• 0

Help, computer hijack


Question

hey i am quite positive my computer has a trojan i keep gettin redirected to websites when i try and click links while searching on google i ran hijack this and here is what the log said please tell me the nesecary processes to remove if you kno of anything that looks out of place

Logfile of HijackThis v1.99.1

Scan saved at 7:14:30 PM, on 2/18/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0007)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\iTunes\iTunes.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Scott.HOME-3B54929FDC\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Shaw Internet

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - http://www.tenebril.com/assets/activeX/SpywareScanner.ocx

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161291087640

O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {CCC46940-DED0-476C-A27E-115B10DAE0B4} - http://td.nortonconfidenceonline.com/plug-in/WSAS.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - http://download.mcafee.com/molbin/iss-loc/...876/mcfscan.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

Link to comment
https://www.neowin.net/forum/topic/540039-help-computer-hijack/
Share on other sites

Recommended Posts

  • 0

I glanced over your log and I don't see anything too alarming/looking like a trojan. Sounds like your host file has been hijacked, though. Your host file is located here: C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts

Open "hosts" with notepad (it's not a folder, it's the actual file) and clear it to just have:

127.0.0.1	   localhost

If that's all you have, besides a bunch of introduction lines with # infront of it, then that's not your problem. Let us know.

By the way, your computer is overboard with security. Windows Defender, AVG Anti-Spyware, Spybot, and a bunch of other anti-virus/internet security things? It's okay to have different scanners, however, if these scanners are running in the background (such as Win. Defender and AVG), then they can sometimes conflict with each other.

  • 0

I also couldn't find anything that seems suspicious. There was a process (low risk) but should be picked by Symantec/Norton Antivirus.

You've too many security tools and online scanners - if you ran all of them and they say you're clean, then you're 99.9% clean.

Also, where exactly do you get redirected to if localhost trick does not work?

  • 0

Blue: uneeded crap (imo)

Red: Fix ASAP

  epidemic339 said:
Logfile of HijackThis v1.99.1

Scan saved at 7:14:30 PM, on 2/18/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0007)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\iTunes\iTunes.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Scott.HOME-3B54929FDC\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Shaw Internet

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dllNvTaskbarInit

O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - http://www.tenebril.com/assets/activeX/SpywareScanner.ocx

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161291087640

O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {CCC46940-DED0-476C-A27E-115B10DAE0B4} - http://td.nortonconfidenceonline.com/plug-in/WSAS.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - http://download.mcafee.com/molbin/iss-loc/...876/mcfscan.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

Do another scan with Hijackthis.exe renamed to something else/

  • 0

k i tried running my computer in safe mode norton ad aware professional and avg free addition all froze when they got to the same file in a temporary internet folder so im guess this btcar.com rerouter or dns changer whatever it is called still has some grip in my system any sugestions on fixing it?

  • 0
  • 0
  epidemic339 said:
hey i am quite positive my computer has a trojan

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

There is your biggest issue. Norton. http://www.symantec.com/symnrt

  • 0

k i deleted those things with hijack this and i ran a regestry mechanic it found a wack of things but avg ad aware and norton all still freeze when they get to a certain file in my temporary internet files folder so this btcar.com or dns changer trojan or what ever it is still has its hold on my system what should i do :s

  • 0

Which things? Norton stuff? Are you nuts removing those with hijackthis? Those are legitimate processes by Norton AntiVirus. You should use Add/Remove first if you really want to uninstall software and not removing a few startup entries with hijack this.

Disregard those comments.

Can you use normal, built in cleaner instead of Registry Mechanic (what does it have to to with emptying browser cache anyway?). Go to Tools > Internet Options > Delete in Browsing history part...IE 7 Can clear everything with a click of a button. Then update your virus definitions and scan your computer for viruses. I did not see anything wrong with your HJT log, and I have no idea why are you so eager to remove stuff with it. Simply clear your temp files. Either do it manually, use Windows Disk Cleaner, or CCleaner...update definitions, scan...and that should be it.

Simple Google search comes with this:

http://answers.yahoo.com/question/index?qi...02032704AAYKFFg

http://answers.yahoo.com/question/index?qi...29190243AABCumU

http://www.spywarepoint.com/forums/t43811-...le-problem.html

And this guy was also infected with it...maybe you can read which items he had to remove and see if you have the same malicious entries (which I did not spot):

http://forums.techguy.org/security/538541-...-btcar-com.html

This time, try to do some reading first.

  • 0
  richter said:
Which things? Norton stuff? Are you nuts removing those with hijackthis? Those are legitimate processes by Norton AntiVirus.

Legitimately useless.

All he has to do is remove Norton 100%, then install avast and remove the viruses/trojans and other junkware it finds. Duh. Norton sucks, any wannabe tech knows that and will tell people to trash it; so have you not reached that level yet? :p

  • 0
  Jack 0Neill said:
Legitimately useless.

