Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Saturday 8.3.2025 / 19:54
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > help - "iloveyou/uslottery" virus/spyware
Show topics
 
Forums
Forums
Help - "Iloveyou/uslottery" virus/spyware
  Jump to:
 
Posted Message
snoop75
Newbie
_ 		10. January 2008 @ 17:46 _ Link to this message    Send private message to this user   
Hi all,

Yesterday I foolishly clicked on "New Folder" icon on a network drive. I thought it was a directory, but it actually was an executable file. :( When I checked on the properties of the file the description was "uslottery".

Since the incident my browser's home page has been changed to "http://uklottery.us" which eventually redirects to "http://72.232.123.170/~funstuff/dasdmas,dasd/iloveyou.php". The button to change the home page has been grayed out (disabled). The "Run" item in the start menu has been removed. Task manager has been disabled too. In file explorer hidden directories can no longer be seen and the option to see hidden directories has been disabled. :(

I am using Symantec AntiVirus which detects a trojan called "Downloader". Tried cleaning it in safe mode but no go.

Can anyone help with this problem please? HJT log below:


Logfile of HijackThis v1.99.1
Scan saved at 9:44:36 AM, on 11/01/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Cisco Systems\Cisco Secure Services Client\ConnectionClient.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Sygate\SSA\smc.exe
C:\WINNT\system32\VRCCfgService.exe
C:\Program Files\RACOM\RACOM Internet Client\VRCService.exe
C:\Program Files\RACOM\RACOM Internet Client\WlanIke.exe
C:\Program Files\RACOM\RACOM Internet Client\VRCRoam.exe
C:\Program Files\RACOM\RACOM Internet Client\VRCStatus.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\ESOE\ELogSrv.exe
C:\Program Files\ESOE\ESrv.exe
C:\WINNT\system32\hidserv.exe
c:\Program Files\Hewlett-Packard\eWorkplace\Inventory.exe
C:\em\opt\tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe
C:\Program Files\Hewlett-Packard\eWorkplace\LogSvc.exe
C:\PROGRA~1\NETMAN~1\APPS\NFS\wlpd.exe
C:\Program Files\MG-SOFT\MIB Browser\Bin\MgWTrap3.exe
C:\WINNT\system32\PROT_SRV.EXE
C:\WINNT\system32\pagents.exe
C:\WINNT\system32\PSTARTSR.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINNT\system32\regsvc.exe
c:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\MSTask.exe
c:\Program Files\Hewlett-Packard\eWorkplace\Scheduler.exe
C:\WINNT\system32\FLRSERV.EXE
C:\WINNT\System32\snmp.exe
c:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\ESOE\EDMS\ECIS.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\snmptrap.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\explorer.exe
C:\WINNT\lsasss.exe
C:\WINNT\system32\PRPCUI.exe
C:\WINNT\system32\igfxtray.exe
C:\WINNT\system32\hkcmd.exe
C:\WINNT\system32\igfxpers.exe
C:\WINNT\AGRSMMSG.exe
C:\WINNT\system32\igfxsrvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\RACOM\RACOM Internet Client\VRCNotify.exe
C:\WINNT\system32\igfxext.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\HPQ\Shared\HpqToaster.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\eWorkplace\ControlCenter.exe
C:\Program Files\ESOE\ECC.exe
C:\Program Files\ESOE\EDMS\ECP.exe
C:\Program Files\Lotus\Sametime Client\sametime.exe
C:\Program Files\Lotus\Sametime Client\jre\bin\sametime75.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ESOE\ELaunch.exe
c:\Program Files\Hewlett-Packard\eWorkplace\eWLaunch.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uklotttery.us/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://i-pac.ao.Company.se/proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = brproxy2.epa.Company.se:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://153.88.196.60;*.Company.se;*.eris...m;<local>
F2 - REG:system.ini: Shell=explorer.exe C:\WINNT\system\lsasss.exe
F2 - REG:system.ini: UserInit=userinit.exe,C:\WINNT\system\lsasss.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINNT\system32\igfxpers.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SSA\smc.exe -startgui
O4 - HKLM\..\Run: [VRCNotify] C:\Program Files\RACOM\RACOM Internet Client\VRCNotify.exe
O4 - HKLM\..\Run: [NetManageImport] "C:\PROGRA~1\NETMAN~1\setup\nmcpdata.exe" I
O4 - HKLM\..\Run: [NetManage LaunchNow Init] RunDLL32 C:\Progra~1\NETMAN~1\common\nmgoinn.dll,VerifyStartMenu
O4 - HKLM\..\Run: [StoreCleanup] RunDLL32 c:\progra~1\NETMAN~1\common\nmconfig.dll,StoreCleanup
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] c:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - Global Startup: Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O4 - Global Startup: Check for Pal Update.lnk = C:\Program Files\RDC\Dial-up Client\PALUpdate.exe
O4 - Global Startup: CiscoStartupCheck.lnk = C:\WINNT\Driver Cache\i386\net\CiscoMsgBox.exe
O4 - Global Startup: Company Corporate Templates .lnk = C:\Program Files\Microsoft Office\Templates\1033\Company Corporate Templates\eCorpTemplates2003.exe
O4 - Global Startup: ESOE 2000 Client Update.lnk = C:\Program Files\ESOE2000ClientUpdate\eMsgBox.exe
O4 - Global Startup: ESOE Control Center.lnk = C:\Program Files\ESOE\ECC.exe
O4 - Global Startup: ESOE2000ClientUpdate2.lnk = C:\Program Files\ESOE2000ClientUpdate\ESOE2000ClientUpdate2.exe
O4 - Global Startup: eWorkplace Control Center.lnk = C:\Program Files\Hewlett-Packard\eWorkplace\ControlCenter.exe
O4 - Global Startup: IntelWireless.exe.lnk = C:\Program Files\WLAN_Install\IntelWireless.exe
O4 - Global Startup: MSconfigg.exe
O4 - Global Startup: RVIMsgBox.exe.lnk = C:\Program Files\RACOM\RACOM Internet Client\RVIMsgBox.exe
O4 - Global Startup: Sametime Client 7.5.lnk = C:\Program Files\Lotus\Sametime Client\sametime.exe
O4 - Global Startup: UCF Check.lnk = C:\Program Files\UCF\UCF-5.3.0.5.exe
O4 - Global Startup: Visio Viewer Update Check.lnk = C:\Program Files\Microsoft Office\Visio Viewer\VisioViewer.exe
O4 - Global Startup: VN User Update.lnk = C:\Documents and Settings\xhpshal\Application Data\NetManage\Data\VN User Update.exe
O4 - Global Startup: WinVNC.lnk = C:\Program Files\ORL\VNC\WinVNC.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner...can_unicode.cab
O16 - DPF: {1BD86198-EEBA-42AF-B89B-4050DEB5C47A} - http://eaubrnt061.epa.Company.se/ecc_install/default.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://accessete.au.ao.Company.se/dana-cached/setup/JuniperSetupSP1.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eapac.Company.se
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = eapac.Company.se
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = eapac.Company.se
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: mdc - C:\WINNT\SYSTEM32\SsoWindows.dll
O20 - Winlogon Notify: NavLogon - c:\WINNT\system32\NavLogon.dll
O20 - Winlogon Notify: WinEvents - C:\WINNT\SYSTEM32\WinEvents.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Secure Services Client - Cisco Systems - C:\Program Files\Cisco Systems\Cisco Secure Services Client\ConnectionClient.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - c:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: ESOE Client Inventory Service (ECIS) - Hewlett-Packard Sverige AB - C:\Program Files\ESOE\EDMS\ECIS.exe
O23 - Service: ESOE Log Service (ELogSrv) - Hewlett-Packard Sverige AB - C:\Program Files\ESOE\ELogSrv.exe
O23 - Service: ESOE Process Manager (ESrv) - Hewlett-Packard Sverige AB - C:\Program Files\ESOE\ESrv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: NetManage NFS Client (InterDrive) Helper (InterDrive) - NetManage, Inc. - C:\WINNT\System32\idr3hlpr.exe
O23 - Service: eWorkplace Inventory (Inventory) - Hewlett-Packard Sverige AB - c:\Program Files\Hewlett-Packard\eWorkplace\Inventory.exe
O23 - Service: Tivoli Endpoint (lcfd) - Unknown owner - C:\em\opt\tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: eWorkplace Log (LogSvc) - TODO: <Company name> - C:\Program Files\Hewlett-Packard\eWorkplace\LogSvc.exe
O23 - Service: NetManage LPD Service (LPD Server) - NetManage, Inc. - C:\PROGRA~1\NETMAN~1\APPS\NFS\wlpd.exe
O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga.exe
O23 - Service: MG-SOFT SNMP Trap Service - MG-SOFT Corporation, Strma ulica 8, SI-2000 Maribor, Slovenia. Internet: http://www.mg-soft.com/ E-mail: <info@mg-soft.com> - C:\Program Files\MG-SOFT\MIB Browser\Bin\MgWTrap3.exe
O23 - Service: NetManage FTP Server - NetManage, Inc. - C:\Program Files\NETMAN~1\apps\ftpd\ftpd.exe
O23 - Service: Pointsec - Unknown owner - C:\WINNT\system32\PROT_SRV.EXE
O23 - Service: Pointsec update agent (Pointsec_agent) - Unknown owner - C:\WINNT\system32\pagents.exe
O23 - Service: Pointsec service start (Pointsec_start) - Unknown owner - C:\WINNT\system32\PSTARTSR.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAPSprint - SAP AG, Walldorf - C:\Program Files\SAP\SAPSprint\sapsprint.exe
O23 - Service: SAVRoam (SavRoam) - symantec - c:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: eWorkplace Scheduler (Scheduler) - Hewlett-Packard Sverige AB - c:\Program Files\Hewlett-Packard\eWorkplace\Scheduler.exe
O23 - Service: Shared Folders Server (SFOLDER) - NetManage. - C:\WINNT\system32\FLRSERV.EXE
O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - c:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Company Access Client Configuration Support (VRCCfgService) - Company Enterprise AB - C:\WINNT\system32\VRCCfgService.exe
O23 - Service: Company Access Client (VRCService) - Company Enterprise AB - C:\Program Files\RACOM\RACOM Internet Client\VRCService.exe
[ + quote]
Advertisement
_ 		__
Niobis
Senior Member
_ 		12. January 2008 @ 17:23 _ Link to this message    Send private message to this user   
Hi snoop75, your log shows a few infections. One of which is known as the Sasser worm. We need to get rid of it first.

Go here and follow the removal instructions for "Windows disinfector".

After you have done that, run a new scan with HijackThis and please post the log.
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
snoop75
Newbie
_ 		13. January 2008 @ 20:00 _ Link to this message    Send private message to this user   
Hi Niobis,

Unfortunately I tried fixing it myself before you responded and ended up killing my laptop. I used the "Combo Fix" tool, which fixed the uslottery malware, but it somehow disabled my network interface. After a few reboots trying to fix the network interface I couldn't even boot my machine any more. So the IT guys had to re-image it.

Thanks for the response and all the help you guys provide on this site. Cheers!!!
[ + quote]
Niobis
Senior Member
_ 		13. January 2008 @ 23:17 _ Link to this message    Send private message to this user   
I'm sorry to hear that. I assumed you would have some network trouble after removing the malware because of those 017 entires, but there are ways to remove them without those problems. I was going to take the cautious approach, but I was too late. Again, sorry for your loss.

Good luck in the future, and try to stay clear of those unidentifiable links. ;)
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
horicutz
Newbie
_ 		7. April 2008 @ 09:34 _ Link to this message    Send private message to this user   
hi there,i have the same problem with the uslottery folder wich has spreaded in both of my partitions,i tried scanning my PC with HiJackThis but it wouldn`t work,it suddenly closes without showing me any results or something like that...Please Help! thanks in advance!
[ + quote]
ccc
Advertisement
_ 		__
 
_
horicutz
Newbie
_ 		7. April 2008 @ 09:43 _ Link to this message    Send private message to this user   
sorry for the double-posting but i managed to scan and save a logfile

Logfile of HijackThis v1.99.1
Scan saved at 16:41:24, on 08.04.2008
Platform: Windows XP SP3, v.3300 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3300)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\lsasss.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Avant Browser\avant.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\UIMHC1CZ\HijackThis_v1.99.1[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defa...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defa...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uklotttery.us/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defa...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defa...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defa...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defa...//www.yahoo.com
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\system\lsasss.exe
F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system\lsasss.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [StarSkin] C:\PROGRAM FILES\ROCKET DIVISION SOFTWARE\STARSKIN\STARSKIN.EXE -H
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: MSconfigg.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1616FF8C-1FF5-4DEA-92C3-F898F51F98BB}: NameServer = 193.231.238.2 193.231.238.1
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
[ + quote]
ccc
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > help - "iloveyou/uslottery" virus/spyware
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork