Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Popups. Help Plz.


  • This topic is locked This topic is locked
6 replies to this topic

#1 harkisaggu

harkisaggu

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 02 September 2006 - 12:07 AM

If anyone is able to help id appreciate it. I keep getting a lot of popups from gojournalists, amaena etc...

Here's my HiJack this Log:

Logfile of HijackThis v1.99.1
Scan saved at 10:53:36 PM, on 9/1/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccProxy.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Norton Internet Security\ISSVC.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\brsvc01a.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\brss01a.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\WINDOWS\system32\Brmfrmps.exe
D:\WINDOWS\System32\cisvc.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\cidaemon.exe
D:\WINDOWS\system32\ntvdm.exe
D:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
D:\Documents and Settings\Harki\Desktop\protection\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.xwrrorfvgtelp.com/n59R18Z9L06hi...4nXYHbMKoAC.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\PCHEALTH\HELPCTR\System\panels\blank.htm
O3 - Toolbar: Ad Blocker Pro Toolbar - {28BC2EC4-5EAD-45E1-9F9F-82CD5E293601} - D:\Program Files\3B Software\3B Ad Blocker Pro\AKToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - D:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Seekmo Toolbar - {53E0B6E8-A51D-448B-B692-40B67B285543} - D:\Program Files\Seekmo Programs\Seekmo Toolbar\SeekmoTB.dll (file missing)
O4 - HKLM\..\Run: [SetDefPrt] D:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [PP8 SE Reminder] "D:\Program Files\Scansoft\PaperPort\WebEreg\NAVBrowser.exe" -r "D:\Program Files\Scansoft\PaperPort\WebEreg\navLoad.ini"
O4 - HKLM\..\Run: [PaperPort PTD] D:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [IndexSearch] D:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [Ad-watch] D:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: HotSync Manager.lnk = D:\Program Files\Handspring\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Desktop Manager.lnk = D:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://d:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://d:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///D:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - D:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - D:\WINDOWS\System32\shdocvw.dll
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://abmls.mlxchange.com/Control/MultiSelectComboBox.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://abmls.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://abmls.mlxchange.com/Control/IRCSharc.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Extensions - D:\WINDOWS\system32\dzwsock.dll
O20 - Winlogon Notify: Themes - D:\WINDOWS\system32\k608lgdu1608.dll (file missing)
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - D:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - D:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - D:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: MSCSPTISRV - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

Mod Edit: Moved to more appropriate forum. DT

Edited by D-Trojanator, 04 September 2006 - 07:27 AM.


BC AdBot (Login to Remove)

 


#2 agrarianmonk

agrarianmonk

  • Members
  • 522 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 05 September 2006 - 01:29 PM

Welcome to the forum!

I apologize for the delay getting to your log, the helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help.

Please post a fresh HJT log in this thread, so I can be sure nothing has changed and give you an accurate fix.

If your problem has already been solved, then please post back letting us know so we can close this thread.
agrarianmonk

Posted Image

Requests for help via PM will be ignored. Please post on the forums instead :)
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#3 harkisaggu

harkisaggu
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 05 September 2006 - 06:16 PM

no problem id expect you guys to be busy all the time...

heres a new log:


Logfile of HijackThis v1.99.1
Scan saved at 5:12:59 PM, on 9/5/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccProxy.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Norton Internet Security\ISSVC.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\brsvc01a.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\brss01a.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\WINDOWS\system32\Brmfrmps.exe
D:\WINDOWS\System32\cisvc.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\cidaemon.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
D:\WINDOWS\System32\BRMFRSMG.EXE
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Documents and Settings\Harki\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\PCHEALTH\HELPCTR\System\panels\blank.htm
O3 - Toolbar: Ad Blocker Pro Toolbar - {28BC2EC4-5EAD-45E1-9F9F-82CD5E293601} - D:\Program Files\3B Software\3B Ad Blocker Pro\AKToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - D:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [SetDefPrt] D:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [PP8 SE Reminder] "D:\Program Files\Scansoft\PaperPort\WebEreg\NAVBrowser.exe" -r "D:\Program Files\Scansoft\PaperPort\WebEreg\navLoad.ini"
O4 - HKLM\..\Run: [PaperPort PTD] D:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [IndexSearch] D:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [Ad-watch] D:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SsAAD.exe] D:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [spywareremover] D:\Program Files\SpywareRemover\SpywareRemover.exe -boot
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Windows Registry Repair Pro] D:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: HotSync Manager.lnk = D:\Program Files\Handspring\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Desktop Manager.lnk = D:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://d:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://d:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///D:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://abmls.mlxchange.com/Control/MultiSelectComboBox.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://abmls.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://abmls.mlxchange.com/Control/IRCSharc.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Extensions - D:\WINDOWS\system32\dzwsock.dll
O20 - Winlogon Notify: Themes - D:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - D:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - D:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - D:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: MSCSPTISRV - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

#4 agrarianmonk

agrarianmonk

  • Members
  • 522 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 05 September 2006 - 06:18 PM

1. Download combofix.exe by sUBs and save it to your desktop.
2. <<Double click>> combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Warning: Please do not mouseclick combofix's window while it is running. This may cause it to stall.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection.
Click here: http://www.microsoft.com/windowsxp/downloa...p1/default.mspx
Apply the update, reboot, and post a fresh Hijack This log.

In your next post, please include
  • new hijackthis log
  • combofix log
  • uninstall list
*use separate posts to ensure the logs don't get cut off!

Edited by agrarianmonk, 05 September 2006 - 06:19 PM.

agrarianmonk

Posted Image

Requests for help via PM will be ignored. Please post on the forums instead :)
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#5 harkisaggu

harkisaggu
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 06 September 2006 - 06:56 PM

Heres all the logs requested and the uninstall list too..

Combo Fix:
Harki - 06-09-06 17:49:45.96
ComboFix 06.09.04BT - Running from: D:\Documents and Settings\Harki\Desktop

Microsoft Windows XP [Version 5.1.2600]

((((((((((((((((((((((((((((((( Files Created from 2006-08-06 to 2006-09-06 ))))))))))))))))))))))))))))))))))


2006-09-06 02:35 127,208 --a------ D:\WINDOWS\system32\mucltui.dll
2006-09-04 17:00 78,488 --a------ D:\WINDOWS\system32\XMD5.dll
2006-09-04 17:00 101,888 --a------ D:\WINDOWS\system32\vb6stkit.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-06 00:05 -------- d-------- D:\Program Files\Common Files\Symantec Shared
2006-09-05 23:53 -------- d-------- D:\Program Files\Common Files
2006-09-04 22:28 -------- d-------- D:\Program Files\Morpheus
2006-09-04 22:28 -------- d-------- D:\Documents and Settings\Harki\Application Data\Morpheus
2006-09-04 17:01 -------- d-------- D:\Program Files\SpywareRemover
2006-08-31 03:07 -------- d---s---- D:\Documents and Settings\Harki\Application Data\Microsoft
2006-08-19 00:58 -------- d-------- D:\Program Files\Free iPod Video Converter
2006-08-18 14:40 23092 --a------ D:\Program Files\Warez P2P ClientIPGUARD.LOG
2006-08-18 03:22 -------- d-------- D:\Program Files\Spyware Doctor
2006-08-18 03:21 -------- d-------- D:\Program Files\MonkeyBongo
2006-08-18 03:13 -------- d-------- D:\Program Files\VideoLAN
2006-08-12 01:45 -------- d-------- D:\Program Files\DC++
2006-08-10 08:04 777472 --a------ D:\WINDOWS\system32\drivers\avg7core.sys
2006-08-10 08:04 27904 --a------ D:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-08-09 20:56 -------- d-------- D:\Program Files\MP3 Player Utilities
2006-08-01 02:07 -------- d-------- D:\Program Files\Java
2006-07-30 16:01 -------- d-------- D:\Program Files\Logitech
2006-07-28 20:40 625152 --a------ D:\WINDOWS\is-9ISQN.exe
2006-07-28 20:28 -------- d-------- D:\Program Files\PC MightyMax
2006-07-28 20:20 -------- d-------- D:\Program Files\Tiger Gaming
2006-07-26 00:51 -------- d-------- D:\Documents and Settings\Harki\Application Data\PC Tools
2006-07-26 00:39 -------- d-------- D:\Program Files\Common Files\Sony Shared
2006-07-26 00:37 -------- d-------- D:\Program Files\PartyPoker.net
2006-07-26 00:33 -------- d-------- D:\Program Files\PestPatrol
2006-07-25 10:44 -------- d-------- D:\Program Files\Motorola Ringer Tone Maker
2006-07-25 10:29 625152 --a------ D:\WINDOWS\is-IPR4O.exe
2006-07-24 23:10 226536 --a------ D:\WINDOWS\whCC-GIANT.exe
2006-07-20 13:39 -------- d-------- D:\Program Files\Norton Internet Security
2006-07-20 13:30 -------- d-------- D:\Program Files\Mozilla Firefox
2006-07-20 12:50 -------- d-------- D:\Program Files\MixVibesPro4
2006-07-20 12:50 -------- d-------- D:\Program Files\Bug Doctor
2006-07-20 12:49 -------- d-------- D:\Program Files\LimeWire
2006-07-20 12:47 -------- d-------- D:\Program Files\Ahead
2006-07-18 23:21 -------- d-------- D:\Program Files\MusicMatch
2006-07-18 23:20 -------- d--h----- D:\Program Files\InstallShield Installation Information
2006-07-18 23:19 90112 -r------- D:\WINDOWS\bwUnin-6.1.0.155-8876480L.exe
2006-07-18 23:19 -------- d-------- D:\Program Files\Desktop Messenger
2006-07-18 23:17 -------- d-------- D:\Program Files\Common Files\Logitech
2006-07-18 10:31 -------- d-------- D:\Program Files\Internet Explorer
2006-06-19 17:41 875 --a------ D:\Documents and Settings\Harki\Application Data\AdobeDLM.log
2006-06-19 17:41 0 --a------ D:\Documents and Settings\Harki\Application Data\dm.ini


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefPrt"="D:\\Program Files\\Brother\\Brmfl03a\\BrStDvPt.exe"
"PP8 SE Reminder"="\"D:\\Program Files\\Scansoft\\PaperPort\\WebEreg\\NAVBrowser.exe\" -r \"D:\\Program Files\\Scansoft\\PaperPort\\WebEreg\\navLoad.ini\""
"PaperPort PTD"="D:\\Program Files\\Scansoft\\PaperPort\\pptd40nt.exe"
"MessengerPlus3"="\"D:\\Program Files\\Messenger Plus! 3\\MsgPlus.exe\""
"IndexSearch"="D:\\Program Files\\Scansoft\\PaperPort\\IndexSearch.exe"
"Ad-watch"="D:\\Program Files\\Lavasoft\\Ad-aware 6\\Ad-watch.exe"
"QuickTime Task"="\"D:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"TkBellExe"="\"D:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="\"D:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=hex:ff,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,9c,00,00,00,00,00,00,00,64,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="D:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="D:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^SmartUI.lnk]
"path"="D:\\Documents and Settings\\All Users\\Start Menu\\Programs\\ScanSoft PaperPort 8.0\\SmartUI.lnk"
"location"="Common Startup"
"command"="D:\\PROGRA~1\\Scansoft\\PAPERP~1\\SmartUI\\SmartUI.exe "
"item"="SmartUI"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AVG_CC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgcc32"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MEMO TONS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bookblah"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Mpeg dog mags find]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SafeOkay"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PC Booster]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="pcbooster"
"hkey"="HKLM"
"inimapping"="0"



Contents of the 'Scheduled Tasks' folder
D:\WINDOWS\tasks\XoftSpy.job

Completion time: 06-09-06 17:51:03.21

Hijack This:

Logfile of HijackThis v1.99.1
Scan saved at 5:30:27 PM, on 9/6/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\Brmfrmps.exe
D:\WINDOWS\System32\cisvc.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\cidaemon.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Documents and Settings\Harki\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.xwrrorfvgtelp.com/n59R18Z9L06hi...4nXYHbMKoAC.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\PCHEALTH\HELPCTR\System\panels\blank.htm
O4 - HKLM\..\Run: [SetDefPrt] D:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [PP8 SE Reminder] "D:\Program Files\Scansoft\PaperPort\WebEreg\NAVBrowser.exe" -r "D:\Program Files\Scansoft\PaperPort\WebEreg\navLoad.ini"
O4 - HKLM\..\Run: [PaperPort PTD] D:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [IndexSearch] D:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [Ad-watch] D:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: HotSync Manager.lnk = D:\Program Files\Handspring\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Desktop Manager.lnk = D:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://d:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://d:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///D:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://abmls.mlxchange.com/Control/MultiSelectComboBox.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1157520700004
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://abmls.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://abmls.mlxchange.com/Control/IRCSharc.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - D:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - D:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - D:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: MSCSPTISRV - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

and the un-install list

3B Ad Blocker Pro
Acoustica Effects Pack
Acoustica Mixcraft
Acoustica MP3 Audio Mixer
Ad-aware 6 Professional
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Help Center 1.0
Adobe Photoshop Album 2.0 Starter Edition
Adobe Photoshop CS2
Adobe Reader 7.0.8
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
AVG Free Edition
BlackBerry Desktop Software 4.0.1
BlackBerry Desktop Software 4.0.1
BlackBerry v4.0 for the 7100 Series Wireless Handheld
Brother MFL-Pro Suite
CC_ccProxyExt
ccCommon
ccPxyCore
CDN EXECUTIVE Resource CD
DC++ (remove only)
FastStone Player
Free iPod Video Converter 1.34
GeoJet 2000
Google Earth
Google Toolbar for Internet Explorer
HijackThis 1.99.1
iPod for Windows 2005-06-26
iPod for Windows 2006-01-10
iPod for Windows 2006-03-23
iTunes
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_05
LiveReg (Symantec Corporation)
Logitech Desktop Messenger
Logitech iTouch Software
Logitech MouseWare 9.70
Macromedia Shockwave Player
Messenger Plus! 3
Microsoft Data Access Components KB870669
Microsoft Office 2000 Premium
Microsoft PowerPoint Viewer 97
Microsoft Word 2002
Microsoft XML Parser and SDK
MP3 Player Utilities
MSN Messenger 7.5
MSN Music Assistant
MSRedist
Norton AntiSpam
Norton AntiSpam
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security 2005 (Symantec Corporation)
Norton WMI Update
OpenMG Limited Patch 4.4-06-13-19-01
OpenMG Secure Module 4.4.00
Outlook Express Q823353
Palm Desktop and Synchronization Software
PaperPort 8.0 SE
PDF Manual NW-A10003000
QuickTime
RealPlayer
REI Font Installer
SonicStage 3.4
Sound Blaster AWE64 Value
SP2 Connection Patcher
SPBBC
Spybot - Search & Destroy 1.3
Spyware Doctor 4.0
SpywareRemover 3.6.0.3
SymNet
Warez P2P Client 2.85
Windows Lotto Pro v3.50
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player Hotfix [See Q828026 for more information]
Windows Registry Repair Pro
Windows XP Application Compatibility Update[Q319580]
Windows XP Hotfix - KB810217
Windows XP Hotfix - KB821557
Windows XP Hotfix - KB823182
Windows XP Hotfix - KB823559
Windows XP Hotfix - KB824105
Windows XP Hotfix - KB824141
Windows XP Hotfix - KB825119
Windows XP Hotfix - KB828035
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB833987
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB837001
Windows XP Hotfix - KB839645
Windows XP Hotfix - KB840315
Windows XP Hotfix - KB840374
Windows XP Hotfix - KB840987
Windows XP Hotfix - KB841356
Windows XP Hotfix - KB841533
Windows XP Hotfix - KB841873
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB873376
Windows XP Hotfix - KB887811
Windows XP Hotfix - KB887822
Windows XP Hotfix (SP1) [See Q309521 for more information]
Windows XP Hotfix (SP1) [See Q311889 for more information]
Windows XP Hotfix (SP1) [See Q311967 for more information]
Windows XP Hotfix (SP1) [See Q313450 for more information]
Windows XP Hotfix (SP1) [See Q315000 for more information]
Windows XP Hotfix (SP1) [See Q315403 for more information]
Windows XP Hotfix (SP1) [See Q317277 for more information]
Windows XP Hotfix (SP1) [See Q318138 for more information]
Windows XP Hotfix (SP1) [See Q323172 for more information]
Windows XP Hotfix (SP1) [See Q324096 for more information]
Windows XP Hotfix (SP1) [See Q324380 for more information]
Windows XP Hotfix (SP1) [See Q326830 for more information]
Windows XP Hotfix (SP1) [See Q328940 for more information]
Windows XP Hotfix (SP1) [See Q329048 for more information]
Windows XP Hotfix (SP1) [See Q329390 for more information]
Windows XP Hotfix (SP1) [See Q329441 for more information]
Windows XP Hotfix (SP1) [See Q329834 for more information]
Windows XP Hotfix (SP1) Q329170
Windows XP Hotfix (SP1) Q810577
Windows XP Hotfix (SP1) Q810833
Windows XP Hotfix (SP1) Q811493
Windows XP Hotfix (SP1) Q815021
Windows XP Hotfix (SP1) Q817606
Windows XP Hotfix (SP1) Q819696
Windows XP Hotfix (SP2) [See Q329115 for more information]
XoftSpy
Yahoo! Anti-Spy
Yahoo! extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar for Internet Explorer

#6 agrarianmonk

agrarianmonk

  • Members
  • 522 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 06 September 2006 - 11:20 PM

We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection.
Click here: http://www.microsoft.com/windowsxp/downloa...p1/default.mspx
Apply the update, reboot, and post a fresh Hijack This log.
agrarianmonk

Posted Image

Requests for help via PM will be ignored. Please post on the forums instead :)
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#7 agrarianmonk

agrarianmonk

  • Members
  • 522 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 17 September 2006 - 10:30 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
agrarianmonk

Posted Image

Requests for help via PM will be ignored. Please post on the forums instead :)
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users