Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

SearchMiracle/EliteBar

Started by ElmoScoggins , Aug 15 2005 06:25 AM

  • This topic is locked This topic is locked

#1
ElmoScoggins
Posted 15 August 2005 - 06:25 AM

ElmoScoggins

    Member

  • Member
  • PipPip
  • 14 posts
I've run MS antispyware, which found the bad boy and said it eliminated it, but its still there. I ran adaware, symantec, etc, but nothing gets it out. It reappears in Hijack This regardless of what I do...

This is current log

Logfile of HijackThis v1.99.1
Scan saved at 8:23:14 AM, on 8/15/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\NEW2000\System32\smss.exe
C:\NEW2000\system32\csrss.exe
C:\NEW2000\system32\winlogon.exe
C:\NEW2000\system32\services.exe
C:\NEW2000\system32\lsass.exe
C:\NEW2000\system32\svchost.exe
C:\NEW2000\System32\svchost.exe
C:\NEW2000\System32\svchost.exe
C:\NEW2000\System32\svchost.exe
C:\NEW2000\Explorer.EXE
C:\NEW2000\system32\spoolsv.exe
C:\Program Files\AnalogX\CookieWall\cookie.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\NEW2000\System32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\NEW2000\System32\nvsvc32.exe
C:\NEW2000\System32\wdfmgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Andrew Abrams.AMA-LAPTOP\Desktop\HijackThis.exe

R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [CookieWall] C:\Program Files\AnalogX\CookieWall\cookie.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [System service63] C:\NEW2000\etb\pokapoka63.exe
O4 - HKLM\..\Run: [checkrun] c:\new2000\system32\elitekbe32.exe
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Andrew Abrams.AMA-LAPTOP\Desktop\HijackThis.exe /startupscan
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\NEW2000\System32\ctfmon.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: SEAGULL WinJa Java Client 3_0C15 - https://www2.netxpro...Ja/winja_ie.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0ECBFDC9-3B38-4591-BD86-D4B0FA2AA2FF}: NameServer = 10.10.15.50
O17 - HKLM\System\CS1\Services\Tcpip\..\{0ECBFDC9-3B38-4591-BD86-D4B0FA2AA2FF}: NameServer = 10.10.15.50
O17 - HKLM\System\CS2\Services\Tcpip\..\{0ECBFDC9-3B38-4591-BD86-D4B0FA2AA2FF}: NameServer = 10.10.15.50
O18 - Protocol: flowto - {C7101FB0-28FB-11D5-883A-204C4F4F5021} - C:\Program Files\NetExchange Pro3.0\FlowHook.dll
O20 - Winlogon Notify: NavLogon - C:\NEW2000\System32\NavLogon.dll
O20 - Winlogon Notify: PCANotify - C:\NEW2000\SYSTEM32\PCANotify.dll
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\NEW2000\System32\nvsvc32.exe

Can anyone help?
  • 0

Advertisements

#2
Rawe
Posted 15 August 2005 - 06:35 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hello and welcome!

We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP, or Service Pack 4 if you are running Win2k. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here
Apply the update, reboot, and post a fresh HijackThis log.

- Rawe :tazz:

Do NOT install Service Pack 2 at this time!
  • 0

#3
ElmoScoggins
Posted 15 August 2005 - 06:58 AM

ElmoScoggins

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
MS in its infinite wisdom will not let me install. Says my product key is invalid. It isnt because this PC came from Dell, but had the opsys installed a second time when the drive failed... Now what????
  • 0

#4
Rawe
Posted 15 August 2005 - 07:00 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Well, that's too bad. I can't help you without an visible upgrade. If microsoft says your product key is invalid, you will have to contact Microsoft about it. Sorry.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP