Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

make it go away

Started by Shady , Mar 19 2005 10:28 AM

  • Please log in to reply

#1
Shady
Posted 19 March 2005 - 10:28 AM

Shady

    Member

  • Member
  • PipPipPip
  • 194 posts
This is the first time I've done this, so bear with me if I do something wrong :tazz: Anyway, a quick briefing. I am able to use my account no problem on XP. But when i SWITCH USER and let my mom or sister get on their accounts, it acts like something is running in a constant loop. Takes FOREVER for the profile(s) to load. Hoping this will solve that issue.

NAV Log:

Category: Threat alerts
Date,Feature,Threat Name,Action Taken,Item Type,Target,Suspicious Action,Virus Definition Version,Product Version,User Name,Computer Name,Details
3/19/2005 10:18:09 AM,Virus scanner,Adware.SAHAgent,No action taken,File,N/A,N/A,200503170009,11.0.9.16,John Sebeny,JOHN-MAIN,"Threat category: AdwareSource: C:\WINDOWS\system32\bln02nqv.exe,Description: The file C:\WINDOWS\system32\bln02nqv.exe is a Adware threat."
3/19/2005 10:18:09 AM,Virus scanner,Adware.WinTaskAd,Delete failed,File,N/A,N/A,200503170009,11.0.9.16,John Sebeny,JOHN-MAIN,"Threat category: AdwareSource: C:\Program Files\Media Access\MediaAccK.exe,Description: The file C:\Program Files\Media Access\MediaAccK.exe is a Adware threat."
3/19/2005 10:18:09 AM,Virus scanner,Packed.Adware,Delete failed,File,N/A,N/A,200503170009,11.0.9.16,John Sebeny,JOHN-MAIN,"Threat category: AdwareSource: C:\Program Files\Media Access\MediaAccC.dll,Description: The file C:\Program Files\Media Access\MediaAccC.dll is a Adware threat."
3/19/2005 10:18:09 AM,Virus scanner,Adware.WinTaskAd,Delete failed,File,N/A,N/A,200503170009,11.0.9.16,John Sebeny,JOHN-MAIN,"Threat category: AdwareSource: C:\Program Files\Media Access\MediaAccess.exe,Description: The file C:\Program Files\Media Access\MediaAccess.exe is a Adware threat."
3/19/2005 10:18:09 AM,Virus scanner,Adware.Minibug,No action taken,File,N/A,N/A,200503170009,11.0.9.16,John Sebeny,JOHN-MAIN,"Threat category: AdwareSource: C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll,Description: The file C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll is a Adware threat."
3/19/2005 10:18:09 AM,Virus scanner,Adware.WinAd,Delete failed,File,N/A,N/A,200503170009,11.0.9.16,John Sebeny,JOHN-MAIN,"Threat category: AdwareSource: MediaAccX.dll,Description: The compressed file MediaAccX.dll within C:\Documents and Settings\John Sebeny\Local Settings\Temporary Internet Files\Content.IE5\XW3DRU9L\bridge-c7[1].cab is a Adware threat."
3/19/2005 10:18:09 AM,Virus scanner,Adware.CDT,No action taken,File,N/A,N/A,200503170009,11.0.9.16,John Sebeny,JOHN-MAIN,"Threat category: AdwareSource: C:\Documents and Settings\John Sebeny\Local Settings\Temporary Internet Files\Content.IE5\CUPZFS46\index[1].htm,Description: The file C:\Documents and Settings\John Sebeny\Local Settings\Temporary Internet Files\Content.IE5\CUPZFS46\index[1].htm is a Adware threat."
3/19/2005 2:48:03 AM,Virus scanner,Adware.SAHAgent,No action taken,File,N/A,N/A,200503170009,11.0.9.16,John Sebeny,JOHN-MAIN,"Threat category: AdwareSource: C:\WINDOWS\system32\bln02nqv.exe,Description: The file C:\WINDOWS\system32\bln02nqv.exe is a Adware threat."
3/19/2005 2:48:03 AM,Virus scanner,Adware.WinTaskAd,Delete failed,File,N/A,N/A,200503170009,11.0.9.16,John Sebeny,JOHN-MAIN,"Threat category: AdwareSource: C:\Program Files\Media Access\MediaAccK.exe,Description: The file C:\Program Files\Media Access\MediaAccK.exe is a Adware threat."
3/19/2005 2:48:03 AM,Virus scanner,Packed.Adware,Delete failed,File,N/A,N/A,200503170009,11.0.9.16,John Sebeny,JOHN-MAIN,"Threat category: AdwareSource: C:\Program Files\Media Access\MediaAccC.dll,Description: The file C:\Program Files\Media Access\MediaAccC.dll is a Adware threat."
3/19/2005 2:48:03 AM,Virus scanner,Adware.WinTaskAd,Delete failed,File,N/A,N/A,200503170009,11.0.9.16,John Sebeny,JOHN-MAIN,"Threat category: AdwareSource: C:\Program Files\Media Access\MediaAccess.exe,Description: The file C:\Program Files\Media Access\MediaAccess.exe is a Adware threat."
3/19/2005 2:48:03 AM,Virus scanner,Adware.Minibug,No action taken,File,N/A,N/A,200503170009,11.0.9.16,John Sebeny,JOHN-MAIN,"Threat category: AdwareSource: C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll,Description: The file C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll is a Adware threat."
3/19/2005 2:48:03 AM,Virus scanner,Adware.WinAd,Delete failed,File,N/A,N/A,200503170009,11.0.9.16,John Sebeny,JOHN-MAIN,"Threat category: AdwareSource: MediaAccX.dll,Description: The compressed file MediaAccX.dll within C:\Documents and Settings\John Sebeny\Local Settings\Temporary Internet Files\Content.IE5\XW3DRU9L\bridge-c7[1].cab is a Adware threat."
3/19/2005 2:48:03 AM,Virus scanner,Adware.CDT,No action taken,File,N/A,N/A,200503170009,11.0.9.16,John Sebeny,JOHN-MAIN,"Threat category: AdwareSource: C:\Documents and Settings\John Sebeny\Local Settings\Temporary Internet Files\Content.IE5\CUPZFS46\index[1].htm,Description: The file C:\Documents and Settings\John Sebeny\Local Settings\Temporary Internet Files\Content.IE5\CUPZFS46\index[1].htm is a Adware threat."
3/18/2005 1:18:50 PM,Virus scanner,Downloader.Trojan,Manually deleted,File,N/A,N/A,200503170009,11.0.9.16,John Sebeny,JOHN-MAIN,"Threat category: VirusSource: C:\winkbupdate31.exe,Description: The file C:\winkbupdate31.exe is infected with the Downloader.Trojan virus."
3/18/2005 1:18:50 PM,Virus scanner,Downloader.Trojan,Manually deleted,File,N/A,N/A,200503170009,11.0.9.16,John Sebeny,JOHN-MAIN,"Threat category: VirusSource: C:\winkbupdate32.exe,Description: The file C:\winkbupdate32.exe is infected with the Downloader.Trojan virus."
3/18/2005 1:18:50 PM,Virus scanner,W32.Spybot.Worm,Manually deleted,File,N/A,N/A,200503170009,11.0.9.16,John Sebeny,JOHN-MAIN,"Threat category: VirusSource: C:\WINDOWS\system32\winole.exe,Description: The file C:\WINDOWS\system32\winole.exe is infected with the W32.Spybot.Worm virus."
3/18/2005 1:18:50 PM,Virus scanner,Adware.SAHAgent,No action taken,File,N/A,N/A,200503170009,11.0.9.16,John Sebeny,JOHN-MAIN,"Threat category: AdwareSource: C:\WINDOWS\system32\bln02nqv.exe,Description: The file C:\WINDOWS\system32\bln02nqv.exe is a Adware threat."
3/18/2005 1:18:50 PM,Virus scanner,Adware.WinAd,Manually deleted,File,N/A,N/A,200503170009,11.0.9.16,John Sebeny,JOHN-MAIN,"Threat category: AdwareSource: C:\WINDOWS\Downloaded Program Files\MediaAccX.dll,Description: The file C:\WINDOWS\Downloaded Program Files\MediaAccX.dll is a Adware threat."
3/18/2005 1:18:50 PM,Virus scanner,Adware.WinTaskAd,Delete failed,File,N/A,N/A,200503170009,11.0.9.16,John Sebeny,JOHN-MAIN,"Threat category: AdwareSource: C:\Program Files\Media Access\MediaAccK.exe,Description: The file C:\Program Files\Media Access\MediaAccK.exe is a Adware threat."
3/18/2005 1:18:50 PM,Virus scanner,Packed.Adware,Delete failed,File,N/A,N/A,200503170009,11.0.9.16,John Sebeny,JOHN-MAIN,"Threat category: AdwareSource: C:\Program Files\Media Access\MediaAccC.dll,Description: The file C:\Program Files\Media Access\MediaAccC.dll is a Adware threat."
3/18/2005 1:18:49 PM,Virus scanner,Adware.WinTaskAd,Delete failed,File,N/A,N/A,200503170009,11.0.9.16,John Sebeny,JOHN-MAIN,"Threat category: AdwareSource: C:\Program Files\Media Access\MediaAccess.exe,Description: The file C:\Program Files\Media Access\MediaAccess.exe is a Adware threat."
3/18/2005 1:18:49 PM,Virus scanner,Adware.Minibug,No action taken,File,N/A,N/A,200503170009,11.0.9.16,John Sebeny,JOHN-MAIN,"Threat category: AdwareSource: C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll,Description: The file C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll is a Adware threat."
3/18/2005 1:18:49 PM,Virus scanner,Downloader.Trojan,Manually deleted,File,N/A,N/A,200503170009,11.0.9.16,John Sebeny,JOHN-MAIN,"Threat category: VirusSource: C:\Documents and Settings\LeeAnn Sebeny\Local Settings\Temporary Internet Files\Content.IE5\CYAVNNMF\winun[1].exe,Description: The file C:\Documents and Settings\LeeAnn Sebeny\Local Settings\Temporary Internet Files\Content.IE5\CYAVNNMF\winun[1].exe is infected with the Downloader.Trojan virus."
3/18/2005 1:18:49 PM,Virus scanner,Packed.Adware,Manually deleted,File,N/A,N/A,200503170009,11.0.9.16,John Sebeny,JOHN-MAIN,"Threat category: AdwareSource: C:\Documents and Settings\John Sebeny\Local Settings\Temporary Internet Files\Content.IE5\XW3DRU9L\MediaAccC[1].dll,Description: The file C:\Documents and Settings\John Sebeny\Local Settings\Temporary Internet Files\Content.IE5\XW3DRU9L\MediaAccC[1].dll is a Adware threat."
3/18/2005 1:18:49 PM,Virus scanner,Adware.WinAd,Delete failed,File,N/A,N/A,200503170009,11.0.9.16,John Sebeny,JOHN-MAIN,"Threat category: AdwareSource: MediaAccX.dll,Description: The compressed file MediaAccX.dll within C:\Documents and Settings\John Sebeny\Local Settings\Temporary Internet Files\Content.IE5\XW3DRU9L\bridge-c7[1].cab is a Adware threat."
3/18/2005 1:18:49 PM,Virus scanner,Downloader.Trojan,Manually deleted,File,N/A,N/A,200503170009,11.0.9.16,John Sebeny,JOHN-MAIN,"Threat category: VirusSource: C:\Documents and Settings\John Sebeny\Local Settings\Temporary Internet Files\Content.IE5\CYAVNNMF\winun[1].exe,Description: The file C:\Documents and Settings\John Sebeny\Local Settings\Temporary Internet Files\Content.IE5\CYAVNNMF\winun[1].exe is infected with the Downloader.Trojan virus."
3/18/2005 1:18:49 PM,Virus scanner,Downloader.Trojan,Manually deleted,File,N/A,N/A,200503170009,11.0.9.16,John Sebeny,JOHN-MAIN,"Threat category: VirusSource: C:\Documents and Settings\John Sebeny\Local Settings\Temporary Internet Files\Content.IE5\CYAVNNMF\winun[2].exe,Description: The file C:\Documents and Settings\John Sebeny\Local Settings\Temporary Internet Files\Content.IE5\CYAVNNMF\winun[2].exe is infected with the Downloader.Trojan virus."
3/18/2005 1:18:49 PM,Virus scanner,Adware.WinTaskAd,Manually deleted,File,N/A,N/A,200503170009,11.0.9.16,John Sebeny,JOHN-MAIN,"Threat category: AdwareSource: C:\Documents and Settings\John Sebeny\Local Settings\Temporary Internet Files\Content.IE5\CYAVNNMF\MediaAccess[1].exe,Description: The file C:\Documents and Settings\John Sebeny\Local Settings\Temporary Internet Files\Content.IE5\CYAVNNMF\MediaAccess[1].exe is a Adware threat."
3/18/2005 1:18:49 PM,Virus scanner,Adware.Istbar,Manually deleted,File,N/A,N/A,200503170009,11.0.9.16,John Sebeny,JOHN-MAIN,"Threat category: AdwareSource: prompt[1].php,Description: The compressed file prompt[1].php within C:\Documents and Settings\John Sebeny\Local Settings\Temporary Internet Files\Content.IE5\CUPZFS46\prompt[1].php is a Adware threat."
3/18/2005 1:18:49 PM,Virus scanner,Adware.Istbar,Manually deleted,File,N/A,N/A,200503170009,11.0.9.16,John Sebeny,JOHN-MAIN,"Threat category: AdwareSource: C:\Documents and Settings\John Sebeny\Local Settings\Temporary Internet Files\Content.IE5\CUPZFS46\prompt[1].htm,Description: The file C:\Documents and Settings\John Sebeny\Local Settings\Temporary Internet Files\Content.IE5\CUPZFS46\prompt[1].htm is a Adware threat."
3/18/2005 1:18:49 PM,Virus scanner,Adware.WinTaskAd,Manually deleted,File,N/A,N/A,200503170009,11.0.9.16,John Sebeny,JOHN-MAIN,"Threat category: AdwareSource: C:\Documents and Settings\John Sebeny\Local Settings\Temporary Internet Files\Content.IE5\CUPZFS46\MediaAccK[1].exe,Description: The file C:\Documents and Settings\John Sebeny\Local Settings\Temporary Internet Files\Content.IE5\CUPZFS46\MediaAccK[1].exe is a Adware threat."
3/18/2005 1:18:49 PM,Virus scanner,Adware.CDT,No action taken,File,N/A,N/A,200503170009,11.0.9.16,John Sebeny,JOHN-MAIN,"Threat category: AdwareSource: C:\Documents and Settings\John Sebeny\Local Settings\Temporary Internet Files\Content.IE5\CUPZFS46\index[1].htm,Description: The file C:\Documents and Settings\John Sebeny\Local Settings\Temporary Internet Files\Content.IE5\CUPZFS46\index[1].htm is a Adware threat."
3/18/2005 1:18:49 PM,Virus scanner,Adware.NetOptimizer,Manually deleted,File,N/A,N/A,200503170009,11.0.9.16,John Sebeny,JOHN-MAIN,"Threat category: AdwareSource: C:\Documents and Settings\John Sebeny\Local Settings\Temporary Internet Files\Content.IE5\4SW6QY1A\wsem303[1].dll,Description: The file C:\Documents and Settings\John Sebeny\Local Settings\Temporary Internet Files\Content.IE5\4SW6QY1A\wsem303[1].dll is a Adware threat."
3/18/2005 12:34:12 PM,Auto-Protect,Download.Trojan,Automatically deleted,File,N/A,N/A,200503170009,11.0.9.16,John Sebeny,JOHN-MAIN,Source: C:\WINDOWS\System32\.pif


HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 10:20:42 AM, on 3/19/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
G:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
G:\Program Files\Awsum\AwSuMovies\mirc.exe
G:\Program Files\Winamp\winamp.exe
G:\Program Files\BitTornado\btdownloadgui.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Media Access\MediaAccess.exe
G:\Program Files\Hijack This\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec

Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton

AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common

Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet

Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "G:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "G:\program files\Quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [AIM] G:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - G:\Program Files\AIM\aim.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -

http://static.windup...e/bridge-c7.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\ccSetMgr.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive

Software\DiskeeperLite\DKService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton

Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton

AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -

C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\CCPD-LC\symlcsvc.exe

Have fun figuring that stuff out!
  • 0

Advertisements

#2
Wizard
Posted 20 March 2005 - 12:02 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Hello Shady and Welcome to GeekstoGo!!!

Lets see what we can do about this Infection!

While Online,please go to Add\Remove Programs and Remove this:

Media Access

Disconnect from the Internet,physically Unplug the connection if you have to!

Because this appears to be a Multiple Drive PC with several User Accounts,you nay have to follow this fix for all User Accounts,including the Adminisrator Account!

Open HijackThis and put a check by these but DO NOT hit the Fix Checked button yet!

R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe

O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://static.windup...e/bridge-c7.cab

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button!!

Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
Safe Mode

After restarting in Safe Mode,Configure Windows to Show All Hidden Files and Folders,this must be done after restarting in Safe Mode!!
Here is a link to help with that:
Hidden Files
Make sure to follow Directions for XP!

Locate and Delete these I have listed in Bold Print:

C:\WINDOWS\System32\gah95on6.exe<<< File Only!

C:\Program Files\Media Access<<< Entire Media Access Folder!

Empty Recycle Bin!!

When finished, reboot your system again and bring it back up in normal mode. Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK.
Make Sure Normal Startup is Checked!!
Select the tab labeled Startup and put a Check by every box there!! Once everything is enabled, run "Hijack This!" and post a new log to this thread!!

Here is a link explaining:
Msconfig
  • 0

#3
Shady
Posted 20 March 2005 - 01:44 PM

Shady

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 194 posts
I did what you told me. I noticed that 2 items are still listed (i turned them off in STARTUP. I also went and logged into my mom and sister's account and ran HijackThis and fixed those files. Even went into the ADMIN account and did the same. Here is the NEW log file of HijackThis (3-20-05)...


Logfile of HijackThis v1.99.1
Scan saved at 1:39:47 PM, on 3/20/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
G:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
G:\Program Files\Hijack This\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "G:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "G:\program files\Quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
O4 - HKCU\..\Run: [AIM] G:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - G:\Program Files\AIM\aim.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

#4
Wizard
Posted 20 March 2005 - 03:01 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Were you able to locate the File and Folder I indicated?

If so,these are probably just leftovers,so lets see!

Open HijackThis and put a check by these but DO NOT hit the Fix Checked button yet!

O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe

O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button!!

Restart the PC and Scan with HijackThis again and Post that log!

Lets get the PC scanned Online here:
Panda

Post any results that Scan Yields!!!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP