This topic is locked
Can some one with the trojan i have in my system. daosearch.com/*** always pop up.I tried to fix throug hijackthis and adware (lavasoft) but it didnt work .
Can someone explain me how to do this.
I am enclosing the log file here
Logfile of HijackThis v1.99.1
Scan saved at 7:51:43 PM, on 3/25/2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP2 (5.00.2920.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\llssrv.exe
d:\oracle\findbcomn\util\OamkSvc.exe
e:\oracle\findbora\8.0.6\bin\d2lc60.exe
e:\oracle\findbora\8.0.6\jdk\bin\java.exe
e:\oracle\findbora\8.0.6\bin\d2ls60.exe
d:\oracle\findbcomn\util\OamkSvc.exe
e:\oracle\findbora\8.0.6\bin\ifsrv60.exe
e:\oracle\findbora\8.0.6\BIN\TNSLSNR80.exe
d:\oracle\findbdb\9.2.0\BIN\TNSLSNR.exe
e:\oracle\findbora\8.0.6\bin\rwmts60.exe
d:\oracle\findbdb\9.2.0\bin\ORACLE.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
e:\oracle\findbappl\fnd\11.5.0\bin\CCMSVC.exe
C:\WINNT\system32\cmd.exe
e:\oracle\findbappl\fnd\11.5.0\bin\FNDLIBR.exe
C:\WINNT\System32\svchost.exe
e:\oracle\findbappl\fnd\11.5.0\bin\fndsm.exe
e:\oracle\findbappl\fnd\11.5.0\bin\FNDLIBR.exe
e:\oracle\findbappl\fnd\11.5.0\bin\FNDLIBR.exe
e:\oracle\findbappl\fnd\11.5.0\bin\FNDLIBR.exe
e:\oracle\findbappl\fnd\11.5.0\bin\FNDLIBR.exe
e:\oracle\findbappl\fnd\11.5.0\bin\FNDLIBR.exe
e:\oracle\findbappl\fnd\11.5.0\bin\FNDLIBR.exe
e:\oracle\findbappl\fnd\11.5.0\bin\FNDLIBR.exe
e:\oracle\findbappl\fnd\11.5.0\bin\FNDLIBR.exe
e:\oracle\findbappl\fnd\11.5.0\bin\FNDLIBR.exe
e:\oracle\findbappl\pa\11.5.0\bin\PALIBR.exe
e:\oracle\findbappl\fnd\11.5.0\bin\FNDCRM.exe
e:\oracle\findbappl\po\11.5.0\bin\POXCON.exe
e:\oracle\findbappl\po\11.5.0\bin\POXCON.exe
e:\oracle\findbappl\po\11.5.0\bin\POXCON.exe
e:\oracle\findbappl\po\11.5.0\bin\RCVOLTM.exe
e:\oracle\findbappl\po\11.5.0\bin\RCVOLTM.exe
e:\oracle\findbappl\po\11.5.0\bin\RCVOLTM.exe
e:\oracle\findbappl\po\11.5.0\bin\RCVOLTM.exe
e:\oracle\findbappl\po\11.5.0\bin\RCVOLTM.exe
e:\oracle\findbappl\po\11.5.0\bin\RCVOLTM.exe
e:\oracle\findbappl\fnd\11.5.0\bin\FNDLIBR.exe
e:\oracle\findbappl\fnd\11.5.0\bin\FNDLIBR.exe
e:\oracle\findbappl\fnd\11.5.0\bin\FNDLIBR.exe
e:\oracle\findbappl\fnd\11.5.0\bin\FNDLIBR.exe
e:\oracle\findbappl\fnd\11.5.0\bin\FNDLIBR.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\System32\Services\{6DDC5105-10B0-4ADE-9F30-01CBCDBB5261}\SVCHOST.EXE
C:\WINNT\hostdll.exe
C:\WINNT\System32\izxxzdsafsafczxcr.exe
C:\WINNT\Ooe.exe
C:\Documents and Settings\Administrator\Application Data\saol.exe
C:\WINNT\System32\??oolsv.exe
C:\WINNT\System32\pwdet40.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\eZula\mmod.exe
C:\PROGRA~1\WEBOFF~1\wo.exe
C:\WINNT\system32\mmc.exe
d:\oracle\findbcomn\util\OamkSvc.exe
e:\oracle\findbora\iAS\Apache\Apache\Apache.exe
e:\oracle\findbora\iAS\Apache\Apache\Apache.exe
d:\java\jdk\jre\bin\java.exe
d:\java\jdk\jre\bin\java.exe
d:\java\jdk\jre\bin\java.exe
e:\oracle\findbora\8.0.6\discwb4\dis4srv.exe
e:\oracle\findbora\8.0.6\vbroker\bin\osagent.exe
e:\oracle\findbora\8.0.6\vbroker\bin\oad.exe
e:\oracle\findbora\8.0.6\jre11811o\bin\jre.exe
e:\oracle\findbora\8.0.6\jre11811o\bin\jre.exe
e:\oracle\findbora\8.0.6\bin\ifweb60.exe
e:\oracle\findbappl\fnd\11.5.0\bin\FNDLIBR.exe
e:\oracle\findbora\8.0.6\bin\ifweb60.exe
e:\oracle\findbappl\gl\11.5.0\bin\GLLEZL.exe
e:\oracle\findbappl\fnd\11.5.0\bin\FNDLIBR.exe
e:\oracle\findbora\8.0.6\bin\ifweb60.exe
C:\HJT\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\NOTEPAD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://daosearch.com...ex.php?id=35131
O2 - BHO: (no name) - {37256486-688E-4859-A8D8-3BEFA91C7720} - C:\WINNT\System32\pepecaa.dll (file missing)
O2 - BHO: (no name) - {6799C531-79F8-7205-D1FB-504046EDFA92} - C:\WINNT\System32\gtfxyvz.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Disk Keeper] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\keep.exe
O4 - HKLM\..\Run: [Service Host] C:\WINNT\System32\Services\{6DDC5105-10B0-4ADE-9F30-01CBCDBB5261}\SVCHOST.EXE
O4 - HKLM\..\Run: [hostdll.exe] C:\WINNT\hostdll.exe
O4 - HKLM\..\Run: [01FA968E] C:\WINNT\System32\izxxzdsafsafczxcr.exe
O4 - HKLM\..\Run: [Hel] C:\WINNT\Ooe.exe
O4 - HKLM\..\Run: [Tcm] C:\WINNT\System32\Jkj.exe
O4 - HKLM\..\Run: [Ueg] C:\WINNT\System32\Djh.exe
O4 - HKLM\..\Run: [Nsv] C:\WINNT\System32\Nhn.exe
O4 - HKLM\..\Run: [Hqg] C:\WINNT\Tav.exe
O4 - HKLM\..\Run: [Sgu] C:\WINNT\Vfn.exe
O4 - HKLM\..\Run: [Beh] C:\WINNT\Lot.exe
O4 - HKLM\..\Run: [Ndg] C:\WINNT\System32\Iqo.exe
O4 - HKLM\..\Run: [Dfh] C:\WINNT\Cht.exe
O4 - HKLM\..\Run: [Hlm] C:\WINNT\System32\Hpi.exe
O4 - HKLM\..\Run: [Ajv] C:\WINNT\Jul.exe
O4 - HKLM\..\Run: [Mar] C:\WINNT\System32\Rrp.exe
O4 - HKLM\..\Run: [Cke] C:\WINNT\Pvn.exe
O4 - HKLM\..\Run: [Oso] C:\WINNT\Qca.exe
O4 - HKLM\..\Run: [Ivf] C:\WINNT\System32\Ick.exe
O4 - HKLM\..\Run: [Nuu] C:\WINNT\Rau.exe
O4 - HKLM\..\Run: [Ahp] C:\WINNT\System32\Adu.exe
O4 - HKLM\..\Run: [Tmi] C:\WINNT\Ndi.exe
O4 - HKLM\..\Run: [Tth] C:\WINNT\System32\Upb.exe
O4 - HKLM\..\Run: [Gbg] C:\WINNT\System32\Gtn.exe
O4 - HKLM\..\Run: [Mpf] C:\WINNT\Upd.exe
O4 - HKLM\..\Run: [Lkc] C:\WINNT\System32\Qlj.exe
O4 - HKLM\..\Run: [Ume] C:\WINNT\System32\Pqu.exe
O4 - HKLM\..\Run: [Juf] C:\WINNT\Afs.exe
O4 - HKLM\..\Run: [Dsf] C:\WINNT\Jqb.exe
O4 - HKLM\..\Run: [Poh] C:\WINNT\System32\Udr.exe
O4 - HKLM\..\Run: [Ebl] C:\WINNT\Qog.exe
O4 - HKLM\..\Run: [Kpe] C:\WINNT\Vfp.exe
O4 - HKLM\..\Run: [Npo] C:\WINNT\System32\Npo.exe
O4 - HKLM\..\Run: [Cso] C:\WINNT\Qkh.exe
O4 - HKLM\..\Run: [Smq] C:\WINNT\Oqr.exe
O4 - HKLM\..\Run: [Qjl] C:\WINNT\System32\Fnn.exe
O4 - HKLM\..\Run: [Qud] C:\WINNT\Tpl.exe
O4 - HKLM\..\Run: [Rfk] C:\WINNT\Vtg.exe
O4 - HKLM\..\Run: [Gni] C:\WINNT\Lah.exe
O4 - HKLM\..\Run: [Phi] C:\WINNT\Epf.exe
O4 - HKLM\..\Run: [Kub] C:\WINNT\System32\Mrb.exe
O4 - HKLM\..\Run: [Fdf] C:\WINNT\System32\Oup.exe
O4 - HKLM\..\Run: [Baj] C:\WINNT\System32\Spp.exe
O4 - HKLM\..\Run: [Jui] C:\WINNT\System32\Qsq.exe
O4 - HKLM\..\Run: [Ccb] C:\WINNT\System32\Ejl.exe
O4 - HKLM\..\Run: [Crp] C:\WINNT\System32\Ufm.exe
O4 - HKLM\..\Run: [Aoq] C:\WINNT\System32\Scl.exe
O4 - HKLM\..\Run: [Cen] C:\WINNT\Qfh.exe
O4 - HKLM\..\Run: [Caq] C:\WINNT\Ppu.exe
O4 - HKLM\..\Run: [Fth] C:\WINNT\Sko.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Rias] C:\Documents and Settings\Administrator\Application Data\saol.exe
O4 - HKCU\..\Run: [Iwqqodh] C:\WINNT\System32\??oolsv.exe
O4 - HKCU\..\Run: [01FA968E] C:\WINNT\System32\izxxzdsafsafczxcr.exe
O4 - HKCU\..\Run: [JovqRQGpi] pwdet40.exe
O4 - HKCU\..\Run: [Hel] C:\WINNT\Ooe.exe
O4 - HKCU\..\Run: [Tcm] C:\WINNT\System32\Jkj.exe
O4 - HKCU\..\Run: [Ueg] C:\WINNT\System32\Djh.exe
O4 - HKCU\..\Run: [Nsv] C:\WINNT\System32\Nhn.exe
O4 - HKCU\..\Run: [Hqg] C:\WINNT\Tav.exe
O4 - HKCU\..\Run: [Sgu] C:\WINNT\Vfn.exe
O4 - HKCU\..\Run: [Beh] C:\WINNT\Lot.exe
O4 - HKCU\..\Run: [Ndg] C:\WINNT\System32\Iqo.exe
O4 - HKCU\..\Run: [Dfh] C:\WINNT\Cht.exe
O4 - HKCU\..\Run: [Hlm] C:\WINNT\System32\Hpi.exe
O4 - HKCU\..\Run: [Ajv] C:\WINNT\Jul.exe
O4 - HKCU\..\Run: [Mar] C:\WINNT\System32\Rrp.exe
O4 - HKCU\..\Run: [Cke] C:\WINNT\Pvn.exe
O4 - HKCU\..\Run: [Oso] C:\WINNT\Qca.exe
O4 - HKCU\..\Run: [Ivf] C:\WINNT\System32\Ick.exe
O4 - HKCU\..\Run: [Nuu] C:\WINNT\Rau.exe
O4 - HKCU\..\Run: [Ahp] C:\WINNT\System32\Adu.exe
O4 - HKCU\..\Run: [Tmi] C:\WINNT\Ndi.exe
O4 - HKCU\..\Run: [Tth] C:\WINNT\System32\Upb.exe
O4 - HKCU\..\Run: [Gbg] C:\WINNT\System32\Gtn.exe
O4 - HKCU\..\Run: [Mpf] C:\WINNT\Upd.exe
O4 - HKCU\..\Run: [Lkc] C:\WINNT\System32\Qlj.exe
O4 - HKCU\..\Run: [Ume] C:\WINNT\System32\Pqu.exe
O4 - HKCU\..\Run: [Juf] C:\WINNT\Afs.exe
O4 - HKCU\..\Run: [Dsf] C:\WINNT\Jqb.exe
O4 - HKCU\..\Run: [Poh] C:\WINNT\System32\Udr.exe
O4 - HKCU\..\Run: [Ebl] C:\WINNT\Qog.exe
O4 - HKCU\..\Run: [Kpe] C:\WINNT\Vfp.exe
O4 - HKCU\..\Run: [Npo] C:\WINNT\System32\Npo.exe
O4 - HKCU\..\Run: [Cso] C:\WINNT\Qkh.exe
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - HKCU\..\Run: [Smq] C:\WINNT\Oqr.exe
O4 - HKCU\..\Run: [Qjl] C:\WINNT\System32\Fnn.exe
O4 - HKCU\..\Run: [Qud] C:\WINNT\Tpl.exe
O4 - HKCU\..\Run: [Rfk] C:\WINNT\Vtg.exe
O4 - HKCU\..\Run: [Gni] C:\WINNT\Lah.exe
O4 - HKCU\..\Run: [Phi] C:\WINNT\Epf.exe
O4 - HKCU\..\Run: [Kub] C:\WINNT\System32\Mrb.exe
O4 - HKCU\..\Run: [Fdf] C:\WINNT\System32\Oup.exe
O4 - HKCU\..\Run: [Baj] C:\WINNT\System32\Spp.exe
O4 - HKCU\..\Run: [Jui] C:\WINNT\System32\Qsq.exe
O4 - HKCU\..\Run: [Ccb] C:\WINNT\System32\Ejl.exe
O4 - HKCU\..\Run: [Crp] C:\WINNT\System32\Ufm.exe
O4 - HKCU\..\Run: [Aoq] C:\WINNT\System32\Scl.exe
O4 - HKCU\..\Run: [Cen] C:\WINNT\Qfh.exe
O4 - HKCU\..\Run: [Caq] C:\WINNT\Ppu.exe
O4 - HKCU\..\Run: [Fth] C:\WINNT\Sko.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O15 - Trusted Zone: http://*.teens-dream.com
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c7.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{53E75313-F00B-4037-B778-F8A5F92F922C}: NameServer = 72.16.1.170,72.16.1.171
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Oracle Apache Server PCDB - Unknown owner - d:\oracle\findbcomn\util\OamkSvc.exe
O23 - Service: Oracle Fulfillment Server PCDB_self - Unknown owner - d:\oracle\findbcomn\util\OamkSvc.exe
O23 - Service: Oracle ICSM self PCDB_self - Unknown owner - d:\oracle\findbcomn\util\OamkSvc.exe
O23 - Service: Oracle Metrics Client PCDB - Oracle Corporation - e:\oracle\findbora\8.0.6\bin\d2lc60.exe
O23 - Service: Oracle Metrics Server PCDB - Oracle Corporation - e:\oracle\findbora\8.0.6\bin\d2ls60.exe
O23 - Service: Oracle Web Integration Server - Unknown owner - e:\oracle\findbora\iAS\panama\webintegration\server\bin\serverSvc.exe (file missing)
O23 - Service: OracleConcMgrPCDB_self - Oracle Corporation - e:\oracle\findbappl\fnd\11.5.0\bin\CCMSVC.exe
O23 - Service: OracleDiscoverer4i_PCDB (OracleDiscoverer4i) - Unknown owner - e:\oracle\findbora\8.0.6\discwb4\dis4srv.exe
O23 - Service: OracleFormsServer-Forms60PCDB - Unknown owner - d:\oracle\findbcomn\util\OamkSvc.exe
O23 - Service: OraclePCDBOra806TNSListener80APPS_PCDB - Unknown owner - e:\oracle\findbora\8.0.6\BIN\TNSLSNR80.exe
O23 - Service: OraclePCDB_db920_RDBMSAgent - Oracle Corporation - d:\oracle\findbdb\9.2.0\bin\agntsrvc.exe
O23 - Service: OraclePCDB_db920_RDBMSClientCache - Unknown owner - d:\oracle\findbdb\9.2.0\BIN\ONRSD.EXE
O23 - Service: OraclePCDB_db920_RDBMSHTTPServer - Unknown owner - d:\oracle\findbdb\9.2.0\Apache\Apache\apache.exe" --ntservice (file missing)
O23 - Service: OraclePCDB_db920_RDBMSPagingServer - Unknown owner - d:\oracle\findbdb\9.2.0/bin/pagntsrv.exe
O23 - Service: OraclePCDB_db920_RDBMSSNMPPeerEncapsulator - Unknown owner - d:\oracle\findbdb\9.2.0\BIN\ENCSVC.EXE
O23 - Service: OraclePCDB_db920_RDBMSSNMPPeerMasterAgent - Unknown owner - d:\oracle\findbdb\9.2.0\BIN\AGNTSVC.EXE
O23 - Service: OraclePCDB_db920_RDBMSTNSListenerPCDB - Unknown owner - d:\oracle\findbdb\9.2.0\BIN\TNSLSNR.exe
O23 - Service: OraclePCDB_HOMEExtprocAgent - Unknown owner - e:\oracle\findbora\8.0.6\BIN\EXTPROCT.EXE
O23 - Service: OraclePCDB_IASAgent - Oracle Corporation - e:\oracle\findbora\iAS\bin\dbsnmp.exe
O23 - Service: OraclePCDB_IASClientCache - Unknown owner - e:\oracle\findbora\iAS\BIN\ONRSD.EXE
O23 - Service: OraclePCDB_IASDataGatherer - Oracle Corporation - e:\oracle\findbora\iAS\bin\vppdc.exe
O23 - Service: OraclePCDB_IASHTTPServer - Unknown owner - e:\oracle\findbora\iAS\Apache\Apache\Apache.exe
O23 - Service: OraclePCDB_IASPagingServer - Unknown owner - e:\oracle\findbora\iAS\bin\pagntsrv.exe
O23 - Service: OraclePCDB_IASWebCache - Unknown owner - e:\oracle\findbora\iAS\bin\webcached.exe
O23 - Service: OraclePCDB_IASWebCacheAdmin - Unknown owner - e:\oracle\findbora\iAS\bin\webcached.exe
O23 - Service: OraclePCDB_IASWebCacheMon - Unknown owner - e:\oracle\findbora\iAS\bin\webcachemon.exe
O23 - Service: Oracle Reports Server [Rep60_PCDB] (OracleReportServer-Rep60_PCDB) - Oracle Corp - e:\oracle\findbora\8.0.6\bin\rwmts60.exe
O23 - Service: OracleServicePCDB - Oracle Corporation - d:\oracle\findbdb\9.2.0\bin\ORACLE.EXE
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
Any help would be appreciated.
Thanks,
cooldude
Sign In
Create Account
