Author Topic: Help me i think im infected (Read 10116 times)

waille · « **on:** March 24, 2005, 01:48:07 PM »

heres my log

Logfile of HijackThis v1.99.1
Scan saved at 2:39:22 PM, on 3/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
G:\Progfiles\Norton\navapsvc.exe
G:\Progfiles\Norton\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Aliant\NETASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
G:\Progfiles\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\NuonSoft\WallpaperCycler3\WallpaperCycler Lite.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
G:\Progfiles\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - G:\Progfiles\Norton\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - G:\Progfiles\Norton\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Aliant\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [RemoteControl] G:\Progfiles\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NuonSoft Wallpaper Cycler 3 StartupHelper] C:\Program Files\NuonSoft\WallpaperCycler3\StartupHelper.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - Startup: Gmail Notifier.lnk = G:\Progfiles\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGFI~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGFI~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1101593272657
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Dynu Control Server (dynucontrol) - Unknown owner - C:\Program Files\Dynu Systems\Enterprise Server\dynuctrl.exe (file missing)
O23 - Service: Dynu FTP Server (dynuftp) - Unknown owner - C:\Program Files\Dynu Systems\Enterprise Server\dynuftp.exe (file missing)
O23 - Service: Dynu IMAP Server (dynuimap) - Unknown owner - C:\Program Files\Dynu Systems\Enterprise Server\dynuimap.exe (file missing)
O23 - Service: Dynu POP3 Server (dynupop3) - Unknown owner - C:\Program Files\Dynu Systems\Enterprise Server\dynupop3.exe (file missing)
O23 - Service: Dynu Proxy Server (dynuproxy) - Unknown owner - C:\Program Files\Dynu Systems\Enterprise Server\dynuprxy.exe (file missing)
O23 - Service: Dynu Relay Server (dynurelay) - Unknown owner - C:\Program Files\Dynu Systems\Enterprise Server\dynurly.exe (file missing)
O23 - Service: Dynu SMTP Server (dynusmtp) - Unknown owner - C:\Program Files\Dynu Systems\Enterprise Server\dynusmtp.exe (file missing)
O23 - Service: Dynu Web Server (dynuweb) - Unknown owner - C:\Program Files\Dynu Systems\Enterprise Server\dynuweb.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - G:\Progfiles\Norton\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - G:\Progfiles\Norton\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - G:\Progfiles\Norton\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

waille · « **Reply #1 on:** March 24, 2005, 01:52:19 PM »

i think im infected cause my wireless just started droping constantly with a 100% singnal strentgh and beeing 4 ft away from router

and i also have 2 things in my add/remove program that i can't get rid of one is called ANIO service and the other is ANIWZCS2 service

could anyone help me asap im getting feed up of this and im thinking that a good old format is the only fix

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/unsure.gif\' class=\'bbc_emoticon\' alt=\':unsure:\' />

Telecom Bum · « **Reply #2 on:** April 13, 2005, 09:58:18 PM »

[quote name=\'waille\' date=\'Mar 24 2005, 12:52 PM\']i think im infected cause my wireless just started droping constantly with a 100% singnal strentgh and beeing 4 ft away from router

and i also have 2 things in my add/remove program that i can't get rid of one is called ANIO service and the other is ANIWZCS2 service

could anyone help me asap im getting feed up of this and im thinking that a good old format is the only fix

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/unsure.gif\' class=\'bbc_emoticon\' alt=\':unsure:\' />

[post=\"30501\"]<{POST_SNAPBACK}>[/post]

[/quote]

Those 2 services, ANIO and ANIWZCS2, are integral to the use of a D-Link wireless receiver. Don't disable or fuss with them because they will cause your D-Link card/receiver to crash.

Reinstall the d-link software and make sure the system runs without encryption before attempting to encrypt the signal.

With regard to finding out if you're infected, update your antivirus and run a scan. Get spybot or Adaware and run it. Get the Complete Registry Cleaner and use it to clean up invalid registry entries. Preferably in that order. Check out www.Answersthatwork.com to download the software mentioned. It's freeware.

I'm too lazy to read hijackthis logs so I find software to do the work for me.

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/wink.gif\' class=\'bbc_emoticon\' alt=\'

\' />

Don't reformat -- that's what virus writers want you to do -- or what non techie boss managers somehow accidentally do.

Good luck.

mjwjon · « **Reply #3 on:** June 06, 2005, 06:35:33 PM »

I don't know if you've solved your problem already, but what i suggest is to change the channel settings on your router until you find one that works well.

I have had experience when the internet via wireless router gets really slow to the point of not moving at all. Changing the channels usually fixes this problem.

Anyways, that's my post.

guestolo · « **Reply #4 on:** October 08, 2007, 12:23:27 PM »

Locking this topic as it's outdated
Any others with similiar problems, start your own topic and include a Hijackthis log

TheTechGuide Forum

News:

Author Topic: Help me i think im infected (Read 10116 times)

waille

Help me i think im infected

waille

Help me i think im infected

Telecom Bum

Help me i think im infected

mjwjon

Help me i think im infected

guestolo

Help me i think im infected