Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

thanx for the help! heres my log..


  • Please log in to reply
1 reply to this topic

#1 saiofsais

saiofsais

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 27 April 2005 - 10:46 AM

hi guys, i have a stubborn popup problem that has been stuck in my comp for a long time liao..

i went to other forums b4 and have tried to solve this prob and i have even went to the extent of removing my MSN, which does seem to help a bit..

however, now i still have a popup by instantsearch.cc that appears abt once 10 min.. please help me!! thanz in advance!


Logfile of HijackThis v1.99.1
Scan saved at 11:37:30 PM, on 4/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\PFShared\UmxCfg.exe
D:\Program Files\Common Files\PFShared\UmxPol.exe
D:\Program Files\Tiny Personal Firewall\UmxAgent.exe
D:\Program Files\Tiny Personal Firewall\UmxTray.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\WinFast\WFTVFM\WFWIZ.exe
D:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
D:\Program Files\Logitech\MouseWare\system\em_exec.exe
D:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
D:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\Program Files\Bookshelf 98\qshelf98.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\WINDOWS\system32\MsPMSPSv.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
D:\Program Files\Norton AntiVirus\SAVScan.exe
D:\Program Files\Trillian\trillian.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\WinFast\WFTVFM\WFTV.exe
D:\New Folder\hijackthis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] D:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] D:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WinFast Schedule] D:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AWMON] "D:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "D:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [PS2] D:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AT-Watch] D:\Program Files\Anti-Trojan-55\ATWatch.exe
O4 - HKLM\..\Run: [CTStartup] D:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Trillian.lnk = D:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: IDW Logging Tool.lnk = D:\WINDOWS\system32\idwlog.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Qshelf.lnk = D:\Program Files\Bookshelf 98\qshelf98.exe
O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O20 - Winlogon Notify: PFW - D:\WINDOWS\SYSTEM32\UmxWnp.Dll
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: FW Event Manager (UmxAgent) - Tiny Software, Inc. - D:\Program Files\Tiny Personal Firewall\UmxAgent.exe
O23 - Service: FW Configuration Interpreter (UmxCfg) - Tiny Software, Inc. - D:\Program Files\Common Files\PFShared\UmxCfg.exe
O23 - Service: FW Live Update (UmxLU) - Tiny Software, Inc. - D:\Program Files\Common Files\PFShared\umxlu.exe
O23 - Service: FW Policy Manager (UmxPol) - Tiny Software Inc. - D:\Program Files\Common Files\PFShared\UmxPol.exe

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:07:45 PM

Posted 27 April 2005 - 12:54 PM

Hello saiofsais and welcome to the BC forums. Your log looks clean so what you have is hiding somewhere on your system. Let's start with a couple of scans and see what they turn up.

Step #1

Please run at least 2 of the following on-line virus scans:Trend Micro Housecall
BitDefender On-Line Virus Scan
Panda ActiveScan
Make sure that you choose "fix" or "clean".

Step #2

Click on the link below and follow the directions on the webpage to run an online trojan scan:WindowSecurity online trojan scan
Step #3

Download and install ewido security suite. Update the program and then do a complete system scan.

Step #4

OK. Reboot your computer normally, start HijackThis and perform a new scan. Use the Add Reply button to post your new log file and any the information from what the various scans found back here along with details of any problems you encountered performing the above steps and I will review it when it comes in.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users