| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 66139 | 2006-02-12 19:42:00 | Pc Possable Hijacking please help | White0lion (9790) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 429497 | 2006-02-12 19:42:00 | I downloaded a Final Fantasy screensaver and it didnt work as claimed . I went and ran spy sweeper . It told me i had a Hijacker on my system, called screen savers . Here is its discription . Name: Screensavers Author: Category: Adware Threat Assessment: High Description: Screensavers may hijack any of the following: Web searches, home page, and other Internet Explorer settings . Characteristics: Screensavers may redirect your Web searches through its own search engine and change your default home page to the author’s Web site . This hijacker may also change your other Internet Explorer settings . Method of Infection: Hijackers generally propagate through the use of seemingly-innocent dialog boxes, various social engineering methods, or through a java scripting error . Usually hijackers are bundled with various, free, software programs . Additional Comments: I went and ran Hijack this and this is the log . C:\WINDOWS\System32\smss . exe C:\WINDOWS\system32\winlogon . exe C:\WINDOWS\system32\services . exe C:\WINDOWS\system32\lsass . exe C:\WINDOWS\System32\Ati2evxx . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\System32\svchost . exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr . exe C:\Program Files\Norton Internet Security\NISUM . EXE C:\WINDOWS\system32\Ati2evxx . exe C:\WINDOWS\system32\spoolsv . exe C:\WINDOWS\Explorer . EXE C:\Program Files\Norton Internet Security\ccPxySvc . exe C:\WINDOWS\System32\CTsvcCDA . exe C:\Program Files\Norton AntiVirus\navapsvc . exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK . exe C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol . exe C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet . EXE C:\Program Files\Webroot\Spy Sweeper\SpySweeper . exe C:\WINDOWS\system32\CTHELPER . EXE C:\Program Files\Common Files\Symantec Shared\ccApp . exe C:\Program Files\Messenger\msmsgs . exe C:\Program Files\Creative\MediaSource\GO\CTCMSGo . exe C:\Program Files\Creative\MediaSource\RemoteControl\RCMan . EXE C:\Program Files\AIM\aim . exe C:\WINDOWS\system32\ctfmon . exe C:\Program Files\MSI\Core Center\CoreCenter . exe C:\WINDOWS\System32\MsPMSPSv . exe C:\Program Files\Wireless-G USB Network Adapter\WLService . exe C:\Program Files\Wireless-G USB Network Adapter\WUSB54G . exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC . exe C:\WINDOWS\System32\svchost . exe C:\Program Files\mIRC\mirc . exe C:\Program Files\Internet Explorer\iexplore . exe C:\Program Files\Internet Explorer\iexplore . exe G:\Downloads\HijackThis . exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7 . 0\ActiveX\AcroIEHelper . dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt . dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt . dll O4 - HKLM\ . . \Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol . exe /r O4 - HKLM\ . . \Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet . EXE O4 - HKLM\ . . \Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet . exe /r O4 - HKLM\ . . \Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper . exe" /startintray O4 - HKLM\ . . \Run: [CTHelper] CTHELPER . EXE O4 - HKLM\ . . \Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp . exe" O4 - HKLM\ . . \Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon . exe O4 - HKCU\ . . \Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs . exe" /background O4 - HKCU\ . . \Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\GO\CTCMSGo . exe /SCB O4 - HKCU\ . . \Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan . EXE O4 - HKCU\ . . \Run: [AIM] C:\Program Files\AIM\aim . exe -cnetwait . odl O4 - HKCU\ . . \Run: [ctfmon . exe] C:\WINDOWS\system32\ctfmon . exe O4 - Global Startup: ATI CATALYST System Tray . lnk = C:\Program Files\ATI Technologies\ATI . ACE\CLI . exe O4 - Global Startup: CoreCenter . lnk = C:\Program Files\MSI\Core Center\CoreCenter . exe O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl . dll/phdContext . htm O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR . DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim . exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - . symantec . com/techsupp/asa/ctrl/tgctlsi . cab" target="_blank">www . symantec . com O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - . symantec . com/techsupp/asa/ctrl/tgctlsr . cab" target="_blank">www . symantec . com O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - . symantec . com/techsupp/asa/ctrl/LSSupCtl . cab" target="_blank">www . symantec . com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - . microsoft . com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site . cab?1138214251389" target="_blank">update . microsoft . com O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - . symantec . com/sscv6/SharedContent/common/bin/cabsa . cab" target="_blank">security . symantec . com O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - . symantec . com/techsupp/asa/ctrl/SymAData . cab" target="_blank">www . symantec . com O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF . dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc . - C:\WINDOWS\System32\Ati2evxx . exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag . exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr . exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc . exe O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc . exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA . exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc . exe O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM . EXE O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ . exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc . exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc . - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK . exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC . exe O23 - Service: WUSB54GSVC - Unknown owner - C:\Program Files\Wireless-G USB Network Adapter\WLService . exe" "WUSB54G . exe (file missing) It has locked up my norton internet security telling that im not logged in as an admin . There is only one account on the pc and is set to admin . I dont even have hguest turned on . I am lost as what to do to fix this problem . |
White0lion (9790) | ||
| 429498 | 2006-02-12 20:02:00 | What brang me to this is my sysmatick norton internet security fire wall and av woudnt auto turn on apon boot and it kept telling me that it needs an admin account. the only account i use is an admin account. Then i tried t o uninstall and it says the same.. It woudnt let me update my spysweeper aswell giving me errors. I went and dl a progropm from norton that sopose of got ris of there files i went and got norton internet security 2006 it still tells me theres an dol version on my system and whats left with is parts of the av program cant be un installed due to the admin account error. I am stumped now. I re installed norton 2003 and so far its runing. I just want to clean my system completely. | White0lion (9790) | ||
| 429499 | 2006-02-12 20:18:00 | That log looks fine to me. No sign of anything to do with spyware, or hijackers. Hijackers wouldnt normally disable the firewall, or AV. Something like a worm, or trojan would. Get Trojan Remover (dl.filekicker.com) from here (www.simplysup.com) Download / Install, run it, click on scan, and then select option 3 to 7 under the utilities menu. |
Speedy Gonzales (78) | ||
| 1 | |||||