|
|
|
|
||||
|
Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact us. |
 |
|
|||||||
| Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed. |
|
|
Thread Tools |
05-10-2006, 06:18 PM
|
#1 |
|
Confirmed User
Join Date: Jan 2004
Posts: 7,659
|
Need help with hijacked computer and " hijack this " log
mother fuckers got me again. Popups everywhere but I can't figure out what else to clean up. This shit boots up my browsers even opera by itself...
Any help will be appreciated..  Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\bWU\command.exe C:\WINDOWS\system32\crypserv.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Network Monitor\netmon.exe C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\Program Files\Norton AntiVirus\SAVScan.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\keyhook.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Phoenix Technologies\cME\Guard\Guard.exe C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe C:\WINDOWS\system32\PhnxCDSvr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Nikon\NkView6\NkvMon.exe C:\WINDOWS\system32\sistray.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\NoteTab Light\NoteTab.exe C:\Documents and Settings\me\Desktop\HijackThis.exe C:\WINDOWS\system32\cmd.exe O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Guard] "C:\Program Files\Phoenix Technologies\cME\Guard\Guard.exe" /background O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe O4 - HKLM\..\Run: [CitiVAN] C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe /dontopenmycards O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1107337314015 O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\dn4801hue.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\bWU\command.exe O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE O23 - Service: Phoenix VCD Service (PhnxVCDService) - Phoenix Technologies Ltd. - C:\WINDOWS\system32\PhnxCDSvr.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
__________________
Ask Phil |
|
|
|
05-10-2006, 06:28 PM
|
#2 |
|
I need a beer
 
Industry Role:
Join Date: Jun 2002
Location: ♠ Toiletville ♠
Posts: 133,944
|
You'll probably have better luck if you search google for help
__________________
|
|
|
|
|
05-10-2006, 06:47 PM
|
#3 |
|
Confirmed User
Join Date: Feb 2003
Location: DeltaHell
Posts: 3,216
|
First off - boot into safe mode(as administrator) and disconnected from any internet connections - then run the hijackthis and repost the log - or email it to me at linkster at linkforsex dot com
get a copy of cwshredder and run that as well and see if it identifies any cws variants. Get a copy of spysweeper(before you run it back up your hosts file located in windows/system32/drivers/etc) and run a full system sweep. Get a copy of avg free and run that (make sure you shut down your other antivirus programs you are running) |
|
|
|
|
05-10-2006, 06:49 PM
|
#4 |
|
Confirmed User
Join Date: Feb 2003
Location: DeltaHell
Posts: 3,216
|
The reason I say to go into safe mode for this second run of hijackthis is youve got so many programs running its hard to tell whats supposed to be there and whats not
 |
|
|
|
|
05-10-2006, 09:07 PM
|
#5 |
|
Confirmed User
Join Date: May 2005
Location: The Porn Land
Posts: 1,414
|
Linkster, i was just about to say...this dude must have a slow computer with all those programms running ;)
|
|
|
|
|
05-11-2006, 01:30 AM
|
#6 | |
|
Too lazy to set a custom title
Join Date: Oct 2002
Location: Global Traveler
Posts: 51,271
|
Quote:
 I thought about that also. |
|
|
|
|
|
05-11-2006, 01:31 AM
|
#7 |
|
8.8.8.8
Industry Role:
Join Date: Mar 2006
Location: Noordermarkt
Posts: 30,509
|
i find this suspicious:
C:\WINDOWS\system32\keyhook.exe try installing or updating to the latest version of your browser
__________________
TAEMDLRMSKRJIXMRLSMRJ. |
|
|
|
|
05-11-2006, 06:37 AM
|
#8 |
|
there's no $$$ in porn
Industry Role:
Join Date: Jul 2005
Location: icq: 195./568.-230 (btw: not getting offline msgs)
Posts: 33,063
|
format and reinstall...
|
|
|
|
|
05-11-2006, 06:47 AM
|
#9 | |
|
Entrepreneur
Join Date: Oct 2002
Location: USA
Posts: 31,429
|
Quote:
__________________
 If you would like to develop your domains, you can lease inexpensive foreign laborfrom the leaders in the field at iWebmasters.com TO LOWER YOUR COSTS AND INCREASE YOUR PRODUCTION! *** *** *** *** *** *** *** *** *** *** *** *** Domains Adult News KRL's Newsletter Biz Tips Just Listed Domains
|
|
|
|
|
|
05-11-2006, 11:20 AM
|
#10 |
|
Confirmed User
Join Date: Feb 2003
Location: DeltaHell
Posts: 3,216
|
keyhook is also used in some backdoor trojans as it allows the recording of key strokes - pretty common actually in combination with other programs but without seeing a safe mode log run its kinda hard to tell yet
|
|
|
|
|
05-11-2006, 12:00 PM
|
#11 |
|
Confirmed User
Join Date: Apr 2004
Location: Toronto
Posts: 935
|
This is most likely your problem. O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\bWU\command.exe Have a look at command.exe if it was part of windows it would say CMD.exe Command.exe is not a normal process as far as I know.
|
|
|
|
