Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Winfixxer [CLOSED]


  • This topic is locked This topic is locked

#16
foxshox

foxshox

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Logfile of HijackThis v1.99.1
Scan saved at 2:09:01 PM, on 10/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Philips\PSA2\skin\QveCplSk.EXE
C:\WINDOWS\soundman.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [QveCtl2Tray] C:\Program Files\Philips\PSA2\skin\QveCplSk.EXE C:\Program Files\Philips\PSA2\skin
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1126587433640
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: CWShredder Service - Unknown owner - C:\DOCUMENTS AND SETTINGS\NIK SHAH\DESKTOP\cwshredder.exe (file missing)
O23 - Service: WinFast® Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

If I didnt know any better, it looks to me like that about cleared it right up. Thanks alot!

Also, with the huge enormity( that I had seen on the boards) of people with this problem, do you have any idea of where this could have stemmed from. I was just wondering because, I definately dont want to go through this again, even with the quick fix. Thanks again!

Edited by foxshox, 18 October 2005 - 01:19 PM.

  • 0

Advertisements


#17
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Your log looks clean. I would, just the same, like to check your registry for any traces of those 2 files.

1. Download "Registry Search Tool" (RegSrch.vbs) from HERE

2. Start it and paste in netdde.

3. Wait for it to complete the search, click ok at the prompt.

4. Then when wordpad opens, copy the text as a reply into this thread.

5. Repeat the procedure with the other file: slassac

Regards,

Trevuren

  • 0

#18
foxshox

foxshox

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
For netdde here are the results, the other slassac didnt have anything found.


REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "netdde" 10/19/2005 2:13:53 PM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetDDE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetDDE\DDE Shares]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetDDE\DDE Shares\Chat$]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetDDE\DDE Shares\CLPBK$]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetDDE\DDE Shares\Hearts$]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetDDE\Parameters]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetDDE\Parameters\General]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetDDE\Parameters\NDDEAGNT]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetDDE\Parameters\NDDEAPI]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetDDE\Parameters\NetBIOS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\netdde.exe]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\NetDDEGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\SysProcs]
"netdde.exe"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\NetDDE Object]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\NetDDE Object\ObjectNames]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\NetDDE]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetDDE]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetDDE]
"Group"="NetDDEGroup"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetDDE\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetDDEdsdm]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetDDEdsdm\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\netdde.exe]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\NetDDEGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Terminal Server\SysProcs]
"netdde.exe"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Security\NetDDE Object]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Security\NetDDE Object\ObjectNames]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\NetDDE]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\NetDDE]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\NetDDE]
"Group"="NetDDEGroup"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\NetDDE\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\NetDDEdsdm]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\NetDDEdsdm\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\netdde.exe]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\SysProcs]
"netdde.exe"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\NetDDE Object]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\NetDDE Object\ObjectNames]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\NetDDE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetDDE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetDDE]
"Group"="NetDDEGroup"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetDDE\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetDDEdsdm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetDDEdsdm\Security]

[HKEY_USERS\.DEFAULT\Software\Microsoft\NetDDE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\NetDDE\DDE Trusted Shares]

[HKEY_USERS\.DEFAULT\Software\Microsoft\NetDDE\DDE Trusted Shares\D14278089]

[HKEY_USERS\.DEFAULT\Software\Microsoft\NetDDE\DDE Trusted Shares\D14278089\Chat$]

[HKEY_USERS\.DEFAULT\Software\Microsoft\NetDDE\DDE Trusted Shares\D14278089\CLPBK$]

[HKEY_USERS\.DEFAULT\Software\Microsoft\NetDDE\DDE Trusted Shares\D14278089\Hearts$]

[HKEY_USERS\S-1-5-19\Software\Microsoft\NetDDE]

[HKEY_USERS\S-1-5-19\Software\Microsoft\NetDDE\DDE Trusted Shares]

[HKEY_USERS\S-1-5-19\Software\Microsoft\NetDDE\DDE Trusted Shares\D14278089]

[HKEY_USERS\S-1-5-19\Software\Microsoft\NetDDE\DDE Trusted Shares\D14278089\Chat$]

[HKEY_USERS\S-1-5-19\Software\Microsoft\NetDDE\DDE Trusted Shares\D14278089\CLPBK$]

[HKEY_USERS\S-1-5-19\Software\Microsoft\NetDDE\DDE Trusted Shares\D14278089\Hearts$]

[HKEY_USERS\S-1-5-20\Software\Microsoft\NetDDE]

[HKEY_USERS\S-1-5-20\Software\Microsoft\NetDDE\DDE Trusted Shares]

[HKEY_USERS\S-1-5-20\Software\Microsoft\NetDDE\DDE Trusted Shares\D14278089]

[HKEY_USERS\S-1-5-20\Software\Microsoft\NetDDE\DDE Trusted Shares\D14278089\Chat$]

[HKEY_USERS\S-1-5-20\Software\Microsoft\NetDDE\DDE Trusted Shares\D14278089\CLPBK$]

[HKEY_USERS\S-1-5-20\Software\Microsoft\NetDDE\DDE Trusted Shares\D14278089\Hearts$]

[HKEY_USERS\S-1-5-21-1606980848-606747145-682003330-1003\Software\Microsoft\NetDDE]

[HKEY_USERS\S-1-5-21-1606980848-606747145-682003330-1003\Software\Microsoft\NetDDE\DDE Trusted Shares]

[HKEY_USERS\S-1-5-21-1606980848-606747145-682003330-1003\Software\Microsoft\NetDDE\DDE Trusted Shares\D14278089]

[HKEY_USERS\S-1-5-21-1606980848-606747145-682003330-1003\Software\Microsoft\NetDDE\DDE Trusted Shares\D14278089\Chat$]

[HKEY_USERS\S-1-5-21-1606980848-606747145-682003330-1003\Software\Microsoft\NetDDE\DDE Trusted Shares\D14278089\CLPBK$]

[HKEY_USERS\S-1-5-21-1606980848-606747145-682003330-1003\Software\Microsoft\NetDDE\DDE Trusted Shares\D14278089\Hearts$]

[HKEY_USERS\S-1-5-18\Software\Microsoft\NetDDE]

[HKEY_USERS\S-1-5-18\Software\Microsoft\NetDDE\DDE Trusted Shares]

[HKEY_USERS\S-1-5-18\Software\Microsoft\NetDDE\DDE Trusted Shares\D14278089]

[HKEY_USERS\S-1-5-18\Software\Microsoft\NetDDE\DDE Trusted Shares\D14278089\Chat$]

[HKEY_USERS\S-1-5-18\Software\Microsoft\NetDDE\DDE Trusted Shares\D14278089\CLPBK$]

[HKEY_USERS\S-1-5-18\Software\Microsoft\NetDDE\DDE Trusted Shares\D14278089\Hearts$]

Edited by foxshox, 19 October 2005 - 01:16 PM.

  • 0

#19
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Let's narrow the range a bit:

1. Download "Registry Search Tool" (RegSrch.vbs) from HERE

2. Start it and paste in netdde.dll.

3. Wait for it to complete the search, click ok at the prompt.

4. Then when wordpad opens, copy the text as a reply into this thread.


5. And do the same with : slassac.dll


Regards,

Trevuren

  • 0

#20
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP