Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - owen

Pages: [1]

Tech Clinic / about blank aswell

« on: March 30, 2005, 07:08:12 PM »

hi questelo
i've done what you asked in your last post and it seems to have sorted out my problem. i couldn't delete the file
C:\WINNIT\system32\ijbl.dll
when i found it the computer said it was in use. but the rest of the instructions seem to have fixed it. here are the hijackthis, spehjfix111 and startdreck logs any way.
please tell me if anything still looks amiss to you.
thank you very much for all your help.
owen

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' />

Logfile of HijackThis v1.99.1
Scan saved at 01:03:08, on 31/03/2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
C:\WINNT\System32\CTsvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv50.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\AVENGINE.EXE
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\devldr32.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\WINNT\System32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb01.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\PikaOne Software\FlyCASE\PikaBackup.exe
C:\WINNT\System32\rundll32.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\pavProxy.exe
C:\Documents and Settings\Any User.ANY-0C83B2LVGI6\Desktop\nina\hijackthis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb01.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - Startup: Pika Backup.lnk = C:\Program Files\PikaOne Software\FlyCASE\PikaBackup.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv50.exe

(3/31/05 00:50:38) SPSeHjFix started v1.1.1
(3/31/05 00:50:38) OS: Win2000 (5.0.2195)
(3/31/05 00:50:38) Language: english
(3/31/05 00:50:45) Disinfection started
(3/31/05 00:50:45) Bad-Dll(IEP): c:\docume~1\anyuse~1.any\locals~1\temp\se.dll
(3/31/05 00:50:45) Searchassistant Uninstaller found: regsvr32 /s /u C:\WINNT\System32\ijbl.dll
(3/31/05 00:50:45) Searchassistant Uninstaller - Keys Deleted
(3/31/05 00:50:45) FilterKey: HKCR\text/html (deleted)
(3/31/05 00:50:45) FilterKey: HKCR\CLSID\{860D3C78-6CCA-4CB4-969A-9FD87EC6DD5B} (deleted)
(3/31/05 00:50:45) FilterKey: HKLM\SOFTWARE\Classes\text/html (error while deleting)
(3/31/05 00:50:45) FilterKey: HKCR\text/plain (deleted)
(3/31/05 00:50:45) FilterKey: HKCR\CLSID\{860D3C78-6CCA-4CB4-969A-9FD87EC6DD5B} (error while deleting)
(3/31/05 00:50:45) FilterKey: HKLM\SOFTWARE\Classes\text/plain (error while deleting)
(3/31/05 00:50:45) BHO-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AC3AA9C6-B511-4936-9EF6-35C83DC820C0} (deleted)
(3/31/05 00:50:45) BHO-Key: HKCR\CLSID\{AC3AA9C6-B511-4936-9EF6-35C83DC820C0} (deleted)
(3/31/05 00:50:45) UBF: 6
(3/31/05 00:50:45) UBB: 2
(3/31/05 00:50:45) UBR: 12
(3/31/05 00:50:45) Run-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sp=rundll32 C:\DOCUME~1\ANYUSE~1.ANY\LOCALS~1\Temp\se.dll,DllInstall (deleted)
(3/31/05 00:50:45) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\docume~1\anyuse~1.any\locals~1\temp\se.dll/spage.html
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\docume~1\anyuse~1.any\locals~1\temp\se.dll/spage.html
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
(3/31/05 00:50:45) Stealth-String not found
(3/31/05 00:50:45) Temp-Files delete on Reboot
(3/31/05 00:50:45) File added to delete: c:\winnt\system32\ijbl.dll
(3/31/05 00:50:45) File added to delete: c:\docume~1\anyuse~1.any\locals~1\temp\se.dll
(3/31/05 00:50:45) File added to delete: c:\docume~1\anyuse~1.any\locals~1\temp\~df5db1.tmp
(3/31/05 00:50:45) Reboot

(3/31/05 00:54:33) SPSeHjFix started v1.1.1
(3/31/05 00:54:33) OS: Win2000 (5.0.2195)
(3/31/05 00:54:33) Language: english
(3/31/05 00:55:20) Disinfection started
(3/31/05 00:55:20) Bad-Dll(IEP): (not found)
(3/31/05 00:55:20) Bad-Dll(IEP) in BHO: (not found)
(3/31/05 00:55:20) UBF: 4
(3/31/05 00:55:20) UBB: 1
(3/31/05 00:55:20) UBR: 12
(3/31/05 00:55:20) Run-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sp=rundll32 C:\DOCUME~1\ANYUSE~1.ANY\LOCALS~1\Temp\se.dll,DllInstall (deleted)
(3/31/05 00:55:20) Bad IE-pages: (none)
(3/31/05 00:55:20) Stealth-String not found
(3/31/05 00:55:20) Temp-Files delete on Reboot
(3/31/05 00:55:20) File added to delete: c:\docume~1\anyuse~1.any\locals~1\temp\se.dll
(3/31/05 00:55:20) File added to delete: c:\docume~1\anyuse~1.any\locals~1\temp\~dfd30c.tmp
(3/31/05 00:55:20) Reboot

(3/31/05 01:03:41) SPSeHjFix started v1.1.1
(3/31/05 01:03:41) OS: Win2000 (5.0.2195)
(3/31/05 01:03:41) Language: english
(3/31/05 01:03:50) Disinfection started
(3/31/05 01:03:50) Bad-Dll(IEP): (not found)
(3/31/05 01:03:50) Bad-Dll(IEP) in BHO: (not found)
(3/31/05 01:03:50) UBF: 4
(3/31/05 01:03:50) UBB: 1
(3/31/05 01:03:50) UBR: 10
(3/31/05 01:03:50) Bad IE-pages: (none)
(3/31/05 01:03:50) Stealth-String not found
(3/31/05 01:03:50) Not infected->END

StartDreck (build 2.1.7 public stable) - 2005-03-31 @ 01:04:43 (GMT +01:00)
Platform: Windows 2000 (Win NT 5.0.2195 )
Internet Explorer: 5.00.2920.0000
Logged in as Any User at ANY-0C83B2LVGI6

»Registry
»Run Keys
»Current User
»Run
+nView
*NVIEW=rundll32.exe nview.dll,nViewLoadHook
»RunOnce
»Default User
»Run
»RunOnce
*^SetupICWDesktop=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop
»Local Machine
»Run
*Synchronization Manager=mobsync.exe /logon
*NvCplDaemon=RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
*NeroCheck=C:\WINNT\System32\NeroCheck.exe
*TkBellExe="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
*Speed racer=C:\Program Files\Creative\PlayCenter\CTSRReg.exe
*QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
*AudioHQ=C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
*HPDJ Taskbar Utility=C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb01.exe
*InCD=C:\Program Files\ahead\InCD\InCD.exe
*APVXDWIN="C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s
*nwiz=nwiz.exe /install
+OptionalComponents
+MSFS
*Installed=1
+MAPI
*NoChange=1
*Installed=1
+MAPI
*NoChange=1
*Installed=1
»RunOnce
»RunServices
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»File Associations (CR)
+.bat
*batfile="%1" %*
+.com
*comfile="%1" %*
+.disabled
*SpybotSD.DisabledFile="C:\Program Files\Spybot - Search & Destroy\blindman.exe" "%1"
+.exe
*exefile="%1" %*
+.hta
*htafile=C:\WINNT\System32\mshta.exe "%1" %*
+.htm
*htmlfile="C:\Program Files\Internet Explorer\iexplore.exe" -nohome
+.html
*htmlfile="C:\Program Files\Internet Explorer\iexplore.exe" -nohome
+.js
*JSFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.jse
*JSEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.pif
*piffile="%1" %*
+.reg
*regfile=regedit.exe "%1"
+.scr
*scrfile="%1" /S
+.txt
*txtfile=%SystemRoot%\system32\NOTEPAD.EXE %1
+.vbs
*VBSFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.vbe
*VBEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsh
*WSHFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsf
*WSFFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.lnk
`lnkfile= [key or value does not exist]
»Browser Helper Objects (LM)
*AcroIEHelper.AcroIEHlprObj.1/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
`InprocServer32=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
*{53707962-6F74-2D53-2644-206D7942484F}
`InprocServer32=C:\PROGRA~1\SPYBOT~1\SDHelper.dll
»Files
»Autostart Folders
»Current User
*C:\Documents and Settings\Any User.ANY-0C83B2LVGI6\Start Menu\Programs\Startup\Pika Backup.lnk
»Default User
»Local Machine
*C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup\Acrobat Assistant.lnk
*C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
»INI-Files
»WIN.INI\[windows]
*LOAD=
*RUN=
»SYSTEM.INI\[boot]
*SHELL=Explorer.exe
»Text Files
*C:\boot.ini
*C:\msdos.sys
*C:\config.sys
*C:\WINNT\System32\config.nt
*C:\autoexec.bat
*C:\WINNT\System32\autoexec.nt
*C:\WINNT\System32\drivers\etc\hosts
»System/Drivers
»Running Processes
+0=<idle>
+8=<system>
+148=\SystemRoot\System32\smss.exe
+172=\??\C:\WINNT\system32\csrss.exe
+168=\??\C:\WINNT\system32\winlogon.exe
+220=C:\WINNT\system32\services.exe
+232=C:\WINNT\system32\lsass.exe
+496=C:\WINNT\system32\svchost.exe
+520=C:\WINNT\system32\spoolsv.exe
+572=C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
+588=C:\WINNT\System32\CTsvcCDA.exe
+604=C:\WINNT\System32\svchost.exe
+640=C:\WINNT\System32\nvsvc32.exe
+656=C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv50.exe
+120=C:\WINNT\system32\regsvc.exe
+716=C:\Program Files\Panda Software\Panda Antivirus Titanium\AVENGINE.EXE
+740=C:\WINNT\system32\MSTask.exe
+772=C:\WINNT\system32\stisvc.exe
+808=C:\WINNT\System32\WBEM\WinMgmt.exe
+1004=C:\WINNT\Explorer.exe
+1160=C:\WINNT\System32\devldr32.exe
+1208=C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
+1132=C:\WINNT\System32\RUNDLL32.EXE
+1268=C:\Program Files\Common Files\Real\Update_OB\realsched.exe
+1308=C:\Program Files\QuickTime\qttask.exe
+1328=C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb01.exe
+1372=C:\Program Files\ahead\InCD\InCD.exe
+1388=C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE
+1416=C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
+684=C:\Program Files\PikaOne Software\FlyCASE\PikaBackup.exe
+1396=C:\WINNT\System32\rundll32.exe
+900=C:\Program Files\Panda Software\Panda Antivirus Titanium\pavProxy.exe
+1340=C:\WINNT\system32\NOTEPAD.EXE
+620=C:\WINNT\system32\NOTEPAD.EXE
+260=C:\Documents and Settings\Any User.ANY-0C83B2LVGI6\Desktop\nina\startdreck\StartDreck.exe
»NT Services
*Alerter   Alerter   -   on demand
*Application Management   AppMgmt   -   on demand
*Computer Browser   Browser   running   auto
*C-DillaSrv   C-DillaSrv   running   auto
*Indexing Service   cisvc   -   on demand
*ClipBook   ClipSrv   -   on demand
*Creative Service for CDROM Access   Creative Service for   running   auto
*DHCP Client   Dhcp   running   auto
*Logical Disk Manager Administrative Service   dmadmin   -   on demand
*Logical Disk Manager   dmserver   running   auto
*DNS Client   Dnscache   running   auto
*Event Log   Eventlog   running   auto
*COM+ Event System   EventSystem   running   on demand
*Fax Service   Fax   -   on demand
*Server   lanmanserver   running   auto
*Workstation   lanmanworkstation   running   auto
*TCP/IP NetBIOS Helper Service   LmHosts   running   auto
*Messenger   Messenger   running   auto
*NetMeeting Remote Desktop Sharing   mnmsrvc   -   on demand
*Distributed Transaction Coordinator   MSDTC   -   on demand
*Windows Installer   MSIServer   -   on demand
*Network DDE   NetDDE   -   on demand
*Network DDE DSDM   NetDDEdsdm   -   on demand
*Net Logon   Netlogon   -   on demand
*Network Connections   Netman   running   on demand
*NT LM Security Support Provider   NtLmSsp   -   on demand
*Removable Storage   NtmsSvc   running   auto
*NVIDIA Driver Helper Service   NVSvc   running   auto
*Panda anti-virus service   PAVSRV   running   auto
*Plug and Play   PlugPlay   running   auto
*IPSEC Policy Agent   PolicyAgent   running   auto
*Protected Storage   ProtectedStorage   running   auto
*Remote Access Auto Connection Manager   RasAuto   -   on demand
*Remote Access Connection Manager   RasMan   running   on demand
*Routing and Remote Access   RemoteAccess   -   disabled
*Remote Registry Service   RemoteRegistry   running   auto
*Remote Procedure Call (RPC) Locator   RpcLocator   -   on demand
*Remote Procedure Call (RPC)   RpcSs   running   auto
*QoS RSVP   RSVP   -   on demand
*Security Accounts Manager   SamSs   running   auto
*Smart Card Helper   SCardDrv   -   on demand
*Smart Card   SCardSvr   -   on demand
*Task Scheduler   Schedule   running   auto
*RunAs Service   seclogon   running   auto
*System Event Notification   SENS   running   auto
*Internet Connection Sharing   SharedAccess   -   on demand
*Print Spooler   Spooler   running   auto
*Still Image Service   StiSvc   running   auto
*Performance Logs and Alerts   SysmonLog   -   on demand
*Telephony   TapiSrv   running   on demand
*Telnet   TlntSvr   -   on demand
*Distributed Link Tracking Client   TrkWks   running   auto
*Uninterruptible Power Supply   UPS   -   on demand
*Utility Manager   UtilMan   -   on demand
*Windows Time   W32Time   -   on demand
*Windows Management Instrumentation   WinMgmt   running   auto
*Windows Management Instrumentation Driver Exten   Wmi   running   on demand
`sions
»Application specific

Tech Clinic / about blank aswell

« on: March 29, 2005, 11:51:39 AM »

hello again
i ran dll compare looking for *.* rather than just *.dll and a few popped up and i rescanned them all. i don't know if you wanted this but here is the log anyway.
regards
owen

* DLLCompare Log version(1.0.0.127)
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________

C:\WINNT\SYSTEM32\cdi5t.drv Tue 16 Apr 2002 11:27:54 A.SH. 5 0.00 K
C:\WINNT\SYSTEM32\desktop.ini Sun 15 Aug 2004 14:04:40 ...H. 271 0.26 K
C:\WINNT\SYSTEM32\folder.htt Sun 15 Aug 2004 14:04:40 ...H. 21,692 21.18 K
________________________________________________

1,981 items found: 1,949 files (4 H/S), 32 directories (2 H/S).
Total of file sizes: 306,911,865 bytes 292.69 M

Administrator Account = True

AppInit_DLLs value = NVDESK32.DLL (not hidden)
--------------------End log---------------------

Tech Clinic / about blank aswell

« on: March 29, 2005, 11:42:52 AM »

hello questolo
this is the startdreck log and the dllcompare log
thanks again
owen

StartDreck (build 2.1.7 public stable) - 2005-03-29 @ 17:43:27 (GMT +01:00)
Platform: Windows 2000 (Win NT 5.0.2195 )
Internet Explorer: 5.00.2920.0000
Logged in as Any User at ANY-0C83B2LVGI6

»Registry
»Run Keys
»Current User
»Run
+nView
*NVIEW=rundll32.exe nview.dll,nViewLoadHook
»RunOnce
»Default User
»Run
»RunOnce
*^SetupICWDesktop=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop
»Local Machine
»Run
*sp=rundll32 C:\DOCUME~1\ANYUSE~1.ANY\LOCALS~1\Temp\se.dll,DllInstall
*Synchronization Manager=mobsync.exe /logon
*NvCplDaemon=RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
*NeroCheck=C:\WINNT\System32\NeroCheck.exe
*TkBellExe="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
*Speed racer=C:\Program Files\Creative\PlayCenter\CTSRReg.exe
*QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
*AudioHQ=C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
*HPDJ Taskbar Utility=C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb01.exe
*InCD=C:\Program Files\ahead\InCD\InCD.exe
*APVXDWIN="C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s
*UpdReg=C:\WINNT\Updreg.exe
*nwiz=nwiz.exe /install
+OptionalComponents
+MSFS
*Installed=1
+MAPI
*NoChange=1
*Installed=1
+MAPI
*NoChange=1
*Installed=1
»RunOnce
»RunServices
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»Browser Helper Objects (LM)
*AcroIEHelper.AcroIEHlprObj.1/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
`InprocServer32=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
*{4BB01396-218E-4E73-B874-649AA011B0AF}
`InprocServer32=C:\WINNT\System32\ijbl.dll
*{53707962-6F74-2D53-2644-206D7942484F}
`InprocServer32=C:\PROGRA~1\SPYBOT~1\SDHelper.dll
*{8D0506AB-8CB3-4631-A7EC-7CAC99C31AA5}
`InprocServer32=C:\WINNT\System32\ijbl.dll
*{9B8C9419-C1CA-488D-8FD6-7F264078BF57}
`InprocServer32=C:\WINNT\System32\ijbl.dll
*{F1241467-FAA5-424B-B76F-87861125EA45}
`InprocServer32=C:\WINNT\System32\ijbl.dll
»Files
»System/Drivers
»Running Processes
+0=<idle>
+8=<system>
+144=\SystemRoot\System32\smss.exe
+172=\??\C:\WINNT\system32\csrss.exe
+192=\??\C:\WINNT\system32\winlogon.exe
+220=C:\WINNT\system32\services.exe
+232=C:\WINNT\system32\lsass.exe
+488=C:\WINNT\system32\svchost.exe
+524=C:\WINNT\system32\spoolsv.exe
+568=C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
+584=C:\WINNT\System32\CTsvcCDA.exe
+600=C:\WINNT\System32\svchost.exe
+636=C:\WINNT\System32\nvsvc32.exe
+652=C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv50.exe
+712=C:\WINNT\system32\regsvc.exe
+696=C:\Program Files\Panda Software\Panda Antivirus Titanium\AVENGINE.EXE
+700=C:\WINNT\system32\MSTask.exe
+788=C:\WINNT\system32\stisvc.exe
+844=C:\WINNT\System32\WBEM\WinMgmt.exe
+1188=C:\WINNT\Explorer.exe
+1248=C:\WINNT\System32\rundll32.exe
+908=C:\WINNT\System32\devldr32.exe
+1204=C:\WINNT\System32\rundll32.exe
+1288=C:\Program Files\Internet Explorer\iexplore.exe
+1148=C:\Documents and Settings\Any User.ANY-0C83B2LVGI6\Desktop\nina\startdreck\StartDreck.exe
»Application specific

* DLLCompare Log version(1.0.0.127)
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________

O^E says: "There were no files found

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />"
________________________________________________

1,222 items found: 1,222 files, 0 directories.
Total of file sizes: 218,905,819 bytes 208.76 M

Administrator Account = True

AppInit_DLLs value = NVDESK32.DLL (not hidden)
--------------------End log---------------------

Tech Clinic / about blank aswell

« on: March 28, 2005, 01:33:29 PM »

hi guestelo
i've registered now and here is my log file. i thought i might have deleted some things i shouldn't have using hi jackthis so i restored all the backups just before creating this log.
thanks for looking
regards owen

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

Logfile of HijackThis v1.99.1
Scan saved at 19:38:14, on 28/03/2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
C:\WINNT\System32\CTsvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv50.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\AVENGINE.EXE
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\rundll32.exe
C:\WINNT\System32\devldr32.exe
C:\WINNT\System32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Any User.ANY-0C83B2LVGI6\Desktop\nina\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ANYUSE~1.ANY\LOCALS~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ANYUSE~1.ANY\LOCALS~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4BB01396-218E-4E73-B874-649AA011B0AF} - C:\WINNT\System32\ijbl.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8D0506AB-8CB3-4631-A7EC-7CAC99C31AA5} - C:\WINNT\System32\ijbl.dll
O2 - BHO: (no name) - {9B8C9419-C1CA-488D-8FD6-7F264078BF57} - C:\WINNT\System32\ijbl.dll
O2 - BHO: (no name) - {F1241467-FAA5-424B-B76F-87861125EA45} - C:\WINNT\System32\ijbl.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\ANYUSE~1.ANY\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb01.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - Startup: Pika Backup.lnk = C:\Program Files\PikaOne Software\FlyCASE\PikaBackup.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O18 - Filter: text/html - {4EA73DF3-08C5-418F-A152-7D32753D40D8} - C:\WINNT\System32\ijbl.dll
O18 - Filter: text/plain - {4EA73DF3-08C5-418F-A152-7D32753D40D8} - C:\WINNT\System32\ijbl.dll
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv50.exe

Pages: [1]

TheTechGuide Forum

News:

Show Posts

Messages - owen

Tech Clinic / about blank aswell

Tech Clinic / about blank aswell

Tech Clinic / about blank aswell

Tech Clinic / about blank aswell