Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Cannot permanently delete p2pnetworking.exe [RESOLVED]

Started by bythebeach , Jun 05 2005 03:59 AM

  • This topic is locked This topic is locked

#1
bythebeach
Posted 05 June 2005 - 03:59 AM

bythebeach

    New Member

  • Member
  • Pip
  • 4 posts
In XP Pro SP1, I cannot get rid of p2pnetworking.exe as a running process. I have tried deleting all entries for it in the registry, rebooting in safe mode and deleting the file in Windows\System32 and using Cleanup, but it always returns when I reboot into Windows. Have also tried Killbox and HijackThis ' Delete on Reboot'. I also could not access regedit, but I fixed that. Nortons AV does not pick up any viruses and Security Task Manager, HijackThis, Ad-Aware and Spybot cannot kill it.
I also have SpywareBlaster and MS AntiSpyware, but often disable them, as I work with videos.
Sounds like the same problem that Sportscort93t is having (being helped by Kat 1/6/05)
I have scanned with MWAV, a brief log follows, together with HJT log.
I have deleted tmp~2.exe and msnmsgr.exe.g_805EOB_g.
This is my first post as a newby, thanks, your specialised knowledge is invaluable.

Logfile of HijackThis v1.99.1
Scan saved at 6:17:58 PM, on 5/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Sygate\SPF\smc.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\WINDOWS\System32\WFXSVC.EXE
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\Hmonitor\hmonitor.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\System32\CTHELPER.EXE
D:\WINDOWS\System32\p2pnetworking.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton AntiVirus\SAVScan.exe
D:\Program Files\HijackThis v1.99.0.1\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.reeds.net.au
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.reeds.net.au
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.reeds.net.au
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: D:\WINDOWS\lbbho.dll - {B3DCF095-2B6F-4727-A201-127FABAF72FA} - D:\WINDOWS\lbbho.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Linkman - {5C9DCA26-CEC4-4280-A831-D622D4DBF113} - D:\PROGRA~1\Linkman\LINKMA~1.DLL
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - D:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SiS Windows KeyHook] D:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [hmonitor] D:\Program Files\Hmonitor\hmonitor.exe
O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] D:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] D:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [winupdate] D:\Program Files\winupdate\winupdate.exe /auto
O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking.exe
O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe
O8 - Extra context menu item: Download with GetRight - D:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - D:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Search Using Copernic Agent - D:\Program Files\Copernic Agent\Web\SearchExt.htm
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Web Entry - {B4E30F61-16D9-11D3-85D1-005004229569} - D:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - D:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM+ Alerter Service - Unknown owner - D:\WINDOWS\system32\altsvc.exe
O23 - Service: Iomega App Services - Iomega Corporation - D:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - D:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - D:\WINDOWS\System32\WFXSVC.EXE
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - D:\Program Files\Iomega\AutoDisk\ADService.exe

MWAV LOG 5/6/05 POSSIBLE VIRUSES FOUND

Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "myway Spyware/Adware" found in File System! Action Taken: No Action Taken.
File D:\WINDOWS\NDNuninstall4_85.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
File D:\WINDOWS\System32\tmp~2.exe infected by "Backdoor.Win32.ServU-based" Virus! Action Taken: No Action Taken.
File D:\WINDOWS\System32\KILLAPPS.EXE tagged as not-a-virus:Tool.Win32.KillApp.b. No Action Taken.
File D:\Program Files\Aida32 System Information\aida32.exe tagged as not-a-virus:Tool.Win32.AIDA.3862. No Action Taken.
File D:\Program Files\Aida32 System Information\aida_directx.dll tagged as not-a-virus:Tool.Win32.AIDA.3862. No Action Taken.
File D:\Program Files\911 CD Builder\modules\911cd\mnuutils.cab tagged as not-a-virus:Tool.DOS.Restart. No Action Taken.
File D:\Program Files\Iomega\AutoDisk\Setup_enu.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File D:\Program Files\Iomega\System32\Win2kDrivers.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File D:\Program Files\Iomega\DriveIcons\imghr.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File D:\Program Files\Pinnacle\Studio 9\OEM\hfx55StudioSilent.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File D:\WINDOWS\system32\tmp~2.exe infected by "Backdoor.Win32.ServU-based" Virus! Action Taken: No Action Taken.
File D:\WINDOWS\system32\KILLAPPS.EXE tagged as not-a-virus:Tool.Win32.KillApp.b. No Action Taken.
File D:\WINDOWS\NDNuninstall4_85.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
File D:\Documents and Settings\All Users\Application Data\SecTaskMan\msnmsgr.exe.q_805E0B_q tagged as not-a-virus:Server-FTP.Win32.Serv-U.50011. No Action Taken.
File D:\Downloads General\Iomega Zip 100 external parallel-usb-fw Win98 Drivers\iodrv-w98-x86-403.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
  • 0

Advertisements

#2
therock247uk
Posted 05 June 2005 - 08:34 AM

therock247uk

    Expert

  • Expert
  • 14,672 posts
  • MVP
*Click Here to download Killbox by Option^Explicit.
*Extract the program to your desktop and double-click on its folder, then double-click on Killbox.exe to start the program.
*In the killbox program, select the Delete on Reboot option.
*Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\Program Files\MsConfigs\MsConfigs.exe
C:\WINDOWS\system32\p2pnetwork.exe
C:\WINDOWS\system32\CMD.COM
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\system32\tracert.com

*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

After the reboot run HijackThis again. Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

O4 - HKLM\..\Run: [MsConfigs] C:\Program Files\MsConfigs\MsConfigs.exe
O4 - HKLM\..\Run: [p2pnetwork] p2pnetwork.exe
O4 - HKLM\..\RunServices: [p2pnetwork] p2pnetwork.exe
O4 - HKCU\..\Run: [p2pnetwork] p2pnetwork.exe
O4 - HKCU\..\RunServices: [p2pnetwork] p2pnetwork.exe

Reboot once more and post the resulting HijackThis log.
  • 0

#3
bythebeach
Posted 06 June 2005 - 04:36 AM

bythebeach

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Success...gone!...thanks, therock247uk!!!
Wasn't able to delete more than one file at a time in Pocket Killbox 2.0.0.175, from link,
so used GiPo@MoveOnBoot Utility, which did the trick.
Didn't have the MsConfigs.exe file, but all the others seem permanently deleted.
I did a Google on the .com files but came up with nothing...any idea what the bug was called?
The 023 altsvc.exe unknown Com + Alerter Service worries me. Nobody seems to know much about it & a few posts have recommended deleting it. One post said that it was introduced with Hardware Sensors Monitor, whick I also have. What do you advise?
Final HJT Log follows:-
Logfile of HijackThis v1.99.1
Scan saved at 6:32:34 PM, on 6/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Sygate\SPF\smc.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\WINDOWS\System32\WFXSVC.EXE
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\Hmonitor\hmonitor.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\System32\CTHELPER.EXE
D:\Program Files\HijackThis v1.99.0.1\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.reeds.net.au
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.reeds.net.au
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.reeds.net.au
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: D:\WINDOWS\lbbho.dll - {B3DCF095-2B6F-4727-A201-127FABAF72FA} - D:\WINDOWS\lbbho.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Linkman - {5C9DCA26-CEC4-4280-A831-D622D4DBF113} - D:\PROGRA~1\Linkman\LINKMA~1.DLL
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - D:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SiS Windows KeyHook] D:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [hmonitor] D:\Program Files\Hmonitor\hmonitor.exe
O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] D:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] D:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O8 - Extra context menu item: Download with GetRight - D:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - D:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Search Using Copernic Agent - D:\Program Files\Copernic Agent\Web\SearchExt.htm
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Web Entry - {B4E30F61-16D9-11D3-85D1-005004229569} - D:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - D:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM+ Alerter Service - Unknown owner - D:\WINDOWS\system32\altsvc.exe
O23 - Service: Iomega App Services - Iomega Corporation - D:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - D:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - D:\WINDOWS\System32\WFXSVC.EXE
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - D:\Program Files\Iomega\AutoDisk\ADService.exe
  • 0

#4
therock247uk
Posted 06 June 2005 - 07:17 AM

therock247uk

    Expert

  • Expert
  • 14,672 posts
  • MVP
1. Open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.

O2 - BHO: D:\WINDOWS\lbbho.dll - {B3DCF095-2B6F-4727-A201-127FABAF72FA} - D:\WINDOWS\lbbho.dll (file missing)

2. Then post a new Hijackthis log here in a reply.
  • 0

#5
bythebeach
Posted 12 June 2005 - 05:03 PM

bythebeach

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Logfile of HijackThis v1.99.1
Scan saved at 8:52:05 AM, on 13/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Sygate\SPF\smc.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\WINDOWS\System32\WFXSVC.EXE
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\Hmonitor\hmonitor.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\System32\CTHELPER.EXE
D:\Program Files\SpywareGuard\sgmain.exe
D:\Program Files\HijackThis v1.99.0.1\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.reeds.net.au
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.reeds.net.au
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.reeds.net.au
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Linkman - {5C9DCA26-CEC4-4280-A831-D622D4DBF113} - D:\PROGRA~1\Linkman\LINKMA~1.DLL
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - D:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SiS Windows KeyHook] D:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [hmonitor] D:\Program Files\Hmonitor\hmonitor.exe
O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] D:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] D:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - Startup: SpywareGuard.lnk = D:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Download with GetRight - D:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - D:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Search Using Copernic Agent - D:\Program Files\Copernic Agent\Web\SearchExt.htm
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Web Entry - {B4E30F61-16D9-11D3-85D1-005004229569} - D:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - D:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM+ Alerter Service - Unknown owner - D:\WINDOWS\system32\altsvc.exe
O23 - Service: Iomega App Services - Iomega Corporation - D:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - D:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Wausiectismq - Creative Technology Ltd. - D:\WINDOWS\System32\drivers\ctoss2k.sys
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - D:\WINDOWS\System32\WFXSVC.EXE
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - D:\Program Files\Iomega\AutoDisk\ADService.exe
  • 0

#6
therock247uk
Posted 12 June 2005 - 05:46 PM

therock247uk

    Expert

  • Expert
  • 14,672 posts
  • MVP
Your log is clean :tazz:

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
To protect yourself further:
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.

Credit to PGPhantom for canned speech.
  • 0

#7
bythebeach
Posted 13 June 2005 - 07:45 PM

bythebeach

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thanks therock247uk,
What about:-
O23 - Service: COM+ Alerter Service - Unknown owner - D:\WINDOWS\system32\altsvc.exe ???

Nobody seems to know much about it & a few posts from Admins in spyware forums have recommended deleting it? eg. http://discussions.v...ad.php?t=187853

http://service.iamno...m/srch-240.html, says
Name Process Details
Malware netbios helper service altsvc.exe adserver adtech.de redirects

http://www.file.net/...altsvc.exe.html says:-
Description: altsvc.exe is located in the folder C:\Windows\System32. The file size on Windows XP is 13312 Byte.
The file is located in the Windows folder, but it is no Windows core file. There is no information about the maker of the file. The program has no visible window. Therefore the technical security rating is 6% dangerous.
Important: Some malware can camouflage themselves as altsvc.exe, particularly if they are located in c:\windows or c:\windows\system32 folder.

Scanning altsvc.exe at http://virusscan.jotti.org/, comes up with:-
Status: INFECTED/MALWARE
Dr.Web Found not a virus Program.SrvAny
Fortinet Found W32/SrvAny-app

Got any clues?
  • 0

#8
therock247uk
Posted 14 June 2005 - 09:58 AM

therock247uk

    Expert

  • Expert
  • 14,672 posts
  • MVP
That file and service is good.
  • 0

#9
therock247uk
Posted 02 July 2005 - 11:18 AM

therock247uk

    Expert

  • Expert
  • 14,672 posts
  • MVP
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP