Post by: KritaKILL on April 29, 2005, 09:39:45 PM
This Cuts me off from Internet and doesn't let me open heaps of applications such as hijack this so i cant find anyway of scanning to remove this bastardo
/sad.gif\' class=\'bbc_emoticon\' alt=\':(\' /> if anyone could please help me I will luv u for long time hahaha.Thanks
Post by: Guest on May 01, 2005, 12:21:48 AM
Post by: Edward on May 01, 2005, 12:22:48 AM
Manually
Post by: Guest on May 01, 2005, 05:32:37 PM
/sad.gif\' class=\'bbc_emoticon\' alt=\':(\' />fully lost on this gay trojan
Post by: guestolo on May 01, 2005, 07:41:13 PM
I'll need to see a Hijackthis log
Please, Read This (http://\"http://www.thetechguide.com/forum/index.php?showtopic=14623\")
Post by: KritaKILL on May 02, 2005, 08:00:45 PM
Scan saved at 12:58:32 p.m., on 3/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
H:\Setup\rsrc\demo32.exe
F:\Setups\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ (http://\"http://www.google.co.nz/\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [Win32 USB2] sevhost.exe
O4 - HKLM\..\Run: [Microsoft Explorer] iexplorer.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Configuration] msmmsgr.exe
O4 - HKLM\..\Run: [WISConfiguration] win.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\\NVCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings
O4 - HKLM\..\Run: [Coloreal Hint] C:\Program Files\WayTech\Coloreal\Coloreal Bright\Coloreal Hint.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\WayTech\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [WinFoxV2] C:\WINDOWS\System32\WF2K.EXE
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [iTunesHelper] D:\Appz\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] D:\Appz\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Host Protocol] svhost.exe
O4 - HKLM\..\Run: [Required Service Drivers] micront.exe
O4 - HKLM\..\Run: [IPOT Service Drivers] compaq.exe
O4 - HKLM\..\RunServices: [Zone Alarm] vsmon.exe
O4 - HKLM\..\RunServices: [Win32 USB2] sevhost.exe
O4 - HKLM\..\RunServices: [Microsoft Explorer] iexplorer.exe
O4 - HKLM\..\RunServices: [Configuration] msmmsgr.exe
O4 - HKLM\..\RunServices: [WISConfiguration] win.exe
O4 - HKLM\..\RunServices: [Required Service Drivers] micront.exe
O4 - HKLM\..\RunServices: [Microsoft Host Protocol] svhost.exe
O4 - HKLM\..\RunServices: [IPOT Service Drivers] compaq.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Coloreal Bright.lnk = ?
O4 - Global Startup: Coloreal Hint.lnk = ?
O4 - Global Startup: Coloreal Visual.lnk = C:\Program Files\WayTech\Coloreal\Coloreal Visual\ColorealVisual.exe
O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Common\IconMgr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DE84EFA-D238-41E6-83D6-DE877A39EA40}: NameServer = 203.96.152.4,203.96.152.12
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Thanks for the assisst dude... this virus sux
Post by: KritaKILL on May 02, 2005, 08:01:58 PM
Post by: guestolo on May 02, 2005, 08:31:31 PM
Requires you too register to the forum when including a log
Please take the time to do so then post back a fresh hijackthis log
Post by: KritaKILL on May 02, 2005, 08:38:09 PM
Logfile of HijackThis v1.99.1
Scan saved at 12:58:32 p.m., on 3/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
H:\Setup\rsrc\demo32.exe
F:\Setups\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ (http://\"http://www.google.co.nz/\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [Win32 USB2] sevhost.exe
O4 - HKLM\..\Run: [Microsoft Explorer] iexplorer.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Configuration] msmmsgr.exe
O4 - HKLM\..\Run: [WISConfiguration] win.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\\NVCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings
O4 - HKLM\..\Run: [Coloreal Hint] C:\Program Files\WayTech\Coloreal\Coloreal Bright\Coloreal Hint.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\WayTech\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [WinFoxV2] C:\WINDOWS\System32\WF2K.EXE
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [iTunesHelper] D:\Appz\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] D:\Appz\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Host Protocol] svhost.exe
O4 - HKLM\..\Run: [Required Service Drivers] micront.exe
O4 - HKLM\..\Run: [IPOT Service Drivers] compaq.exe
O4 - HKLM\..\RunServices: [Zone Alarm] vsmon.exe
O4 - HKLM\..\RunServices: [Win32 USB2] sevhost.exe
O4 - HKLM\..\RunServices: [Microsoft Explorer] iexplorer.exe
O4 - HKLM\..\RunServices: [Configuration] msmmsgr.exe
O4 - HKLM\..\RunServices: [WISConfiguration] win.exe
O4 - HKLM\..\RunServices: [Required Service Drivers] micront.exe
O4 - HKLM\..\RunServices: [Microsoft Host Protocol] svhost.exe
O4 - HKLM\..\RunServices: [IPOT Service Drivers] compaq.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Coloreal Bright.lnk = ?
O4 - Global Startup: Coloreal Hint.lnk = ?
O4 - Global Startup: Coloreal Visual.lnk = C:\Program Files\WayTech\Coloreal\Coloreal Visual\ColorealVisual.exe
O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Common\IconMgr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DE84EFA-D238-41E6-83D6-DE877A39EA40}: NameServer = 203.96.152.4,203.96.152.12
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Post by: guestolo on May 02, 2005, 08:50:48 PM
Do this for now in safe mode
First download Dcombobulator
and Disable DCOM
http://grc.com/files/DCOMbob.exe (http://\"http://grc.com/files/DCOMbob.exe\")
==Download and Unzip to a folder Hoster.zip (http://\"http://www.funkytoad.com/download/hoster.zip\")
Open Hoster>>Click on "Restore Original Hosts"
OK it
Next:==Download and Install this small program
to help clean your temp folders,cookies, etc...
Windows Cleanup (http://\"http://downloads.stevengould.org/cleanup/CleanUp40.exe\")
Give the link time to load or try it twice, it may be busy
==Open Windows CleanUp!>>START>>programs>>Cleanup!
Click on the CleanUp button, let it finish scanning for files, when it's done
Decline to Log off
Afterwards
Do another scan with Hijackthis and put a check next to these entries:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [Win32 USB2] sevhost.exe
O4 - HKLM\..\Run: [Microsoft Explorer] iexplorer.exe
O4 - HKLM\..\Run: [Configuration] msmmsgr.exe
O4 - HKLM\..\Run: [WISConfiguration] win.exe
O4 - HKLM\..\Run: [Microsoft Host Protocol] svhost.exe
O4 - HKLM\..\Run: [Required Service Drivers] micront.exe
O4 - HKLM\..\Run: [IPOT Service Drivers] compaq.exe
O4 - HKLM\..\RunServices: [Zone Alarm] vsmon.exe
O4 - HKLM\..\RunServices: [Win32 USB2] sevhost.exe
O4 - HKLM\..\RunServices: [Microsoft Explorer] iexplorer.exe
O4 - HKLM\..\RunServices: [Configuration] msmmsgr.exe
O4 - HKLM\..\RunServices: [WISConfiguration] win.exe
O4 - HKLM\..\RunServices: [Required Service Drivers] micront.exe
O4 - HKLM\..\RunServices: [Microsoft Host Protocol] svhost.exe
O4 - HKLM\..\RunServices: [IPOT Service Drivers] compaq.exe
After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Restart into Normal mode and try running a scan with Hijackthis and posting the log
Post by: KritaKILL on May 02, 2005, 09:32:33 PM
Logfile of HijackThis v1.99.1
Scan saved at 2:28:00 p.m., on 3/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\WINDOWS\System32\WF2K.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
D:\Appz\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
D:\Appz\InCD\InCD.exe
C:\WINDOWS\system32\qttask.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\micront.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\System32\svhost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\GEARSEC.EXE
C:\WINDOWS\System32\compaq.exe
C:\Program Files\WayTech\Coloreal\Coloreal Bright\Coloreal Bright.exe
C:\Program Files\E-Color\Common\IconMgr.exe
C:\Program Files\E-Color\Colorific\hgcctl95.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\E-Color\E-Color Indicator\TICIcon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ (http://\"http://www.google.co.nz/\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ (http://\"http://www.google.co.nz/\")
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\\NVCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings
O4 - HKLM\..\Run: [Coloreal Hint] C:\Program Files\WayTech\Coloreal\Coloreal Bright\Coloreal Hint.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\WayTech\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [WinFoxV2] C:\WINDOWS\System32\WF2K.EXE
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [iTunesHelper] D:\Appz\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] D:\Appz\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Host Protocol] svhost.exe
O4 - HKLM\..\Run: [Required Service Drivers] micront.exe
O4 - HKLM\..\Run: [IPOT Service Drivers] compaq.exe
O4 - HKLM\..\RunServices: [Microsoft Host Protocol] svhost.exe
O4 - HKLM\..\RunServices: [Required Service Drivers] micront.exe
O4 - HKLM\..\RunServices: [IPOT Service Drivers] compaq.exe
O4 - HKCU\..\Run: [Win32 USB2] sevhost.exe
O4 - HKCU\..\Run: [Zone Alarm] vsmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Required Service Drivers] micront.exe
O4 - HKCU\..\Run: [Microsoft Host Protocol] svhost.exe
O4 - HKCU\..\Run: [Windows Update Manager Client] C:\WINDOWS\system32\msservcnnct.exe
O4 - HKCU\..\Run: [IPOT Service Drivers] compaq.exe
O4 - HKCU\..\RunServices: [Required Service Drivers] micront.exe
O4 - HKCU\..\RunServices: [Microsoft Host Protocol] svhost.exe
O4 - HKCU\..\RunServices: [IPOT Service Drivers] compaq.exe
O4 - Global Startup: Coloreal Bright.lnk = ?
O4 - Global Startup: Coloreal Hint.lnk = ?
O4 - Global Startup: Coloreal Visual.lnk = C:\Program Files\WayTech\Coloreal\Coloreal Visual\ColorealVisual.exe
O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Common\IconMgr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DE84EFA-D238-41E6-83D6-DE877A39EA40}: NameServer = 203.96.152.4,203.96.152.12
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Post by: guestolo on May 02, 2005, 10:14:10 PM
You have some nasties in there
Could you do the following please
=Download the RKFiles.zip
http://skads.org/special/rkfiles.zip (http://\"http://skads.org/special/rkfiles.zip\")
UNZIP the contents to it's own folder
==Download the Pocket Killbox (http://\"http://www.downloads.subratam.org/KillBox.zip\")
UNZIP it to a folder of your choice
Download and then Install
Ewido Trojan Scanner (http://\"http://www.ewido.net/en/download/\")
When installing, under "Additional Options" UNCHECK "Install background guard" and "Install scan via context menu".
When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We'll fix that later
From the main ewido screen, click on UPDATE in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido
We'll need it later
Please save these instructions to a Notepad file and save it to your Desktop>>Close all browser windows, disconnect from the Internet
Open Hijackthis>>Open Misc tools section>>Open Process Manager
Kill these processes if found or if you can
C:\WINDOWS\System32\micront.exe
C:\WINDOWS\System32\compaq.exe
C:\WINDOWS\System32\svhost.exe <-notice the spelling, DON'T try and end svchost.exe
Do another scan with Hijackthis and put a check next to these entries:
O4 - HKLM\..\Run: [Microsoft Host Protocol] svhost.exe
O4 - HKLM\..\Run: [Required Service Drivers] micront.exe
O4 - HKLM\..\Run: [IPOT Service Drivers] compaq.exe
O4 - HKLM\..\RunServices: [Microsoft Host Protocol] svhost.exe
O4 - HKLM\..\RunServices: [Required Service Drivers] micront.exe
O4 - HKLM\..\RunServices: [IPOT Service Drivers] compaq.exe
O4 - HKCU\..\Run: [Win32 USB2] sevhost.exe
O4 - HKCU\..\Run: [Zone Alarm] vsmon.exe
O4 - HKCU\..\Run: [Required Service Drivers] micront.exe
O4 - HKCU\..\Run: [Microsoft Host Protocol] svhost.exe
O4 - HKCU\..\Run: [Windows Update Manager Client] C:\WINDOWS\system32\msservcnnct.exe
O4 - HKCU\..\Run: [IPOT Service Drivers] compaq.exe
O4 - HKCU\..\RunServices: [Required Service Drivers] micront.exe
O4 - HKCU\..\RunServices: [Microsoft Host Protocol] svhost.exe
O4 - HKCU\..\RunServices: [IPOT Service Drivers] compaq.exe
After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
==Run Pocket KillBox>>Now killbox and this notepad file is open
Click on Tools>>Delete Temp files
In the Full Path of File to Delete box, copy and paste the entire line directly below in bold, do not type this in
C:\WINDOWS\System32\micront.exe
Select the radio button to
Delete on Reboot
Click The Red circle and a white X
When prompted to Delete on Reboot, click YES
If prompted to Reboot Now, Click NO
Continue to copy and paste the next paths to the files below into killbox
Selecting Delete on Reboot after each
C:\WINDOWS\System32\compaq.exe
C:\WINDOWS\System32\svhost.exe
C:\WINDOWS\System32\sevhost.exe
C:\WINDOWS\system32\msservcnnct.exe
C:\WINDOWS\system32\vsmon.exe
When you've entered the last path to the file
Allow the computer to Reboot
or Restart the computer anyways
Please Restart into Safe mode
In Safe mode
Set Windows To Show Hidden Files and Folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Uncheck the Hide Extensions for known file types
* Click Yes to confirm.
* Click OK.
Run Windows CleanUp! again
Decline to Log off
==Open Ewido trojan scanner
Click on the Scanner button in the left menu, then click on the Start button. This scan can take a while, so give it time to run
If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
When the scan finishes, click on "Save Report". This will create a text file.
Save the report
Open the folder you unzipped rkfiles.zip too
Double click to run Rkfiles.bat
Wait for the scan to finish, give this time
When it's done a log will be produced, save this log
By default, it is saved to C:\Log.txt
Restart back to Normal mode
Post the log produced by rkfiles.bat and the Ewido report
Also post back a fresh Hijackthis log
EDIT>>Sorry, I added a couple entries to be killed with Killbox and the fixes with Hijackthis, I didn't expect you to get back so fast
If you missed them, we'll get them next time
Post by: KritaKILL on May 02, 2005, 10:21:44 PM
Post by: guestolo on May 02, 2005, 10:23:28 PM
But make sure you get Ewido installed and updated
P.s>>I hope you seen my Edit above
Post by: KritaKILL on May 02, 2005, 11:56:40 PM
i rekon u may have cleared it off, there was no virus pop up and i can run hijack this! from normal mode!!!
heres the stuff u wanted to see:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 4:31:30 p.m., 3/05/2005
+ Report-Checksum: 19E27B80
+ Date of database: 3/05/2005
+ Version of scan engine: v3.0
+ Duration: 19 min
+ Scanned Files: 55178
+ Speed: 46.12 Files/Second
+ Infected files: 1
+ Removed files: 1
+ Files put in quarantine: 1
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0
+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes
+ Scanned items:
C:\
D:\
E:\
F:\
+ Scan result:
C:\WINDOWS\system32\drivers\drv\firedaemon.exe -> Backdoor.SdBot.nj -> Cleaned with backup
::Report End
-----------------------------------------------------------
F:\New Folder
PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Files Found in system Folder............
-----------
C:\WINDOWS\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213
Files Found in all users startup Folder............
------------------------
Files Found in all users windows Folder............
------------------------
C:\WINDOWS\daemon.dll: UPX!
C:\WINDOWS\tsc.exe: UPX!
C:\WINDOWS\vsapi32.dll: UPX!t4
Finished
bye
-------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 4:51:49 p.m., on 3/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\WINDOWS\System32\WF2K.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
D:\Appz\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
D:\Appz\InCD\InCD.exe
C:\WINDOWS\system32\qttask.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\GEARSEC.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\WayTech\Coloreal\Coloreal Bright\Coloreal Bright.exe
C:\Program Files\E-Color\Common\IconMgr.exe
C:\Program Files\E-Color\Colorific\hgcctl95.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\E-Color\E-Color Indicator\TICIcon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ (http://\"http://www.google.co.nz/\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ (http://\"http://www.google.co.nz/\")
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\\NVCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings
O4 - HKLM\..\Run: [Coloreal Hint] C:\Program Files\WayTech\Coloreal\Coloreal Bright\Coloreal Hint.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\WayTech\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [WinFoxV2] C:\WINDOWS\System32\WF2K.EXE
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [iTunesHelper] D:\Appz\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] D:\Appz\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Win32 USB2] sevhost.exe
O4 - HKCU\..\Run: [Zone Alarm] vsmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Required Service Drivers] micront.exe
O4 - HKCU\..\Run: [Microsoft Host Protocol] svhost.exe
O4 - HKCU\..\Run: [Windows Update Manager Client] C:\WINDOWS\system32\msservcnnct.exe
O4 - HKCU\..\Run: [IPOT Service Drivers] compaq.exe
O4 - HKCU\..\RunServices: [Required Service Drivers] micront.exe
O4 - HKCU\..\RunServices: [Microsoft Host Protocol] svhost.exe
O4 - HKCU\..\RunServices: [IPOT Service Drivers] compaq.exe
O4 - Global Startup: Coloreal Bright.lnk = ?
O4 - Global Startup: Coloreal Hint.lnk = ?
O4 - Global Startup: Coloreal Visual.lnk = C:\Program Files\WayTech\Coloreal\Coloreal Visual\ColorealVisual.exe
O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Common\IconMgr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DE84EFA-D238-41E6-83D6-DE877A39EA40}: NameServer = 203.96.152.4,203.96.152.12
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Post by: guestolo on May 03, 2005, 12:15:01 AM
I'm not sure if your totally clean yet
Do another scan with Hijackthis and put a check next to these entries:
O4 - HKCU\..\Run: [Win32 USB2] sevhost.exe
O4 - HKCU\..\Run: [Zone Alarm] vsmon.exe
O4 - HKCU\..\Run: [Required Service Drivers] micront.exe
O4 - HKCU\..\Run: [Microsoft Host Protocol] svhost.exe
O4 - HKCU\..\Run: [Windows Update Manager Client] C:\WINDOWS\system32\msservcnnct.exe
O4 - HKCU\..\Run: [IPOT Service Drivers] compaq.exe
O4 - HKCU\..\RunServices: [Required Service Drivers] micront.exe
O4 - HKCU\..\RunServices: [Microsoft Host Protocol] svhost.exe
O4 - HKCU\..\RunServices: [IPOT Service Drivers] compaq.exe
After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Restart your computer
Post back a fresh Hijackthis log
Could you also do the following
Download and UNZIP to desktop
Export.zip, so you now have Export.bat on the desktop
Double click on Export.bat
A new file called Export.txt MAY be placed on your desktop, if it is can you copy and paste back the contents
If nothing is produced, let me know that too
Post by: KritaKILL on May 03, 2005, 12:30:39 AM
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
D:\Appz\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
D:\Appz\InCD\InCD.exe
C:\WINDOWS\system32\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\GEARSEC.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\WayTech\Coloreal\Coloreal Bright\Coloreal Bright.exe
C:\Program Files\E-Color\Common\IconMgr.exe
C:\Program Files\E-Color\Colorific\hgcctl95.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\E-Color\E-Color Indicator\TICIcon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ (http://\"http://www.google.co.nz/\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ (http://\"http://www.google.co.nz/\")
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\\NVCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings
O4 - HKLM\..\Run: [Coloreal Hint] C:\Program Files\WayTech\Coloreal\Coloreal Bright\Coloreal Hint.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\WayTech\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [WinFoxV2] C:\WINDOWS\System32\WF2K.EXE
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [iTunesHelper] D:\Appz\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] D:\Appz\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Coloreal Bright.lnk = ?
O4 - Global Startup: Coloreal Hint.lnk = ?
O4 - Global Startup: Coloreal Visual.lnk = C:\Program Files\WayTech\Coloreal\Coloreal Visual\ColorealVisual.exe
O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Common\IconMgr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DE84EFA-D238-41E6-83D6-DE877A39EA40}: NameServer = 203.96.152.4,203.96.152.12
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
just gona do the export.zip thing now
Post by: KritaKILL on May 03, 2005, 12:33:31 AM
Post by: KritaKILL on May 03, 2005, 01:03:08 AM
Post by: guestolo on May 03, 2005, 10:36:14 PM
Can you do the following please
If everything is running better
You should disable system restore---restart your computer--enable system restore
This will clear all your restore points and ensure you don't restore any nasties
Once reenabled it will create a fresh restore point
How to Disable and Re-enable System Restore feature (http://\"http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm\")
Once back in Windows and System Restore is reenabled
You should set up protection against future attacks
SpywareBlaster 3.3 by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")
*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
IE-Spyad---IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Here is a tutorial and download link
TUTORIAL==Link to Tutorial (http://\"http://www.bleepingcomputer.com/forums/index.php?showtutorial=53\")
Download link (http://\"https://netfiles.uiuc.edu/ehowes/www/resource.htm#IESPYAD\")
With both, Check for updates every couple of weeks
Keep the link to IE-Spyad bookmarked so you can check for updates
SpywareBlaster, after every update just simply enable all protection
Post back one last hijackthis log and include the Whole log, you cut off the top part
Also, just for a double check
Can you download this file
http://www.sysinternals.com/files/rootkitrevealer.zip (http://\"http://www.sysinternals.com/files/rootkitrevealer.zip\")
Unzip it to it own folder or to your desktop.
Run RootkitRevealer.exe and scan your system. When the scan is complete click on File, Save, and save the log file. Copy and paste the log file here.
Post by: KritaKILL on May 04, 2005, 12:05:19 AM
Scan saved at 5:03:10 p.m., on 4/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\WINDOWS\System32\WF2K.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
D:\Appz\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
D:\Appz\InCD\InCD.exe
C:\WINDOWS\system32\qttask.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\WayTech\Coloreal\Coloreal Bright\Coloreal Bright.exe
C:\WINDOWS\System32\GEARSEC.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\E-Color\Common\IconMgr.exe
C:\Program Files\E-Color\Colorific\hgcctl95.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\E-Color\E-Color Indicator\TICIcon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ (http://\"http://www.google.co.nz/\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ (http://\"http://www.google.co.nz/\")
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\\NVCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings
O4 - HKLM\..\Run: [Coloreal Hint] C:\Program Files\WayTech\Coloreal\Coloreal Bright\Coloreal Hint.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\WayTech\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [WinFoxV2] C:\WINDOWS\System32\WF2K.EXE
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [iTunesHelper] D:\Appz\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] D:\Appz\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Coloreal Bright.lnk = ?
O4 - Global Startup: Coloreal Hint.lnk = ?
O4 - Global Startup: Coloreal Visual.lnk = C:\Program Files\WayTech\Coloreal\Coloreal Visual\ColorealVisual.exe
O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Common\IconMgr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DE84EFA-D238-41E6-83D6-DE877A39EA40}: NameServer = 203.96.152.4,203.96.152.12
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
HKLM\SYSTEM\ControlSet001\Services\d347prt\Cfg\0Jf40 4/05/2005 4:34 p.m. 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\d347prt\Cfg\0Jf41 4/05/2005 4:34 p.m. 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\d347prt\Cfg\0Jf42 4/05/2005 4:34 p.m. 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\d347prt\Cfg\0Jf43 4/05/2005 4:34 p.m. 0 bytes Hidden from Windows API.
How does it look?
Post by: guestolo on May 04, 2005, 12:12:27 AM
/laugh.gif\' class=\'bbc_emoticon\' alt=\':lol:\' /> Take care Krita
I hope everything is still fine on your end
Post by: KritaKILL on May 04, 2005, 12:19:55 AM
Genius lol
Cheers
Post by: guestolo on May 04, 2005, 11:30:18 PM
If you need it reopened, Please PM myself or the site Admin and supply a link to this thread
Take Care
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />