Jump to content


Photo

new variant of CSW? Please help!


  • Please log in to reply
4 replies to this topic

#1 ritoun

ritoun

    Member

  • Full Member
  • Pip
  • 61 posts

Posted 15 June 2004 - 11:06 AM

Hi there,

I seem to experience a new kind of CWS, since CWShredder did not find anything to fix, but I am still redirected to http://www.lookfor.c...x.php?pin=96676.
Well, I don't understand a lot to these things, but still, I have noted something with a res://kzuuo.dll/index.html#96676 nobody seems to talk about.
Can someone please help?



Here is my Hijack log:
Logfile of HijackThis v1.97.7
Scan saved at 18:20:00, on 15/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\system32\mshp32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\System32\gsicon.exe
C:\WINDOWS\System32\dslagent.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\TV Capture Card\RecSche.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ntqc32.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\MsgSys.EXE
C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\kzuuo.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://kzuuo.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://kzuuo.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\kzuuo.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://kzuuo.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\kzuuo.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {66BE36B4-FD1C-B850-4827-ECA932D53C44} - C:\WINDOWS\system32\atldw.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [RecSche] C:\TV Capture Card\RecSche.exe /Startup
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SoundControl] C:\WINDOWS\System32\smvss.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ntqc32.exe] C:\WINDOWS\system32\ntqc32.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Traceless] C:\Program Files\Traceless\launch.exe
O4 - Startup: Netvision Cable Connect.url
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} - http://download.micr...0367/wmavax.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.ma...ector/swdir.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.micr...b?1085871516394
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.micros...ontent/opuc.cab
O16 - DPF: {94D2A476-84BC-4E4C-820A-2C5372CF89BF} (MailConfig Class) - http://lotus.netvisi...elp/MailCfg.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7991.2938773148
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3795BC66-088E-42AB-A800-89F3B700FF2E}: NameServer = 194.90.1.5 212.143.212.143

#2 ritoun

ritoun

    Member

  • Full Member
  • Pip
  • 61 posts

Posted 15 June 2004 - 12:54 PM

Sorry! I sent a direct mail to someone without knowing I shouldn't!

#3 ritoun

ritoun

    Member

  • Full Member
  • Pip
  • 61 posts

Posted 15 June 2004 - 05:00 PM

Hellloooooo!!!!!!!!!!!!!???????????
Can anybody please help?

#4 ritoun

ritoun

    Member

  • Full Member
  • Pip
  • 61 posts

Posted 16 June 2004 - 12:25 AM

Bumpin...

#5 rd_syringe

rd_syringe

    Member

  • Full Member
  • Pip
  • 20 posts

Posted 16 June 2004 - 01:33 AM

Keep checking the threads, man, others here like me are experiencing this incredibly sadistic piece of crap. We'll figure it out.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button