Jump to content


Photo

HELP!


  • This topic is locked This topic is locked
13 replies to this topic

#1 Jing

Jing

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 22 May 2004 - 06:11 AM

i followed the instructions at http://www.spywarein...30 but i can't do the attrib -r "nameofdll".dll thing! all i see is a black box flash on the screen long enough for me to read "Acess Denied"!
I really need help with this CWS crap so pls reply!
thanks in advance

#2 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Global Moderator
  • PipPipPipPipPip
  • 5,365 posts

Posted 22 May 2004 - 08:08 AM

Hi,
Those are old instructions and no longer valid ...

Tools and Downloads required:

Download: "Find-All.zip"
http://www10.brinkst...last/pvtool.htm
Unzip but do not do anything yet, it will be needed later.

Download: "SALAMAND.zip"
http://www10.brinkst...last/pvtool.htm
Unzip but do not do anything yet, it will be needed later.

Download and install: (freeware)
Registrar Lite: http://www.resplendence.com/reglite

Download: CWShredder
http://www.spywarein.../hijackthis.zip
Unzip, but do not run it yet, it will be needed later.

Download: Ad-Aware
http://www.lavasoft....ftware/adaware/
Install, but do not run it yet, it will be needed later.

Download: SpyBot-Search & Destroy 1.3
http://majorgeeks.co...wnload2471.html
Install, but do not run it yet, it will be needed later.

[Step 1]

Hint: you may want to print this out to avoid mistakes.

Open Reglite, copy and paste the below into the address bar, hit "Go" button:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs


Double-click the "AppInit_Dlls" entry (right pane)
Copy and paste in your next post the following fields:
-Size
-Value
Close Reglite


Next: Locate and double-click the (included in Find-All.zip) "Find-All.bat"
When completed, generates "output.txt"
Copy and Paste the entire contents of "output.txt" into your next post.
Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file

#3 Jing

Jing

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 22 May 2004 - 08:35 AM

AppInit_Dlls
Size: 1
Value: C:\Windows\System32\d3dhb.dll

Find All Log

--==***@@@ 'FIND-ALL' VERSION 6.1 -5/21 @@@***==--


Sat May 22 21:34:43 2004 -- Results:
*System Info:

Microsoft Windows XP [Version 5.1.2600]
C: "" (3C45:E7CC) - FS:NTFS clusters:4k
Total: 80 015 491 072 [75G] - Free: 33 490 272 256 [31G]


*IE version and Service packs:
6.0.2600.0 C:\Program Files\Internet Explorer\Iexplore.exe

! REG.EXE VERSION 2.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
MinorVersion REG_SZ ;Q822925;Q330994;

*Google Toolbar version and Attributes:
2.0.111.0 C:\Program Files\google\googletoolbar2.dll
Defaults: "A" ;"R"
A R C:\Program Files\google\GoogleToolbar2.dll
File not found - C:\Program Files\google\googletoolbar1.dll

*UserAgent:
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]


*Wmplayer version:
9.0.0.2980 C:\Program Files\Windows Media Player\wmplayer.exe
6.4.9.1120 C:\Program Files\Windows Media Player\mplayer2.exe

*M$Java version:


*PC uptime:
9:34pm up 0 days, 0:09

*Locked or 'Suspect' file(s) found...
\\?\C:\WINDOWS\System32\D3DHB.DLL +++ File read error
\\?\C:\WINDOWS\System32\D3DHB.DLL +++ File read error


*Tasks (services):
0 System Process
4 System
600 smss.exe
656 csrss.exe Title:
680 winlogon.exe Title: NetDDE Agent
724 services.exe Svcs: Eventlog,PlugPlay
736 lsass.exe Svcs: PolicyAgent,ProtectedStorage,SamSs
928 svchost.exe Svcs: RpcSs
1028 svchost.exe Svcs: AudioSrv,Browser,CryptSvc,Dhcp,dmserver,ERSvc,EventSystem,FastUserSwitchingCompa
ibility,helpsvc,HidServ,lanmanserver,lanmanworkstation,Messenger,Netman,Nla,RasA
to,RasMan,Schedule,seclogon,SENS,SharedAccess,ShellHWDetection,srservice,TapiSrv
TermService
1152 svchost.exe Svcs: Dnscache
1184 svchost.exe Svcs: LmHosts,RemoteRegistry,SSDPSRV,WebClient
1356 spoolsv.exe Svcs: Spooler
1384 CCEVTMGR.EXE Svcs: ccEvtMgr
1580 alg.exe Svcs: ALG
1608 CTSVCCDA.EXE Svcs: Creative Service for CDROM Access
1688 GHOSTS~2.EXE Svcs: GhostStartService
1716 mdm.exe Svcs: MDM
1740 NAVAPSVC.EXE Svcs: navapsvc
1808 NPROTECT.EXE Svcs: NProtectService
1896 nvsvc32.exe Svcs: NVSvc
144 NOPDB.EXE Svcs: Speed Disk service
224 MsPMSPSv.exe Svcs: WMDM PMSP Service
1000 explorer.exe Title: Program Manager
512 EM_EXEC.EXE Title: Logitech GetMessage Hook
420 Wf2k.exe Title: WinFox II ( Leadtek Web Site(www.leadtek.com.tw) )
380 jusched.exe Title: OleMainThreadWndName
624 CTHELPER.EXE Title: CtHelper
792 ccApp.exe Title: Norton AntiVirus
972 GhostStartTrayApGhostStartTrayAppTitle: GhostStartTrayApp
1080 SOUNDMAN.EXE Title: ALSMTray
1096 rundll32.exe Title: MediaCenter
1160 ctfmon.exe Title:
1060 CTLTask.exe Title: CTLTask
1304 CTLTray.exe Title:
1480 msnmsgr.exe Title: DDE Server Window
1672 TeaTimer.exe Title:
1892 AIRPLUS.EXE Title: TI Wireless LAN Monitor
3160 IEXPLORE.EXE Title: SWI Forums -> Replying in HELP! - Microsoft Internet Explorer
3424 IEXPLORE.EXE Title: Lowyat.NET :: Malaysia's Tech Enthusiast Resource Community - Microsoft Internet Explorer
2908 IEXPLORE.EXE Title: F1Racing.net - Every day updated Formula One news! (For Formula 1 news, results, photos and mor - Microsoft Internet Explorer
2480 cmd.exe Title: C:\WINDOWS\System32\cmd.exe
2536 ntvdm.exe
3488 msmsgs.exe Title:
2784 tlist.exe
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
"AppInit_DLLs"=""

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
@="NAV Helper"

REGEDIT4

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter]

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\Class Install Handler]
@="AP Class Install Handler filter"
"CLSID"="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\deflate]
@="AP Deflate Encoding/Decoding Filter "
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\gzip]
@="AP GZIP Encoding/Decoding Filter "
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\lzdhtml]
@="AP lzdhtml encoding/decoding Filter"
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/webviewhtml]
@="WebView MIME Filter"
"CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"

*Security settings for 'Windows' key:


! REG.EXE VERSION 2.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_Dlls REG_SZ


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW QWCEN-DS-- BUILTIN\Power Users
(ID-IO) ALLOW QWCEN-DS-- BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Full access JINGNEWCOMP\Jing-Yuan
(ID-IO) ALLOW Full access CREATOR OWNER

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
Read BUILTIN\Users
QWCEN-DS-- BUILTIN\Power Users
Full access BUILTIN\Administrators
Full access NT AUTHORITY\SYSTEM
Full access JINGNEWCOMP\Jing-Yuan


*ACLs list for *.* in 'junk' folder: (if exist)

Error: Cannot open file [C:\junk\*.*]
*Contents of file(s) in 'junk' folder:

Sat May 22 21:34:44 2004 -- *Find-All 'Windows'.hiv list:
A C:\DOCUME~1\JING-Y~1\MYDOCU~1\Find-All\Find-All\winBackup.hiv
A C:\DOCUME~1\JING-Y~1\MYDOCU~1\Find-All\Find-All\windows.txt
A C:\FindallwinBackup.hiv


#4 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Global Moderator
  • PipPipPipPipPip
  • 5,365 posts

Posted 22 May 2004 - 08:58 AM

Hi,
[Step 2]

Open Reglite, copy and paste the below into the address bar, hit "Go" button:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs



Rename the highlighted "Windows" key (left pane)
To rename: Right-click and select: Rename
(type) NoWindows

Next: Double-click "AppInit_DLLs" again (right pane)
Clear (delete) the "Value" containing the D3DHB.DLL and click "Apply", then Ok.

IMPORTANT: Rename the "NoWindows" key (left pane)
To rename: Right-click and select: Rename
(type) "Windows" (no quotes) and close Registrar Lite.

Next: Reboot, IMPORTANT: do not do anything else just reboot.


[Step 3]

Open Salamand.exe included in "SALAMAND.zip"
Follow these menu options exactly as described:

Click the "Left" menu item (top left)
Select: "Change Drive", select: C:

Click the "Right" menu item (top right)
Select: "Change Drive", select: C:

Click the "Commands" menu item
Select: "Create Directory"
(type) junk and press Ok

Click the "Options" menu item
Select: "Command Line"

Click the "Commands" menu item
Select: "Change Directory"
(type) C:\WINDOWS\System32 and press Ok

Click the "Commands" menu item again
Select: "Find Files", then click the "Edit" button.

In the "Search for" box (type) D3DHB.DLL press Ok.
Note: uncheck "include subdirectories" option
Press "Start" (bottom left)

On "file found" press "Focus" button

Next: click "Files" menu item (up top)
Select: "Move\Rename" (type) C:\junk and press Ok.

[Step 4]

Locate: "xfix.bat" included in the Find-All.zip

Double click on it once, it should clean/restore the key.
(though nothing would appear to happen)

Run the "Find-All.bat" again and post the "output.txt" results.
Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file

#5 Jing

Jing

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 22 May 2004 - 10:01 AM

--==***@@@ 'FIND-ALL' VERSION 6.1 -5/21 @@@***==--


Sat May 22 23:00:55 2004 -- Results:
*System Info:

Microsoft Windows XP [Version 5.1.2600]
C: "" (3C45:E7CC) - FS:NTFS clusters:4k
Total: 80 015 491 072 [75G] - Free: 33 490 223 104 [31G]


*IE version and Service packs:
6.0.2600.0 C:\Program Files\Internet Explorer\Iexplore.exe

! REG.EXE VERSION 2.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
MinorVersion REG_SZ ;Q822925;Q330994;

*Google Toolbar version and Attributes:
2.0.111.0 C:\Program Files\google\googletoolbar2.dll
Defaults: "A" ;"R"
A R C:\Program Files\google\GoogleToolbar2.dll
File not found - C:\Program Files\google\googletoolbar1.dll

*UserAgent:
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]


*Wmplayer version:
9.0.0.2980 C:\Program Files\Windows Media Player\wmplayer.exe
6.4.9.1120 C:\Program Files\Windows Media Player\mplayer2.exe

*M$Java version:


*PC uptime:
11:00pm up 0 days, 1:35

*Locked or 'Suspect' file(s) found...
\\?\C:\junk\D3DHB.DLL +++ File read error


*Tasks (services):
0 System Process
4 System
600 smss.exe
656 csrss.exe Title: End Program - C:\WINDOWS\System32\cmd.exe
680 winlogon.exe Title: NetDDE Agent
724 services.exe Svcs: Eventlog,PlugPlay
736 lsass.exe Svcs: PolicyAgent,ProtectedStorage,SamSs
928 svchost.exe Svcs: RpcSs
1028 svchost.exe Svcs: AudioSrv,Browser,CryptSvc,Dhcp,dmserver,ERSvc,EventSystem,FastUserSwitchingCompa
ibility,helpsvc,HidServ,lanmanserver,lanmanworkstation,Messenger,Netman,Nla,RasA
to,RasMan,Schedule,seclogon,SENS,SharedAccess,ShellHWDetection,srservice,TapiSrv
TermService
1152 svchost.exe Svcs: Dnscache
1184 svchost.exe Svcs: LmHosts,RemoteRegistry,SSDPSRV,WebClient
1356 spoolsv.exe Svcs: Spooler
1384 CCEVTMGR.EXE Svcs: ccEvtMgr
1580 alg.exe Svcs: ALG
1608 CTSVCCDA.EXE Svcs: Creative Service for CDROM Access
1688 GHOSTS~2.EXE Svcs: GhostStartService
1716 mdm.exe Svcs: MDM
1740 NAVAPSVC.EXE Svcs: navapsvc
1808 NPROTECT.EXE Svcs: NProtectService
1896 nvsvc32.exe Svcs: NVSvc
144 NOPDB.EXE Svcs: Speed Disk service
224 MsPMSPSv.exe Svcs: WMDM PMSP Service
1000 explorer.exe Title: Program Manager
512 EM_EXEC.EXE Title: Logitech GetMessage Hook
420 Wf2k.exe Title: WinFox II ( Leadtek Web Site(www.leadtek.com.tw) )
380 jusched.exe Title: OleMainThreadWndName
624 CTHELPER.EXE Title: CtHelper
792 ccApp.exe Title: Norton AntiVirus
972 GhostStartTrayApGhostStartTrayAppTitle: GhostStartTrayApp
1080 SOUNDMAN.EXE Title: ALSMTray
1096 rundll32.exe Title: MediaCenter
1160 ctfmon.exe Title:
1060 CTLTask.exe Title: CTLTask
1304 CTLTray.exe Title:
1480 msnmsgr.exe Title:
1672 TeaTimer.exe Title:
1892 AIRPLUS.EXE Title: TI Wireless LAN Monitor
3144 IEXPLORE.EXE Title: SWI Forums -> Replying in HELP! - Microsoft Internet Explorer
3712 msmsgs.exe Title:
3440 cmd.exe Title: C:\WINDOWS\System32\cmd.exe
464 ntvdm.exe
2504 tlist.exe
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
"AppInit_DLLs"=""

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
@="NAV Helper"

REGEDIT4

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter]

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\Class Install Handler]
@="AP Class Install Handler filter"
"CLSID"="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\deflate]
@="AP Deflate Encoding/Decoding Filter "
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\gzip]
@="AP GZIP Encoding/Decoding Filter "
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\lzdhtml]
@="AP lzdhtml encoding/decoding Filter"
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/webviewhtml]
@="WebView MIME Filter"
"CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"

*Security settings for 'Windows' key:


! REG.EXE VERSION 2.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_Dlls REG_SZ


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW QWCEN-DS-- BUILTIN\Power Users
(ID-IO) ALLOW QWCEN-DS-- BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Full access JINGNEWCOMP\Jing-Yuan
(ID-IO) ALLOW Full access CREATOR OWNER

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
Read BUILTIN\Users
QWCEN-DS-- BUILTIN\Power Users
Full access BUILTIN\Administrators
Full access NT AUTHORITY\SYSTEM
Full access JINGNEWCOMP\Jing-Yuan


*ACLs list for *.* in 'junk' folder: (if exist)

*Contents of file(s) in 'junk' folder:
d3dhb.dll

Sat May 22 23:00:56 2004 -- *Find-All 'Windows'.hiv list:
A C:\DOCUME~1\JING-Y~1\MYDOCU~1\Find-All\Find-All\winBackup.hiv
A C:\DOCUME~1\JING-Y~1\MYDOCU~1\Find-All\Find-All\windows.txt
A C:\FindallwinBackup.hiv


I think it is gone now... Thanks a lot

#6 Jing

Jing

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 22 May 2004 - 10:02 AM

P.S do i need to run Ad-Aware and Spybot now?

#7 Jing

Jing

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 22 May 2004 - 10:38 AM

bump

#8 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Global Moderator
  • PipPipPipPipPip
  • 5,365 posts

Posted 22 May 2004 - 10:49 AM

Hi,
So far so good ...

[Step 5]

Open Salamand again
Click the "Left" menu item (top left)
Select: "Change Drive", select: C:

The bottom Address Bar should show: C:\>

Copy and Paste the following 2 commands, one at a time, press Enter.
Important: Close the prompt box after each command return.
Note: You should get (processed..) confirmation on first, and nothing on the second.

Command 1:

cacls %SYSTEMDRIVE%\junk\*.dll /t /e /g Administrators:f & cacls %SYSTEMDRIVE%\junk /t /e /g Administrators:f


Command 2:

attrib -r \\?\%SYSTEMDRIVE%\junk\*.dll & ren \\?\%SYSTEMDRIVE%\junk\*.dll *.111


Close Salamand, open Windows Explorer and delete the C:\Junk folder.

Next, run CWShredder, Ad-Aware and\or SpyBot and post a fresh log.
Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file

#9 Jing

Jing

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 22 May 2004 - 11:01 AM

YESSSS I THINK IT IS GONE FOR GOOD! THANKS SO MUCH! and BTW whenever i run my spbot, it always comes up with this DSO Exploit crap (5 entries) .. Always.. even though i delete it. is there a way to get rid of it permanently? Ad-aware does not seem to pick this up. anyways, my ad-aware log and i am going to post a FindAll Log again. and what are these cookie data mining thingies? mind telling me?


Ad-Aware Log
Lavasoft Ad-aware Personal Build 6.181
Logfile created on :Saturday, May 22, 2004 11:58:06 PM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R298 20.04.2004
______________________________________________________

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan within archives


5-22-2004 11:58:06 PM - Scan started. (Smart mode)

Listing running processes
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 5-22-2004 1:25:59 PM
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 5-22-2004 1:26:04 PM
BasePriority : High


#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 5-22-2004 1:26:05 PM
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft
Created on : 8/23/2001 12:00:00 PM
Last accessed : 5/22/2004 3:58:06 PM
Last modified : 8/23/2001 12:00:00 PM

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 5-22-2004 1:26:05 PM
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 8/23/2001 12:00:00 PM
Last accessed : 5/22/2004 3:58:06 PM
Last modified : 8/23/2001 12:00:00 PM

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 5-22-2004 1:26:05 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 8/23/2001 12:00:00 PM
Last accessed : 5/22/2004 3:58:06 PM
Last modified : 8/23/2001 12:00:00 PM

#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 5-22-2004 1:26:05 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 8/23/2001 12:00:00 PM
Last accessed : 5/22/2004 3:58:06 PM
Last modified : 8/23/2001 12:00:00 PM

#:7 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 5-22-2004 1:26:05 PM
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 8/23/2001 12:00:00 PM
Last accessed : 5/22/2004 3:58:07 PM
Last modified : 8/23/2001 12:00:00 PM

#:8 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 5-22-2004 1:26:05 PM
BasePriority : Normal
FileSize : 309 KB
FileVersion : 1.03.4
ProductVersion : 1.03.4
Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
OriginalFilename : ccEvtMgr.exe
ProductName : Event Manager
Created on : 9/25/2003 1:08:51 PM
Last accessed : 5/22/2004 3:58:07 PM
Last modified : 7/17/2003 3:16:38 AM

#:9 [ctsvccda.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 5-22-2004 1:26:06 PM
BasePriority : Normal
FileSize : 43 KB
FileVersion : 1.0.1.0
ProductVersion : 1.0.0.0
Copyright : Copyright © Creative Technology Ltd., 1999. All rights reserved.
CompanyName : Creative Technology Ltd
FileDescription : Creative Service for CDROM Access
InternalName : CTsvcCDAEXE
OriginalFilename : CTsvcCDA.EXE
ProductName : Creative Service for CDROM Access
Created on : 9/12/2003 12:30:20 PM
Last accessed : 5/22/2004 3:58:07 PM
Last modified : 12/12/1999 5:01:00 PM

#:10 [ghosts~2.exe]
FilePath : C:\PROGRA~1\NORTON~1\NORTON~2\
ThreadCreationTime : 5-22-2004 1:26:06 PM
BasePriority : Normal
FileSize : 196 KB
FileVersion : 2003.775
ProductVersion : 2003.775
Copyright : Copyright © 1998-2002 Symantec Corp. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton Ghost Start
InternalName : GhostStartService
OriginalFilename : GhostStartService.exe
ProductName : Norton Ghost Start Service

#:11 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\
ThreadCreationTime : 5-22-2004 1:26:06 PM
BasePriority : Normal
FileSize : 264 KB
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
Copyright : Copyright © Microsoft Corp. 1997-2000
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
OriginalFilename : mdm.exe
ProductName : Microsoft Development Environment
Created on : 2/23/2001 2:07:30 AM
Last accessed : 5/22/2004 3:58:07 PM
Last modified : 2/23/2001 2:07:30 AM

#:12 [navapsvc.exe]
FilePath : C:\Program Files\Norton SystemWorks\Norton AntiVirus\
ThreadCreationTime : 5-22-2004 1:26:06 PM
BasePriority : Normal
FileSize : 113 KB
FileVersion : 9.05.1015
ProductVersion : 9.05.1015
Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
OriginalFilename : NAVAPSVC.EXE
ProductName : Norton AntiVirus
Created on : 9/25/2003 1:08:42 PM
Last accessed : 5/22/2004 3:58:07 PM
Last modified : 11/14/2002 11:41:26 AM

#:13 [nprotect.exe]
FilePath : C:\Program Files\Norton SystemWorks\Norton Utilities\
ThreadCreationTime : 5-22-2004 1:26:06 PM
BasePriority : Normal
FileSize : 132 KB
FileVersion : 16.00.0.22
ProductVersion : 16.00.0.22
Copyright : Copyright © 2003 Symantec Corporation
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
OriginalFilename : NPROTECT.EXE
ProductName : Norton Utilities
Created on : 9/25/2003 12:50:22 PM
Last accessed : 5/22/2004 3:58:07 PM
Last modified : 8/13/2002 10:03:00 PM

#:14 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 5-22-2004 1:26:06 PM
BasePriority : Normal
FileSize : 76 KB
FileVersion : 6.14.10.5303
ProductVersion : 6.14.10.5303
Copyright : © NVIDIA Corporation. All rights reserved.
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 53.03
InternalName : NVSVC
OriginalFilename : nvsvc32.exe
ProductName : NVIDIA Driver Helper Service, Version 53.03
Created on : 11/17/2003 2:33:00 AM
Last accessed : 5/22/2004 3:58:07 PM
Last modified : 11/17/2003 2:33:00 AM

#:15 [nopdb.exe]
FilePath : C:\PROGRA~1\NORTON~1\SPEEDD~1\
ThreadCreationTime : 5-22-2004 1:26:07 PM
BasePriority : Normal
FileSize : 168 KB
FileVersion : 7.00.0.24
ProductVersion : 7.00.0.24
Copyright : Copyright © 2002
CompanyName : Symantec Corporation
FileDescription : NOPDB
InternalName : NOPDB
OriginalFilename : NOPDB.dll
ProductName : Norton Speed Disk
Created on : 9/25/2003 12:51:41 PM
Last accessed : 5/22/2004 3:58:07 PM
Last modified : 8/13/2002 10:00:00 PM

#:16 [mspmspsv.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 5-22-2004 1:26:07 PM
BasePriority : Normal
FileSize : 52 KB
FileVersion : 7.00.00.1954
ProductVersion : 7.00.00.1954
Copyright : Copyright © Microsoft Corp. 1981-2000
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
OriginalFilename : MSPMSPSV.EXE
ProductName : Microsoft ® DRM
Created on : 6/25/2000 11:44:20 PM
Last accessed : 5/22/2004 3:58:07 PM
Last modified : 6/25/2000 11:44:20 PM

#:17 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 5-22-2004 1:26:08 PM
BasePriority : Normal
FileSize : 977 KB
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft
Created on : 8/23/2001 12:00:00 PM
Last accessed : 5/22/2004 3:45:23 PM
Last modified : 8/23/2001 12:00:00 PM

#:18 [em_exec.exe]
FilePath : C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\
ThreadCreationTime : 5-22-2004 1:26:11 PM
BasePriority : Normal
FileSize : 28 KB
FileVersion : 9.70.216
ProductVersion : 9.70
Copyright : Copyright
CompanyName : Logitech Inc.
FileDescription : Control Center
InternalName : EM_EXEC
OriginalFilename : EM_EXEC.CPP
ProductName : MouseWare
Created on : 9/8/2003 9:55:00 AM
Last accessed : 5/22/2004 3:58:07 PM
Last modified : 7/1/2002 1:50:00 AM

#:19 [wf2k.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 5-22-2004 1:26:11 PM
BasePriority : Normal
FileSize : 1580 KB
FileVersion : 5.13.01.2003-2.82
ProductVersion : 5.00
Copyright : Copyright© 2001-2003 Leadtek Research Inc.
CompanyName : Leadtek Research Inc.
FileDescription : WinFox II
InternalName : WinFox II
OriginalFilename : WF2K.EXE
ProductName : WinFox V2.0 (Windows 95/98//ME/2000/XP)
Created on : 9/9/2003 8:48:58 AM
Last accessed : 5/22/2004 3:58:07 PM
Last modified : 6/5/2003 6:02:06 AM

#:20 [jusched.exe]
FilePath : C:\Program Files\Java\j2re1.4.2_01\bin\
ThreadCreationTime : 5-22-2004 1:26:11 PM
BasePriority : Normal
FileSize : 32 KB
Created on : 8/19/2067 9:23:36 AM
Last accessed : 5/22/2004 3:58:07 PM
Last modified : 8/19/2003 9:23:34 AM

#:21 [cthelper.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 5-22-2004 1:26:12 PM
BasePriority : Normal
FileSize : 24 KB
FileVersion : 1, 0, 1, 2
ProductVersion : 1, 0, 1, 2
Copyright : Copyright © 2002-03
CompanyName : Creative Technology Ltd
FileDescription : CtHelper Application
InternalName : CtHelper
OriginalFilename : CtHelper.EXE
ProductName : CtHelper Application
Created on : 9/12/2003 12:31:02 PM
Last accessed : 5/22/2004 3:58:07 PM
Last modified : 10/6/2003 6:57:32 AM

#:22 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 5-22-2004 1:26:14 PM
BasePriority : Normal
FileSize : 53 KB
FileVersion : 1.0.10.006
ProductVersion : 1.0.10.006
Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Common Client CC App
InternalName : ccApp
OriginalFilename : ccApp.exe
ProductName : Common Client
Created on : 1/5/2004 10:23:21 AM
Last accessed : 5/22/2004 3:58:07 PM
Last modified : 12/2/2003 8:11:04 AM

#:23 [ghoststarttrayapp.exe]
FilePath : C:\Program Files\Norton SystemWorks\Norton Ghost\
ThreadCreationTime : 5-22-2004 1:26:14 PM
BasePriority : Normal
FileSize : 92 KB
FileVersion : 2003.775
ProductVersion : 2003.775
Copyright : Copyright © 1998-2002 Symantec Corp. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton Ghost Start
InternalName : GhostStartTrayApp
OriginalFilename : GhostStartTrayApp.exe
ProductName : Norton Ghost Start
Created on : 8/14/2002 7:21:28 AM
Last accessed : 5/22/2004 3:58:07 PM
Last modified : 8/14/2002 7:21:28 AM

#:24 [soundman.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 5-22-2004 1:26:14 PM
BasePriority : Normal
FileSize : 63 KB
FileVersion : 5.1.0.21
ProductVersion : 5.1.0.21
Copyright : Copyright © 2001-2003 Realtek Semiconductor Corp.
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
OriginalFilename : ALSMTray.exe
ProductName : Realtek Sound Manager
Created on : 5/13/2004 3:17:00 PM
Last accessed : 5/22/2004 3:56:10 PM
Last modified : 12/19/2003 9:53:18 AM

#:25 [rundll32.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 5-22-2004 1:26:15 PM
BasePriority : Normal
FileSize : 31 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
OriginalFilename : RUNDLL.EXE
ProductName : Microsoft
Created on : 8/23/2001 12:00:00 PM
Last accessed : 5/22/2004 3:08:36 PM
Last modified : 8/23/2001 12:00:00 PM

#:26 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 5-22-2004 1:26:15 PM
BasePriority : Normal
FileSize : 13 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
OriginalFilename : CTFMON.EXE
ProductName : Microsoft
Created on : 8/23/2001 12:00:00 PM
Last accessed : 5/22/2004 3:58:07 PM
Last modified : 8/23/2001 12:00:00 PM

#:27 [ctltask.exe]
FilePath : C:\Program Files\Creative\SBAudigy\TaskBar\
ThreadCreationTime : 5-22-2004 1:26:15 PM
BasePriority : Normal
FileSize : 120 KB
FileVersion : 1.00.00.33
ProductVersion : 1.00.00.33
Copyright : Copyright © Creative Technology Ltd. 2001
CompanyName : Creative Technology Ltd
FileDescription : Creative Taskbar
InternalName : Taskbar
OriginalFilename : CTLTask.exe
ProductName : Creative Taskbar
Created on : 9/12/2003 12:27:59 PM
Last accessed : 5/22/2004 3:58:07 PM
Last modified : 5/7/2002 5:00:00 PM

#:28 [ctltray.exe]
FilePath : C:\Program Files\Creative\SBAudigy\TaskBar\
ThreadCreationTime : 5-22-2004 1:26:15 PM
BasePriority : Normal
FileSize : 160 KB
FileVersion : 1.00.00.24
ProductVersion : 1.00.00.24
Copyright : Copyright © Creative Technology Ltd. 2001
CompanyName : Creative Technology Ltd.
FileDescription : Creative TaskTray
InternalName : Taskbar
OriginalFilename : CTLTray.exe
ProductName : Creative TaskTray
Created on : 9/12/2003 12:27:59 PM
Last accessed : 5/22/2004 3:58:07 PM
Last modified : 6/28/2001 5:00:00 PM

#:29 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ThreadCreationTime : 5-22-2004 1:26:15 PM
BasePriority : Normal
FileSize : 4572 KB
FileVersion : 6.1.0211
ProductVersion : Version 6.1
Copyright : Copyright © Microsoft Corporation 1997-2003
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msnmsgr
OriginalFilename : msnmsgr.exe
ProductName : Messenger
Created on : 3/4/2004 7:01:00 AM
Last accessed : 5/22/2004 3:08:36 PM
Last modified : 3/4/2004 7:01:00 AM

#:30 [teatimer.exe]
FilePath : C:\Program Files\Spybot - Search & Destroy\
ThreadCreationTime : 5-22-2004 1:26:16 PM
BasePriority : Idle
FileSize : 1014 KB
FileVersion : 1, 3, 0, 12
ProductVersion : 1, 3, 0, 12
CompanyName : Safer Networking Limited
FileDescription : System settings protector
InternalName : TeaTimer
OriginalFilename : TeaTimer.exe
ProductName : Spybot - Search & Destroy
Created on : 5/11/2004 5:03:00 PM
Last accessed : 5/22/2004 3:58:07 PM
Last modified : 5/11/2004 5:03:00 PM

#:31 [airplus.exe]
FilePath : C:\Program Files\D-Link AirPlus\
ThreadCreationTime : 5-22-2004 1:26:16 PM
BasePriority : Normal
FileSize : 256 KB
FileVersion : 3, 0, 2, 0
ProductVersion : 3, 0, 2, 0
Copyright : Copyright © 2002
CompanyName : D-Link
FileDescription : WLAN Adapter Utility
InternalName : WLANMON
OriginalFilename : AIRPLUS.EXE
ProductName : D-Link AirPlus
Created on : 9/9/2003 7:51:58 AM
Last accessed : 5/22/2004 3:03:15 PM
Last modified : 3/5/2003 10:37:06 AM

#:32 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ThreadCreationTime : 5-22-2004 3:50:20 PM
BasePriority : Normal
FileSize : 89 KB
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Microsoft
Created on : 9/8/2003 7:45:45 AM
Last accessed : 5/22/2004 3:52:02 PM
Last modified : 8/23/2001 12:00:00 PM

#:33 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ThreadCreationTime : 5-22-2004 3:52:02 PM
BasePriority : Normal
FileSize : 89 KB
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Microsoft
Created on : 9/8/2003 7:45:45 AM
Last accessed : 5/22/2004 3:52:02 PM
Last modified : 8/23/2001 12:00:00 PM

#:34 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\
ThreadCreationTime : 5-22-2004 3:58:02 PM
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 5/20/2004 10:01:34 AM
Last accessed : 5/22/2004 3:58:02 PM
Last modified : 7/12/2003 1:00:20 PM

Memory scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0


Started registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0


Started deep registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Deep registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0


ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Tracking Cookie Object recognized!
Type : File
Data : jing-yuan@adtech[1].txt
Object : C:\Documents and Settings\Jing-Yuan\Cookies\

Created on : 5/22/2004 10:42:49 AM
Last accessed : 5/22/2004 3:50:25 PM
Last modified : 5/22/2004 10:42:49 AM



Tracking Cookie Object recognized!
Type : File
Data : jing-yuan@cgi-bin[1].txt
Object : C:\Documents and Settings\Jing-Yuan\Cookies\

Created on : 5/22/2004 10:53:19 AM
Last accessed : 5/22/2004 3:59:08 PM
Last modified : 5/22/2004 10:53:19 AM



Tracking Cookie Object recognized!
Type : File
Data : jing-yuan@stats1.clicktracks[2].txt
Object : C:\Documents and Settings\Jing-Yuan\Cookies\

Created on : 5/22/2004 10:15:02 AM
Last accessed : 5/22/2004 3:59:09 PM
Last modified : 5/22/2004 10:15:02 AM



Tracking Cookie Object recognized!
Type : File
Data : jing-yuan@tribalfusion[1].txt
Object : C:\Documents and Settings\Jing-Yuan\Cookies\

Created on : 5/22/2004 3:39:39 PM
Last accessed : 5/22/2004 3:39:39 PM
Last modified : 5/22/2004 3:39:39 PM


ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ


Deep scanning and examining files (C:)
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ


Performing conditional scans..
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Conditional scan result:
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 4


11:59:28 PM Scan complete

Summary of this scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Total scanning time :00:01:21:219
Objects scanned :46165
Objects identified :4
Objects ignored :0
New objects :4


FindAll Log
--==***@@@ 'FIND-ALL' VERSION 6.1 -5/21 @@@***==--


Sun May 23 00:00:52 2004 -- Results:
*System Info:

Microsoft Windows XP [Version 5.1.2600]
C: "" (3C45:E7CC) - FS:NTFS clusters:4k
Total: 80 015 491 072 [75G] - Free: 33 452 945 408 [31G]


*IE version and Service packs:
6.0.2600.0 C:\Program Files\Internet Explorer\Iexplore.exe

! REG.EXE VERSION 2.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
MinorVersion REG_SZ ;Q822925;Q330994;

*Google Toolbar version and Attributes:
2.0.111.0 C:\Program Files\google\googletoolbar2.dll
Defaults: "A" ;"R"
A R C:\Program Files\google\GoogleToolbar2.dll
File not found - C:\Program Files\google\googletoolbar1.dll

*UserAgent:
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]


*Wmplayer version:
9.0.0.2980 C:\Program Files\Windows Media Player\wmplayer.exe
6.4.9.1120 C:\Program Files\Windows Media Player\mplayer2.exe

*M$Java version:


*PC uptime:
0:00am up 0 days, 2:35

*Locked or 'Suspect' file(s) found...


*Tasks (services):
0 System Process
4 System
600 smss.exe
656 csrss.exe Title:
680 winlogon.exe Title: NetDDE Agent
724 services.exe Svcs: Eventlog,PlugPlay
736 lsass.exe Svcs: PolicyAgent,ProtectedStorage,SamSs
928 svchost.exe Svcs: RpcSs
1028 svchost.exe Svcs: AudioSrv,Browser,CryptSvc,Dhcp,dmserver,ERSvc,EventSystem,FastUserSwitchingCompa
ibility,helpsvc,HidServ,lanmanserver,lanmanworkstation,Messenger,Netman,Nla,RasA
to,RasMan,Schedule,seclogon,SENS,SharedAccess,ShellHWDetection,srservice,TapiSrv
TermService
1152 svchost.exe Svcs: Dnscache
1184 svchost.exe Svcs: LmHosts,RemoteRegistry,SSDPSRV,WebClient
1356 spoolsv.exe Svcs: Spooler
1384 CCEVTMGR.EXE Svcs: ccEvtMgr
1580 alg.exe Svcs: ALG
1608 CTSVCCDA.EXE Svcs: Creative Service for CDROM Access
1688 GHOSTS~2.EXE Svcs: GhostStartService
1716 mdm.exe Svcs: MDM
1740 NAVAPSVC.EXE Svcs: navapsvc
1808 NPROTECT.EXE Svcs: NProtectService
1896 nvsvc32.exe Svcs: NVSvc
144 NOPDB.EXE Svcs: Speed Disk service
224 MsPMSPSv.exe Svcs: WMDM PMSP Service
1000 explorer.exe Title: Program Manager
512 EM_EXEC.EXE Title: Logitech GetMessage Hook
420 Wf2k.exe Title: WinFox II ( Leadtek Web Site(www.leadtek.com.tw) )
380 jusched.exe Title: OleMainThreadWndName
624 CTHELPER.EXE Title: CtHelper
792 ccApp.exe Title: Norton AntiVirus
972 GhostStartTrayApGhostStartTrayAppTitle: GhostStartTrayApp
1080 SOUNDMAN.EXE Title: ALSMTray
1096 rundll32.exe Title: MediaCenter
1160 ctfmon.exe Title:
1060 CTLTask.exe Title: CTLTask
1304 CTLTray.exe Title:
1480 msnmsgr.exe Title:
1672 TeaTimer.exe Title:
1892 AIRPLUS.EXE Title: TI Wireless LAN Monitor
3420 IEXPLORE.EXE Title: F1Racing.net - Every day updated Formula One news! (For Formula 1 news, results, photos and mor - Microsoft Internet Explorer
2756 IEXPLORE.EXE Title: SWI Forums -> Replying in HELP! - Microsoft Internet Explorer
2832 cmd.exe Title: C:\WINDOWS\System32\cmd.exe
2628 ntvdm.exe
3708 tlist.exe
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
"AppInit_DLLs"=""

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
@="NAV Helper"

REGEDIT4

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter]

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\Class Install Handler]
@="AP Class Install Handler filter"
"CLSID"="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\deflate]
@="AP Deflate Encoding/Decoding Filter "
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\gzip]
@="AP GZIP Encoding/Decoding Filter "
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\lzdhtml]
@="AP lzdhtml encoding/decoding Filter"
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/webviewhtml]
@="WebView MIME Filter"
"CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"

*Security settings for 'Windows' key:


! REG.EXE VERSION 2.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_Dlls REG_SZ


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW QWCEN-DS-- BUILTIN\Power Users
(ID-IO) ALLOW QWCEN-DS-- BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Full access JINGNEWCOMP\Jing-Yuan
(ID-IO) ALLOW Full access CREATOR OWNER

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
Read BUILTIN\Users
QWCEN-DS-- BUILTIN\Power Users
Full access BUILTIN\Administrators
Full access NT AUTHORITY\SYSTEM
Full access JINGNEWCOMP\Jing-Yuan


*ACLs list for *.* in 'junk' folder: (if exist)

Error: Cannot open file [C:\junk\*.*]
*Contents of file(s) in 'junk' folder:

Sun May 23 00:00:52 2004 -- *Find-All 'Windows'.hiv list:
A C:\DOCUME~1\JING-Y~1\MYDOCU~1\Find-All\Find-All\winBackup.hiv
A C:\DOCUME~1\JING-Y~1\MYDOCU~1\Find-All\Find-All\windows.txt
A C:\FindallwinBackup.hiv

Thanks for all the help

#10 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Global Moderator
  • PipPipPipPipPip
  • 5,365 posts

Posted 22 May 2004 - 11:13 AM

Hi,
Everything looks fine now ... good job!

it always comes up with this DSO Exploit crap

It's detecting a entry in the "Local Zone", just put those entries in the "Ignore List"

and what are these cookie data mining thingies

Those are simply 3rd party Cookies ... have AWW remove them.
[more info]
Blocking Unwanted Cookies with IE 6
http://www.mvps.org/...002/cookies.htm
Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file

#11 Jing

Jing

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 22 May 2004 - 10:08 PM

I have no idea how to thank you... you are the best!
BTW how do i put it in the ignore list?

Edited by Jing, 22 May 2004 - 10:09 PM.


#12 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Global Moderator
  • PipPipPipPipPip
  • 5,365 posts

Posted 23 May 2004 - 03:43 AM

Jing,
You're welcome ... glad to see you have resolved your problem.

BTW how do i put it in the ignore list?

When you run SpyBot and when it shows the list of detections.
Right-click on the desired item, select: "Add to Ignored".

Run Spybot again to verify and you should not see that item again.
Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file

#13 Jing

Jing

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 23 May 2004 - 03:58 AM

for some reason, i can't do that... the only options are:
Deselect All
More Details>Jump to location
More Options>Clear List
Save results to file
Copy results to clipboard

i don't know where the ignore list option is

#14 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Global Moderator
  • PipPipPipPipPip
  • 5,365 posts

Posted 23 May 2004 - 04:36 AM

Jing,
Well ... let's do it this way ...

Open SpyBot, click "Settings" (bottom left)
Click "Ignore Products", (left pane)
Click the "Security" tab (right pane)
Place a check in: "DSO Exploit"
Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button