Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account

Anti-Virus GOLD! AARGH!

Started by Guest_yezpahr_* , May 31 2005 08:44 AM

  • This topic is locked This topic is locked

#1
Guest_yezpahr_*
Posted 31 May 2005 - 08:44 AM

Guest_yezpahr_*
  • Guest
Well, like thousands of others I have fallen victim to this nutcase of a dweep's experiment who wants to crush others privacy.

I tried Hitman PRO
Regseeker
My own mind
And THIS emo fits right in my image... :tazz:

I pulled HijackThis off the net and this is what he told me...

Logfile of HijackThis v1.99.1
Scan saved at 16:40:38, on 31-5-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\eigenaar\Bureaublad\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.updatesea...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.updatesearches.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.updatesea...earch.php?qq=%1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.updatesea...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.updatesea...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.updatesea...earch.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.updatesearches.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O1 - Hosts: 24.185.107.56 l2testauthd.lineage2.com
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\system32\hp8F5F.tmp
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra button: Microsoft AntiSpyware helper - {8F8E46C9-A516-4789-ADC1-0E8DDD696568} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8F8E46C9-A516-4789-ADC1-0E8DDD696568} - (no file) (HKCU)
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10226.dll' missing
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) -
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/...2/OCI/setup.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...83/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} - http://212.145.159.1...Recomendada.cab
O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093974868145
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,20/mcgdmgr.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -
O20 - Winlogon Notify: cool iets - cool iets.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


The YES'

YES, I installed Google Toolbar on purpose.
YES, have Norton 2005 running.
YES, I installed Msgplus WITHOUT sponsor.
YES, I did this scan AFTER Hitman PRO and all my other attempts.
YES, I installed GameSpy Arcade free version.
Oh yeah: I play Lineage2 too.

The NO's
NO, I was NOT playing solitaire.
NO, I do NOT care about formatting, but deleting this without getting wacked off by Norton AGAIN will save time.
I mean, I installed Norton for the 15th time, so they call me each time their software failed and I had to format everything again. It takes more than 2 weeks for them to realize their software actually IS crap and then they apologize...)

I hope I can get some help through MSN too. My msn is given free to readers of this post. Thanks in advance

Edited by yezpahr, 31 May 2005 - 08:46 AM.

  • 0

Advertisements

#2
kool808
Posted 31 May 2005 - 08:54 AM

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts
Hello and welcome to Geeks to Go! :tazz: I'm kool808

First I need you to read and install the files HERE.
Follow the recommended configurations, settings and updates for each applications.

RUN in the following order in Safe Mode:
1. Run Ad-Aware 1.06
2. Run CWShredder then click Fix->
3. Open Spybot S&D 1.3 then click check for problems
4. Run CleanUp at least twice

Even the best antispyware programs are only able to remove about 70% of infections. Also, the line between spyware and trojans is getting blurred. You can never be too careful with these, I recommend at least one online scan.

Now, REBOOT in Normal Mode and have an On-line scan at this sites: Trend Micro or Panda Scan.

REBOOT.
Now make sure to close all other windows and you are NOT connected to the internet. Open HijackThis! and Scan.

Post a log as a new topic in the HijackThis Forum. It will get a better response there from the people most qualified to analyze logs.

Most of what it lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.

Edited by kool808, 31 May 2005 - 08:56 AM.

  • 0

#3
Guest_yezpahr_*
Posted 31 May 2005 - 09:02 AM

Guest_yezpahr_*
  • Guest
I got everything out, except the flashing background. It still flashes from white to grey and so on. The toolbar got deleted by Hitman PRO and all that other shyt got destroyed by manual attention. I used Regseeker to clean out my register and used NTREGOPT to get another whipe over it. I used RegCleaner to get another small spray on the register and used Regseeker again to whipe off the spary of RegCleaner

(RegCleaner puts some stuff back in again after said it removed it. After it put it back in again, RegSeeker can miraculously find that stuff all of a sudden.)

Thank you for your help, I will move my first post to that forum you pointed me to.

Edited by yezpahr, 31 May 2005 - 09:23 AM.

  • 0

#4
Kat
Posted 31 May 2005 - 03:20 PM

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP

The toolbar got deleted by Hitman PRO

View Post


Hitman Pro is not a program we recommend using. It is not technically on the "Rogue" List as found here but it has been included in the "ok, I'm pretty sure it's bad but it needs more testing" side. Personally, I won't use ANYTHING on that site above unless it is in the lower "SAFE" section! :tazz:
  • 0

#5
Guest_yezpahr_*
Posted 01 June 2005 - 03:42 AM

Guest_yezpahr_*
  • Guest
I think the only reason it isn't trusted is because it is Dutch. I don't know if anybody here understands Dutch, but I do. It isn't that hard, just click a few times on the I agree, let Hitman Pro do its job and don't click anywhere with the mouse. Hitman PRO uses a bunch of other anti-virus and anti-trojans and doesn't run processes when not active. It is the perfect tool for Dutch people, because it is easy to understand (Dutch people are idiots). Also, as recommendation for the experienced reg-editor: Regseeker. It is also another perfect tool for your register and you can tweak some reg-settings like the time before a menu steps in. Default is 0.4 seconds, I changed it to 4 seconds. Anyhow: Regseeker and Hitman PRO are on my personal recommendation list and I will certainly direct users to it when they have problems with their pc.
  • 0

#6
Metallica
Posted 01 June 2005 - 04:16 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
yezpahr,

Did the thoughts occur to you that:
- Dutch are much better in reading English then the other way around
- I do not like your avatar
- I am Dutch
- I am a Moderator here
- I hate being called an idiot (even together with 16 million others)
- I just raised your warn level and I will have you banned if you don't change your attitude and your avatar.

Regards,
  • 0

#7
Guest_yezpahr_*
Posted 01 June 2005 - 04:22 AM

Guest_yezpahr_*
  • Guest
Don't take it too hard, I am Dutch myself. I am just typing what I hear from LOTS of English people. I hear American's saying that Dutch are noobs all the time. We are, according to most American hard-core gamers, total noobs in all and everything that has something to do with computers.

I will chance the Avatar.
I cannot chance how I am, I am trying to help and I am not trying to hurt people's feelings.
  • 0

#8
Metallica
Posted 01 June 2005 - 04:48 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Well, you did anyway. I had two complaints about your avatar, so I started reading your posts.

I did not like all that I read, although I think it is true that you want to help.
We do offer that possibility, so if you want to learn how to be a big spywarefighter like all-time Dutch hero TonyKlein:
http://www.geekstogo...here-t4817.html

Try to keep in mind that all people (of all ages) are welcome here and you'll do just fine. :tazz:

Regards,
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP