Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - boogieonrw

Pages: [1] 2 3 4
1
Tech Clinic / Quest-
« on: February 27, 2005, 07:40:31 PM »
hey dude- u got anything for me?
i like the fact we're almost in remission but i want to beat this thing

let me know- shoot me an email, i have been busy so i may not be on messanger too much

2
Tech Clinic / Quest-
« on: February 24, 2005, 10:01:33 AM »
any new news?

3
Tech Clinic / Quest-
« on: February 21, 2005, 12:42:33 AM »
hey, i'm back whenever you're ready to rock

4
Tech Clinic / Quest-
« on: February 20, 2005, 04:18:56 PM »
hey, sorry

i had an unexpected business emergency that had to be attended to and wasn't near a computer for a few days

the upload you posted has i guess timed out or something

so whenever you're ready, i will  be around as well

jordan

5
Tech Clinic / SOS!
« on: February 14, 2005, 05:56:03 PM »
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
================================================

After Chat

EDITING to add in results
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\HJT\HijackThis.exe
 
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NOD32 Kernel Service - Unknown - C:\Program Files\Eset\nod32krn.exe

=====================================================

Log for VX2.BetterInternet File Finder (msg126)

Files Found---

Additional Files---

Keys Under Notify---
crypt32chain
cryptnet
cscdll
ScCertProp
Schedule
sclgntfy
SensLogn
termsrv
wlballoon


Guardian Key--- is called:

User Agent String---

===================================================

Locking this thread up, Boogie, I'll talk to you on chat if you need any further assistance,
Take care  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />

6
Tech Clinic / SOS!
« on: February 14, 2005, 05:52:05 PM »
Log for VX2.BetterInternet File Finder (msg126)

Files Found---
 
Additional Files---
 
Keys Under Notify---


Guardian Key--- is called:
Asynchronous 000
DllName
Impersonate 000
Logon WinLogon
Logoff WinLogoff
Shutdown WinShutdown

User Agent String---
{D2AD9633-36F1-4338-AA11-469CA091B890}

7
Tech Clinic / SOS!
« on: February 14, 2005, 05:51:00 PM »
*    DLLCompare Log version(1.0.0.127)
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________

C:\WINDOWS\SYSTEM32\k644lg~1.dll   Fri Feb  4 2005   1:45:12a  ..S.R        229,736   224.35 K
________________________________________________

1,280 items found:  1,280 files (1 H/S), 0 directories.
Total of file sizes:  238,131,335 bytes    227.10 M

Administrator Account =  True

--------------------End log---------------------

8
Tech Clinic / SOS!
« on: February 14, 2005, 02:05:54 PM »
that's most everything besides the 2 command prompt text files that just won't work

9
Tech Clinic / SOS!
« on: February 14, 2005, 02:04:40 PM »
File C:\WINDOWS\System32\306203.exe infected by "Trojan.Win32.Zapchast" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\lvno0953e.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\o884lilq18qe.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\Process.exe tagged as not-a-virus:RiskWare.Tool.Processor.20. No Action Taken.
File C:\!Submit\304390.exe infected by "Trojan-Clicker.Win32.Small.dm" Virus. Action Taken: No Action Taken.
File C:\!Submit\311375.exe infected by "Trojan-Clicker.Win32.Small.dm" Virus. Action Taken: No Action Taken.
File C:\!Submit\aim95.exe infected by "not-a-virus:AdWare.MiniBug" Virus. Action Taken: No Action Taken.
File C:\!Submit\arkanoid.exe infected by "not-a-virus:AdWare.WinShow.f" Virus. Action Taken: No Action Taken.
File C:\!Submit\dfe.exe infected by "Trojan.Win32.LowZones.ac" Virus. Action Taken: No Action Taken.
File C:\!Submit\eree.exe infected by "Trojan-Clicker.Win32.Agent.bn" Virus. Action Taken: No Action Taken.
File C:\!Submit\ewhtt.exe infected by "not-a-virus:AdWare.ToolBar.ISearch.d" Virus. Action Taken: No Action Taken.
File C:\!Submit\fgrr.exe infected by "Trojan-Dropper.Win32.Small.sa" Virus. Action Taken: No Action Taken.
File C:\!Submit\htt.exe infected by "not-a-virus:AdWare.ToolBar.ISearch.d" Virus. Action Taken: No Action Taken.
File C:\!Submit\iwdwin.dll infected by "not-a-virus:AdWare.PurityScan.ak" Virus. Action Taken: No Action Taken.
File C:\!Submit\js[1].htm infected by "Exploit.HTML.CodeBaseExec" Virus. Action Taken: No Action Taken.
File C:\!Submit\js[2].htm infected by "Exploit.HTML.CodeBaseExec" Virus. Action Taken: No Action Taken.
File C:\!Submit\KVIF_7.dll infected by "Trojan-Downloader.Win32.Keenval.e" Virus. Action Taken: No Action Taken.
File C:\!Submit\mac80ex.idf infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File C:\!Submit\MiniBugTransporter.dll infected by "not-a-virus:AdWare.MiniBug" Virus. Action Taken: No Action Taken.
File C:\!Submit\mqexdlm.srg infected by "not-a-virus:AdWare.ToolBar.Exact" Virus. Action Taken: No Action Taken.
File C:\!Submit\MY2NS.EXE infected by "not-a-virus:AdWare.Toolbar.MyWay.b" Virus. Action Taken: No Action Taken.
File C:\!Submit\MYBAR.DLL infected by "not-a-virus:AdWare.ToolBar.MyWay.g" Virus. Action Taken: No Action Taken.
File C:\!Submit\NDNuninstall6_22.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\!Submit\netut80ex.vxd infected by "not-a-virus:AdWare.ToolBar.Exact" Virus. Action Taken: No Action Taken.
File C:\!Submit\SHAgentNew.dll infected by "not-a-virus:AdWare.Sahat.g" Virus. Action Taken: No Action Taken.
File C:\!Submit\SSK_B5.EXE infected by "Trojan-Dropper.Win32.SurfSide.a" Virus. Action Taken: No Action Taken.
File C:\!Submit\WinSuck.dll infected by "Trojan-Clicker.Win32.Agent.ca" Virus. Action Taken: No Action Taken.
File C:\!Submit\woinstall.exe infected by "not-a-virus:AdWare.EZula.ak" Virus. Action Taken: No Action Taken.
File C:\!Submit\Xcite2.exe infected by "not-a-virus:AdWare.F1Organizer.m" Virus. Action Taken: No Action Taken.
File C:\!Submit\ysb_prompt[1].php infected by "Exploit.HTML.CodeBaseExec" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\AOL Downloads\setup90\comp01.000 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy2.zip infected by "Password-protected-EXE" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy5.zip infected by "Password-protected-EXE" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\jordan\Application Data\Mozilla\Firefox\Profiles\s18mqwrz.default\Cache\35897D89d01 tagged as not-a-virus:RiskWare.Tool.Processor.20. No Action Taken.
File C:\Documents and Settings\jordan\Desktop\l2mfix\Process.exe tagged as not-a-virus:RiskWare.Tool.Processor.20. No Action Taken.
File C:\Documents and Settings\jordan\Desktop\l2mfix.exe tagged as not-a-virus:RiskWare.Tool.Processor.20. No Action Taken.
File C:\HJT\backups\backup-20050207-220637-306.dll infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken.
File C:\HJT\backups\backup-20050207-220637-433.dll infected by "not-a-virus:AdWare.MediaTickets.f" Virus. Action Taken: No Action Taken.
File C:\HJT\backups\backup-20050207-220637-968.dll infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken.
File C:\HJT\backups\backup-20050208-104237-313.dll infected by "not-a-virus:AdWare.MediaTickets.f" Virus. Action Taken: No Action Taken.
File C:\HJT\backups\backup-20050208-104237-432.dll infected by "not-a-virus:AdWare.BiSpy.t" Virus. Action Taken: No Action Taken.
File C:\HJT\backups\backup-20050208-104237-918.dll infected by "not-a-virus:AdWare.PurityScan.ak" Virus. Action Taken: No Action Taken.
File C:\HJT\backups\backup-20050208-143714-587.dll infected by "Trojan-Downloader.Win32.Agent.jm" Virus. Action Taken: No Action Taken.
File C:\HJT\backups\backup-20050208-143714-783.dll infected by "Trojan-Clicker.Win32.Agent.bz" Virus. Action Taken: No Action Taken.
File C:\HJT\backups\backup-20050208-145922-986.dll infected by "Trojan-Downloader.Win32.Agent.jm" Virus. Action Taken: No Action Taken.
File C:\HJT\backups\backup-20050208-225029-174.dll infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken.
File C:\HJT\backups\backup-20050208-225029-354.dll infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken.
File C:\HJT\backups\backup-20050208-225029-922.dll infected by "Trojan-Downloader.Win32.Ieser.a" Virus. Action Taken: No Action Taken.
File C:\HJT\backups\backup-20050209-004902-169.dll infected by "Trojan-Downloader.Win32.Ieser.a" Virus. Action Taken: No Action Taken.
File C:\Program Files\AIM\Sysfiles\WxBug.EXE infected by "not-a-virus:AdWare.MiniBug" Virus. Action Taken: No Action Taken.
File C:\Program Files\ESET\infected\FLPIUOBA.NQF infected by "Trojan-Dropper.Win32.Agent.ch" Virus. Action Taken: No Action Taken.
File C:\Program Files\ESET\infected\RMAD2MAA.NQF infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{AAD76212-7B46-4D6E-8DBC-6E6DCAC51205}\RP1\A0000004.exe tagged as not-a-virus:RiskWare.Tool.Processor.20. No Action Taken.
File C:\WINDOWS\system32\306203.exe infected by "Trojan.Win32.Zapchast" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\lvno0953e.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\o884lilq18qe.dll infected by "not-a-virus:AdWare.Look2Me.u" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\Process.exe tagged as not-a-virus:RiskWare.Tool.Processor.20. No Action Taken.

10
Tech Clinic / SOS!
« on: February 13, 2005, 08:49:57 PM »
i'm doing an updated mwav scan right now

i had to restart every time i tried to use finditnt,

is there a problem with that? u said that i had to run that again since i had to restart the one other time, so where does that leave us?

11
Tech Clinic / SOS!
« on: February 13, 2005, 08:45:51 PM »
find it nt just isnt' working...i've left it for an hour or so a few times today and it just won't open a log

is this one we can do it safe mode?

12
Tech Clinic / SOS!
« on: February 13, 2005, 08:40:40 PM »
Scanned at: 5:13:53 PM   on: 2/12/2005


-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 23

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 23

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!

13
Tech Clinic / SOS!
« on: February 13, 2005, 08:39:25 PM »
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/asinst.dll]
".Owner"="{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}"
"{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/MediaTicketsInstaller.ocx]
".Owner"="{9EB320CE-BE1D-4304-A081-4B4665414BEF}"
"{9EB320CE-BE1D-4304-A081-4B4665414BEF}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.10/v3.dll]
".Owner"="v3cab"
"v3cab"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.11/loader2.ocx]
".Owner"="{79849612-A98F-45B8-95E9-4D13C7B6B35C}"
"{79849612-A98F-45B8-95E9-4D13C7B6B35C}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.12/loader2.ocx]
".Owner"="{79849612-A98F-45B8-95E9-4D13C7B6B35C}"
"{79849612-A98F-45B8-95E9-4D13C7B6B35C}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.13/loader2.ocx]
".Owner"="{79849612-A98F-45B8-95E9-4D13C7B6B35C}"
"{79849612-A98F-45B8-95E9-4D13C7B6B35C}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.14/loader2.ocx]
".Owner"="{79849612-A98F-45B8-95E9-4D13C7B6B35C}"
"{79849612-A98F-45B8-95E9-4D13C7B6B35C}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.15/loader2.ocx]
".Owner"="{79849612-A98F-45B8-95E9-4D13C7B6B35C}"
"{79849612-A98F-45B8-95E9-4D13C7B6B35C}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.16/loader2.ocx]
".Owner"="{79849612-A98F-45B8-95E9-4D13C7B6B35C}"
"{79849612-A98F-45B8-95E9-4D13C7B6B35C}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.17/loader2.ocx]
".Owner"="{79849612-A98F-45B8-95E9-4D13C7B6B35C}"
"{79849612-A98F-45B8-95E9-4D13C7B6B35C}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.5/v3.dll]
".Owner"="v3cab"
"v3cab"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.6/v3.dll]
".Owner"="v3cab"
"v3cab"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.7/v3.dll]
".Owner"="v3cab"
"v3cab"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.8/v3.dll]
".Owner"="v3cab"
"v3cab"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.9/v3.dll]
".Owner"="v3cab"
"v3cab"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaTicketsInstaller.ocx]
".Owner"="{9EB320CE-BE1D-4304-A081-4B4665414BEF}"
"{9EB320CE-BE1D-4304-A081-4B4665414BEF}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/mfc42.dll]
".Owner"="Unknown Owner"
"{9EB320CE-BE1D-4304-A081-4B4665414BEF}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/msvcrt.dll]
".Owner"="Unknown Owner"
"{9EB320CE-BE1D-4304-A081-4B4665414BEF}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/olepro32.dll]
".Owner"="Unknown Owner"
"{9EB320CE-BE1D-4304-A081-4B4665414BEF}"=""

14
Tech Clinic / SOS!
« on: February 13, 2005, 08:18:06 PM »
Logfile of HijackThis v1.99.0
Scan saved at 8:19:26 PM, on 2/13/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = www.msn.com
O2 - BHO: (no name) - {4C6760DC-238D-9383-FB09-D1F471E71804} - (no file)
O2 - BHO: (no name) - {502B8893-05D5-1E4B-D4E1-6F514A11CDB7} - (no file)
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll (file missing)
O2 - BHO: (no name) - {79EF8DE9-C305-C8CC-6B87-1ED452FEAE42} - (no file)
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - (no file)
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NOD32 Kernel Service - Unknown - C:\Program Files\Eset\nod32krn.exe

15
Tech Clinic / SOS!
« on: February 13, 2005, 05:08:19 PM »
i did allow it a while.. i just redownloaded and will do it again

after it completes i will post all logs.... and in the mean time i will be keeping my fingers crossed,

being almost finished, that's awesome! almost a month later, but (slight exaggeration) still

16
Tech Clinic / SOS!
« on: February 13, 2005, 04:03:50 PM »
unfortunately not even find it is working,
the log files just never open...it freezes

i don't know if its a memory issue or what but it still pretends to be working, but isn't


i'll post hijackthis and the reg file after a quick restart

17
Tech Clinic / SOS!
« on: February 12, 2005, 06:40:31 PM »
hey, we seem to be still having a problem with the l2mfix

it isn't opening...if i have to restart my computer, what do i have to do?

18
Tech Clinic / SOS!
« on: February 12, 2005, 05:10:42 PM »
all of the v3.dll's and the ffisearch.exe couldn't be found

also ysbactivex.dll



should i search for every one of the files we replaced or deleted?

19
Tech Clinic / SOS!
« on: February 11, 2005, 09:27:30 PM »
thank you for your help man, you rock

my daughter named the computer, by the way.. haha...



 Volume in drive C has no label.
 Volume Serial Number is 5433-A367

 Directory of C:\WINDOWS\Downloaded Program Files

02/11/2005  10:10 AM    <DIR>          BUILTIN\Administrators .
02/11/2005  10:10 AM    <DIR>          BUILTIN\Administrators ..
01/26/2005  04:03 PM           110,592 POOPYA\jordan          asinst.dll
01/27/2005  09:09 AM               525 POOPYA\jordan          asinst.inf
02/08/2005  10:42 AM    <DIR>          POOPYA\jordan          CONFLICT.1
02/08/2005  10:42 PM    <DIR>          POOPYA\jordan          CONFLICT.10
02/07/2005  05:13 PM    <DIR>          POOPYA\jordan          CONFLICT.11
02/07/2005  05:13 PM    <DIR>          POOPYA\jordan          CONFLICT.12
02/07/2005  06:45 PM    <DIR>          POOPYA\jordan          CONFLICT.13
02/07/2005  06:45 PM    <DIR>          POOPYA\jordan          CONFLICT.14
02/07/2005  09:43 PM    <DIR>          POOPYA\Administrator   CONFLICT.15
02/07/2005  09:43 PM    <DIR>          POOPYA\Administrator   CONFLICT.16
02/07/2005  10:24 PM    <DIR>          POOPYA\Administrator   CONFLICT.17
02/07/2005  02:28 PM    <DIR>          POOPYA\jordan          CONFLICT.2
02/07/2005  03:44 PM    <DIR>          POOPYA\jordan          CONFLICT.3
02/07/2005  05:12 PM    <DIR>          POOPYA\jordan          CONFLICT.4
02/07/2005  06:46 PM    <DIR>          POOPYA\jordan          CONFLICT.5
02/07/2005  09:08 PM    <DIR>          POOPYA\jordan          CONFLICT.6
02/07/2005  10:06 PM    <DIR>          POOPYA\jordan          CONFLICT.7
02/08/2005  10:33 AM    <DIR>          POOPYA\jordan          CONFLICT.8
02/08/2005  10:42 AM    <DIR>          POOPYA\jordan          CONFLICT.9
12/18/2003  12:38 PM                65 BUILTIN\Administrators desktop.ini
10/14/1997  06:52 PM               697 BUILTIN\Administrators DirectAnimation Java Classes.osd
08/24/2004  02:39 PM            59,556 POOPYA\jordan          Doremi.ttf
07/25/2002  03:13 PM            24,576 BUILTIN\Administrators dwusplay.dll
07/25/2002  03:13 PM           196,608 BUILTIN\Administrators dwusplay.exe
03/28/2002  04:05 PM             1,268 POOPYA\jordan          erma.inf
07/12/2000  03:02 AM            36,864 POOPYA\jordan          fxfileop.dll
09/15/2003  06:49 PM               388 POOPYA\ben             imbum.inf
01/20/2003  09:44 AM           176,128 BUILTIN\Administrators isusweb.dll
11/20/2003  12:22 AM               740 POOPYA\jordan          jinstall-1_4_2_03.inf
02/04/2005  01:31 AM            62,616 POOPYA\jordan          loader2.ocx
01/20/2000  02:25 PM             1,162 BUILTIN\Administrators Microsoft XML Parser for Java.osd
11/18/1999  01:49 PM               992 POOPYA\ben             msaudio.inf
12/01/2004  01:30 AM               551 POOPYA\jordan          OSDEB.OSD
10/09/2003  10:32 AM               144 POOPYA\ben             QTPlugin.inf
03/13/2004  08:39 PM         9,807,846 POOPYA\jordan          QuickTimeInstallCache.qdat
05/29/2002  11:12 PM             9,488 POOPYA\ben             sporder.dll
12/08/2003  01:58 PM             3,759 POOPYA\jordan          swflash.inf
04/05/2004  05:21 PM            20,480 POOPYA\ben             UCSearch.ocx
10/31/2001  11:37 AM               118 POOPYA\jordan          uninst.bat
12/01/2004  01:30 AM            13,824 POOPYA\jordan          v3.dll
06/30/2003  10:41 PM             1,689 POOPYA\jordan          WMV9VCM.inf
01/24/2005  01:14 PM            15,872 POOPYA\jordan          YSBactivex.dll
08/17/2004  01:58 PM               227 POOPYA\jordan          ysbactivex.inf
              26 File(s)     10,546,775 bytes
              19 Dir(s)   6,228,783,104 bytes free

20
Tech Clinic / SOS!
« on: February 11, 2005, 09:16:18 PM »
Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

Find.bat is running from: C:\Documents and Settings\jordan\Desktop\Find_It_NT_2K_XP-2\Find It NT-2K-XP

 ------- System Files in System32 Directory -------

 Volume in drive C has no label.
 Volume Serial Number is 5433-A367

 Directory of C:\WINDOWS\System32

02/09/2005  12:43 AM    <DIR>          dllcache
02/07/2005  04:02 PM                 0 kwxle.txt
02/04/2005  01:45 AM           229,736 k644lghq164e.dll
02/04/2005  01:29 AM                 0 d3wq.exe
02/03/2005  02:30 PM            10,824 d3ea.exe
02/01/2005  09:45 AM           413,696 r?gsvr32.exe
02/01/2005  09:42 AM           413,696 m?iexec.exe
01/30/2005  08:39 AM            11,467 msjy32.exe
01/23/2005  09:10 PM            10,824 ntqm.exe
01/23/2005  08:27 PM            29,256 ntod.exe
01/23/2005  07:37 PM            29,256 msyz.exe
01/23/2005  03:41 PM            29,256 netxh32.exe
01/20/2005  08:35 PM            11,550 sdklk.exe
01/20/2005  08:55 AM            10,824 ipxm32.exe
07/20/2004  02:33 PM                71 SYSDRVWC.SYS
12/29/2003  11:39 PM                 0 appxa32.exe
12/29/2003  03:53 AM            10,824 neton.exe
12/28/2003  10:31 PM            10,824 apiwi32.exe
12/18/2003  01:03 PM    <DIR>          Microsoft
              17 File(s)      1,222,104 bytes
               2 Dir(s)   5,989,429,248 bytes free

 ------- Hidden Files in System32 Directory -------

 Volume in drive C has no label.
 Volume Serial Number is 5433-A367

 Directory of C:\WINDOWS\System32

02/09/2005  12:43 AM    <DIR>          dllcache
02/07/2005  04:02 PM                 0 kwxle.txt
02/04/2005  01:29 AM                 0 d3wq.exe
02/03/2005  02:30 PM            10,824 d3ea.exe
02/01/2005  09:45 AM           413,696 r?gsvr32.exe
02/01/2005  09:42 AM           413,696 m?iexec.exe
01/30/2005  08:39 AM            11,467 msjy32.exe
01/23/2005  09:10 PM            10,824 ntqm.exe
01/23/2005  08:27 PM            29,256 ntod.exe
01/23/2005  07:37 PM            29,256 msyz.exe
01/23/2005  03:41 PM            29,256 netxh32.exe
01/20/2005  08:35 PM            11,550 sdklk.exe
01/20/2005  08:55 AM            10,824 ipxm32.exe
07/20/2004  02:33 PM                71 SYSDRVWC.SYS
12/29/2003  11:39 PM                 0 appxa32.exe
12/29/2003  03:53 AM            10,824 neton.exe
12/28/2003  10:31 PM            10,824 apiwi32.exe
12/18/2003  12:38 PM               488 WindowsLogon.manifest
12/18/2003  12:38 PM               488 logonui.exe.manifest
12/18/2003  12:38 PM               749 sapi.cpl.manifest
12/18/2003  12:38 PM               749 cdplayer.exe.manifest
12/18/2003  12:38 PM               749 ncpa.cpl.manifest
12/18/2003  12:38 PM               749 nwc.cpl.manifest
12/18/2003  12:38 PM               749 wuaucpl.cpl.manifest
              23 File(s)        997,089 bytes
               1 Dir(s)   5,989,425,152 bytes free

 ------------ Files Named "Guard" ---------------

 Volume in drive C has no label.
 Volume Serial Number is 5433-A367

 Directory of C:\WINDOWS\System32


 ------ Temp Files in System32 Directory ------

 Volume in drive C has no label.
 Volume Serial Number is 5433-A367

 Directory of C:\WINDOWS\System32


 ------------------ User Agent ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{D2AD9633-36F1-4338-AA11-469CA091B890}"=""


 ------------- Keys Under Notify -------------

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"


 ------------- Locate.com Results -------------

C:\WINDOWS\SYSTEM32\
   d3ea.exe       Thu Feb  3 2005   2:31:00p  A.SH.         10,824    10.57 K
   d3wq.exe       Fri Feb  4 2005   1:29:44a  A.SH.              0     0.00 K
   ipxm32.exe     Thu Jan 20 2005   8:55:58a  A.SH.         10,824    10.57 K
   k644lg~1.dll   Fri Feb  4 2005   1:45:12a  ..S.R        229,736   224.35 K
   kwxle.txt      Mon Feb  7 2005   4:02:12p  A.SH.              0     0.00 K
   msjy32.exe     Sun Jan 30 2005   8:39:30a  A.SH.         11,467    11.20 K
   msyz.exe       Sun Jan 23 2005   7:37:42p  A.SH.         29,256    28.57 K
   miexec~1.exe   Tue Feb  1 2005   9:42:42a  ..SHR        413,696   404.00 K
   netxh32.exe    Sun Jan 23 2005   3:41:36p  A.SH.         29,256    28.57 K
   ntod.exe       Sun Jan 23 2005   8:27:44p  A.SH.         29,256    28.57 K
   ntqm.exe       Sun Jan 23 2005   9:10:40p  A.SH.         10,824    10.57 K
   rgsvr3~1.exe   Tue Feb  1 2005   9:45:40a  ..SHR        413,696   404.00 K
   sdklk.exe      Thu Jan 20 2005   8:35:14p  A.SH.         11,550    11.28 K

13 items found:  13 files, 0 directories.
   Total of file sizes:  1,200,385 bytes      1.14 M

 -------- Strings.exe Qoologic Results --------

C:\WINDOWS\system32\pav.sig: Qoologic
C:\WINDOWS\system32\pav.sig: Qoologic

 --------- Strings.exe Aspack Results ---------

C:\WINDOWS\system32\pav.sig: AsPack

 -------------- HKLM Run Key ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdaptecDirectCD"="\"C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"VSOCheckTask"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcmnhdlr.exe\" /checktask"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Desktop Search"="C:\\WINDOWS\\isrvs\\desktop.exe"
"ffis"="C:\\WINDOWS\\isrvs\\ffisearch.exe"




Pages: [1] 2 3 4