« previous next »
Pages: [1]

Author Topic: Error Messages, DaoSearch, Pop-Ups...  (Read 2996 times)

Offline genevieve

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Error Messages, DaoSearch, Pop-Ups...
« on: March 15, 2005, 05:08:40 AM »
Hi there!
My computer has suddenly come down with tons of problems, all within a day! Here they are:

1) My IE homepage has been changed to DaoSearch.com and cannot revert back to my usual about:blank

2)Pop-ups (http://daosearch.com/free) pop up once in a while

3)Sometimes, I get errror message that says-Error hooking"connect" data, followed by a lot of numbers and alphabets. This usually happens when I open IE for the first time.

4)If I go to certain websites, eg Yahoo, instead of the title being 'Yahoo!', it'll be "<a href="http://daosearch.com/search.php?qq=Yahoo&said=w40">Yahoo</a>!"

And here is my Logfile:

Logfile of HijackThis v1.99.1
Scan saved at 6:03:28 PM, on 3/15/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\Services\{C9DFC51F-BF7D-4AEB-AF49-ACC642270F94}\SVCHOST.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://daosearch.com/search.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://daosearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{C9DFC51F-BF7D-4AEB-AF49-ACC642270F94}\SVCHOST.EXE
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {84346CDE-5745-474F-9BCF-AD8692651BD0} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {84346CDE-5745-474F-9BCF-AD8692651BD0} - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200411...llInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by10fd.bay10.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/18d76f7fe4d960...ip/RdxIE601.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

Thanks in advance to those who can help me!  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Error Messages, DaoSearch, Pop-Ups...
« Reply #1 on: March 15, 2005, 11:59:43 PM »
If you didn't pay for Security iGuard I would also Uninstall it
It's on the bogus list
Take a look
Link will help explain
Click here

Afterwards
RESTART your Computer in SAFE MODE

Find and delete this folder
C:\WINDOWS\System32\Services\{C9DFC51F-BF7D-4AEB-AF49-ACC642270F94} <--this folder

Do another scan with Hijackthis and put a check next to these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://daosearch.com/search.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://daosearch.com

O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{C9DFC51F-BF7D-4AEB-AF49-ACC642270F94}\SVCHOST.EXE

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/18d76f7fe4d960...ip/RdxIE601.cab

If you uninstalled Security iGuard include the next one too fix
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe

After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Restart back to Normal mode

Download and Install the free version of Ad-Aware SE Personal 1.05
Ensure you have this version or the paid version
Open Ad-Aware, ensure to click the  check for updates now link and Connect to download the latest updates
Perform a Full system scan--"Uncheck Search for Negligible Risk Entries" before scanning
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button

RESTART your computer to finish the cleaning process

Back in Windows
Do another scan with Hijackthis and post back a fresh log

Could you also let me know what else you see in
C:\WINDOWS\System32\Services <--this folder
If there is another subfolder could you open the folder and right click on the files and left click properties and let me know the dates created and the names of the files
Thanks
« Last Edit: March 16, 2005, 12:14:40 AM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline genevieve

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Error Messages, DaoSearch, Pop-Ups...
« Reply #2 on: March 16, 2005, 05:50:35 AM »
Hi there!
Thanks for your help! I did all the steps, except that I could not uninstall Security iGuard (it is not in the 'Add/Remoev Programs' list and there is an error when I try to delete the folder itself).

There are no folders in System32/Services!

Here is my new logfile:

Logfile of HijackThis v1.99.1
Scan saved at 6:42:58 PM, on 3/16/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\wuauclt.exe
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {84346CDE-5745-474F-9BCF-AD8692651BD0} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {84346CDE-5745-474F-9BCF-AD8692651BD0} - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200411...llInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by10fd.bay10.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

Also, one of my family members installed a program called Anti-Trojan Elite which I can't seem to find or uninstall! There are a few pop-ups from the program when I start my computer!


Thanks very very much!!!!!
Logged

Tboss

  • Guest
Error Messages, DaoSearch, Pop-Ups...
« Reply #3 on: March 21, 2005, 04:32:17 PM »
I just wanted to say thank you to the poster of this topic. I just had the same problem and the soultion worked perfectly.... Thanks!
Logged

Guest

  • Guest
Error Messages, DaoSearch, Pop-Ups...
« Reply #4 on: March 21, 2005, 10:26:25 PM »
Het
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Error Messages, DaoSearch, Pop-Ups...
« Reply #5 on: March 22, 2005, 01:32:16 AM »
Sorry for the late response genevieve

There still some bad entries in your log, if you still need a hand please post back a fresh hijackthis log, thanks
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Guest_cool_dude_208_*

  • Guest
Error Messages, DaoSearch, Pop-Ups...
« Reply #6 on: March 25, 2005, 07:56:43 PM »
Hi there,
  Can some one with the trojan i have in my system. I tried to fix throug hijackthis but it didnt work .
Can someone explain me how to do this.

I am enclosing the log file here

Logfile of HijackThis v1.99.1
Scan saved at 7:51:43 PM, on 3/25/2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP2 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\llssrv.exe
d:\oracle\findbcomn\util\OamkSvc.exe
e:\oracle\findbora\8.0.6\bin\d2lc60.exe
e:\oracle\findbora\8.0.6\jdk\bin\java.exe
e:\oracle\findbora\8.0.6\bin\d2ls60.exe
d:\oracle\findbcomn\util\OamkSvc.exe
e:\oracle\findbora\8.0.6\bin\ifsrv60.exe
e:\oracle\findbora\8.0.6\BIN\TNSLSNR80.exe
d:\oracle\findbdb\9.2.0\BIN\TNSLSNR.exe
e:\oracle\findbora\8.0.6\bin\rwmts60.exe
d:\oracle\findbdb\9.2.0\bin\ORACLE.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
e:\oracle\findbappl\fnd\11.5.0\bin\CCMSVC.exe
C:\WINNT\system32\cmd.exe
e:\oracle\findbappl\fnd\11.5.0\bin\FNDLIBR.exe
C:\WINNT\System32\svchost.exe
e:\oracle\findbappl\fnd\11.5.0\bin\fndsm.exe
e:\oracle\findbappl\fnd\11.5.0\bin\FNDLIBR.exe
e:\oracle\findbappl\fnd\11.5.0\bin\FNDLIBR.exe
e:\oracle\findbappl\fnd\11.5.0\bin\FNDLIBR.exe
e:\oracle\findbappl\fnd\11.5.0\bin\FNDLIBR.exe
e:\oracle\findbappl\fnd\11.5.0\bin\FNDLIBR.exe
e:\oracle\findbappl\fnd\11.5.0\bin\FNDLIBR.exe
e:\oracle\findbappl\fnd\11.5.0\bin\FNDLIBR.exe
e:\oracle\findbappl\fnd\11.5.0\bin\FNDLIBR.exe
e:\oracle\findbappl\fnd\11.5.0\bin\FNDLIBR.exe
e:\oracle\findbappl\pa\11.5.0\bin\PALIBR.exe
e:\oracle\findbappl\fnd\11.5.0\bin\FNDCRM.exe
e:\oracle\findbappl\po\11.5.0\bin\POXCON.exe
e:\oracle\findbappl\po\11.5.0\bin\POXCON.exe
e:\oracle\findbappl\po\11.5.0\bin\POXCON.exe
e:\oracle\findbappl\po\11.5.0\bin\RCVOLTM.exe
e:\oracle\findbappl\po\11.5.0\bin\RCVOLTM.exe
e:\oracle\findbappl\po\11.5.0\bin\RCVOLTM.exe
e:\oracle\findbappl\po\11.5.0\bin\RCVOLTM.exe
e:\oracle\findbappl\po\11.5.0\bin\RCVOLTM.exe
e:\oracle\findbappl\po\11.5.0\bin\RCVOLTM.exe
e:\oracle\findbappl\fnd\11.5.0\bin\FNDLIBR.exe
e:\oracle\findbappl\fnd\11.5.0\bin\FNDLIBR.exe
e:\oracle\findbappl\fnd\11.5.0\bin\FNDLIBR.exe
e:\oracle\findbappl\fnd\11.5.0\bin\FNDLIBR.exe
e:\oracle\findbappl\fnd\11.5.0\bin\FNDLIBR.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\System32\Services\{6DDC5105-10B0-4ADE-9F30-01CBCDBB5261}\SVCHOST.EXE
C:\WINNT\hostdll.exe
C:\WINNT\System32\izxxzdsafsafczxcr.exe
C:\WINNT\Ooe.exe
C:\Documents and Settings\Administrator\Application Data\sEmail Removedexe
C:\WINNT\System32\??oolsv.exe
C:\WINNT\System32\pwdet40.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\eZula\mmod.exe
C:\PROGRA~1\WEBOFF~1\wo.exe
C:\WINNT\system32\mmc.exe
d:\oracle\findbcomn\util\OamkSvc.exe
e:\oracle\findbora\iAS\Apache\Apache\Apache.exe
e:\oracle\findbora\iAS\Apache\Apache\Apache.exe
d:\java\jdk\jre\bin\java.exe
d:\java\jdk\jre\bin\java.exe
d:\java\jdk\jre\bin\java.exe
e:\oracle\findbora\8.0.6\discwb4\dis4srv.exe
e:\oracle\findbora\8.0.6\vbroker\bin\osagent.exe
e:\oracle\findbora\8.0.6\vbroker\bin\oad.exe
e:\oracle\findbora\8.0.6\jre11811o\bin\jre.exe
e:\oracle\findbora\8.0.6\jre11811o\bin\jre.exe
e:\oracle\findbora\8.0.6\bin\ifweb60.exe
e:\oracle\findbappl\fnd\11.5.0\bin\FNDLIBR.exe
e:\oracle\findbora\8.0.6\bin\ifweb60.exe
e:\oracle\findbappl\gl\11.5.0\bin\GLLEZL.exe
e:\oracle\findbappl\fnd\11.5.0\bin\FNDLIBR.exe
e:\oracle\findbora\8.0.6\bin\ifweb60.exe
C:\HJT\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://daosearch.com/index.php?id=35131
O2 - BHO: (no name) - {37256486-688E-4859-A8D8-3BEFA91C7720} - C:\WINNT\System32\pepecaa.dll (file missing)
O2 - BHO: (no name) - {6799C531-79F8-7205-D1FB-504046EDFA92} - C:\WINNT\System32\gtfxyvz.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Disk Keeper] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\keep.exe
O4 - HKLM\..\Run: [Service Host] C:\WINNT\System32\Services\{6DDC5105-10B0-4ADE-9F30-01CBCDBB5261}\SVCHOST.EXE
O4 - HKLM\..\Run: [hostdll.exe] C:\WINNT\hostdll.exe
O4 - HKLM\..\Run: [01FA968E] C:\WINNT\System32\izxxzdsafsafczxcr.exe
O4 - HKLM\..\Run: [Hel] C:\WINNT\Ooe.exe
O4 - HKLM\..\Run: [Tcm] C:\WINNT\System32\Jkj.exe
O4 - HKLM\..\Run: [Ueg] C:\WINNT\System32\Djh.exe
O4 - HKLM\..\Run: [Nsv] C:\WINNT\System32\Nhn.exe
O4 - HKLM\..\Run: [Hqg] C:\WINNT\Tav.exe
O4 - HKLM\..\Run: [Sgu] C:\WINNT\Vfn.exe
O4 - HKLM\..\Run: [Beh] C:\WINNT\Lot.exe
O4 - HKLM\..\Run: [Ndg] C:\WINNT\System32\Iqo.exe
O4 - HKLM\..\Run: [Dfh] C:\WINNT\Cht.exe
O4 - HKLM\..\Run: [Hlm] C:\WINNT\System32\Hpi.exe
O4 - HKLM\..\Run: [Ajv] C:\WINNT\Jul.exe
O4 - HKLM\..\Run: [Mar] C:\WINNT\System32\Rrp.exe
O4 - HKLM\..\Run: [Cke] C:\WINNT\Pvn.exe
O4 - HKLM\..\Run: [Oso] C:\WINNT\Qca.exe
O4 - HKLM\..\Run: [Ivf] C:\WINNT\System32\Ick.exe
O4 - HKLM\..\Run: [Nuu] C:\WINNT\Rau.exe
O4 - HKLM\..\Run: [Ahp] C:\WINNT\System32\Adu.exe
O4 - HKLM\..\Run: [Tmi] C:\WINNT\Ndi.exe
O4 - HKLM\..\Run: [Tth] C:\WINNT\System32\Upb.exe
O4 - HKLM\..\Run: [Gbg] C:\WINNT\System32\Gtn.exe
O4 - HKLM\..\Run: [Mpf] C:\WINNT\Upd.exe
O4 - HKLM\..\Run: [Lkc] C:\WINNT\System32\Qlj.exe
O4 - HKLM\..\Run: [Ume] C:\WINNT\System32\Pqu.exe
O4 - HKLM\..\Run: [Juf] C:\WINNT\Afs.exe
O4 - HKLM\..\Run: [Dsf] C:\WINNT\Jqb.exe
O4 - HKLM\..\Run: [Poh] C:\WINNT\System32\Udr.exe
O4 - HKLM\..\Run: [Ebl] C:\WINNT\Qog.exe
O4 - HKLM\..\Run: [Kpe] C:\WINNT\Vfp.exe
O4 - HKLM\..\Run: [Npo] C:\WINNT\System32\Npo.exe
O4 - HKLM\..\Run: [Cso] C:\WINNT\Qkh.exe
O4 - HKLM\..\Run: [Smq] C:\WINNT\Oqr.exe
O4 - HKLM\..\Run: [Qjl] C:\WINNT\System32\Fnn.exe
O4 - HKLM\..\Run: [Qud] C:\WINNT\Tpl.exe
O4 - HKLM\..\Run: [Rfk] C:\WINNT\Vtg.exe
O4 - HKLM\..\Run: [Gni] C:\WINNT\Lah.exe
O4 - HKLM\..\Run: [Phi] C:\WINNT\Epf.exe
O4 - HKLM\..\Run: [Kub] C:\WINNT\System32\Mrb.exe
O4 - HKLM\..\Run: [Fdf] C:\WINNT\System32\Oup.exe
O4 - HKLM\..\Run: [Baj] C:\WINNT\System32\Spp.exe
O4 - HKLM\..\Run: [Jui] C:\WINNT\System32\Qsq.exe
O4 - HKLM\..\Run: [Ccb] C:\WINNT\System32\Ejl.exe
O4 - HKLM\..\Run: [Crp] C:\WINNT\System32\Ufm.exe
O4 - HKLM\..\Run: [Aoq] C:\WINNT\System32\Scl.exe
O4 - HKLM\..\Run: [Cen] C:\WINNT\Qfh.exe
O4 - HKLM\..\Run: [Caq] C:\WINNT\Ppu.exe
O4 - HKLM\..\Run: [Fth] C:\WINNT\Sko.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Rias] C:\Documents and Settings\Administrator\Application Data\sEmail Removedexe
O4 - HKCU\..\Run: [Iwqqodh] C:\WINNT\System32\??oolsv.exe
O4 - HKCU\..\Run: [01FA968E] C:\WINNT\System32\izxxzdsafsafczxcr.exe
O4 - HKCU\..\Run: [JovqRQGpi] pwdet40.exe
O4 - HKCU\..\Run: [Hel] C:\WINNT\Ooe.exe
O4 - HKCU\..\Run: [Tcm] C:\WINNT\System32\Jkj.exe
O4 - HKCU\..\Run: [Ueg] C:\WINNT\System32\Djh.exe
O4 - HKCU\..\Run: [Nsv] C:\WINNT\System32\Nhn.exe
O4 - HKCU\..\Run: [Hqg] C:\WINNT\Tav.exe
O4 - HKCU\..\Run: [Sgu] C:\WINNT\Vfn.exe
O4 - HKCU\..\Run: [Beh] C:\WINNT\Lot.exe
O4 - HKCU\..\Run: [Ndg] C:\WINNT\System32\Iqo.exe
O4 - HKCU\..\Run: [Dfh] C:\WINNT\Cht.exe
O4 - HKCU\..\Run: [Hlm] C:\WINNT\System32\Hpi.exe
O4 - HKCU\..\Run: [Ajv] C:\WINNT\Jul.exe
O4 - HKCU\..\Run: [Mar] C:\WINNT\System32\Rrp.exe
O4 - HKCU\..\Run: [Cke] C:\WINNT\Pvn.exe
O4 - HKCU\..\Run: [Oso] C:\WINNT\Qca.exe
O4 - HKCU\..\Run: [Ivf] C:\WINNT\System32\Ick.exe
O4 - HKCU\..\Run: [Nuu] C:\WINNT\Rau.exe
O4 - HKCU\..\Run: [Ahp] C:\WINNT\System32\Adu.exe
O4 - HKCU\..\Run: [Tmi] C:\WINNT\Ndi.exe
O4 - HKCU\..\Run: [Tth] C:\WINNT\System32\Upb.exe
O4 - HKCU\..\Run: [Gbg] C:\WINNT\System32\Gtn.exe
O4 - HKCU\..\Run: [Mpf] C:\WINNT\Upd.exe
O4 - HKCU\..\Run: [Lkc] C:\WINNT\System32\Qlj.exe
O4 - HKCU\..\Run: [Ume] C:\WINNT\System32\Pqu.exe
O4 - HKCU\..\Run: [Juf] C:\WINNT\Afs.exe
O4 - HKCU\..\Run: [Dsf] C:\WINNT\Jqb.exe
O4 - HKCU\..\Run: [Poh] C:\WINNT\System32\Udr.exe
O4 - HKCU\..\Run: [Ebl] C:\WINNT\Qog.exe
O4 - HKCU\..\Run: [Kpe] C:\WINNT\Vfp.exe
O4 - HKCU\..\Run: [Npo] C:\WINNT\System32\Npo.exe
O4 - HKCU\..\Run: [Cso] C:\WINNT\Qkh.exe
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - HKCU\..\Run: [Smq] C:\WINNT\Oqr.exe
O4 - HKCU\..\Run: [Qjl] C:\WINNT\System32\Fnn.exe
O4 - HKCU\..\Run: [Qud] C:\WINNT\Tpl.exe
O4 - HKCU\..\Run: [Rfk] C:\WINNT\Vtg.exe
O4 - HKCU\..\Run: [Gni] C:\WINNT\Lah.exe
O4 - HKCU\..\Run: [Phi] C:\WINNT\Epf.exe
O4 - HKCU\..\Run: [Kub] C:\WINNT\System32\Mrb.exe
O4 - HKCU\..\Run: [Fdf] C:\WINNT\System32\Oup.exe
O4 - HKCU\..\Run: [Baj] C:\WINNT\System32\Spp.exe
O4 - HKCU\..\Run: [Jui] C:\WINNT\System32\Qsq.exe
O4 - HKCU\..\Run: [Ccb] C:\WINNT\System32\Ejl.exe
O4 - HKCU\..\Run: [Crp] C:\WINNT\System32\Ufm.exe
O4 - HKCU\..\Run: [Aoq] C:\WINNT\System32\Scl.exe
O4 - HKCU\..\Run: [Cen] C:\WINNT\Qfh.exe
O4 - HKCU\..\Run: [Caq] C:\WINNT\Ppu.exe
O4 - HKCU\..\Run: [Fth] C:\WINNT\Sko.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O15 - Trusted Zone: http://*.teens-dream.com
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971C...e/bridge-c7.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0976573cf26df6...ip/RdxIE601.cab
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{53E75313-F00B-4037-B778-F8A5F92F922C}: NameServer = 72.16.1.170,72.16.1.171
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Oracle Apache Server PCDB - Unknown owner - d:\oracle\findbcomn\util\OamkSvc.exe
O23 - Service: Oracle Fulfillment Server PCDB_self - Unknown owner - d:\oracle\findbcomn\util\OamkSvc.exe
O23 - Service: Oracle ICSM self PCDB_self - Unknown owner - d:\oracle\findbcomn\util\OamkSvc.exe
O23 - Service: Oracle Metrics Client PCDB - Oracle Corporation - e:\oracle\findbora\8.0.6\bin\d2lc60.exe
O23 - Service: Oracle Metrics Server PCDB - Oracle Corporation - e:\oracle\findbora\8.0.6\bin\d2ls60.exe
O23 - Service: Oracle Web Integration Server - Unknown owner - e:\oracle\findbora\iAS\panama\webintegration\server\bin\serverSvc.exe (file missing)
O23 - Service: OracleConcMgrPCDB_self - Oracle Corporation - e:\oracle\findbappl\fnd\11.5.0\bin\CCMSVC.exe
O23 - Service: OracleDiscoverer4i_PCDB (OracleDiscoverer4i) - Unknown owner - e:\oracle\findbora\8.0.6\discwb4\dis4srv.exe
