Viruses, Spyware and other Nasties RSS Viruses, Spyware and other Nasties RSS

ULWindowSeek and ULWindowUrl - Help..

Reply

Join Date: Jun 2006
Posts: 2
Reputation: TheNeglected is an unknown quantity at this point 
Solved Threads: 0
TheNeglected TheNeglected is offline Offline
Newbie Poster

ULWindowSeek and ULWindowUrl - Help..

 
0
  #1
Jun 18th, 2006
I have been having Anoying popups that just popup, they are named
ULWindowSeek and ULWindowUrl, they both open at the same time..
I have done a "Clean" on my SmitfraudFix and it showed some files in the Temp. Decintery but they couldent be deleated.

Heres my Hijack Log:

Logfile of HijackThis v1.99.1
Scan saved at 5:55:59 PM, on 6/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\HABBO\System32\smss.exe
C:\HABBO\system32\winlogon.exe
C:\HABBO\system32\services.exe
C:\HABBO\system32\lsass.exe
C:\HABBO\system32\svchost.exe
C:\HABBO\System32\svchost.exe
C:\HABBO\system32\spoolsv.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\DOCUME~1\AUSTIN~1\MYDOCU~1\RACLE~1\csrss.exe
C:\HABBO\system32\svchost.exe
C:\HABBO\Explorer.exe
C:\HABBO\system32\wscntfy.exe
C:\HABBO\system32\ctfmon.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\HABBO\system32\devldr32.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\HABBO\system32\wuauclt.exe
C:\Documents and Settings\Austin Doolin\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://habbo.com/
R3 - URLSearchHook: (no name) - <default> - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\HABBO\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windowupdate] C:\HABBO\system32\Windowupdate.exe
O4 - HKLM\..\Run: [Windows Update Manager] C:\HABBO\mPsvc64.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [f6ece8f8.exe] C:\HABBO\system32\f6ece8f8.exe
O4 - HKLM\..\Run: [0961f8bd.exe] C:\HABBO\system32\0961f8bd.exe
O4 - HKLM\..\Run: [LogMeIn Backup GUI] "C:\Program Files\LogMeIn Backup\BackupSystray.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [Windows Update Manager] C:\HABBO\mPsvc64.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Windows Update Manager] C:\HABBO\mPsvc64.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\HABBO\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [f6ece8f8.exe] C:\Documents and Settings\Austin Doolin\Local Settings\Application Data\f6ece8f8.exe
O4 - HKCU\..\Run: [0961f8bd.exe] C:\Documents and Settings\Austin Doolin\Local Settings\Application Data\0961f8bd.exe
O4 - HKCU\..\Run: [Ltho] "C:\DOCUME~1\AUSTIN~1\MYDOCU~1\RACLE~1\csrss.exe" -vt yazr
O4 - HKCU\..\Run: [Drs] C:\Program Files\Common Files\?ssembly\wuauclt.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Documents and Settings\Austin Doolin\Desktop\Unused\Apache Edited 0.3\Apache\bin\ApacheMonitor.exe
O4 - Global Startup: ShortKeys Lite.lnk = ?
O8 - Extra context menu item: Blocking access to the document address by AliveProxy - C:\Program Files\AiS AliveProxy Server\aisBlockDocument.html
O8 - Extra context menu item: Blocking access to the image address by AliveProxy - C:\Program Files\AiS AliveProxy Server\aisBlockImage.html
O8 - Extra context menu item: Blocking access to the link address by AliveProxy - C:\Program Files\AiS AliveProxy Server\aisBlockLink.html
O8 - Extra context menu item: Cut proxy addresses from selected text by AliveProxy - C:\Program Files\AiS AliveProxy Server\aisCutProxyFromSelectedTÃ¥xt.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Austin Doolin\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca...C_2.1.2.76.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/06b0240f...p/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1138943182856
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1138943182809
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/Yazzl...cab?refid=1123
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.20.18/ttinst.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O16 - DPF: {FF791555-FDAC-43AB-B792-389E4CC0A6E5} (Toontown TestServer Installer ActiveX Control) - http://download.test.toontown.com/sv...st/tt_test.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: scvhost - scvhost.dll (file missing)
O20 - Winlogon Notify: smcss - smcss.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\HABBO\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winbjv32 - C:\HABBO\SYSTEM32\winbjv32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\HABBO\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache (Apache.exe -k runservice) - Apache Software Foundation - C:\Program Files\Apache Edited\Apache\bin\Apache.exe
O23 - Service: Apache2 - Unknown owner - C:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\HABBO\system32\ZoneLabs\isafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: UnrealIRCd - none - C:\Program Files\Unreal3.2\wircd.exe
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\HABBO\system32\ZoneLabs\vsmon.exe
Last edited by TheNeglected; Jun 18th, 2006 at 7:01 pm.
Reply With Quote Quick reply to this message  
Join Date: Jun 2006
Posts: 2
Reputation: TheNeglected is an unknown quantity at this point 
Solved Threads: 0
TheNeglected TheNeglected is offline Offline
Newbie Poster

Re: ULWindowSeek and ULWindowUrl - Help..

 
0
  #2
Jun 20th, 2006
Hey, I just looked through the log file and i seen
O4 - HKLM\..\Run: [f6ece8f8.exe] C:\HABBO\system32\f6ece8f8.exe
O4 - HKLM\..\Run: [0961f8bd.exe] C:\HABBO\system32\0961f8bd.exe
Looks like files with random numbers ARE the visus or what ever it is,
Can someome please help me..?
Reply With Quote Quick reply to this message  
Reply

Quick Reply to Thread
This thread is more than three months old.
Perhaps start a new thread instead?
Message:



Similar Threads
Other Threads in the Viruses, Spyware and other Nasties Forum
Thread Tools Search this Thread



adware anti-malware anti-virussitesaccessissue antivirus apple attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit facebook fake fancheckvirus gaming gtaiv gumblar hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn news obama paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista warning windows worm zeroday
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC