Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hot-search?


  • Please log in to reply
5 replies to this topic

#1 purva

purva

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 03 December 2006 - 05:35 AM

Hi,

Ive been having a wierd problem for the past couple of weeks. At random times when i search on google or when i enter a straight website address in the bar, random websites keep popping up. the Info bar at the bottom tells me that a website called www/hot-search.biz is first loaded and then i get to a totally random website, all of whom look alike but with diff. names. Can you help. also, everytime i scan my comp it detects Alexa though theres no toolbar present. how do i completely remove it?

Thanks in advance, My Hijackthis log is as follows :

Logfile of HijackThis v1.99.1
Scan saved at 3:50:40 PM, on 12/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
F:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
g:\Norton GoBack\GBPoll.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
D:\WINDOWS\system32\RUNDLL32.EXE
F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\WINDOWS\anvshell.exe
D:\WINDOWS\system32\ctfmon.exe
G:\Norton GoBack\GBTray.exe
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
D:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
F:\Program Files\DAP\DAP.EXE
E:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Documents and Settings\abc\My Documents\My Completed Downloads\stng260.exe
E:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEMan Class - {24100E69-977D-4AEF-9538-B0FE1DDCE584} - D:\Program Files\Incredi IE Manager\IEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - D:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar4.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - D:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMixerTray] D:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_EMC] F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - Startup: LimeWire On Startup.lnk = E:\limewire\LimeWire.exe
O4 - Global Startup: Norton GoBack.lnk = G:\Norton GoBack\GBTray.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = D:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O8 - Extra context menu item: &Clean Traces - F:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - F:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - F:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///D:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Movies Extractor Scout LITE - {F8BD5FDB-0D43-4857-82B7-4F613702FA8C} - e:\Program Files\Movies Extractor Scout LITE\flashextract.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{132DCBDD-C3DE-4B1B-B008-307B11E01C6B}: NameServer = 85.255.116.39,85.255.112.105
O17 - HKLM\System\CCS\Services\Tcpip\..\{520C753B-5B2C-4C7E-8CEE-8FA44CE51EAB}: NameServer = 85.255.116.39,85.255.112.105
O17 - HKLM\System\CCS\Services\Tcpip\..\{6853ED58-BB7B-405E-B227-93A7C14E3F81}: NameServer = 85.255.116.39,85.255.112.105
O17 - HKLM\System\CCS\Services\Tcpip\..\{7553396C-7199-47A4-A10F-6645418DB9EE}: NameServer = 85.255.116.39,85.255.112.105
O17 - HKLM\System\CCS\Services\Tcpip\..\{E0A23541-1C5B-4EDC-85CE-A2DF952992B0}: NameServer = 85.255.116.39,85.255.112.105
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6782780-F237-4462-994D-FB7B6C9C9FCE}: NameServer = 85.255.116.39,85.255.112.105
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.39 85.255.112.105
O17 - HKLM\System\CS1\Services\Tcpip\..\{132DCBDD-C3DE-4B1B-B008-307B11E01C6B}: NameServer = 85.255.116.39,85.255.112.105
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.39 85.255.112.105
O17 - HKLM\System\CS2\Services\Tcpip\..\{132DCBDD-C3DE-4B1B-B008-307B11E01C6B}: NameServer = 85.255.116.39,85.255.112.105
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.39 85.255.112.105
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - F:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: GBPoll - Symantec Corporation - g:\Norton GoBack\GBPoll.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ethernet Packet Service (npacketservice) - Nokia - D:\WINDOWS\system32\npacketsvc.exe
O23 - Service: ASUS Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

BC AdBot (Login to Remove)

 


#2 jamielaw

jamielaw

    Malware Ass-Kicker!


  • Members
  • 878 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 03 December 2006 - 09:12 AM

Hey purva

Wareout:

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once the desktop loads a text file will open (report.txt), you can close it - the file has already been saved. Please post the contents of this text file (C:\fixwareout\report.txt) in your next reply.

Fix the HJT entries:
  • Open hijackthis and select the DO A SYSTEM SCAN ONLY option.
  • Place a check next to the following items:

    O17 - HKLM\System\CCS\Services\Tcpip\..\{132DCBDD-C3DE-4B1B-B008-307B11E01C6B}: NameServer = 85.255.116.39,85.255.112.105 << Please could you check all these type of entries in the 017s!
  • Close all open browsers and windows, except hijackthis. Then select fix checked . Now close HJT.
Please can you include the following logs in your next reply - they may need separate posts to stop them getting cut off:

Wareout log
A new Hijackthis log

My Website!

"The ultimate measure of a man is not where he stands in moments of comfort and convenience, but where he stands at times of challenge and controversy." - Martin Luther King, Jr.

Posted Image

#3 purva

purva
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 03 December 2006 - 10:54 AM

Hi Guys,

Thanks a lot Jamielaw for your promt reply! ive done as u asked and here the my logs as you requested.

FIXWAREOUT LOG

Fixwareout ver 1.003
Last edited 8/11/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\0mdm
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\1mdm
...

Microsoft ® Windows Script Host Version 5.6
Random Runs removed from HKLM
...

PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

Searching by size/names...


Search five digit cs, dm and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal
D:\WINDOWS\SYSTEM32\DMCPL.EXE 278,528 2002-08-30

Other suspects.
Directory of D:\WINDOWS\system32

Misc files.

Checking for older varients covered by the Rem3 tool.

HIJACKTHIS LOG

Logfile of HijackThis v1.99.1
Scan saved at 9:21:22 PM, on 12/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\ZONELABS\vsmon.exe
D:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
F:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
g:\Norton GoBack\GBPoll.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
D:\WINDOWS\system32\RUNDLL32.EXE
F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\WINDOWS\anvshell.exe
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
G:\Norton GoBack\GBTray.exe
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
E:\limewire\LimeWire.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEMan Class - {24100E69-977D-4AEF-9538-B0FE1DDCE584} - D:\Program Files\Incredi IE Manager\IEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - D:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar4.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - D:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar4.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMixerTray] D:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_EMC] F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [Zone Labs Client] "E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: LimeWire On Startup.lnk = E:\limewire\LimeWire.exe
O4 - Global Startup: Norton GoBack.lnk = G:\Norton GoBack\GBTray.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = D:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O8 - Extra context menu item: &Clean Traces - F:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - F:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - F:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///D:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Movies Extractor Scout LITE - {F8BD5FDB-0D43-4857-82B7-4F613702FA8C} - e:\Program Files\Movies Extractor Scout LITE\flashextract.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - F:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: GBPoll - Symantec Corporation - g:\Norton GoBack\GBPoll.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ethernet Packet Service (npacketservice) - Nokia - D:\WINDOWS\system32\npacketsvc.exe
O23 - Service: ASUS Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZONELABS\vsmon.exe



Thanks again for your help!

Purva

#4 jamielaw

jamielaw

    Malware Ass-Kicker!


  • Members
  • 878 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 03 December 2006 - 11:18 AM

Hey purva

Thanks a lot Jamielaw for your promt reply!



Your welcome :thumbsup:

Uninstall List:

1. Open Hijackthis and select: Open the Misc Tools section.
2. Then choose: Open Uninstall Manager and click Save List.
3. Save the list to your computer.
4. Then copy the contents of the list back to this thread in your next reply.
My Website!

"The ultimate measure of a man is not where he stands in moments of comfort and convenience, but where he stands at times of challenge and controversy." - Martin Luther King, Jr.

Posted Image

#5 purva

purva
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 04 December 2006 - 04:31 AM

HI Jamielaw

Heres the list u wanted

ACE Mega CoDecS Pack
Adobe Flash Player 9 ActiveX
Adobe Photoshop 7.0
Adobe Reader 7.0.8
All Sound Recorder XP 2.02
ASUS Display Drivers
AVG Free Edition
Backburner
Bazooka Scanner
BlueSoleil
Bluetooth Stack for Windows by Toshiba
Carbide.j 1.0.1
CorelDRAW Graphics Suite 12
Debugging Tools for Windows
Download Accelerator Plus (DAP)
FontHit Font Tools
GameShadow
Google Earth
Google Talk (remove only)
Google Toolbar for Internet Explorer
Google Web Accelerator
Guru's GRE Wordlist 0.2
HijackThis 1.99.1
Incredi IE Manager
InterVideo WinDVD Recorder 5
iolo technologies' System Mechanic 5 Professional
IrfanView (remove only)
iTunes
J2ME Wireless Toolkit 2.2
Java 2 Runtime Environment, SE v1.4.2_13
Kaspersky Anti-Hacker
LimeWire 4.12.6
Macromedia Dreamweaver 8
Macromedia Extension Manager
Megaupload Toolbar
Microsoft .NET Framework 1.1
Microsoft Office Professional Edition 2003
Microsoft Reader
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft VM for Java
Microsoft Web Publishing Wizard 1.53
Movies Extractor Scout LITE
Nero Suite
Nokia Connectivity Cable Driver
Nokia Connectivity Cable Driver
Nokia Connectivity Framework 1.2
Nokia PC Connectivity Solution
Nokia PC Suite
Nokia Series 40 Theme Studio 2.1
Nokia Update Manager 2.0
Norton GoBack Personal Edition (Symantec Corporation)
NVIDIA Drivers
NvMixer
Plato Video To 3GP Converter Free 3.32
QuickTime
Raptor Audio 1.6
RealOne Player
RegCure 1.0.0.43
Shareaza version 2.2.1.0
Spybot - Search & Destroy 1.4
SWiSHmax
WavePad Uninstall
Winamp (remove only)
Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Sign-in Assistant
WinZip
Yahoo! Internet Mail
Yahoo! Messenger
ZipGenius 5.5.1.400
ZoneAlarm

#6 jamielaw

jamielaw

    Malware Ass-Kicker!


  • Members
  • 878 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 04 December 2006 - 05:50 PM

Hey purva

File Sharing Programs:

LimeWire 4.12.6
Shareaza version 2.2.1.0


You most likely got infected through file sharing. Please read this writeup and this article so you better understand the dangers of file sharing. If you continue this risky behavior you will be continually reinfected. If you are adamant about keeping the program/s (which I strongly advise against) then please could you have the courtesy of uninstalling the program whilst we fix your computer.


Uninstall Bad Programs:

1. Click Start >> Control Panel >> Add/Remove Programs
2. Select each of these programs, click Remove and follow the prompts to uninstall them:

Megaupload Toolbar

Then can you post a Hijackthis log.
My Website!

"The ultimate measure of a man is not where he stands in moments of comfort and convenience, but where he stands at times of challenge and controversy." - Martin Luther King, Jr.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users