O23 - Service: OracleFormsServer-Forms60PCDB - Unknown owner - d:\oracle\findbcomn\util\OamkSvc.exe
O23 - Service: OraclePCDBOra806TNSListener80APPS_PCDB - Unknown owner - e:\oracle\findbora\8.0.6\BIN\TNSLSNR80.exe
O23 - Service: OraclePCDB_db920_RDBMSAgent - Oracle Corporation - d:\oracle\findbdb\9.2.0\bin\agntsrvc.exe
O23 - Service: OraclePCDB_db920_RDBMSClientCache - Unknown owner - d:\oracle\findbdb\9.2.0\BIN\ONRSD.EXE
O23 - Service: OraclePCDB_db920_RDBMSHTTPServer - Unknown owner - d:\oracle\findbdb\9.2.0\Apache\Apache\apache.exe" --ntservice (file missing)
O23 - Service: OraclePCDB_db920_RDBMSPagingServer - Unknown owner - d:\oracle\findbdb\9.2.0/bin/pagntsrv.exe
O23 - Service: OraclePCDB_db920_RDBMSSNMPPeerEncapsulator - Unknown owner - d:\oracle\findbdb\9.2.0\BIN\ENCSVC.EXE
O23 - Service: OraclePCDB_db920_RDBMSSNMPPeerMasterAgent - Unknown owner - d:\oracle\findbdb\9.2.0\BIN\AGNTSVC.EXE
O23 - Service: OraclePCDB_db920_RDBMSTNSListenerPCDB - Unknown owner - d:\oracle\findbdb\9.2.0\BIN\TNSLSNR.exe
O23 - Service: OraclePCDB_HOMEExtprocAgent - Unknown owner - e:\oracle\findbora\8.0.6\BIN\EXTPROCT.EXE
O23 - Service: OraclePCDB_IASAgent - Oracle Corporation - e:\oracle\findbora\iAS\bin\dbsnmp.exe
O23 - Service: OraclePCDB_IASClientCache - Unknown owner - e:\oracle\findbora\iAS\BIN\ONRSD.EXE
O23 - Service: OraclePCDB_IASDataGatherer - Oracle Corporation - e:\oracle\findbora\iAS\bin\vppdc.exe
O23 - Service: OraclePCDB_IASHTTPServer - Unknown owner - e:\oracle\findbora\iAS\Apache\Apache\Apache.exe
O23 - Service: OraclePCDB_IASPagingServer - Unknown owner - e:\oracle\findbora\iAS\bin\pagntsrv.exe
O23 - Service: OraclePCDB_IASWebCache - Unknown owner - e:\oracle\findbora\iAS\bin\webcached.exe
O23 - Service: OraclePCDB_IASWebCacheAdmin - Unknown owner - e:\oracle\findbora\iAS\bin\webcached.exe
O23 - Service: OraclePCDB_IASWebCacheMon - Unknown owner - e:\oracle\findbora\iAS\bin\webcachemon.exe
O23 - Service: Oracle Reports Server [Rep60_PCDB] (OracleReportServer-Rep60_PCDB) - Oracle Corp - e:\oracle\findbora\8.0.6\bin\rwmts60.exe
O23 - Service: OracleServicePCDB - Oracle Corporation - d:\oracle\findbdb\9.2.0\bin\ORACLE.EXE
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

Any help would be appreciated.
Thanks,
cooldude
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Error Messages, DaoSearch, Pop-Ups...
« Reply #7 on: March 25, 2005, 11:15:49 PM »
Locking this topic as the original poster has not replied in some time

Any others that need a hand with their logs please register and start your own post
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: [1]
« previous next »