\WINDOWS\\INF\\MSI\\SlowDownCPU\\SlowDownCPU.exe"
"RaidTool"="C:\\Program Files\\VIA\\RAID\\raid_tool.exe"
"AudioDeck"="C:\\Program Files\\VIAudioi\\SBADeck\\ADeck.exe 1"
"vptray"="C:\\PROGRA~1\\SYMANT~1\\SYMANT~1\\vptray.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033 -lock"
"Daily Weather Forecast"="C:\\Program Files\\Daily Weather Forecast\\weather.exe"
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_04\\bin\\jusched.exe"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"winsync"="C:\\WINDOWS\\system32\\ls4lss.exe reg_run"
"BullsEye Network"="C:\\Program Files\\BullsEye Network\\bin\\bargains.exe"
"NaviSearch"="C:\\Program Files\\NaviSearch\\bin\\nls.exe"
"CashBack"="C:\\Program Files\\CashBack\\bin\\cashback.exe"
"IST Service"="C:\\Program Files\\ISTsvc\\istsvc.exe"
"FDRPOat"="C:\\WINDOWS\\dpfea.exe"
"SurfAccuracy"="C:\\Program Files\\SurfAccuracy\\SAcc.exe"
"Internet Optimizer"="\"C:\\Program Files\\Internet Optimizer\\optimize.exe\""
"version"="C:\\WINDOWS\\system32\\Ptvoxa.exe"
"Power Scan"="C:\\Program Files\\Power Scan\\powerscan.exe"
"secure"="C:\\WINDOWS\\system32\\Hmedoy.exe"
"9qs2vcfk"="C:\\WINDOWS\\system32\\9qs2vcfk.exe"

-----------------
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers


Subkey --- ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}
C:\Program Files\ewido\security suite\context.dll

Subkey --- fxtfmmxg
{4f719a57-1c53-419e-968c-0791594f65ef}
C:\WINDOWS\system32\jaoje.dll

Subkey --- LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C}
C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll

Subkey --- Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}
C:\WINDOWS\System32\cscui.dll

Subkey --- Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- PowerConverter
{590FF12A-9458-4092-A520-6C959CD81FEA}
C:\Program Files\Power MP3 WMA Converter\shellext.dll

Subkey --- WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA}
C:\Program Files\WinRAR\rarext.dll

Subkey --- {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin
C:\WINDOWS\system32\SHELL32.dll

=====================

HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers


Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {66742402-F9B9-11D1-A202-0000F81FEDEE}
C:\WINDOWS\system32\SHELL32.dll

==============================
C:\Documents and Settings\All Users\Start Menu\Programs\Startup

desktop.ini
nipn.exe
==============================
C:\Documents and Settings\Danny\Start Menu\Programs\Startup

desktop.ini
nipn.exe
desktop.ini
==============================
C:\WINDOWS\system32 cpl files


access.cpl Microsoft Corporation
appwiz.cpl Microsoft Corporation
bthprops.cpl Microsoft Corporation
conres.cpl
desk.cpl Microsoft Corporation
firewall.cpl Microsoft Corporation
hdwwiz.cpl Microsoft Corporation
inetcpl.cpl Microsoft Corporation
intl.cpl Microsoft Corporation
irprops.cpl Microsoft Corporation
joy.cpl Microsoft Corporation
jpicpl32.cpl Sun Microsystems, Inc.
main.cpl Microsoft Corporation
mmsys.cpl Microsoft Corporation
ncpa.cpl Microsoft Corporation
netsetup.cpl Microsoft Corporation
nusrmgr.cpl Microsoft Corporation
nvtuicpl.cpl NVIDIA Corporation
nwc.cpl Microsoft Corporation
odbccp32.cpl Microsoft Corporation
powercfg.cpl Microsoft Corporation
QuickTime.cpl Apple Computer, Inc.
sysdm.cpl Microsoft Corporation
telephon.cpl Microsoft Corporation
timedate.cpl Microsoft Corporation
wscui.cpl Microsoft Corporation
wuaucpl.cpl Microsoft Corporation

#12 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:59 PM

Posted 26 August 2005 - 04:05 AM

OK we are nearly reay to go. Couple more steps. Click here to download Pocket Killbox by Option^Explicit. Extract it from the zip file to your desktop.

