[foxshox]

Logfile of HijackThis v1.99.1
Scan saved at 2:09:01 PM, on 10/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Philips\PSA2\skin\QveCplSk.EXE
C:\WINDOWS\soundman.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [QveCtl2Tray] C:\Program Files\Philips\PSA2\skin\QveCplSk.EXE C:\Program Files\Philips\PSA2\skin
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1126587433640
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: CWShredder Service - Unknown owner - C:\DOCUMENTS AND SETTINGS\NIK SHAH\DESKTOP\cwshredder.exe (file missing)
O23 - Service: WinFast® Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

If I didnt know any better, it looks to me like that about cleared it right up. Thanks alot!

Also, with the huge enormity( that I had seen on the boards) of people with this problem, do you have any idea of where this could have stemmed from. I was just wondering because, I definately dont want to go through this again, even with the quick fix. Thanks again!

Edited by foxshox, 18 October 2005 - 01:19 PM.

[Advertisements]

Your log looks clean. I would, just the same, like to check your registry for any traces of those 2 files.

1. Download "Registry Search Tool" (RegSrch.vbs) from HERE

2. Start it and paste in netdde.

3. Wait for it to complete the search, click ok at the prompt.

4. Then when wordpad opens, copy the text as a reply into this thread.

5. Repeat the procedure with the other file: slassac

Regards,

Trevuren

[Trevuren]

Your log looks clean. I would, just the same, like to check your registry for any traces of those 2 files.

1. Download "Registry Search Tool" (RegSrch.vbs) from HERE

2. Start it and paste in netdde.

3. Wait for it to complete the search, click ok at the prompt.

4. Then when wordpad opens, copy the text as a reply into this thread.

5. Repeat the procedure with the other file: slassac

Regards,

Trevuren

[foxshox]

For netdde here are the results, the other slassac didnt have anything found.


REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "netdde" 10/19/2005 2:13:53 PM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetDDE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetDDE\DDE Shares]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetDDE\DDE Shares\Chat$]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetDDE\DDE Shares\CLPBK$]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetDDE\DDE Shares\Hearts$]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetDDE\Parameters]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetDDE\Parameters\General]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetDDE\Parameters\NDDEAGNT]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetDDE\Parameters\NDDEAPI]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetDDE\Parameters\NetBIOS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\netdde.exe]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\NetDDEGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\SysProcs]
"netdde.exe"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\NetDDE Object]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\NetDDE Object\ObjectNames]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\NetDDE]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetDDE]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetDDE]
"Group"="NetDDEGroup"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetDDE\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetDDEdsdm]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetDDEdsdm\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\netdde.exe]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\NetDDEGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Terminal Server\SysProcs]
"netdde.exe"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Security\NetDDE Object]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Security\NetDDE Object\ObjectNames]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\NetDDE]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\NetDDE]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\NetDDE]
"Group"="NetDDEGroup"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\NetDDE\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\NetDDEdsdm]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\NetDDEdsdm\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\netdde.exe]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\SysProcs]
"netdde.exe"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\NetDDE Object]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\NetDDE Object\ObjectNames]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\NetDDE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetDDE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetDDE]
"Group"="NetDDEGroup"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetDDE\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetDDEdsdm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetDDEdsdm\Security]

[HKEY_USERS\.DEFAULT\Software\Microsoft\NetDDE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\NetDDE\DDE Trusted Shares]

[HKEY_USERS\.DEFAULT\Software\Microsoft\NetDDE\DDE Trusted Shares\D14278089]

[HKEY_USERS\.DEFAULT\Software\Microsoft\NetDDE\DDE Trusted Shares\D14278089\Chat$]

[HKEY_USERS\.DEFAULT\Software\Microsoft\NetDDE\DDE Trusted Shares\D14278089\CLPBK$]

[HKEY_USERS\.DEFAULT\Software\Microsoft\NetDDE\DDE Trusted Shares\D14278089\Hearts$]

[HKEY_USERS\S-1-5-19\Software\Microsoft\NetDDE]

[HKEY_USERS\S-1-5-19\Software\Microsoft\NetDDE\DDE Trusted Shares]

[HKEY_USERS\S-1-5-19\Software\Microsoft\NetDDE\DDE Trusted Shares\D14278089]

[HKEY_USERS\S-1-5-19\Software\Microsoft\NetDDE\DDE Trusted Shares\D14278089\Chat$]

[HKEY_USERS\S-1-5-19\Software\Microsoft\NetDDE\DDE Trusted Shares\D14278089\CLPBK$]

[HKEY_USERS\S-1-5-19\Software\Microsoft\NetDDE\DDE Trusted Shares\D14278089\Hearts$]

[HKEY_USERS\S-1-5-20\Software\Microsoft\NetDDE]

[HKEY_USERS\S-1-5-20\Software\Microsoft\NetDDE\DDE Trusted Shares]

[HKEY_USERS\S-1-5-20\Software\Microsoft\NetDDE\DDE Trusted Shares\D14278089]

[HKEY_USERS\S-1-5-20\Software\Microsoft\NetDDE\DDE Trusted Shares\D14278089\Chat$]

[HKEY_USERS\S-1-5-20\Software\Microsoft\NetDDE\DDE Trusted Shares\D14278089\CLPBK$]

[HKEY_USERS\S-1-5-20\Software\Microsoft\NetDDE\DDE Trusted Shares\D14278089\Hearts$]

[HKEY_USERS\S-1-5-21-1606980848-606747145-682003330-1003\Software\Microsoft\NetDDE]

[HKEY_USERS\S-1-5-21-1606980848-606747145-682003330-1003\Software\Microsoft\NetDDE\DDE Trusted Shares]

[HKEY_USERS\S-1-5-21-1606980848-606747145-682003330-1003\Software\Microsoft\NetDDE\DDE Trusted Shares\D14278089]

[HKEY_USERS\S-1-5-21-1606980848-606747145-682003330-1003\Software\Microsoft\NetDDE\DDE Trusted Shares\D14278089\Chat$]

[HKEY_USERS\S-1-5-21-1606980848-606747145-682003330-1003\Software\Microsoft\NetDDE\DDE Trusted Shares\D14278089\CLPBK$]

[HKEY_USERS\S-1-5-21-1606980848-606747145-682003330-1003\Software\Microsoft\NetDDE\DDE Trusted Shares\D14278089\Hearts$]

[HKEY_USERS\S-1-5-18\Software\Microsoft\NetDDE]

[HKEY_USERS\S-1-5-18\Software\Microsoft\NetDDE\DDE Trusted Shares]

[HKEY_USERS\S-1-5-18\Software\Microsoft\NetDDE\DDE Trusted Shares\D14278089]

[HKEY_USERS\S-1-5-18\Software\Microsoft\NetDDE\DDE Trusted Shares\D14278089\Chat$]

[HKEY_USERS\S-1-5-18\Software\Microsoft\NetDDE\DDE Trusted Shares\D14278089\CLPBK$]

[HKEY_USERS\S-1-5-18\Software\Microsoft\NetDDE\DDE Trusted Shares\D14278089\Hearts$]

Edited by foxshox, 19 October 2005 - 01:16 PM.

[Trevuren]

Let's narrow the range a bit:

1. Download "Registry Search Tool" (RegSrch.vbs) from HERE

2. Start it and paste in netdde.dll.

3. Wait for it to complete the search, click ok at the prompt.

4. Then when wordpad opens, copy the text as a reply into this thread.


5. And do the same with : slassac.dll


Regards,

Trevuren

[Trevuren]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.