Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

SearchMiracle/EliteBar


  • This topic is locked This topic is locked

#1
ElmoScoggins

ElmoScoggins

    Member

  • Member
  • PipPip
  • 14 posts
I've run MS antispyware, which found the bad boy and said it eliminated it, but its still there. I ran adaware, symantec, etc, but nothing gets it out. It reappears in Hijack This regardless of what I do...

This is current log

Logfile of HijackThis v1.99.1
Scan saved at 8:23:14 AM, on 8/15/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\NEW2000\System32\smss.exe
C:\NEW2000\system32\csrss.exe
C:\NEW2000\system32\winlogon.exe
C:\NEW2000\system32\services.exe
C:\NEW2000\system32\lsass.exe
C:\NEW2000\system32\svchost.exe
C:\NEW2000\System32\svchost.exe
C:\NEW2000\System32\svchost.exe
C:\NEW2000\System32\svchost.exe
C:\NEW2000\Explorer.EXE
C:\NEW2000\system32\spoolsv.exe
C:\Program Files\AnalogX\CookieWall\cookie.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\NEW2000\System32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\NEW2000\System32\nvsvc32.exe
C:\NEW2000\System32\wdfmgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Andrew Abrams.AMA-LAPTOP\Desktop\HijackThis.exe

R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [CookieWall] C:\Program Files\AnalogX\CookieWall\cookie.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [System service63] C:\NEW2000\etb\pokapoka63.exe
O4 - HKLM\..\Run: [checkrun] c:\new2000\system32\elitekbe32.exe
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Andrew Abrams.AMA-LAPTOP\Desktop\HijackThis.exe /startupscan
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\NEW2000\System32\ctfmon.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: SEAGULL WinJa Java Client 3_0C15 - https://www2.netxpro...Ja/winja_ie.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0ECBFDC9-3B38-4591-BD86-D4B0FA2AA2FF}: NameServer = 10.10.15.50
O17 - HKLM\System\CS1\Services\Tcpip\..\{0ECBFDC9-3B38-4591-BD86-D4B0FA2AA2FF}: NameServer = 10.10.15.50
O17 - HKLM\System\CS2\Services\Tcpip\..\{0ECBFDC9-3B38-4591-BD86-D4B0FA2AA2FF}: NameServer = 10.10.15.50
O18 - Protocol: flowto - {C7101FB0-28FB-11D5-883A-204C4F4F5021} - C:\Program Files\NetExchange Pro3.0\FlowHook.dll
O20 - Winlogon Notify: NavLogon - C:\NEW2000\System32\NavLogon.dll
O20 - Winlogon Notify: PCANotify - C:\NEW2000\SYSTEM32\PCANotify.dll
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\NEW2000\System32\nvsvc32.exe

Can anyone help?
  • 0

Advertisements


#2
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hello and welcome!

We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP, or Service Pack 4 if you are running Win2k. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here
Apply the update, reboot, and post a fresh HijackThis log.

- Rawe :tazz:

Do NOT install Service Pack 2 at this time!
  • 0

#3
ElmoScoggins

ElmoScoggins

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
MS in its infinite wisdom will not let me install. Says my product key is invalid. It isnt because this PC came from Dell, but had the opsys installed a second time when the drive failed... Now what????
  • 0

#4
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Well, that's too bad. I can't help you without an visible upgrade. If microsoft says your product key is invalid, you will have to contact Microsoft about it. Sorry.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP