View Full Version : DNS Hijack
borkborkbork
2007-04-07, 12:33
Recently managed to get what I think is called a DNS hijack - when I go google searching and click on a link, about 50% of the time, it'll redirect me to another page, address being : 85.255.119.188
Panda log here (http://members.optusnet.com.au/kenedykong/editedscan.txt)
HijackThis log here (http://members.optusnet.com.au/kenedykong/hijackthis.log)
By the way, the 'bob's in the logs are my edits - my name should be in there.
Also, steps I've done so far:
In the network connctions, clicking on my LAN connections and checking the TCP/IP properties, the DNS settings were changed to use another address. I switched it back to normal without thinking (I should have taken the IP down), since I thought that would immediately fix the problem. It didn't.
After looking through the Hijackthis log, I think the problem is here:
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A72B4B5-B98F-4787-94E6-51BBDFF9B8DF}: NameServer = 61.88.88.88
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF96206E-7253-43A4-ADF4-7DFD89945D44}: NameServer = 61.88.88.88
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.30 85.255.112.150
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.30 85.255.112.150
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.30 85.255.112.150
61.88.88.88 is my ISP's (optus) DNS. The other 2 ips are similar to the redirect, so I think that's the problem. Only I don't have a clue as to how to fix it.
Thanks for having such a service online.
pskelley
2007-04-07, 15:26
Welcome to the forum, start by reading the instructions and following them completely, anything less will just slow down your repair:
"BEFORE you POST" Mandatory Steps Before Requesting Assistance
http://forums.spybot.info/showthread.php?t=288
Please do not attach infected files!
If a helper requests files they will give you a link to upload them.
All logs should be copy/pasted into topic and not attached unless requested by helper in that format.
(When adding posts to your topic, do so by clicking ADD REPLY)
Thanks
borkborkbork
2007-04-07, 15:32
Oops, sorry. I missed that bit.
Panda:
Incident Status Location
Hacktool:DoS/Freegate.A Not disinfected C:\My Music\Music Albums\ユナノリコュネォシッMP3\ユナノリコュ-ナキネュ\ウャシカエ惕柀晴ソ・ルーイネォ.zip[│???┤・└φ?φ?■┐∞?┘????/?≫???°?φ?■/???│????├┼/t4.exe]
Hacktool:Hacktool/Uscape Not disinfected C:\My Music\Music Albums\ユナノリコュネォシッMP3\ユナノリコュ-ナキネュ\ウャシカエ惕柀晴ソ・ルーイネォ.zip[│???┤・└φ?φ?■┐∞?┘????/?≫???°?φ?■/????├┼/f6f7.exe]
Hacktool:Hacktool/Netscan Not disinfected C:\My Music\Music Albums\ユナノリコュネォシッMP3\ユナノリコュ-ナキネュ\ウャシカエ惕柀晴ソ・ルーイネォ.zip[│???┤・└φ?φ?■┐∞?┘????/?≫???°?φ?■/?≫?°??/dynapass1.5.exe]
Spyware:Spyware/New.net Not disinfected C:\System Volume Information\_restore{46F4CC43-1060-4F84-961E-F6EA4B0A1D08}\RP261\A0026207.exe[SHNT288.exe]
Spyware:Spyware/MarketScore Not disinfected C:\System Volume Information\_restore{46F4CC43-1060-4F84-961E-F6EA4B0A1D08}\RP261\A0026207.exe[RKInstaller.exe]
Hacktool:DoS/Freegate.A Not disinfected E:\My Music\Music Albums\ユナノリコュネォシッMP3\ユナノリコュ-ナキネュ\ウャシカエ惕柀晴ソ・ルーイネォ.zip[│???┤・└φ?φ?■┐∞?┘????/?≫???°?φ?■/???│????├┼/t4.exe]
Hacktool:Hacktool/Uscape Not disinfected E:\My Music\Music Albums\ユナノリコュネォシッMP3\ユナノリコュ-ナキネュ\ウャシカエ惕柀晴ソ・ルーイネォ.zip[│???┤・└φ?φ?■┐∞?┘????/?≫???°?φ?■/????├┼/f6f7.exe]
Hacktool:Hacktool/Netscan Not disinfected E:\My Music\Music Albums\ユナノリコュネォシッMP3\ユナノリコュ-ナキネュ\ウャシカエ惕柀晴ソ・ルーイネォ.zip[│???┤・└φ?φ?■┐∞?┘????/?≫???°?φ?■/?≫?°??/dynapass1.5.exe]
Spyware:Cookie/Hbmediapro Not disinfected G:\Documents and Settings\bob\Cookies\bob@adopt.hbmediapro[2].txt
Spyware:Cookie/PointRoll Not disinfected G:\Documents and Settings\bob\Cookies\bob@ads.pointroll[2].txt
Spyware:Cookie/Atwola Not disinfected G:\Documents and Settings\bob\Cookies\bob@atwola[2].txt
Spyware:Cookie/BurstNet Not disinfected G:\Documents and Settings\bob\Cookies\bob@burstnet[2].txt
Spyware:Cookie/Cd Freaks Not disinfected G:\Documents and Settings\bob\Cookies\bob@cdfreaks[1].txt
Spyware:Cookie/Cgi-bin Not disinfected G:\Documents and Settings\bob\Cookies\bob@cgi-bin[1].txt
Spyware:Cookie/Cgi-bin Not disinfected G:\Documents and Settings\bob\Cookies\bob@cgi-bin[3].txt
Spyware:Cookie/Cgi-bin Not disinfected G:\Documents and Settings\bob\Cookies\bob@cgi-bin[6].txt
Spyware:Cookie/Clixgalore Not disinfected G:\Documents and Settings\bob\Cookies\bob@clixgalore[1].txt
Spyware:Cookie/Cd Freaks Not disinfected G:\Documents and Settings\bob\Cookies\bob@club.cdfreaks[2].txt
Spyware:Cookie/Com.com Not disinfected G:\Documents and Settings\bob\Cookies\bob@com[1].txt
Spyware:Cookie/360i Not disinfected G:\Documents and Settings\bob\Cookies\bob@ct.360i[2].txt
Spyware:Cookie/Overture Not disinfected G:\Documents and Settings\bob\Cookies\bob@overture[2].txt
Spyware:Cookie/QuestionMarket Not disinfected G:\Documents and Settings\bob\Cookies\bob@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected G:\Documents and Settings\bob\Cookies\bob@realmedia[1].txt
Spyware:Cookie/Target Not disinfected G:\Documents and Settings\bob\Cookies\bob@target[1].txt
Spyware:Cookie/Toplist Not disinfected G:\Documents and Settings\bob\Cookies\bob@toplist[2].txt
Spyware:Cookie/BurstBeacon Not disinfected G:\Documents and Settings\bob\Cookies\bob@www.burstbeacon[2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected G:\Documents and Settings\bob\Cookies\bob@www.myaffiliateprogram[2].txt
Spyware:Cookie/Xiti Not disinfected G:\Documents and Settings\bob\Cookies\bob@xiti[1].txt
Spyware:Cookie/Yadro Not disinfected G:\Documents and Settings\bob\Cookies\bob@yadro[1].txt
Spyware:Cookie/BurstNet Not disinfected G:\bob\Cookies\bob@burstnet[2].txt
Spyware:Cookie/Enhance Not disinfected G:\bob\Cookies\bob@c.enhance[1].txt
Spyware:Cookie/Cgi-bin Not disinfected G:\bob\Cookies\bob@cgi-bin[1].txt
Spyware:Cookie/Com.com Not disinfected G:\bob\Cookies\bob@com[2].txt
Spyware:Cookie/Com.com Not disinfected G:\bob\Cookies\bob@com[3].txt
Spyware:Cookie/Belnk Not disinfected G:\bob\Cookies\bob@dist.belnk[2].txt
Spyware:Cookie/Advnt Not disinfected G:\bob\Cookies\bob@www.advnt01[1].txt
Spyware:Cookie/BurstBeacon Not disinfected G:\bob\Cookies\bob@www.burstbeacon[2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected G:\bob\Cookies\bob@www.myaffiliateprogram[1].txt
Spyware:Cookie/Sidefind Not disinfected G:\bob\Cookies\bob@www.sidefind[2].txt
Spyware:Cookie/Yadro Not disinfected G:\bob\Cookies\bob@yadro[1].txt
Adware:Adware/Tracking Not disinfected G:\bob\Local Settings\Temporary Internet Files\Content.IE5\01I3OXYV\advertising[1].htm
Adware:Adware/Exact.BargainBuddy Not disinfected G:\bob\Local Settings\Temporary Internet Files\Content.IE5\01I3OXYV\webservice[1].htm
Adware:Adware/IST.ISTBar Not disinfected G:\bob\Local Settings\Temporary Internet Files\Content.IE5\41ENS1EJ\xml_istbar[1].xml
Adware:Adware/Tracking Not disinfected G:\bob\Local Settings\Temporary Internet Files\Content.IE5\85IJCHIF\advertising[1].htm
Adware:Adware/IST.YourSiteBar Not disinfected G:\bob\Local Settings\Temporary Internet Files\Content.IE5\CHEZ0XAV\CA8ICSGV.HTM
Adware:Adware/Tracking Not disinfected G:\bob\Local Settings\Temporary Internet Files\Content.IE5\P3331P8E\advertising[1].htm
Adware:Adware/Exact.BargainBuddy Not disinfected G:\bob\Local Settings\Temporary Internet Files\Content.IE5\SD6JO5IF\webservice[1].htm
Adware:Adware/Exact.BargainBuddy Not disinfected G:\bob\Local Settings\Temporary Internet Files\Content.IE5\U5GZIHU1\webservice[3].htm
Adware:Adware/Borlander Not disinfected G:\Program Files\Ringz Studio\Storm Codec\stormupd.dll
Virus:Trj/dmRandom.HF Disinfected G:\WINDOWS\system32\kdpht.exe
borkborkbork
2007-04-07, 15:33
Hijack This Log:
Logfile of HijackThis v1.99.1
Scan saved at 8:16:20 PM, on 7/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\csrss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32\svchost.exe
G:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
G:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\system32\bgsvcgen.exe
G:\Program Files\Common Files\Symantec Shared\ccProxy.exe
G:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
G:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
G:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
G:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
G:\WINDOWS\system32\nvsvc32.exe
G:\WINDOWS\system32\wdfmgr.exe
G:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
G:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
G:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
G:\WINDOWS\System32\alg.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\system32\RUNDLL32.EXE
G:\Program Files\Analog Devices\Core\smax4pnp.exe
G:\Program Files\Analog Devices\SoundMAX\Smax4.exe
G:\Program Files\Common Files\Symantec Shared\ccApp.exe
G:\Program Files\MessengerPlus! 3\MsgPlus.exe
G:\Program Files\DAEMON Tools\daemon.exe
G:\Program Files\Winamp\winampa.exe
G:\Program Files\Google\Gmail Notifier\gnotify.exe
G:\WINDOWS\StartupMonitor.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Messenger\msmsgs.exe
G:\Program Files\MSN Messenger\MsnMsgr.Exe
G:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
G:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
G:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Programs Install Files\winkey\WKeyKill.exe
G:\WINDOWS\system32\wuauclt.exe
G:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
G:\Program Files\Internet Explorer\IEXPLORE.EXE
G:\Program Files\WindowsSniper\WindowsSniper.exe
G:\Program Files\mIRC\mirc.exe
G:\Program Files\Pegasys Inc\TMPGEnc DVD Author 3 with DivX Authoring\TMPGEncDVDAuthor3.exe
G:\Program Files\Winamp\winamp.exe
G:\Program Files\WinRAR\WinRAR.exe
G:\Program Files\Internet Explorer\IEXPLORE.EXE
G:\WINDOWS\system32\conime.exe
G:\Program Files\Windows Media Player\wmplayer.exe
G:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\HijackThis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ATLAS Toolbar - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - G:\Program Files\ATLAS V13\ATLIECP.DLL
O2 - BHO: IeMonitor - {8170D7DC-BDD6-461e-88EB-F047257898C9} - G:\Program Files\Conceiva\DownloadStudio\DLMonitr.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - G:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - G:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - G:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - G:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar3.dll
O3 - Toolbar: &DownloadStudio - {CB789373-04D5-4ef4-9C16-871463FD0830} - G:\Program Files\Conceiva\DownloadStudio\WebDLBar.dll
O3 - Toolbar: ATLAS Toolbar - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - G:\Program Files\ATLAS V13\ATLIECP.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "G:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] G:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] G:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] G:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "G:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ccApp] "G:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] G:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [MessengerPlus3] "G:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] G:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [DAEMON Tools] "G:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinampAgent] G:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] G:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [StormCodec_Helper] "G:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "G:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "G:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] G:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = G:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = G:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = G:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WKeyKill.lnk = C:\Programs Install Files\winkey\WKeyKill.exe
O8 - Extra context menu item: &Translate with ATLAS - G:\Program Files\ATLAS V13\Atlscript.html
O8 - Extra context menu item: ATLAS Translation &Editor - G:\Program Files\ATLAS V13\AtlscriptEdit.html
O9 - Extra button: DownloadStudio - {7FCA7BD7-8F4D-4a81-BE72-A470F4E517D5} - G:\Program Files\Conceiva\DownloadStudio\WebDLBar.dll
O9 - Extra button: ATLAS Translation - {B7707A72-4355-11D4-82BD-00000EBBEF8D} - G:\Program Files\ATLAS V13\Atlscript.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: g:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: g:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: g:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: g:\windows\system32\nvappfilter.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A72B4B5-B98F-4787-94E6-51BBDFF9B8DF}: NameServer = 61.88.88.88
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF96206E-7253-43A4-ADF4-7DFD89945D44}: NameServer = 61.88.88.88
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.30 85.255.112.150
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.30 85.255.112.150
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.30 85.255.112.150
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "G:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - G:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - G:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - G:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - G:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - G:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - G:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - G:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - G:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - G:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - G:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - G:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - G:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - G:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
pskelley
2007-04-07, 16:04
G'Day and welcome to the forum, what are these:
Hacktool:DoS/Freegate.A Not disinfected C:\My Music\Music Albums\ユナノリコュネォシッMP3\ユナノリコュ-ナキネュ\ウャシカエ惕柀晴ソ・ルーイネォ.zip[│???┤・└φ?φ?■┐∞?┘????/?≫???°?φ?■/???│????├┼/t4.exe]
Is this something you created. Are these cracked music files?
Follow the instructions carefully and in the posted order.
1) Clean your Cache and Cookies in IE: Close all instances of Outlook Express and Internet Explorer
Go to Control Panel > Internet Options > General tab
Click the "Delete Cookies" button
Next to it, Click the "Delete Files" button
When prompted, place a check in: "Delete all offline content", click OK* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed): Go to Tools > Options.
Click Privacy in the menu on the left side of the Options window.
Click the Clear button located to the right of each option (History, Cookies, Cache).
Click OK to close the Options window
Alternatively, you can clear all information stored while browsing by clicking Clear All.
A confirmation dialog box will be shown before clearing the information.* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok.
Let it scan your system for files to remove.
Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
Press OK to remove them.
2) Thanks to LonnyBJones and anyone else who helped with this fix.
Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts.
You will be asked to reboot your computer; please do so.
Your system may take longer than usual to load; this is normal.
Once the desktop loads post the text that will open (report.txt) and a new Hijackthis log in the forum please.
(Hold the reports and log until we finish)
Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.30 85.255.112.150
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.30 85.255.112.150
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.30 85.255.112.150
Close all programs but HJT and all browser windows, then click on "Fix Checked"
Follow the directions in this link to download, install, update and run AVG Anti-Spyware. Be sure to delete or at least quarantine anything it finds and save the scan report to post.
http://forums.security-central.us/showthread.php?t=3165
Post the report from Fixwareout, the scan report from AVG Anti-Spyware, and a new HJT log. How's the computer running?
Thanks
Information for you: http://inetexplorer.mvps.org/data/lop.htm
G:\Program Files\MessengerPlus! 3\MsgPlus.exe
Are your 100% sure this item is safe?O4 - HKLM\..\Run: [StormCodec_Helper] "G:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
borkborkbork
2007-04-08, 03:57
Hacktool:DoS/Freegate.A Not disinfected C:\My Music\Music Albums\ユナノリコュネォシッMP3\ユナノリコュ-ナキネュ\ウャシカエ惕柀晴ソ・ルーイネォ.zip[│???┤・└φ?φ?■┐∞?┘????/?≫???°?φ?■/???│????├┼/t4.exe]
Is this something you created. Are these cracked music files?
Wouldn't have a clue...C drive is my brother's area. I think the AVG program killed it off anyway.
Information for you: http://inetexplorer.mvps.org/data/lop.htm
G:\Program Files\MessengerPlus! 3\MsgPlus.exe
I seem to remember killing that one. I don't have the toolbar or the extra favourites anymore, but is it still on my computer?
Are your 100% sure this item is safe?O4 - HKLM\..\Run: [StormCodec_Helper] "G:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
Nope, it's obsolete now though. I've finished using it. Should I get rid of it?
Thanks for the help. I'll post the logs after this post.
borkborkbork
2007-04-08, 04:00
Fixwareout
Fixwareout Last edited 4/5/2007
Post this report in the forums please
...
サササササPrerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdpht.exe"
サササササ System restarted
サササササ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
サササササ Misc files.
....
サササササ Checking for older varients.
....
Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.
Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/
サササササ Other
サササササ Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="\"G:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="G:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="G:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"NvCplDaemon"="RUNDLL32.EXE G:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE G:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"SoundMAXPnP"="G:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"
"SoundMAX"="\"G:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray"
"ccApp"="\"G:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"URLLSTCK.exe"="G:\\Program Files\\Norton Internet Security\\UrlLstCk.exe"
"MessengerPlus3"="\"G:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
"Symantec NetDriver Monitor"="G:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"DAEMON Tools"="\"G:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"WinampAgent"="G:\\Program Files\\Winamp\\winampa.exe"
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="G:\\Program Files\\Google\\Gmail Notifier\\gnotify.exe"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"Run StartupMonitor"="StartupMonitor.exe"
"NeroFilterCheck"="G:\\WINDOWS\\system32\\NeroCheck.exe"
"StormCodec_Helper"="\"G:\\Program Files\\Ringz Studio\\Storm Codec\\StormSet.exe\" /S /opti"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="G:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"G:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"msnmsgr"="\"G:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"swg"="G:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it
サササササ End report サササササ
AVG:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 11:45:39 AM 8/04/2007
+ Scan result:
G:\bob\My Documents\Nb_ff8.exe -> Dropper.Small : Cleaned.
G:\bob\My Documents\ff8pced.zip/Nb_ff8.exe -> Dropper.Small : Cleaned.
G:\bob\My Documents\miltosraynor-ff8.zip/FF8 by Miltos Raynor.exe -> Dropper.Small : Cleaned.
C:\Yet to be sorted\external\Folders2\Downloads\Activity Monitor 3.5 + Crack.rar/swatcher.EXE -> Not-A-Virus.Monitor.Win32.ActivityMonitor.35 : Cleaned.
C:\Yet to be sorted\external\New Folder (2)\zips\Activity_Monitor_v3.5 + crack.zip/swatcher.EXE -> Not-A-Virus.Monitor.Win32.ActivityMonitor.35 : Cleaned.
C:\Yet to be sorted\external\New Folder (2)\zips\Activity_Monitor_v3.5 crack.zip/swatcher.EXE -> Not-A-Virus.Monitor.Win32.ActivityMonitor.35 : Cleaned.
C:\Yet to be sorted\external\New Folder (2)\zips\family.key.logger.2.50.full.incl.keygen-tsrh.zip/familykeylogger.zip/FamilyKeyLogger-setup.exe -> Not-A-Virus.Monitor.Win32.FamilyKeyLogger.230 : Cleaned.
G:\bob\My Documents\keylogger-download.zip/HomeKeyLogger-setup.exe -> Not-A-Virus.Monitor.Win32.HomeKeyLogger.162 : Cleaned.
C:\My Music\Music Albums\ユナノリコュネォシッMP3\ユナノリコュ-ナキネュ\ウャシカエ惕柀晴ソ・ルーイネォ.zip/³¬¼¶´úÀíÈí¼þ¿ìËÙ°²È«/¶¯Ì¬ÍøÈí¼þ/¶¯Íøͨ/dynapass1.5.exe -> Not-A-Virus.NetTool.Win32.UltraScape.15 : Cleaned.
E:\My Music\Music Albums\ユナノリコュネォシッMP3\ユナノリコュ-ナキネュ\ウャシカエ惕柀晴ソ・ルーイネォ.zip/³¬¼¶´úÀíÈí¼þ¿ìËÙ°²È«/¶¯Ì¬ÍøÈí¼þ/¶¯Íøͨ/dynapass1.5.exe -> Not-A-Virus.NetTool.Win32.UltraScape.15 : Cleaned.
G:\bob\Cookies\bob@www.adobe[1].txt -> TrackingCookie.Adobe : Cleaned.
G:\bob\Cookies\bob@ads18.bpath[2].txt -> TrackingCookie.Bpath : Cleaned.
G:\bob\Cookies\bob@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
G:\bob\Cookies\bob@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
G:\bob\Cookies\bob@com[2].txt -> TrackingCookie.Com : Cleaned.
G:\bob\Cookies\bob@com[3].txt -> TrackingCookie.Com : Cleaned.
G:\bob\Cookies\bob@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned.
G:\bob\Cookies\bob@www.gamershell[1].txt -> TrackingCookie.Gamershell : Cleaned.
G:\bob\Cookies\bob@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
G:\bob\Cookies\bob@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
G:\bob\Cookies\bob@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
G:\bob\Cookies\bob@www.sidefind[2].txt -> TrackingCookie.Sidefind : Cleaned.
G:\bob\Cookies\bob@yadro[1].txt -> TrackingCookie.Yadro : Cleaned.
G:\System Volume Information\_restore{09288CCE-FFF3-4B83-BE51-73EBD0867D7F}\RP109\A0023370.exe -> Trojan.DNSChanger.ik : Cleaned.
C:\Yet to be sorted\external\Folders2\Downloads\Website.Extractor.9.03.Cracked-iNFECTED-Pleasuredome101.rar/Website.Extractor.9.03.Cracked-iNFECTED-Pleasuredome101\patch_webextra.exe -> Trojan.Proxcrak.A : Cleaned.
C:\Yet to be sorted\external\Folders2\Downloads\Website.Extractor.9.03.Cracked-iNFECTED-Pleasuredome101\patch_webextra.exe -> Trojan.Proxcrak.A : Cleaned.
G:\Old Program Files\WebSite eXtractor2\patch_webextra.exe -> Trojan.Proxcrak.A : Cleaned.
::Report end
borkborkbork
2007-04-08, 04:02
Hijack This.
Logfile of HijackThis v1.99.1
Scan saved at 11:55:02 AM, on 8/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
G:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\system32\conime.exe
G:\WINDOWS\system32\bgsvcgen.exe
G:\Program Files\Common Files\Symantec Shared\ccProxy.exe
G:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
G:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
G:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
G:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
G:\WINDOWS\system32\nvsvc32.exe
G:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
G:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
G:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
G:\WINDOWS\system32\RUNDLL32.EXE
G:\Program Files\Analog Devices\Core\smax4pnp.exe
G:\Program Files\Analog Devices\SoundMAX\Smax4.exe
G:\Program Files\Common Files\Symantec Shared\ccApp.exe
G:\Program Files\MessengerPlus! 3\MsgPlus.exe
G:\Program Files\DAEMON Tools\daemon.exe
G:\Program Files\Winamp\winampa.exe
G:\Program Files\Google\Gmail Notifier\gnotify.exe
G:\WINDOWS\StartupMonitor.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Messenger\msmsgs.exe
G:\Program Files\MSN Messenger\MsnMsgr.Exe
G:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
G:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
G:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Programs Install Files\winkey\WKeyKill.exe
G:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
G:\WINDOWS\system32\wuauclt.exe
G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
G:\Program Files\Internet Explorer\IEXPLORE.EXE
G:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ATLAS Toolbar - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - G:\Program Files\ATLAS V13\ATLIECP.DLL
O2 - BHO: IeMonitor - {8170D7DC-BDD6-461e-88EB-F047257898C9} - G:\Program Files\Conceiva\DownloadStudio\DLMonitr.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - G:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - G:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - G:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - G:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar3.dll
O3 - Toolbar: &DownloadStudio - {CB789373-04D5-4ef4-9C16-871463FD0830} - G:\Program Files\Conceiva\DownloadStudio\WebDLBar.dll
O3 - Toolbar: ATLAS Toolbar - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - G:\Program Files\ATLAS V13\ATLIECP.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "G:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] G:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] G:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] G:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "G:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ccApp] "G:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] G:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [MessengerPlus3] "G:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] G:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [DAEMON Tools] "G:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinampAgent] G:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] G:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [StormCodec_Helper] "G:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "G:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "G:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] G:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = G:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = G:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = G:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WKeyKill.lnk = C:\Programs Install Files\winkey\WKeyKill.exe
O8 - Extra context menu item: &Translate with ATLAS - G:\Program Files\ATLAS V13\Atlscript.html
O8 - Extra context menu item: ATLAS Translation &Editor - G:\Program Files\ATLAS V13\AtlscriptEdit.html
O9 - Extra button: DownloadStudio - {7FCA7BD7-8F4D-4a81-BE72-A470F4E517D5} - G:\Program Files\Conceiva\DownloadStudio\WebDLBar.dll
O9 - Extra button: ATLAS Translation - {B7707A72-4355-11D4-82BD-00000EBBEF8D} - G:\Program Files\ATLAS V13\Atlscript.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: g:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: g:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: g:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: g:\windows\system32\nvappfilter.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A72B4B5-B98F-4787-94E6-51BBDFF9B8DF}: NameServer = 61.88.88.88
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF96206E-7253-43A4-ADF4-7DFD89945D44}: NameServer = 61.88.88.88
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "G:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - G:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - G:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - G:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - G:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - G:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - G:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - G:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - G:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - G:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - G:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - G:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - G:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - G:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
borkborkbork
2007-04-08, 04:03
Oh, and the rediredcts seem to have stopped now. Thanks for all the help.
pskelley
2007-04-08, 12:22
Thanks for returning your information and the feedback. Let's have a look.
1) If your brother or anyone else has a separate user accounts, I should see a HJT log while signed in to those accounts.
2) MessengerPlus is still running on the computer. Removal is option, it is the sponsor programs that cause the problems. I personally would never use anyone who would sponsor such junk.
Remove in Add Remove programs. Why don't you post your uninstall list for a look:
Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
3) Nope, it's obsolete now though. I've finished using it. Should I get rid of it?I would, I can't find a lot of information but my scanners think it is malware. Read this:
http://forums.spybot.info/showthread.php?t=7344
Looks like AVG and Fixwareout did the job, remove those two items with Add Remove Programs and post a new HJT log with the Uninstall list. I will make sure the log is clean and get you on the road with some good information.
Thanks
borkborkbork
2007-04-08, 12:50
We use the same account, so I've only got the uninstall list and hijack this log below. Also, I'd rather not remove MessengerPlus if there's no big need.
Uninstall list
?????i?e?e?a?IDVD”A
ABC (remove only)
Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Photoshop Elements 2.0
Adobe Reader 7.0
Adobe Reader Japanese Fonts
ASUS WiFi-AP Solo
ATLAS Translation Double Pack V13.0
AusLogics Disk Defrag
AVG Anti-Spyware 7.5
CC_ccProxyMSI
CC_ccStart
ccCommon
Combined Community Codec Pack 2006-12-15
CureROM Pro 2.0.3.3
Digital Media Converter 2.73
DivX Codec
DownloadStudio
DVD Shrink 3.2
eMule
File Renamer - Basic
Fraps
GoldWave v5.19
Google Gmail Notifier
Google Toolbar for Internet Explorer
Haali Media Splitter
Hex Workshop v3.1
High Definition Audio Driver Package - KB888111
HijackThis 1.99.1
Hotfix for Windows XP (KB929120)
InfoRapid Search & Replace
IsoBuster 1.9.1
J2SE Runtime Environment 5.0 Update 3
LimeWire 4.12.11
LiveReg (Symantec Corporation)
LiveUpdate 1.90 (Symantec Corporation)
Logitech SetPoint
Melty Blood Re-ACT Final Tuned
Messenger Plus! 3
Microsoft .NET Framework 2.0
Microsoft Office 2000 Premium
Microsoft Visual C++ 2005 Redistributable
mIRC
MSN Messenger 7.5
MSRedist
Nero Suite
NetBattle
Neverwinter Nights 2
Neverwinter Nights Platinum Edition
Norton AntiSpam
Norton AntiSpam
Norton AntiVirus
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security (Symantec Corporation)
NSSEditor, 2.0.0.0. BETA2
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Secure Module 4.7.00
Panda ActiveScan
PSP Movie Creator(remove only)
PSP Movie Creator(remove only)
QuickTime
Real Alternative 1.51
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929969)
SonicStage 4.3
Sony ATRAC3 Audio Codec (remove only)
SoundMAX
Spelling Dictionaries For Adobe Reader Package
Spybot - Search & Destroy 1.4
StartupMonitor
Symantec Script Blocking Installer
TMPGEnc DVD Author 3 with DivX Authoring
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB929338)
Update for Windows XP (KB931836)
Winamp (remove only)
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Sniper
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinPcap 3.1
WinRAR archiver
μTorrent
HijackThis Log:
Logfile of HijackThis v1.99.1
Scan saved at 8:42:51 PM, on 8/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
G:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\system32\RUNDLL32.EXE
G:\Program Files\Analog Devices\Core\smax4pnp.exe
G:\Program Files\Analog Devices\SoundMAX\Smax4.exe
G:\Program Files\Common Files\Symantec Shared\ccApp.exe
G:\Program Files\MessengerPlus! 3\MsgPlus.exe
G:\Program Files\DAEMON Tools\daemon.exe
G:\Program Files\Winamp\winampa.exe
G:\Program Files\Google\Gmail Notifier\gnotify.exe
G:\WINDOWS\StartupMonitor.exe
G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Messenger\msmsgs.exe
G:\Program Files\MSN Messenger\MsnMsgr.Exe
G:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
G:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
G:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Programs Install Files\winkey\WKeyKill.exe
G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
G:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
G:\WINDOWS\system32\bgsvcgen.exe
G:\Program Files\Common Files\Symantec Shared\ccProxy.exe
G:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
G:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
G:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
G:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
G:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
G:\WINDOWS\system32\nvsvc32.exe
G:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
G:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
G:\WINDOWS\system32\NOTEPAD.EXE
G:\WINDOWS\system32\wuauclt.exe
G:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe
G:\WINDOWS\system32\rundll32.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ATLAS Toolbar - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - G:\Program Files\ATLAS V13\ATLIECP.DLL
O2 - BHO: IeMonitor - {8170D7DC-BDD6-461e-88EB-F047257898C9} - G:\Program Files\Conceiva\DownloadStudio\DLMonitr.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - G:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - G:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - G:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - G:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar3.dll
O3 - Toolbar: &DownloadStudio - {CB789373-04D5-4ef4-9C16-871463FD0830} - G:\Program Files\Conceiva\DownloadStudio\WebDLBar.dll
O3 - Toolbar: ATLAS Toolbar - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - G:\Program Files\ATLAS V13\ATLIECP.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "G:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] G:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] G:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] G:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "G:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ccApp] "G:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] G:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [MessengerPlus3] "G:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] G:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [DAEMON Tools] "G:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinampAgent] G:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] G:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "G:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "G:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] G:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = G:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = G:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = G:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WKeyKill.lnk = C:\Programs Install Files\winkey\WKeyKill.exe
O8 - Extra context menu item: &Translate with ATLAS - G:\Program Files\ATLAS V13\Atlscript.html
O8 - Extra context menu item: ATLAS Translation &Editor - G:\Program Files\ATLAS V13\AtlscriptEdit.html
O9 - Extra button: DownloadStudio - {7FCA7BD7-8F4D-4a81-BE72-A470F4E517D5} - G:\Program Files\Conceiva\DownloadStudio\WebDLBar.dll
O9 - Extra button: ATLAS Translation - {B7707A72-4355-11D4-82BD-00000EBBEF8D} - G:\Program Files\ATLAS V13\Atlscript.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: g:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: g:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: g:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: g:\windows\system32\nvappfilter.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "G:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - G:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - G:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - G:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - G:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - G:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - G:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - G:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - G:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - G:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - G:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - G:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - G:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - G:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
pskelley
2007-04-08, 12:57
No problem, it's your computer, looking at your uninstall list:
J2SE Runtime Environment 5.0 Update 3
http://forums.spybot.info/showpost.php?p=12880&postcount=2
I suggest you download the newest version and uninstall this old one.
I see no other obvious malware problems, safe surfing.
Please delete Fixwareout.
System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?Open&src=sec_doc_nam
AVG Anti-Spyware is a good program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.
Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml
Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
borkborkbork
2007-04-08, 13:00
Wow, fast reply :laugh:
Thanks for the help over the past few days. I really appreciate it