christopher Posted October 20, 2006 Share Posted October 20, 2006 Logfile of HijackThis v1.99.1Scan saved at 8:10:03 PM, on 10/19/2006Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\Program Files\TGTSoft\StyleXP\StyleXPService.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\Program Files\Yahoo!\Antivirus\ISafe.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exeC:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Yahoo!\Antivirus\VetMsg.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exeC:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exeC:\WINDOWS\System32\hkcmd.exeC:\WINDOWS\AGRSMMSG.exeC:\WINDOWS\System32\ezSP_Px.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\Yahoo!\Antivirus\CAVTray.exeC:\Program Files\Yahoo!\Antivirus\CAVRID.exeC:\PROGRA~1\Yahoo!\YOP\yop.exeC:\Program Files\Microsoft IntelliPoint\point32.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Ahead\InCD\InCD.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exeC:\WINDOWS\System32\rundll32.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\TGTSoft\StyleXP\StyleXP.exeC:\Program Files\AIM95\aim.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\PROGRA~1\Yahoo!\browser\ycommon.exeC:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exeC:\WINDOWS\System32\wuauclt.exeC:\Documents and Settings\christopher\Desktop\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeopleR1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://contexualsearch.com/searchbar.htmlR3 - Default URLSearchHook is missingO2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocxO2 - BHO: (no name) - {1AD71CBA-7F06-75C3-F09C-00027DA5D459} - C:\WINDOWS\System32\kcuyfjb.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)O3 - Toolbar: (no name) - {7B6020C8-7F87-70B3-1AAC-B50F918B8A79} - (no file)O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exeO4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exeO4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exeO4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckRegO4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostartO4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exeO4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrunO4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [uoffxzl.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\uoffxzl.dll,vejahhcO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -HideO4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odlO4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeopleO16 - DPF: HushEncryptionEngine - https://mailserver2.hushmail.com/shared/Hus...ptionEngine.cabO16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cabO16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cabO16 - DPF: Yahoo! MLB StatTracker - http://aud2.sports.dcn.yahoo.com/java/y/mlbst8408_x.cabO16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cabO16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cabO16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cabO16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cabO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...81/mcinsctl.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cabO16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cabO16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cabO16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_...tupv2.0.0.9.cab?O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cabO20 - AppInit_DLLs: c:\windows\system32\awtsqpp.dllO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dllO20 - Winlogon Notify: winhoo32 - C:\WINDOWS\SYSTEM32\winhoo32.dllO21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exeO23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exeO23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exeO23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (Application) (file missing)O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exeO23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exeO23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exeO23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe Link to comment Share on other sites More sharing options...
Tarun Posted October 20, 2006 Share Posted October 20, 2006 You are unfortunately still highly infected. Please run SpywareBlaster, CCleaner, CWShredder, Ad-Aware, and Spybot again. You can also run AVG Anti-Spyware (formerly ewido) if you wish. Then please repost your log, as your current log has numerous visible infections that the aforementioned programs remove. Link to comment Share on other sites More sharing options...
christopher Posted October 20, 2006 Author Share Posted October 20, 2006 You are unfortunately still highly infected. Please run SpywareBlaster, CCleaner, CWShredder, Ad-Aware, and Spybot again. You can also run AVG Anti-Spyware (formerly ewido) if you wish. Then please repost your log, as your current log has numerous visible infections that the aforementioned programs remove.god this is so depressing!!i did that stuff. i'll do it again right now and repost. Link to comment Share on other sites More sharing options...
LLXX Posted October 23, 2006 Share Posted October 23, 2006 WHO TOLD YOU TO DELETE MY POSTS Link to comment Share on other sites More sharing options...
Jeremy Posted October 23, 2006 Share Posted October 23, 2006 WHO TOLD YOU TO DELETE MY POSTS LOL.... Link to comment Share on other sites More sharing options...
Tarun Posted October 23, 2006 Share Posted October 23, 2006 The post was removed due to incorrect information that was provided telling the user to remove services and other needed files through HijackThis when the files existed and were properly functioning. HijackThis has a bad bug where it can report items such as services as missing when the files actually exist. This is further proven by reading the running processes of the user's log.Help with HijackThis logs is appreciated; however, not reading the logs fully with a proper analysis is not appreciated as you are essentially telling the user to rip out vital parts of their services and other required items for functionality.Two of the four Avast services are listed as missing as seen below.O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)Now, looking into the running processes we find the following.C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exe<Snip out other running processes>C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe<SNIP>C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe<SNIP>C:\Program Files\Alwil Software\Avast4\ashWebSv.exeClearly, we can see that the "file missing" reports from HijackThis are not actually missing, but are present and running properly.Again, helping with the HijackThis logs is fine; but please read over them completely and nothing less. As the user has posted a new log and this one does not need to be remain open for further discussion, this topic is now...Closed. Link to comment Share on other sites More sharing options...
Recommended Posts