Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - cablegui

Pages: [1]
1
Tech Clinic / Several problems
« on: January 13, 2006, 12:37:11 AM »
Bump

Hi Guestolo Here are the 4 reports you told me to get. I followed your instructions. Everything seems to be fine now. I don't get any pop ups any more.


________________________________________________________________________________
________________________________________________________________________________
_
________________________________________________________________________________
_
________________________________________________________________________________
_
________________________________________________________________________________
_
________________________________________________________________________________
_
________________________________________________________________________________
_
__________________________________________________________

---------------------------------------------------------
 ewido anti-malware - Scan report
---------------------------------------------------------

 + Created on:         10:14:45 AM, 13/1/2006
 + Report-Checksum:      B9AE4794

 + Scan result:

   HKLM\SOFTWARE\Classes\Bridge.brdg -> Spyware.BlazeFind : Cleaned with backup
   HKLM\SOFTWARE\Classes\Bridge.brdg\CLSID -> Spyware.BlazeFind : Cleaned with backup
   HKLM\SOFTWARE\Classes\Bridge.brdg\CurVer -> Spyware.BlazeFind : Cleaned with backup
   HKLM\SOFTWARE\Classes\Bridge.brdg.1 -> Spyware.BlazeFind : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{6EC11407-5B2E-4E25-8BDF-77445B52AB37} -> Spyware.VX2 : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{80BB7465-A638-43B5-9827-8E8FE38DFCC1} -> Spyware.BlazeFind : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.Mirar : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{9C691A33-7DDA-4C2F-BE4C-C176083F35CF} -> Spyware.WinFavorites : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{BFC9677B-8006-4336-9D49-2C797AEFCB9E} -> Dialer.Generic : Cleaned with backup
   HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{6EC11407-5B2E-4E25-8BDF-77445B52AB37} -> Spyware.VX2 : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{4FDBDBAD-FEFE-4C4C-9CC1-1181052AFB12} -> Spyware.BlazeFind : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{B88A3AF1-4F1B-4400-8FFB-3FCB108CE115} -> Spyware.BlazeFind : Cleaned with backup
   HKLM\SOFTWARE\Classes\Jao.jao -> Spyware.BlazeFind : Cleaned with backup
   HKLM\SOFTWARE\Classes\Jao.jao\CLSID -> Spyware.BlazeFind : Cleaned with backup
   HKLM\SOFTWARE\Classes\Jao.jao\CurVer -> Spyware.BlazeFind : Cleaned with backup
   HKLM\SOFTWARE\Classes\Jao.jao.1 -> Spyware.BlazeFind : Cleaned with backup
   HKLM\SOFTWARE\Classes\TypeLib\{C094876D-1B0E-46FA-B6A6-7FFC0F970C27} -> Spyware.BlazeFind : Cleaned with backup
   HKLM\SOFTWARE\Classes\TypeLib\{DDAF2479-6F00-4599-998A-3ED75686C6D0} -> Spyware.BlazeFind : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9E248641-0E24-4DDB-9A1F-705087832AD6}\\CLSID -> Spyware.VX2 : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75} -> Spyware.NetNucleus : Cleaned with backup
   HKLM\SYSTEM\CurrentControlSet\Services\ISEXEng -> Spyware.BargainBuddy : Cleaned with backup
   HKLM\SYSTEM\CurrentControlSet\Services\ISEXEng\Security -> Spyware.BargainBuddy : Cleaned with backup
   HKLM\SYSTEM\CurrentControlSet\Services\ISEXEng\Enum -> Spyware.BargainBuddy : Cleaned with backup
   HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\{6685509E-B47B-4f47-8E16-9A5F3A62F683} -> Spyware.MoneyMaker : Cleaned with backup
   HKU\S-1-5-21-2000478354-1715567821-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6685509E-B47B-4F47-8E16-9A5F3A62F683} -> Spyware.MoneyMaker : Cleaned with backup
   HKU\S-1-5-21-2000478354-1715567821-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83DE62E0-5805-11D8-9B25-00E04C60FAF2} -> Spyware.BlazeFind : Cleaned with backup
   HKU\S-1-5-21-2000478354-1715567821-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.Mirar : Cleaned with backup
   HKU\S-1-5-21-2000478354-1715567821-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.NetNucleus : Cleaned with backup
   HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\{6685509E-B47B-4f47-8E16-9A5F3A62F683} -> Spyware.MoneyMaker : Cleaned with backup
   [756] C:\WINDOWS\system32\wuauclt.dll -> Downloader.Small : Cleaned with backup
   C:\Documents and Settings\All Users\Start Menu\Programs\Startup\qxxw.exe -> Downloader.Qoologic.be : Cleaned with backup
   C:\Documents and Settings\mata\Cookies\mata@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
   C:\Documents and Settings\mata\Cookies\mata@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
   C:\Documents and Settings\mata\Cookies\mata@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
   C:\Documents and Settings\mata\Cookies\mata@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
   C:\Documents and Settings\mata\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
   C:\Documents and Settings\mata\Local Settings\Temp\adwsetup_upd.exe -> Dropper.Agent.abb : Cleaned with backup
   C:\Documents and Settings\mata\Local Settings\Temp\btgrab.cab/polall1b.exe -> Trojan.Agent.ay : Cleaned with backup
   C:\Documents and Settings\mata\Local Settings\Temp\btnetw3.exe -> Not-A-Virus.Hoax.Win32.SpyWare.b : Cleaned with backup
   C:\Documents and Settings\mata\Local Settings\Temp\DrTemp\ceres.cab/ceres.dll -> Adware.BetterInternet : Cleaned with backup
   C:\Documents and Settings\mata\Local Settings\Temp\DrTemp\ceres.cab/spike.exe -> Trojan.Agent.cb : Cleaned with backup
   C:\Documents and Settings\mata\Local Settings\Temp\DrTemp\ceres.dll -> Adware.BetterInternet : Cleaned with backup
   C:\Documents and Settings\mata\Local Settings\Temp\DrTemp\INTLRECO.exe -> Adware.BetterInternet : Cleaned with backup
   C:\Documents and Settings\mata\Local Settings\Temp\DrTemp\mm_reco.exe -> Adware.BetterInternet : Cleaned with backup
   C:\Documents and Settings\mata\Local Settings\Temp\lc.exe -> Adware.BetterInternet : Cleaned with backup
   C:\Documents and Settings\mata\Local Settings\Temp\polall1b.exe -> Trojan.Agent.ay : Cleaned with backup
   C:\Documents and Settings\mata\Local Settings\Temp\selassix.tmp -> Spyware.SafeSurfing : Cleaned with backup
   C:\Documents and Settings\mata\Local Settings\Temp\THI2777.tmp\farmmext.cab/farmmext.exe -> Spyware.ConsCorr : Cleaned with backup
   C:\Documents and Settings\mata\Local Settings\Temp\THI2777.tmp\farmmext.exe -> Spyware.ConsCorr : Cleaned with backup
   C:\Documents and Settings\mata\Local Settings\Temp\THI6883.tmp\btgrab.cab/BTGrab.dll -> Spyware.BiSpy : Cleaned with backup
   C:\Documents and Settings\mata\Local Settings\Temp\THI6883.tmp\btgrab.cab/polall1b.exe -> Dropper.Small.pv : Cleaned with backup
   C:\Documents and Settings\mata\Local Settings\Temp\THI6883.tmp\BTGrab.dll -> Spyware.BiSpy : Cleaned with backup
   C:\Documents and Settings\mata\Local Settings\Temp\THI6883.tmp\polall1b.exe -> Dropper.Small.pv : Cleaned with backup
   C:\Documents and Settings\mata\Local Settings\Temporary Internet Files\Content.IE5\E50R2PU5\rcverlib[1].exe -> Downloader.Qoologic.ax : Cleaned with backup
   C:\WINDOWS\2_0_1browserhelper2.dll -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\inst_FI002.exe -> Spyware.ZenoSearch : Cleaned with backup
   C:\WINDOWS\justin.exe -> Adware.EZula : Cleaned with backup
   C:\WINDOWS\Sngsh40.dll -> Adware.AdBlaster : Cleaned with backup
   C:\WINDOWS\system32\a.exe -> Logger.Briss.c : Cleaned with backup
   C:\WINDOWS\system32\bffvjsv.exe -> Downloader.Qoologic.be : Cleaned with backup
   C:\WINDOWS\system32\bridge.dll -> Logger.Briss.h : Cleaned with backup
   C:\WINDOWS\system32\drivers\erssdd.sys -> Trojan.Rootkit.Agent.af : Cleaned with backup
   C:\WINDOWS\system32\dwdsregt.exe -> Spyware.ZenoSearch : Cleaned with backup
   C:\WINDOWS\system32\instsrv.exe -> Spyware.BargainBuddy : Cleaned with backup
   C:\WINDOWS\system32\irasyncd.exe -> Spyware.SafeSurfing : Cleaned with backup
   C:\WINDOWS\system32\irismon.dll -> Spyware.SafeSurfing : Cleaned with backup
   C:\WINDOWS\system32\irsmwsod.dll -> Adware.SafeSurfing : Cleaned with backup
   C:\WINDOWS\system32\jao.dll -> Logger.Briss.h : Cleaned with backup
   C:\WINDOWS\system32\kffqk.dll -> Downloader.Qoologic.be : Cleaned with backup
   C:\WINDOWS\system32\msclock32.dll -> Adware.NaviPromo : Cleaned with backup
   C:\WINDOWS\system32\msplock32.dll -> Adware.NaviPromo : Cleaned with backup
   C:\WINDOWS\system32\ngsh40.dll -> Adware.AdBlaster : Cleaned with backup
   C:\WINDOWS\system32\nsf4.dll -> Adware.EZula : Cleaned with backup
   C:\WINDOWS\system32\nsi16.dll -> Adware.EZula : Cleaned with backup
   C:\WINDOWS\system32\nsr5.dll -> Spyware.HotSearchBar : Cleaned with backup
   C:\WINDOWS\system32\nsu141.dll -> Adware.EZula : Cleaned with backup
   C:\WINDOWS\system32\nsx32.dll -> Adware.EZula : Cleaned with backup
   C:\WINDOWS\system32\owwqpi.exe -> Downloader.Qoologic.be : Cleaned with backup
   C:\WINDOWS\system32\qwinrsap.exe -> Adware.ZenoSearch : Cleaned with backup
   C:\WINDOWS\system32\rastmon.dll -> Spyware.SafeSurfing : Cleaned with backup
   C:\WINDOWS\system32\ueesiop.dll -> Downloader.Qoologic.be : Cleaned with backup
   C:\WINDOWS\system32\vgactl.cpl -> Downloader.Qoologic.ad : Cleaned with backup
   C:\WINDOWS\system32\wuauclt.dll -> Downloader.Small : Cleaned with backup
   C:\WINDOWS\system32\yppgw.dat -> Downloader.Qoologic.be : Cleaned with backup
   C:\WINDOWS\UnstSA2.exe -> Dropper.Delf.z : Cleaned with backup
   E:\Neville Andrade\HJT\backups\backup-20060113-085754-167.dll -> Spyware.SafeSurfing : Cleaned with backup
   E:\Neville Andrade\HJT\backups\backup-20060113-085754-171.dll -> Adware.EZula : Cleaned with backup
   E:\Neville Andrade\HJT\backups\backup-20060113-085754-866.dll -> Spyware.Hijacker.Generic : Cleaned with backup


::Report End


________________________________________________________________________________
________________________________________________________________________________
_
________________________________________________________________________________
_
________________________________________________________________________________
_
________________________________________________________________________________
_
________________________________________________________________________________
_
________________________________________________________________________________
_
__________________________________________________________


Find Qoologic last edited 01/08/2006
Running from
E:\Neville Andrade\Solution to comp problem\Find-Qoologic
PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»»»»»»»»»»»»»»» Search by size and name»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
 
C:\WINDOWS\SYSTEM32\MSXML3A.DLL
C:\WINDOWS\WVVENO.DAT
»»»»»»»»»»»»»»»»»»»»»»»» Checking Global Startup »»»»»»»»»»»»»»»»»»»»»»
.....
.....
SteelWerX Registry Console Tool RC-2
Written by Bobbi Flekman
.....
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\kffsmnyn]
@="{2792b7de-27a6-4009-b3bd-49ec97a62b89}"

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\LDVPMenu]
@="{BDA77241-42F6-11d0-85E2-00AA001FE28C}"

[-HKEY_CLASSES_ROOT\CLSID\{incert csdl here}]
[-HKEY_CLASSES_ROOT\CLSID\{6EC11407-5B2E-4E25-8BDF-77445B52AB37}]
[-HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers\{6EC11407-5B2E-4E25-8BDF-77445B52AB37}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebNexus]
.....
[HKEY_LOCAL_MACHINE\Software\qstat]
.....
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
.....
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9E248641-0E24-4DDB-9A1F-705087832AD6}]

________________________________________________________________________________
________________________________________________________________________________
_
________________________________________________________________________________
_
________________________________________________________________________________
_
________________________________________________________________________________
_
________________________________________________________________________________
_
________________________________________________________________________________
_
__________________________________________________________



Logfile of HijackThis v1.99.1
Scan saved at 10:48:18 AM, on 13/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
D:\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
d:\ewido anti-malware\ewidoctrl.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\MATLAB6p1\webserver\bin\win32\matlabserver.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
E:\Neville Andrade\HJT\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [rmpedjhsc] c:\windows\system32\rmpedjhsc.exe rmpedjhsc
O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{85F790C2-58D1-470C-B292-08624967206B}: NameServer = 202.149.208.92,202.149.208.11
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - d:\ewido anti-malware\ewidoctrl.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p1\webserver\bin\win32\matlabserver.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe


________________________________________________________________________________
________________________________________________________________________________
_
________________________________________________________________________________
_
________________________________________________________________________________
_
________________________________________________________________________________
_
________________________________________________________________________________
_
________________________________________________________________________________
_
__________________________________________________________


Track qoo report

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"CHotkey"="zHotkey.exe"
"NeroCheck"="C:\\WINDOWS\\system32\\\\NeroCheck.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
"StatusClient 2.6"="C:\\Program Files\\Hewlett-Packard\\Toolbox\\StatusClient\\StatusClient.exe /auto"
"TomcatStartup 2.5"="C:\\Program Files\\Hewlett-Packard\\Toolbox\\hpbpsttp.exe"
"HP Software Update"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe\""
@=""
"rmpedjhsc"="c:\\windows\\system32\\rmpedjhsc.exe rmpedjhsc"
"WinampAgent"="D:\\Winamp\\winampa.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\"  -osboot"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

-----------------
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers


Subkey --- ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}
d:\ewido anti-malware\context.dll

Subkey --- kffsmnyn
{2792b7de-27a6-4009-b3bd-49ec97a62b89}
C:\WINDOWS\system32\kffqk.dll

Subkey --- LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C}
C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll

Subkey --- Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}
C:\WINDOWS\System32\cscui.dll

Subkey --- Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- WinZip
{E0D79304-84BE-11CE-9641-444553540000}
C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

Subkey --- {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin
C:\WINDOWS\system32\SHELL32.dll

=====================

HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers


Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {66742402-F9B9-11D1-A202-0000F81FEDEE}
C:\WINDOWS\system32\SHELL32.dll

==============================
C:\Documents and Settings\All Users\Start Menu\Programs\Startup

desktop.ini
Microsoft Office.lnk
Post-it® Software Notes Lite.lnk
==============================
C:\Documents and Settings\mata\Start Menu\Programs\Startup

desktop.ini
Microsoft Office.lnk
Post-it® Software Notes Lite.lnk
desktop.ini
==============================
C:\WINDOWS\system32 cpl files


access.cpl                    Microsoft Corporation
appwiz.cpl                    Microsoft Corporation
bthprops.cpl                  Microsoft Corporation
desk.cpl                      Microsoft Corporation
firewall.cpl                  Microsoft Corporation
hdwwiz.cpl                    Microsoft Corporation
igfxcpl.cpl                   Intel Corporation
inetcpl.cpl                   Microsoft Corporation
intl.cpl                      Microsoft Corporation
irprops.cpl                   Microsoft Corporation
joy.cpl                       Microsoft Corporation
jpicpl32.cpl                  Sun Microsystems, Inc.
main.cpl                      Microsoft Corporation
mmsys.cpl                     Microsoft Corporation
ncpa.cpl                      Microsoft Corporation
netsetup.cpl                  Microsoft Corporation
nusrmgr.cpl                   Microsoft Corporation
nwc.cpl                       Microsoft Corporation
odbccp32.cpl                  Microsoft Corporation
powercfg.cpl                  Microsoft Corporation
QuickTime.cpl                 Apple Computer, Inc.
sysdm.cpl                     Microsoft Corporation
telephon.cpl                  Microsoft Corporation
timedate.cpl                  Microsoft Corporation
wscui.cpl                     Microsoft Corporation
wuaucpl.cpl                   Microsoft Corporation

2
Tech Clinic / Learning
« on: January 11, 2006, 11:49:37 PM »
Hi I was interested in learning internals of windows OS. I am learning VB.NET. Will this language be useful to learn windows internals? I used to work with DOS internals before and had to give up programming for some time and want to get back in.

Thanks.

3
Software / Wanted to learn
« on: January 11, 2006, 11:40:34 PM »
Hi I wanted to learn the internal workings of windows OS from ground up. Could you suggest a site or books for learning it?

Thanx

4
Tech Clinic / Several problems
« on: January 11, 2006, 11:34:09 PM »
Here is the list. Thanks for your time.



Adobe Acrobat 5.0
Adobe Reader 6.0
AFPL Ghostscript 8.13
AFPL Ghostscript Fonts
C-Media 3D Audio
dotNETToggle
Google Earth
GSview 4.6
HijackThis 1.99.1
hp LaserJet 1010 Series
hp LaserJet 1160/1320 series
HP Software Update
HQuote
Intel® Extreme Graphics Driver
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_05
Learn Microsoft Visual Basic 6.0 Now
LiveUpdate 2.0 (Symantec Corporation)
Macromedia Shockwave Player
MATLAB 6.1
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB886906)
Microsoft .NET Framework 1.1
Microsoft Office XP Professional
Microsoft Visual Basic 6.0 Enterprise Edition
Microsoft Visual Studio .NET Enterprise Architect - English
Microsoft Web Publishing Wizard 1.53
Multimedia Keyboard Driver
Nero - Burning Rom
PivotTable
Post-it® Software Notes Lite
Publicon 1.0
QuickTime
RealPlayer
RTLSetup for Realtek RTL8139/810x Family NIC 3.00
Screensavers Installer
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB912919)
Symantec AntiVirus
The Options Toolbox v5.0
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows SR 2.0
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinJumble
WinZip
Yahoo! Messenger
YETISPORTS Pingu Throw D.C.

5
Tech Clinic / Several problems
« on: January 11, 2006, 11:14:28 PM »
I keep on getting pop ups like "trafficsector", "revenuegateway", "hoowah". My computer has become slow too. I had gone to a site to download cracks for a game and thats when all this happened. When I try to shut down I see a program called Doggie which cannot be shut down. I admit I tried to delete some things from the hijack this scan.

My old log is below and I have highlighted what I deleted. I have included my new log after that.

Logfile of HijackThis v1.99.1
Scan saved at 10:24:28 AM, on 10/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\MATLAB6p1\webserver\bin\win32\matlabserver.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
D:\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\ngpw40.exe
D:\Visual studio\Common7\IDE\devenv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
E:\Neville Andrade\HijackThis.exe
C:\WINDOWS\system32\hpbpro.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: metaspinner media GmbH - {12FC9A49-CFE0-49AA-BE9E-8F4EEAFC9443} - C:\PROGRA~1\YETISP~1\IEBUTT~1.DLL
O2 - BHO: ngsh35.clsIS - {279A1B41-6CAC-4ABF-B39C-72C8E489F685} - C:\WINDOWS\system32\ngsh35.dll
O2 - BHO: wb - {55BE9F0D-6CAF-4c3e-B125-5A13A8C9D0EC} - C:\WINDOWS\system32\nsi16.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7D9CB362-375B-4FB9-8024-E55079CC69D1}" - (no file)
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
O2 - BHO: IRiras Class - {95C60327-8E17-44D6-98EB-7EB70CC606DD} - C:\WINDOWS\system32\iraskxgk.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
[color=\"#FF0000\"]O4 - HKLM\..\Run: [searchbar] C:\WINDOWS\system32\vnmispoisn_downloader.exe[/color]
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
[color=\"#FF0000\"]O4 - HKLM\..\Run: [elitemedia] C:\WINDOWS\elitemediapop.exe[/color]
[color=\"#FF0000\"]O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\owwqpi.exe reg_run[/color]
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\qwinrsap.exe FI002
[color=\"#FF0000\"]O4 - HKLM\..\Run: [sms_msn40] C:\WINDOWS\system32\sms_msn40.exe
O4 - HKLM\..\Run: [sms_msn] C:\WINDOWS\system32\sms_msn.exe[/color]
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [irassync] C:\WINDOWS\system32\irasyncd.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\qwinrsap.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - C:\WINDOWS\system32\wuauclt.dll
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - C:\WINDOWS\system32\wuauclt.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
[color=\"#FF0000\"]O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)[/color]
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15  Trusted Zone a hrefhttpawbetanetnucleuscom target_blank relnofollowhttpawbetanetnucleuscoma HKLM
color\">
O17 - HKLM\System\CCS\Services\Tcpip\..\{85F790C2-58D1-470C-B292-08624967206B}: NameServer = 202.149.208.92,202.149.208.11
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
[color=\"#FF0000\"]O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\system32\angelex.exe (file missing)[/color]
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p1\webserver\bin\win32\matlabserver.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe



My New Scan
--------------

Logfile of HijackThis v1.99.1
Scan saved at 9:22:45 AM, on 12/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
D:\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\MATLAB6p1\webserver\bin\win32\matlabserver.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\Neville Andrade\HJT\HijackThis.exe
C:\WINDOWS\system32\hpbpro.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: metaspinner media GmbH - {12FC9A49-CFE0-49AA-BE9E-8F4EEAFC9443} - C:\PROGRA~1\YETISP~1\IEBUTT~1.DLL
O2 - BHO: ngsh35.clsIS - {279A1B41-6CAC-4ABF-B39C-72C8E489F685} - C:\WINDOWS\system32\ngsh35.dll
O2 - BHO: wb - {55BE9F0D-6CAF-4c3e-B125-5A13A8C9D0EC} - C:\WINDOWS\system32\nsf4.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7D9CB362-375B-4FB9-8024-E55079CC69D1}" - (no file)
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
O2 - BHO: IRiras Class - {95C60327-8E17-44D6-98EB-7EB70CC606DD} - C:\WINDOWS\system32\iraskxgk.dll
O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - C:\WINDOWS\system32\nsr5.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\qwinrsap.exe FI002
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [irassync] C:\WINDOWS\system32\irasyncd.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\qwinrsap.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - C:\WINDOWS\system32\wuauclt.dll
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - C:\WINDOWS\system32\wuauclt.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{85F790C2-58D1-470C-B292-08624967206B}: NameServer = 202.149.208.92,202.149.208.11
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p1\webserver\bin\win32\matlabserver.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

6
Software / please help me remove casinopalazzo
« on: June 17, 2004, 11:16:37 PM »
Hey guess what I found out. When on the net there happens to be a lot of disk activity and then the internet just zaps. I noticed a file called ajjm.dat loaded into memory. I find this file and read its contents. It gives me some horse [censored], but the real treasure is at the end of the file which has terms like settimer and ShellExecuteA . "Settimer 60 internet" code can be used to shut down internet wthin 60 seconds. For the life of me I don't know though how it came into my system though. But I managed to get rid of it by deleting the TEMP directory under my local settings(hidden) folder.

bye.

Pages: [1]