Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - sean32

Pages: [1]

Tech Clinic / Please help with douzy of a virus (logs posted)

« on: May 01, 2005, 09:23:01 PM »

Thank you very much, as it seems your suggested actions has taken care of the aforementioned virus. I will post the mwav virus log first.

File C:\DOCUME~1\SEAN\LOCALS~1\Temp\trgen-yourbrain_277797-default.exe infected by "not-a-virus:AdWare.ToolBar.HotSearchBar.d" Virus. Action Taken: No Action Taken.

File C:\DOCUME~1\SEAN\LOCALS~1\TEMPOR~1\Content.IE5\0TUVWHQV\activ-x[1].htm infected by "Exploit.HTML.CodeBaseExec" Virus. Action Taken: No Action Taken.

File C:\Documents and Settings\FRANK\Local Settings\Temp\temp.fr032D\v2.0.4d\navapp.exe infected by "not-a-virus:AdWare.NavExcel.h" Virus. Action Taken: No Action Taken.

File C:\Documents and Settings\FRANK\Local Settings\Temp\temp.fr032D\v2.0.4d\NHelper.dll infected by "not-a-virus:AdWare.NavExcel.h" Virus. Action Taken: No Action Taken.

File C:\Documents and Settings\FRANK\Local Settings\Temp\temp.fr032D\v2.0.4d\NHUninstaller.exe infected by "not-a-virus:AdWare.NavExcel.h" Virus. Action Taken: No Action Taken.

File C:\Documents and Settings\FRANK\Local Settings\Temp\temp.fr032D\v2.0.4d\NHUpdater.exe infected by "not-a-virus:AdWare.NavExcel.h" Virus. Action Taken: No Action Taken.

File C:\Documents and Settings\FRANK\Local Settings\Temp\temp.fr032D\v2.0.4d\v2.0.4d.cab infected by "not-a-virus:AdWare.NavExcel.h" Virus. Action Taken: No Action Taken.

File C:\Documents and Settings\LAURA\Local Settings\Temp\asmfiles.cab infected by "not-a-virus:AdWare.Altnet.l" Virus. Action Taken: No Action Taken.

File C:\Documents and Settings\SEAN\Local Settings\Temp\trgen-yourbrain_277797-default.exe infected by "not-a-virus:AdWare.ToolBar.HotSearchBar.d" Virus. Action Taken: No Action Taken.

File C:\Documents and Settings\SEAN\Local Settings\Temporary Internet Files\Content.IE5\0TUVWHQV\activ-x[1].htm infected by "Exploit.HTML.CodeBaseExec" Virus. Action Taken: No Action Taken.

File C:\Documents and Settings\SEAN\My Documents\My Apps\mirc616.exe tagged as not-a-virus:RiskWare.mIRC.6.16. No Action Taken.

File C:\Documents and Settings\SEAN\My Documents\My Apps\Sony Soundforge 7.0 + Keygen + Patch Fr + Plugins.rar tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

File C:\Program Files\Alwil Software\Avast4\DATA\chest\00000004 infected by "not-a-virus:AdWare.Gator.a" Virus. Action Taken: No Action Taken.

File C:\Program Files\Alwil Software\Avast4\DATA\chest\00000005 infected by "not-a-virus:AdWare.Gator.a" Virus. Action Taken: No Action Taken.

File C:\Program Files\Alwil Software\Avast4\DATA\chest\00000006 infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File C:\Program Files\Alwil Software\Avast4\DATA\chest\00000007 infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File C:\Program Files\Dell\Media Experience\Extension\WTGames\InstallWT.exe infected by "not-a-virus:AdWare.WinAD" Virus. Action Taken: No Action Taken.

File C:\Program Files\mIRC\mirc.exe tagged as not-a-virus:RiskWare.mIRC.6.16. No Action Taken.

File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP106\A0017370.dll infected by "not-a-virus:AdWare.NavExcel.i" Virus. Action Taken: No Action Taken.

File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP106\A0017371.dll infected by "not-a-virus:AdWare.NavExcel.i" Virus. Action Taken: No Action Taken.

File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP106\A0017372.exe infected by "not-a-virus:AdWare.NavExcel.i" Virus. Action Taken: No Action Taken.

File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP114\A0017965.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP114\A0017966.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP114\A0017967.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP114\A0017968.dll infected by "not-a-virus:AdWare.Gator.3124" Virus. Action Taken: No Action Taken.

File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP114\A0017969.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP114\A0017970.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP114\A0017971.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP114\A0017972.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP114\A0017973.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP114\A0017974.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP114\A0017975.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP114\A0017982.dll infected by "not-a-virus:AdWare.ToolBar.EliteBar.af" Virus. Action Taken: No Action Taken.

File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP114\A0017997.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken.

File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP114\A0017998.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken.

File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0018006.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0018007.dll infected by "not-a-virus:AdWare.Gator.5017" Virus. Action Taken: No Action Taken.

File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0018008.exe infected by "not-a-virus:AdWare.Gator.6034" Virus. Action Taken: No Action Taken.

File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0018009.exe infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0018010.exe infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0018047.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0018048.DLL infected by "not-a-virus:AdWare.ToolBar.MyWay.f" Virus. Action Taken: No Action Taken.

File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0018049.EXE infected by "not-a-virus:AdWare.Toolbar.MyWay.b" Virus. Action Taken: No Action Taken.

File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0018050.DLL infected by "not-a-virus:AdWare.ToolBar.MyWay.g" Virus. Action Taken: No Action Taken.

File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP116\A0018995.dll infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken.

File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP116\A0018996.dll infected by "not-a-virus:AdWare.ToolBar.HotSearchBar.d" Virus. Action Taken: No Action Taken.

Here is the hijackthis log file

Logfile of HijackThis v1.99.1
Scan saved at 10:18:58 PM, on 5/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\SYSTEM32\NOTEPAD.EXE
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .m4a: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akamaitools.com.edgesuite....loadManager.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1100749368071
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

Thanks again for the help, and I hope this helps you.

Tech Clinic / Please help with douzy of a virus (logs posted)

« on: May 01, 2005, 04:10:12 PM »

Thank you so much for your help guestolo. mouseutils.exe sounds like the virus file to me. Avast! didn't detect it as one, but jotti's did, here are the results...

File: mouseutils.exe
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 da1da38f604a60a769dbc3830e87fa1d
Packers detected: PE_PATCH
Scanner results
AntiVir Found Worm/Bropia.J
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
mks_vir Found Win32.4 (probable variant)
NOD32 Found nothing
Norman Virus Control Found nothing
VBA32 Found nothing

So can I just manually delete the file, or what can I do to get rid of it?

Tech Clinic / Please help with douzy of a virus (logs posted)

« on: May 01, 2005, 09:11:35 AM »

I got this virus the other day though msn messenger. All I know about it right now is what it does to my system. Haven't found any other info about it on the web. It runs a program called lbs.exe. When I open up task manager it has something called project1 as the application, and under processes it is associated with lbs.exe. One thing I've noticed about it is that it makes sure my avast! antivirus does not auto start on startup. When I delete the lbs.exe file, it seems to just redownload itself from the web, as it appears again later, right after my avast! icon spins (detecting internet use). Any help would be greatly appreciated. Here is my hijackthis log file...

Logfile of HijackThis v1.99.1
Scan saved at 9:56:03 AM, on 5/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\WINDOWS\system32\mouseutils.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\lbs.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Windows Mouse Utilities] mouseutils.exe
O4 - HKLM\..\RunServices: [Windows Mouse Utilities] mouseutils.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .m4a: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akamaitools.com.edgesuite....loadManager.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1100749368071
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

Pages: [1]

TheTechGuide Forum

News:

Show Posts

Messages - sean32

Tech Clinic / Please help with douzy of a virus (logs posted)

Tech Clinic / Please help with douzy of a virus (logs posted)

Tech Clinic / Please help with douzy of a virus (logs posted)