Go to Jotti's malware scan

Copy and paste the following file paths one by one into the "File to upload & scan" box on the top of the page:

C:\WINDOWS\SYSTEM32\DATADX.DLL
C:\WINDOWS\SYSTEM32\SSKSFFS.DLL


Click on the submit button. Please post the results from each one in your next reply.

Also, you have a lot more nasties showing up in that last log compared to your HJT log. Have a look if these are present on your system:

C:\Program Files\BullsEye Network\bin\bargains.exe
C:\Program Files\NaviSearch\\bin\nls.exe
C:\Program Files\CashBack\\bin\cashback.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\dpfea.exe
C:\Program Files\SurfAccuracy\SAcc.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\WINDOWS\system32\Ptvoxa.exe
C:\Program Files\Power Scan\powerscan.exe
C:\WINDOWS\system32\Hmedoy.exe
C:\WINDOWS\system32\9qs2vcfk.exe

Let me know.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#13 Blastedw0lf4

Blastedw0lf4
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 26 August 2005 - 09:03 AM

alright starting w/ the logz 1st.

Service load: 0% 100%

File: DATADX.DLL
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 501320696427d32bcf4aceef30634b32
Packers detected: ASPACK
Scanner results
AntiVir Found nothing
ArcaVir Found Trojan.Bho.Jt.A24
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found nothing
------------------------------------------------------------------------------------
Service load: 0% 100%

File: SSKSFFS.DLL
Status: INFECTED/MALWARE
MD5 88535bbfa373066f26e52fd70dc570a3
Packers detected: ASPACK
Scanner results
AntiVir Found nothing
ArcaVir Found Trojan.Bho.Jt.A24
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found W32/Qoologic.AC-dr
Kaspersky Anti-Virus Found Trojan-Downloader.Win32.Qoologic.ac
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found nothing

------------------------------------------------------------------------------------

and now the following directorys/files were found:

C:\Program Files\BullsEye Network\bin\bargains.exe
C:\Program Files\NaviSearch\\bin\nls.exe
C:\Program Files\CashBack\\bin\cashback.exe
C:\WINDOWS\system32\Ptvoxa.exe

and not mentioned .. but these directories/files caught my attention while i was looking.

C:\Program Files\DealBar
C:\Program Files\SideFind

thankz again for all your help so far

#14 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:59 PM

Posted 26 August 2005 - 09:42 AM

Run Killbox.exe by double clicking on it. Select Delete on Reboot.

Copy this entire list of files to the clipboard. (Highlight the list. Press CTRL + C)

C:\WINDOWS\SYSTEM32\DATADX.DLL
C:\WINDOWS\SYSTEM32\CONRES.CPL
C:\WINDOWS\SYSTEM32\JAOJE.DLL
C:\WINDOWS\SYSTEM32\SSKSFFS.DLL
C:\WINDOWS\system32\ls4lss.exe
C:\WINDOWS\system32\Ptvoxa.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\nipn.exe
C:\Documents and Settings\Danny\Start Menu\Programs\Startup\nipn.exe


In the Killbox, go to the toolbar to File > Paste from clipboard. Click Paste from Clipboard.
All of the files you pasted in might not show up on the list in Killbox. That's normal. Some may not be present and so will not be listed. Go ahead to the next step.

Click the red icon with the white X at the upper right. You will be prompted to restart - say yes and exit. Restart back into Windows.

Find and delete these folders:

C:\Program Files\BullsEye Network
C:\Program Files\NaviSearch
C:\Program Files\CashBack
C:\Program Files\DealBar
C:\Program Files\SideFind

Reboot again, post a new HJT log and also new logs from FindQ abd Track qoo.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#15 Blastedw0lf4

Blastedw0lf4
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 26 August 2005 - 11:52 AM

Logfile of HijackThis v1.99.1
Scan saved at 12:48:10 PM, on 8/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\INF\MSI\SlowDownCPU\SlowDownCPU.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.exactsearch.net/sidesearch
R3 - Default URLSearchHook is missing
O2 - BHO: IE5BarLauncherBHO Class - {1ADBCCE8-CF84-441E-9B38-AFC7A19C06A4} - C:\Program Files\DealBar\BarLcher.dll (file missing)
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\system32\nvms.dll (file missing)
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\system32\mscb.dll (file missing)
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll (file missing)
O3 - Toolbar: ActiveShopperToolBar 1.200 - {3D782BB3-F2A5-11D3-BF4C-000000000000} - C:\Program Files\DealBar\BarLcher.dll (file missing)
O4 - HKLM\..\Run: [SlowDownCPU] C:\WINDOWS\INF\MSI\SlowDownCPU\SlowDownCPU.exe
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -lock
O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\ls4lss.exe reg_run
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [CashBack] C:\Program Files\CashBack\bin\cashback.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [areslite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\Steam.exe -silent
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ActiveShopper - {BFA03761-5565-41b3-93D9-82B354C0A8EC} - SHDOCVW.DLL (file missing)
O9 - Extra 'Tools' menuitem: ActiveShopper Toolbar - {BFA03761-5565-41b3-93D9-82B354C0A8EC} - SHDOCVW.DLL (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://ad.trafficmp.com/tmpad/banner/click...ler_VENDARE.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

------------------------------------------------------------------------------------
»»»»» Search by size and name...
»»»»» Files found by this method are not necessarily bad...
»»»»» Example PNGFILT.DLL is a windows file...

C:\WINDOWS\SYSTEM32\DATADX.DLL

»»»»»2K XP 9X and ME Misc check's...


»»»»» 9X and ME check's...

------------------------------------------------------------------------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SlowDownCPU"="C:\\WINDOWS\\INF\\MSI\\SlowDownCPU\\SlowDownCPU.exe"
"RaidTool"="C:\\Program Files\\VIA\\RAID\\raid_tool.exe"
"vptray"="C:\\PROGRA~1\\SYMANT~1\\SYMANT~1\\vptray.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033 -lock"
"Daily Weather Forecast"="C:\\Program Files\\Daily Weather Forecast\\weather.exe"
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_04\\bin\\jusched.exe"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"winsync"="C:\\WINDOWS\\system32\\ls4lss.exe reg_run"
"BullsEye Network"="C:\\Program Files\\BullsEye Network\\bin\\bargains.exe"
"NaviSearch"="C:\\Program Files\\NaviSearch\\bin\\nls.exe"
"CashBack"="C:\\Program Files\\CashBack\\bin\\cashback.exe"

-----------------
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers


Subkey --- ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}
C:\Program Files\ewido\security suite\context.dll

Subkey --- fxtfmmxg
{4f719a57-1c53-419e-968c-0791594f65ef}
C:\WINDOWS\system32\jaoje.dll

Subkey --- LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C}
C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll

Subkey --- Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}
C:\WINDOWS\System32\cscui.dll

Subkey --- Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- PowerConverter
{590FF12A-9458-4092-A520-6C959CD81FEA}
C:\Program Files\Power MP3 WMA Converter\shellext.dll

Subkey --- WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA}
C:\Program Files\WinRAR\rarext.dll

Subkey --- {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin
C:\WINDOWS\system32\SHELL32.dll

=====================

HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers


Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {66742402-F9B9-11D1-A202-0000F81FEDEE}
C:\WINDOWS\system32\SHELL32.dll

==============================
C:\Documents and Settings\All Users\Start Menu\Programs\Startup

desktop.ini
==============================
C:\Documents and Settings\Danny\Start Menu\Programs\Startup

desktop.ini
desktop.ini
==============================
C:\WINDOWS\system32 cpl files


access.cpl Microsoft Corporation
appwiz.cpl Microsoft Corporation
bthprops.cpl Microsoft Corporation
desk.cpl Microsoft Corporation
firewall.cpl Microsoft Corporation
hdwwiz.cpl Microsoft Corporation
inetcpl.cpl Microsoft Corporation
intl.cpl Microsoft Corporation
irprops.cpl Microsoft Corporation
joy.cpl Microsoft Corporation
jpicpl32.cpl Sun Microsystems, Inc.
main.cpl Microsoft Corporation
mmsys.cpl Microsoft Corporation
ncpa.cpl Microsoft Corporation
netsetup.cpl Microsoft Corporation
nusrmgr.cpl Microsoft Corporation
nvtuicpl.cpl NVIDIA Corporation
nwc.cpl Microsoft Corporation
odbccp32.cpl Microsoft Corporation
powercfg.cpl Microsoft Corporation
QuickTime.cpl Apple Computer, Inc.
sysdm.cpl Microsoft Corporation
telephon.cpl Microsoft Corporation
timedate.cpl Microsoft Corporation
wscui.cpl Microsoft Corporation
wuaucpl.cpl Microsoft Corporation




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users