All he has to do is remove Norton 100%, then install avast and remove the viruses/trojans and other junkware it finds. Duh. Norton sucks, any wannabe tech knows that and will tell people to trash it; so have you not reached that level yet? :p

Please, we're here to help him and not get into yet another what is better discussion. While I stopped using Norton since 2002, their 2007 lineup is not all that bad (memory wise is on pair with other or has lower usage - tested NIS) and their detection rate (viruses/rootkits in their consumer version, though spyware is not that well) is among the best (according to several test conducted in recent months). So, arguing he should remove Norton and install Avast to remove infections doesn't help. He's got whole lineup of security tools installed which is capable of removing infection he described (latest Spybot definitions will do the trick). He is welcome to uninstall/install whatever he pleases, but blatant ranting how much Norton sucks and suggesting (although it was meant as a joke) removing crucial Norton processes can only screw up his system even worse.

  • 0

k this trojan is still on my system and trust me ive tried a bunch of different things including reading other forum threads on this virus but i must be doing something wrong so if anyone has like a list of instructions i can follow or any good sugestions on some alternative free software that will help me remove this i would apreciate it the most frustrating thing about this virus right now is that i had it about a month ago and now it is back

  • 0
  epidemic339 said:
k this trojan is still on my system and trust me ive tried a bunch of different things including reading other forum threads on this virus but i must be doing something wrong so if anyone has like a list of instructions i can follow or any good sugestions on some alternative free software that will help me remove this i would apreciate it the most frustrating thing about this virus right now is that i had it about a month ago and now it is back

Disable Norton temporarily and load and run the trial version of NOD32 thats up to date.

  • 0

Why is this thread carrying on?

Remove Norton Anti-Anti-Virus (I've tested 2003-2007 they ALL suck) with SymNRT 2007. All real-deal techs do know this is true. Avast and AntiVir are the two best freeware anti-viruses. Kaspersky and NOD32 are the two best payware.

For spyware you'll want to use Ad-Aware SE and Spybot S&D. Others included Windows Defender, CWShredder, HijackThis, Spyware Blaster.

For additional assistance, use the freeware tool FileMon to see every file access/modify/write attempt maybe by any executable/process on your system, anything running in the background. TCPView will help you see any inbound/outbound network traffic.

After that, you should be clean.

  • 0

It's "impossible" that you can't remove this infection with arsenal you have. You are doing something wrong. Why do you boot into safe mode? Yes I know the usage of it, but it's rarely needed and AVs don't need to operate in safe mode to remove infection.

Simplest solution is to CLEAR (for 100th time) your temp files, run an AV/AT/AS with updated definitions and don't boot into safe mode. It might be the reason software is not functioning in the first place.

If Kaspersky, Ewido (now AVG Antispyware) can't remove infection then nothing can. Download those, update definitions and run full scan (it might take a while) and don't do it from safe mode this time. You're not giving us any info, what infection might be, what problems you experience and most important what you actually did so far...besides messing with HJT and not bothering to read any guides posted before.

  • 0
  epidemic339 said:
...and preferably not just a harddrive wipe i got way to much on this computer to be considering that

Use proper spelling and grammar in your posts.

Go out and buy yourself a spindle of CDRs or DVD+/-Rs and backup your data. But yeah, Richter's post says it all...

  • 0

k heres what ive done so far ive removed some registry entries with hijack this i found entries that were rerouting my to a specific ip adress so i removed those avg found a trojan on my system and i removed that aswell and thats bassicly it avg still and other anti viruses i tried still freeze on a certain file in my temp folder and i tried reseting all my internet explorer settings and deleting my temp folder but a paticular file will not delete ive tried running all the scaners in safe and normal mode and unfortunatly im am not the only user on this computer and removing norton is not my choice to make and Kaspersky does not install with norton on my system if any1 has MORE PERCISE directions then remove it with an antivirus i would apreciate it im surely over looking something that none of you guys have mentioned because none of it is working

  • 0

lol Was interested in the topic and had some replies, but I gave up after reading that last post. Couldn't make it past the 2nd line. For people that are wanting to help you, you really don't make it easy on them. I kinda give up, if it takes me longer to figure out how the sentences are supposed to be, than the time it takes me to actually read them. One vote to Jeremy of Many...

  • 0
  Jack 0Neill said:
Legitimately useless.

All he has to do is remove Norton 100%, then install avast and remove the viruses/trojans and other junkware it finds. Duh. Norton sucks, any wannabe tech knows that and will tell people to trash it; so have you not reached that level yet? :p

You are my hero :rofl:

FTW

  epidemic339 said:
k heres what ive done so far ive removed some registry entries with hijack this i found entries that were rerouting my to a specific ip adress so i removed those avg found a trojan on my system and i removed that aswell and thats bassicly it avg still and other anti viruses i tried still freeze on a certain file in my temp folder and i tried reseting all my internet explorer settings and deleting my temp folder but a paticular file will not delete ive tried running all the scaners in safe and normal mode and unfortunatly im am not the only user on this computer and removing norton is not my choice to make and Kaspersky does not install with norton on my system if any1 has MORE PERCISE directions then remove it with an antivirus i would apreciate it im surely over looking something that none of you guys have mentioned because none of it is working

SENTENCES! Please clarify and maybe someone can fur real help you...

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • Due to upgrade (PC built in summer 2023). Lian Li O11 Dynamic EVO Black be quiet! Pure Power 12 M 850W ASRock X670E Steel Legend AMD Ryzen 9 7950X3D Boxed G.Skill Trident Z5 Neo RGB F5-6000J2836G16GX2-TZ5NRW NZXT Kraken Elite 360 RGB Zwart 2x Lian Li UNI FAN SL120, 1-pack, Zwart, 120mm 2x Lian Li UNI FAN SL120, 3-pack, Zwart, 120mm Lian Li Universal Vertical Gen4 GPU Riser-kit) MSI GeForce RTX 4070 VENTUS 2X 12G OC WD Black SN850X (no heatsink) 1TB Lexar NM710 2TB M2 Network card Marvell AQC113 10G/5G/2.5G/1000M Current worth to build €2,805 Receipts and original boxes included Notes: Lian Li Universal Vertical Gen4 GPU Riser-kit was bought second-hand SPDIF port cable holder broke (but works) Never been overclocked (except EXPO values) Includes ASRock Thunderbolt 4 AIC in box (not been used due to too few internal USB ports) 2nd Lian Li UNI FAN SL120, 1-pack, Black, 120mm in box (no time to build in rear of case) I am asking €1,800 on a local marketplace in The Netherlands, and although it has been favorited 4x I am only getting lowball offers. It was first listed on May 14. Would I be more successful selling without the video card?
    • Lifetime subscription to Mail Backup X gets price dropped by 72% by Steven Parker Today's highlighted deal comes via our Apps + Software section of the Neowin Deals store, where you can save 72% off a lifetime subscription to Mail Backup X Individual. For most individuals and organizations, emails are the most critical part of daily activities and communications. Some of us realize the importance of backing up emails only when critical emails are lost for some reason. Plan ahead and safeguard your mail data today with a robust and reliable mail backup solution. Mail Backup X is a one-stop solution for mail backup, archiving, email management & mail conversion trusted by 42,000+ business and home users worldwide. Backup from major mail clients. Apple Mail, Microsoft Outlook, Office 365, Microsoft Exchange, Thunderbird, Postbox Backup from mail services. Gmail, Outlook.com, Yahoo, Gmx.de, Office365, Microsoft Exchange, or any service supporting IMAP protocol Archive file viewer. Quickly search & view your emails from archives Highly compressed archives. Save up to 3x storage space Import almost any mail archive. Files like .pst, .ost, .mbox, .olk, .eml, .rge, and more Mirror backup. Cloud storage (Google Drive, One Drive, Dropbox, Pcloud or FTP) or USB drive Restore. Restore direct to the server account or a separate server account Migration. Move all mails onto a new account in Office365 100% privacy. Encrypt & secure your data with military-grade aes 256-bit encryption and your own private key, so it's only visible to you Top-notch premium support. Get help that you need from experts Good to know Plan: Individual Edition Length of access: lifetime Redemption deadline: redeem your code within 30 days of purchase Access options: desktop Max number of devices: 2 Only available to new users Version: 2 Updates included A lifetime subscription to Mail Backup X normally costs $179, but you can pick this up for just $49.99 for a limited time - that represents a saving of $129 (72% off). For a full description, spec, and terms, click the link below. Get Mail Backup X (lifetime plan) for just $49.99 (was $179) Use coupon code SAVE20 at checkout to get this product for an additional 20% off We post these because we earn commission on each sale so as not to rely solely on advertising, which many of our readers block. It all helps toward paying staff reporters, servers and hosting costs. Other ways to support Neowin Whitelist Neowin by not blocking our ads Create a free member account to see fewer ads Make a donation to support our day to day running costs Subscribe to Neowin - for $14 a year, or $28 a year for an ad-free experience Disclosure: Neowin benefits from revenue of each sale made through our branded deals site powered by StackCommerce.
    • I will believe it when it happens. iOS 18 was heavily rumoured to be a massive overhaul with visionOS glass style UI elements. Never happened. I don't even believe the x26 naming scheme is real either, feels more like an April fools joke *shrugs* I'll be happy to be proven wrong. However, till Apple themselves say it's so I will remain skeptical.
  • Recent Achievements

    • Reacting Well
      brynmot earned a badge
      Reacting Well
    • Week One Done
      Al_ earned a badge
      Week One Done
    • Week One Done
      MadMung0 earned a badge
      Week One Done
    • Reacting Well
      BlakeBringer earned a badge
      Reacting Well
    • Reacting Well
      Lazy_Placeholder earned a badge
      Reacting Well
  • Popular Contributors

    1. 1
      +primortal
      477
    2. 2
      +FloatingFatMan
      274
    3. 3
      ATLien_0
      243
    4. 4
      snowy owl
      209
    5. 5
      Edouard
      182
  • Tell a friend

    Love Neowin? Tell a friend!