Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hijacked Please Help


  • Please log in to reply

#1
SIcarius

SIcarius

    New Member

  • Member
  • Pip
  • 1 posts
I downloaded a nocd crack for a video game -ran it and ended up being hijacked -I got rid of alot of spyware afterwards by the ones that remain on my sys are aurora, PIB, seeve -that I know of -
Ran Ad-Aware 6.0, Spyware Doctor, Pest Patrol, CCleaner, Hijack This, DeepDelete, Spybot, Registry Mechanic, CWS Shredder, AVG, Mcaffee antivirus, Norton AV 2005, msconfig -all in safemode -Flushed DNS -cleared cache -ARP -d -everything I could think of and I cant get rid of E:\PROGRA~1\Toolbar folder -heres the HijackThis Log

Logfile of HijackThis v1.99.1
Scan saved at 10:26:56 PM, on 5/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Stardock\SDMCP.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
E:\WINDOWS\seeve.exe
E:\Documents and Settings\Satan\Application Data\tola.exe
e:\windows\system32\zfqgri.exe
E:\Program Files\Logitech\MouseWare\system\em_exec.exe
E:\Program Files\Common Files\Command Software\dvpapi.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\Windows Media Player\wmplayer.exe
E:\Program Files\Trillian\trillian.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\WINDOWS\drlxcpfajq.exe
E:\Billy\Setup-Files\McAfee Virus Scan Home Edition 2004 Full Retail\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mozilla...:en-US:official
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = E:\WINDOWS\about.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe E:\WINDOWS\Nail.exe
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [seeve] E:\WINDOWS\seeve.exe
O4 - HKLM\..\Run: [bdbqhsf] e:\windows\system32\zfqgri.exe
O4 - HKLM\..\Run: [PPMemCheck] E:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] E:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] E:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\RunOnce: [Remove at boot] C:\DeleteAtReboot.bat
O4 - HKLM\..\RunOnce: [SpybotSnD] "E:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [Eieo] E:\Documents and Settings\Satan\Application Data\tola.exe
O4 - HKCU\..\Run: [ITD7] "E:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe" -boot
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - blank (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1113710624562
O20 - Winlogon Notify: MCPClient - E:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: WB - E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: Adobe LM Service - Unknown owner - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - E:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - E:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - E:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - E:\WINDOWS\svcproc.exe (file missing)

Maybe someone can help me please -I found uninstall steps for aurora on this site and ran everything and it did not work -Plse respond
  • 0

Advertisements


#2
austin_o

austin_o

    Retired Staff

  • Retired Staff
  • 2,089 posts
Work your way through the guide posted at the top of this forum where it says "Do you suspect a malware (Spyware, Virus, Trojan) infection? Please start here. " This guide enables folks to solve about 97 percent of their problems on their own. If you still have trouble after doing that, run a new hijack this log and post it in the malware forum. This is where the hijack logs go. This is the wrong forum. :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP