This topic is lockedThe link doesn't work...Says page cannot be displayed
Works for me. Maybe they tampered with your hosts file.
Find C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS and rename it to hosts.bak
Then try again.
Regards,
Pieter
The Aurora PopUp[RESOLVED]
Started by
death_hand
, Apr 23 2005 04:22 AM
#16
Posted 24 April 2005 - 06:41 AM
Metallica
-
- GeekU Moderator
-
- 33,101 posts
Spyware Veteran
Works for me. Maybe they tampered with your hosts file.
Find C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS and rename it to hosts.bak
Then try again.
Regards,
Pieter
#17
Posted 24 April 2005 - 08:44 AM
death_hand
- Topic Starter
-
- Member
-
- 56 posts
Member
That is amazing how you know these things. I changed it to hosts.bak and the kaspersky site loaded the next time I clicked the link.
Am running the scan now...
Do you want me to post any results from the kaspersky scan and a new HJT log after the scan has completed???
Am running the scan now...
Do you want me to post any results from the kaspersky scan and a new HJT log after the scan has completed???
Edited by death_hand, 24 April 2005 - 08:49 AM.
#18
Posted 24 April 2005 - 09:06 AM
death_hand
- Topic Starter
-
- Member
-
- 56 posts
Member
The scan works so far, and then it gets to a certain point after scanning 1852 files and gets stuck on the shortcuts on my desktop and doesn't scan any further.
In the files it has scanned though it finds quite a few viruses :S
I saw this thread http://www.geekstogo...ups-t19112.html is it worth me running this???
In the files it has scanned though it finds quite a few viruses :S
I saw this thread http://www.geekstogo...ups-t19112.html is it worth me running this???
Edited by death_hand, 24 April 2005 - 09:13 AM.
#19
Posted 24 April 2005 - 09:56 AM
Metallica
-
- GeekU Moderator
-
- 33,101 posts
Spyware Veteran
We do not recommend that, because it is made by the same people spreading this cr@p and we don't know if and what surprises were built into it.
And it won't help against the Bube infection you have.
Regards,
Pieter
And it won't help against the Bube infection you have.
Regards,
Pieter
#20
Posted 24 April 2005 - 12:33 PM
death_hand
- Topic Starter
-
- Member
-
- 56 posts
Member
Any ideas to another course of action as the kaspersky scan doesn't seem to work?
And what's a Bube infection??
And what's a Bube infection??
Edited by death_hand, 24 April 2005 - 12:33 PM.
#21
Posted 24 April 2005 - 01:30 PM
Metallica
-
- GeekU Moderator
-
- 33,101 posts
Spyware Veteran
I'm sorry. The Bube infection was mentioned at the forum where you uploaded the files:
http://www.thespykil...php?topic=155.0
Is your NAV running OK and completely updated?
You could try running a full scan with that if KAV refuses to go on.
Regards,
Pieter
http://www.thespykil...php?topic=155.0
Is your NAV running OK and completely updated?
You could try running a full scan with that if KAV refuses to go on.
Regards,
Pieter
#22
Posted 24 April 2005 - 02:36 PM
death_hand
- Topic Starter
-
- Member
-
- 56 posts
Member
Will run Symantec AV and see what that picks up.
Here is the results of the Kaspersky scan up until it gets stuck...
C:\Documents and Settings\All Use...ry\eXactAdvertisingBargainsBuddy.zip Passwor...tected-EXE send delete
C:\Documents and Settings\All Use...- Search & Destroy\Recovery\TIBS.zip Passwor...tected-EXE send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\00B00000.VBN Trojan-...2.Agent.ki send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\00B00001.VBN Backdoo...32.Rbot.km send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\00B00002.VBN IM-Worm...2.Kelvir.a send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\00B00003.VBN Backdoo...32.Rbot.km send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\00EC0000.VBN Trojan-...2.Agent.ki send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\01A00000.VBN Trojan-...2.Agent.ki send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\01C40000.VBN Trojan-...2.Agent.ki send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\01C40001.VBN Backdoo...Wisdoor.av send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\01C40002.VBN Backdoo...32.Rbot.kz send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\03240000.VBN Trojan-...2.Domcom.b send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\03EC0000.VBN Trojan-...2.Agent.ki send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\04FC0000.VBN Trojan-...32.Ieser.a send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\04FC0001.VBN Trojan.....Delprot.a send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\06480000.VBN Trojan-...2.Agent.is send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\06480001.VBN Trojan-...2.Agent.ki send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\07080000.VBN Trojan-...2.Agent.ki send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\07380000.VBN Trojan-...2.Agent.ki send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\07440000.VBN Trojan-...2.Agent.ki send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\07440001.VBN Backdoo...32.Rbot.kw send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\07440002.VBN Backdoo...Wisdoor.av send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\07440003.VBN Backdoo...32.Rbot.kz send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\07440004.VBN Backdoo...32.Rbot.kw send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\07440005.VBN Backdoo...Wisdoor.av send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\07440006.VBN Trojan-....Small.aoi send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\07440007.VBN Trojan-....PWSteal.b send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\07440008.VBN Backdoo...32.Rbot.kw send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\07540000.VBN Trojan-...32.Ieser.a send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\07540001.VBN Trojan.....Delprot.a send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\07540002.VBN Trojan-...2.Domcom.b send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\07700000.VBN Trojan-...2.Agent.ki send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\07700001.VBN Backdoo...32.Rbot.km send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\07BC0000.VBN Exploit.HTML.Mht send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\07BC0001.VBN Trojan-...2.Domcom.b send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\07BC0002.VBN Exploit.HTML.Mht send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\07BC0003.VBN Trojan-...S.Linker.k send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\07BC0004.VBN Trojan-...BS.Iwill.g send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\07BC0005.VBN Exploit.HTML.Mht send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\07BC0006.VBN Trojan-....JS.Weis.b send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\07BC0007.VBN Virus.Win32.Bube.l send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\07BC0008.VBN Virus.Win32.Bube.k send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\07BC0009.VBN Virus.Win32.Bube.k send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\07BC000A.VBN Trojan-...BS.Iwill.g send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\07BC000B.VBN Trojan-...2.Domcom.b send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\09740000.VBN Trojan-...2.Agent.ki send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\0E0C0000.VBN Trojan-....IstBar.hg send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\0E0C0001.VBN Trojan-....IstBar.eo send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\0E0C0003.VBN Trojan-....IstBar.eo send delete
I'm not sure how much use this will be to you but I thought I'd put it in anyway
Here is the results of the Kaspersky scan up until it gets stuck...
C:\Documents and Settings\All Use...ry\eXactAdvertisingBargainsBuddy.zip Passwor...tected-EXE send delete
C:\Documents and Settings\All Use...- Search & Destroy\Recovery\TIBS.zip Passwor...tected-EXE send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\00B00000.VBN Trojan-...2.Agent.ki send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\00B00001.VBN Backdoo...32.Rbot.km send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\00B00002.VBN IM-Worm...2.Kelvir.a send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\00B00003.VBN Backdoo...32.Rbot.km send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\00EC0000.VBN Trojan-...2.Agent.ki send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\01A00000.VBN Trojan-...2.Agent.ki send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\01C40000.VBN Trojan-...2.Agent.ki send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\01C40001.VBN Backdoo...Wisdoor.av send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\01C40002.VBN Backdoo...32.Rbot.kz send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\03240000.VBN Trojan-...2.Domcom.b send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\03EC0000.VBN Trojan-...2.Agent.ki send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\04FC0000.VBN Trojan-...32.Ieser.a send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\04FC0001.VBN Trojan.....Delprot.a send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\06480000.VBN Trojan-...2.Agent.is send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\06480001.VBN Trojan-...2.Agent.ki send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\07080000.VBN Trojan-...2.Agent.ki send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\07380000.VBN Trojan-...2.Agent.ki send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\07440000.VBN Trojan-...2.Agent.ki send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\07440001.VBN Backdoo...32.Rbot.kw send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\07440002.VBN Backdoo...Wisdoor.av send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\07440003.VBN Backdoo...32.Rbot.kz send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\07440004.VBN Backdoo...32.Rbot.kw send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\07440005.VBN Backdoo...Wisdoor.av send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\07440006.VBN Trojan-....Small.aoi send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\07440007.VBN Trojan-....PWSteal.b send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\07440008.VBN Backdoo...32.Rbot.kw send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\07540000.VBN Trojan-...32.Ieser.a send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\07540001.VBN Trojan.....Delprot.a send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\07540002.VBN Trojan-...2.Domcom.b send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\07700000.VBN Trojan-...2.Agent.ki send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\07700001.VBN Backdoo...32.Rbot.km send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\07BC0000.VBN Exploit.HTML.Mht send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\07BC0001.VBN Trojan-...2.Domcom.b send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\07BC0002.VBN Exploit.HTML.Mht send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\07BC0003.VBN Trojan-...S.Linker.k send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\07BC0004.VBN Trojan-...BS.Iwill.g send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\07BC0005.VBN Exploit.HTML.Mht send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\07BC0006.VBN Trojan-....JS.Weis.b send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\07BC0007.VBN Virus.Win32.Bube.l send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\07BC0008.VBN Virus.Win32.Bube.k send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\07BC0009.VBN Virus.Win32.Bube.k send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\07BC000A.VBN Trojan-...BS.Iwill.g send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\07BC000B.VBN Trojan-...2.Domcom.b send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\09740000.VBN Trojan-...2.Agent.ki send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\0E0C0000.VBN Trojan-....IstBar.hg send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\0E0C0001.VBN Trojan-....IstBar.eo send delete
C:\Documents and Settings\All Use... Edition\7.5\Quarantine\0E0C0003.VBN Trojan-....IstBar.eo send delete
I'm not sure how much use this will be to you but I thought I'd put it in anyway
#23
Posted 24 April 2005 - 02:42 PM
Metallica
-
- GeekU Moderator
-
- 33,101 posts
Spyware Veteran
The list you posted seem to be files that were quarantined by other scanners, so nothing to worry about sofar. 
Regards,
Pieter
Regards,
Pieter
#24
Posted 26 April 2005 - 10:32 AM
death_hand
- Topic Starter
-
- Member
-
- 56 posts
Member
Hi there,
Ran a full scan with Symantec Av and it didn't pick anything up, ran a scan with Ewido earlier and it picked up and cleaned a few things.
I'm still getting the Ewido popup window telling me it has found an infected file though. Do you want my latest HJT log to look at?
Thanks
Ran a full scan with Symantec Av and it didn't pick anything up, ran a scan with Ewido earlier and it picked up and cleaned a few things.
I'm still getting the Ewido popup window telling me it has found an infected file though. Do you want my latest HJT log to look at?
Thanks
#25
Posted 26 April 2005 - 12:21 PM
Metallica
-
- GeekU Moderator
-
- 33,101 posts
Spyware Veteran
I would also like to know what the Ewido window says exactly.
Regards,
Pieter
Regards,
Pieter
#26
Posted 26 April 2005 - 01:48 PM
death_hand
- Topic Starter
-
- Member
-
- 56 posts
Member
Here is the latest HJT log after running Symantec AV, Microsoft AS, Spybot S&D and Adaware SE:
Logfile of HijackThis v1.99.1
Scan saved at 20:46:53, on 26/04/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\AntiVirus\security suite\ewidoctrl.exe
C:\Program Files\AntiVirus\security suite\ewidoguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\spss_lmd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svhost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bitorrent\BitTornado\btdownloadgui.exe
C:\Program Files\MicrosoftAntiSpywareInstall\gcasDtServ.exe
C:\Program Files\MicrosoftAntiSpywareInstall\gcasServ.exe
C:\Program Files\AntiVirus\Hijack This\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lboro.ac.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lboro.ac.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F3 - REG:win.ini: run=C:\WINDOWS\system32\svhost.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PcSync] PCsync.exe
O4 - HKLM\..\RunServices: [PcSync] PCsync.exe
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\MicrosoftAntiSpywareInstall\gcASCleaner.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PcSync] PCsync.exe
O4 - HKCU\..\Run: [System backup] C:\WINDOWS\system32\web.exe
O4 - HKCU\..\RunServices: [PcSync] PCsync.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.../kavwebscan.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....738&clcid=0x409
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/...4/OCI/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1100103577619
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by103fd.bay10...ex/HMAtchmt.ocx
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/gbn1742.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CWShredder Service - InterMute, Inc. - C:\Program Files\AntiVirus\CWShredder.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\AntiVirus\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\AntiVirus\security suite\ewidoguard.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Spss License Manager (SpssLM) - Unknown owner - C:\WINDOWS\system32\spss_lmd.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Logfile of HijackThis v1.99.1
Scan saved at 20:46:53, on 26/04/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\AntiVirus\security suite\ewidoctrl.exe
C:\Program Files\AntiVirus\security suite\ewidoguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\spss_lmd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svhost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bitorrent\BitTornado\btdownloadgui.exe
C:\Program Files\MicrosoftAntiSpywareInstall\gcasDtServ.exe
C:\Program Files\MicrosoftAntiSpywareInstall\gcasServ.exe
C:\Program Files\AntiVirus\Hijack This\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lboro.ac.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lboro.ac.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F3 - REG:win.ini: run=C:\WINDOWS\system32\svhost.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PcSync] PCsync.exe
O4 - HKLM\..\RunServices: [PcSync] PCsync.exe
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\MicrosoftAntiSpywareInstall\gcASCleaner.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PcSync] PCsync.exe
O4 - HKCU\..\Run: [System backup] C:\WINDOWS\system32\web.exe
O4 - HKCU\..\RunServices: [PcSync] PCsync.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.../kavwebscan.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....738&clcid=0x409
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/...4/OCI/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1100103577619
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by103fd.bay10...ex/HMAtchmt.ocx
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/gbn1742.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CWShredder Service - InterMute, Inc. - C:\Program Files\AntiVirus\CWShredder.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\AntiVirus\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\AntiVirus\security suite\ewidoguard.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Spss License Manager (SpssLM) - Unknown owner - C:\WINDOWS\system32\spss_lmd.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
#27
Posted 26 April 2005 - 02:15 PM
Metallica
-
- GeekU Moderator
-
- 33,101 posts
Spyware Veteran
*Click Here to download Killbox by Option^Explicit.
*Extract the program to your desktop and double-click on its folder, then double-click on Killbox.exe to start the program.
*In the killbox program, select the Delete on Reboot option.
*In the field labeled Full Path of File to Delete enter the file paths listed below
C:\WINDOWS\system32\svhost.exe NOTE the spelling (without the C)
Press the button that looks like a red circle with a white X in it after each one. When it asks if you would like to delete on reboot, press the YES button, when it asks if you want to reboot now, press the NO button. Do this after each one until you have entered the LAST file path I have listed above. After that LAST file path has been entered press the YES button at both prompts so that your computer restarts. If you recieve an error message "PendingRenameOperation...." and your computer doesn't restart, please restart it manually.
After the reboot check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:
F3 - REG:win.ini: run=C:\WINDOWS\system32\svhost.exe
O4 - HKCU\..\Run: [System backup] C:\WINDOWS\system32\web.exe
Reboot once more and post a new log.
Regards,
Pieter
*Extract the program to your desktop and double-click on its folder, then double-click on Killbox.exe to start the program.
*In the killbox program, select the Delete on Reboot option.
*In the field labeled Full Path of File to Delete enter the file paths listed below
C:\WINDOWS\system32\svhost.exe NOTE the spelling (without the C)
Press the button that looks like a red circle with a white X in it after each one. When it asks if you would like to delete on reboot, press the YES button, when it asks if you want to reboot now, press the NO button. Do this after each one until you have entered the LAST file path I have listed above. After that LAST file path has been entered press the YES button at both prompts so that your computer restarts. If you recieve an error message "PendingRenameOperation...." and your computer doesn't restart, please restart it manually.
After the reboot check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:
F3 - REG:win.ini: run=C:\WINDOWS\system32\svhost.exe
O4 - HKCU\..\Run: [System backup] C:\WINDOWS\system32\web.exe
Reboot once more and post a new log.
Regards,
Pieter
#28
Posted 26 April 2005 - 02:35 PM
death_hand
- Topic Starter
-
- Member
-
- 56 posts
Member
Here is the HJT results after doing the steps posted in your last post. When I reebooted after deleting svhost.exe using killbow a dialouge box came up saying the 'svhost.exe could not be loaded' which was good to see. After running HJT and removing the two registry key things you said to, the error message did not come up the next time I rebooted after runnignHJT.
Anyway, here is the latest HJT log after doing your last set of excellent instructions:
Logfile of HijackThis v1.99.1
Scan saved at 21:31:54, on 26/04/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\AntiVirus\security suite\ewidoctrl.exe
C:\Program Files\AntiVirus\security suite\ewidoguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\spss_lmd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AntiVirus\Hijack This\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lboro.ac.uk/students
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lboro.ac.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PcSync] PCsync.exe
O4 - HKLM\..\RunServices: [PcSync] PCsync.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PcSync] PCsync.exe
O4 - HKCU\..\RunServices: [PcSync] PCsync.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.../kavwebscan.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....738&clcid=0x409
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/...4/OCI/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1100103577619
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by103fd.bay10...ex/HMAtchmt.ocx
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/gbn1742.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CWShredder Service - InterMute, Inc. - C:\Program Files\AntiVirus\CWShredder.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\AntiVirus\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\AntiVirus\security suite\ewidoguard.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Spss License Manager (SpssLM) - Unknown owner - C:\WINDOWS\system32\spss_lmd.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Anyway, here is the latest HJT log after doing your last set of excellent instructions:
Logfile of HijackThis v1.99.1
Scan saved at 21:31:54, on 26/04/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\AntiVirus\security suite\ewidoctrl.exe
C:\Program Files\AntiVirus\security suite\ewidoguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\spss_lmd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AntiVirus\Hijack This\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lboro.ac.uk/students
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lboro.ac.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PcSync] PCsync.exe
O4 - HKLM\..\RunServices: [PcSync] PCsync.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PcSync] PCsync.exe
O4 - HKCU\..\RunServices: [PcSync] PCsync.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.../kavwebscan.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....738&clcid=0x409
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/...4/OCI/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1100103577619
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by103fd.bay10...ex/HMAtchmt.ocx
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/gbn1742.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CWShredder Service - InterMute, Inc. - C:\Program Files\AntiVirus\CWShredder.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\AntiVirus\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\AntiVirus\security suite\ewidoguard.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Spss License Manager (SpssLM) - Unknown owner - C:\WINDOWS\system32\spss_lmd.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
#29
Posted 26 April 2005 - 02:40 PM
death_hand
- Topic Starter
-
- Member
-
- 56 posts
Member
Have just had another warning window from Ewido telling me about the same .exe file as the picture on the 1st page of this thread shows :s
#30
Posted 26 April 2005 - 03:02 PM
Metallica
-
- GeekU Moderator
-
- 33,101 posts
Spyware Veteran
Same filename?
If so, use Killbox with this as the Full Path of File to delete:
C:\Windows\qkcrxvibs.exe
Your log is clean now, by the way.
Regards,
Pieter
If so, use Killbox with this as the Full Path of File to delete:
C:\Windows\qkcrxvibs.exe
Your log is clean now, by the way.
Regards,
Pieter
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
