You did do the cleanup! part?
The killbox message says the file isn't there. So let's see what's on the computer.
spy axe hijacker [resolved]
Started by
hlee814
, Nov 11 2005 01:00 PM
-
This topic is locked
#16
Posted 13 November 2005 - 07:10 AM
g2i2r4
-
- Retired Staff
-
- 5,080 posts
retired HiJack Helper
You did do the cleanup! part?
The killbox message says the file isn't there. So let's see what's on the computer.
#17
Posted 14 November 2005 - 08:24 PM
hlee814
- Topic Starter
-
- Member
-
- 24 posts
Member
ok, i couldnt do the killbox part, but i did the clean thing, and right now i still got the " your computer is infected!" bubble..
here's the uninstall llist
Ad-Aware SE Personal
Adobe Acrobat 5.0
ASUS Probe V2.11
ASUSDVD
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
ATK0100 ACPI UTILITY
Bluetooth Stack for Windows by Toshiba
ccCommon
CleanUp!
ewido security suite
GunboundWC
HDAUDIO SoftV92 Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB835221
Hijackthis 1.99.1
HijackThis 1.99.1
Intel® PROSet/Wireless Software
Internet Worm Protection
iPod for Windows 2005-06-26
iTunes
J2SE Development Kit 5.0 Update 4
J2SE Runtime Environment 5.0 Update 4
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Logitech Desktop Messenger
Logitech ImageStudio
Logitech Print Service
Macromedia Shockwave Player
MAIET Gunz
Maple 10
mCore
mDriver
mDrWiFi
mEoU.msi
Messenger Plus! 3
mHelp
Microsoft Office Professional Edition 2003
mIWA
mIWCA
mLogView
mMHouse
mPfMgr
mPfWiz
mProSafe
MSN Messenger 7.5
mWlsSafe
mXML
mZConfig
Nero Suite
Norton AntiVirus 2005
Norton AntiVirus 2005 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton WMI Update
Panda ActiveScan
Power4 Gear
QuickTime
Realtek High Definition Audio Driver
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
SMSC IrCC V5.1.3600.7
Sony Sound Forge 7.0b
SPBBC
Spybot - Search & Destroy 1.4
Sygate Personal Firewall
Symantec
Symantec Script Blocking Installer
SymNet
Synaptics Pointing Device Driver
Tiger Gaming
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
W3 ScreenSaver
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
WinFlash
WinRAR archiver
WinZip
Wireless Console
here's the uninstall llist
Ad-Aware SE Personal
Adobe Acrobat 5.0
ASUS Probe V2.11
ASUSDVD
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
ATK0100 ACPI UTILITY
Bluetooth Stack for Windows by Toshiba
ccCommon
CleanUp!
ewido security suite
GunboundWC
HDAUDIO SoftV92 Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB835221
Hijackthis 1.99.1
HijackThis 1.99.1
Intel® PROSet/Wireless Software
Internet Worm Protection
iPod for Windows 2005-06-26
iTunes
J2SE Development Kit 5.0 Update 4
J2SE Runtime Environment 5.0 Update 4
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Logitech Desktop Messenger
Logitech ImageStudio
Logitech Print Service
Macromedia Shockwave Player
MAIET Gunz
Maple 10
mCore
mDriver
mDrWiFi
mEoU.msi
Messenger Plus! 3
mHelp
Microsoft Office Professional Edition 2003
mIWA
mIWCA
mLogView
mMHouse
mPfMgr
mPfWiz
mProSafe
MSN Messenger 7.5
mWlsSafe
mXML
mZConfig
Nero Suite
Norton AntiVirus 2005
Norton AntiVirus 2005 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton WMI Update
Panda ActiveScan
Power4 Gear
QuickTime
Realtek High Definition Audio Driver
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
SMSC IrCC V5.1.3600.7
Sony Sound Forge 7.0b
SPBBC
Spybot - Search & Destroy 1.4
Sygate Personal Firewall
Symantec
Symantec Script Blocking Installer
SymNet
Synaptics Pointing Device Driver
Tiger Gaming
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
W3 ScreenSaver
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
WinFlash
WinRAR archiver
WinZip
Wireless Console
#18
Posted 15 November 2005 - 07:08 AM
g2i2r4
-
- Retired Staff
-
- 5,080 posts
retired HiJack Helper
Double-click Killbox.exe to run it.
Select "Delete on Reboot".
Place the following line (complete path) in bold in the "Full Path of File to Delete" box in Killbox:
Put a mark next to "Delete on Reboot"
Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
If your computer does not restart automatically, please restart it manually.
***
Make sure this folder:
C:\WINDOWS\system32\1024\
is still gone.
***
Run a scan using Ewido and post me that log please.
Select "Delete on Reboot".
Place the following line (complete path) in bold in the "Full Path of File to Delete" box in Killbox:
C:\WINDOWS\system32\svchosts.dll
Put a mark next to "Delete on Reboot"
Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
If your computer does not restart automatically, please restart it manually.
***
Make sure this folder:
C:\WINDOWS\system32\1024\
is still gone.
***
Run a scan using Ewido and post me that log please.
#19
Posted 15 November 2005 - 04:35 PM
hlee814
- Topic Starter
-
- Member
-
- 24 posts
Member
i deleted the file, and the bubble is gone!!!! thank you!!! 
here is the scan log from ewido,
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 5:34:00 PM, 11/15/2005
+ Report-Checksum: 227D3C5A
+ Scan result:
C:\Documents and Settings\Hugh_\Local Settings\Temporary Internet Files\Content.IE5\H3IS8HGY\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\Hugh_\Cookies\hugh_@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Hugh_\Cookies\[email protected][1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
::Report End
here, i did hijack log too
Logfile of HijackThis v1.99.1
Scan saved at 5:34:45 PM, on 11/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ASUS\Wireless Console\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ASUS\ASUS Probe\AsusProb.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
D:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
D:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uwaterloo.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.micr...pdate?clid=1033
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Wireless Console] C:\Program Files\ASUS\Wireless Console\wcourier.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\ASUS Probe\AsusProb.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
just wondering if there's anything else on my comp?
here is the scan log from ewido,
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 5:34:00 PM, 11/15/2005
+ Report-Checksum: 227D3C5A
+ Scan result:
C:\Documents and Settings\Hugh_\Local Settings\Temporary Internet Files\Content.IE5\H3IS8HGY\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\Hugh_\Cookies\hugh_@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Hugh_\Cookies\[email protected][1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
::Report End
here, i did hijack log too
Logfile of HijackThis v1.99.1
Scan saved at 5:34:45 PM, on 11/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ASUS\Wireless Console\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ASUS\ASUS Probe\AsusProb.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
D:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
D:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uwaterloo.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.micr...pdate?clid=1033
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Wireless Console] C:\Program Files\ASUS\Wireless Console\wcourier.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\ASUS Probe\AsusProb.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
just wondering if there's anything else on my comp?
#20
Posted 16 November 2005 - 01:40 AM
g2i2r4
-
- Retired Staff
-
- 5,080 posts
retired HiJack Helper
I don't see anything else.
We can check for other malware:
Run the Free use Panda Active Scan.
Be sure to save the report when the scan is done. Please post me that report to check.
We can check for other malware:
Run the Free use Panda Active Scan.
Be sure to save the report when the scan is done. Please post me that report to check.
#21
Posted 16 November 2005 - 05:45 PM
hlee814
- Topic Starter
-
- Member
-
- 24 posts
Member
Incident Status Location
Adware:adware/spyaxe No disinfected Windows Registry
Virus:Trj/Downloader.GCV Disinfected C:\System Volume Information\_restore{9826E8FE-78AF-459F-8D3C-7DE38A64D22D}\RP92\A0009468.tlb
Adware:adware/spyaxe No disinfected Windows Registry
Virus:Trj/Downloader.GCV Disinfected C:\System Volume Information\_restore{9826E8FE-78AF-459F-8D3C-7DE38A64D22D}\RP92\A0009468.tlb
#22
Posted 17 November 2005 - 03:43 AM
g2i2r4
-
- Retired Staff
-
- 5,080 posts
retired HiJack Helper
Disable your Norton Antivirus for it will conflict.
Please download
Panda Titanium Antivirus 2006 (evaluation version). Install it and let it scan.
Save the report if you can.
You can reboot and remove Panda Trial and re-enable Norton if you like.
Please download
Panda Titanium Antivirus 2006 (evaluation version). Install it and let it scan.
Save the report if you can.
You can reboot and remove Panda Trial and re-enable Norton if you like.
#23
Posted 17 November 2005 - 05:32 PM
hlee814
- Topic Starter
-
- Member
-
- 24 posts
Member
ok i got these, theres no logs so i have to type them
got 4 infected files
event
spyware detected: cookie/adserver, cookie/realmedia, cooke/tribalfusion, cookie/2o7.net
locatgions, all in my cookies folder, and all disinfected
got 4 infected files
event
spyware detected: cookie/adserver, cookie/realmedia, cooke/tribalfusion, cookie/2o7.net
locatgions, all in my cookies folder, and all disinfected
#24
Posted 17 November 2005 - 06:15 PM
hlee814
- Topic Starter
-
- Member
-
- 24 posts
Member
i installed that panda thing, it scanned and fixed 1 registry file, it was named adware/spyaxe and said it was removed.. so i guess thats a goood news, then it went on to scan my PC, and froz my laptop when it was almost done scanning my C drive, but there was no files infected detected up to that point.. and then my laptop could nto start up, it just froz with my wallpaper, so i went into save mode and uninstalled the panda and ewido security and finally my comp started up...
#25
Posted 18 November 2005 - 07:12 AM
g2i2r4
-
- Retired Staff
-
- 5,080 posts
retired HiJack Helper
Sorry to hear it didn't go as smooth as it should have.
Can you rerun Panda to see if the infection is fully gone now?
Can you rerun Panda to see if the infection is fully gone now?
#26
Posted 20 November 2005 - 01:44 PM
hlee814
- Topic Starter
-
- Member
-
- 24 posts
Member
tried to install the panda anti virus thing, started freezing my laptop again :S
#28
Posted 21 November 2005 - 12:57 PM
hlee814
- Topic Starter
-
- Member
-
- 24 posts
Member
the scan gave me nothing, but while i was installing the activeX, i got a popup saying norton 2005 does not support the repair operation, uninstall and reinstall popup.. duno if that has anything to do with spywares
#29
Posted 21 November 2005 - 01:28 PM
g2i2r4
-
- Retired Staff
-
- 5,080 posts
retired HiJack Helper
Please see if you can do the scan with Norton autoprotect disable (only for the scan!).
#30
Posted 22 November 2005 - 05:58 PM
hlee814
- Topic Starter
-
- Member
-
- 24 posts
Member
hrm panda didnt pick up anything,
any other things u want me to check
also just got another thing, i dunno if this has anything to do with the spywares, but now when i open microsoft word, and other programs, i get a popup saying
" norton 2005 does not support the repair operation, please uninstall and reinstall"
any other things u want me to check
also just got another thing, i dunno if this has anything to do with the spywares, but now when i open microsoft word, and other programs, i get a popup saying
" norton 2005 does not support the repair operation, please uninstall and reinstall"
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
