Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected PC and slow performance


  • This topic is locked This topic is locked
2 replies to this topic

#1 Alisampras

Alisampras

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 06 April 2009 - 06:22 AM

Dear all,

My friend pc has been infected. Here is the log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:27:00 PM, on 4/6/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 -
HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [url=http://resultsmaster.com/SmartOffers/Services/resultsmaster/ResultsMasterHomeLeftPane.htm]http://resultsmaster.com/SmartOffers/Servi...omeLeftPane.htm[/url]
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,C:\WINDOWS\j6456422.exe
O1 - Hosts: 127.0.0.21 mcafee.com
O1 - Hosts: 127.0.0.21 www.mcafee.com
O1 - Hosts: 127.0.0.21 mcafee.net
O1 - Hosts: 127.0.0.21 www.mcafee.net
O1 - Hosts: 127.0.0.21 mcafee.org
O1 - Hosts: 127.0.0.21 www.mcafee.org
O1 - Hosts: 127.0.0.21 mcafeesecurity.com
O1 - Hosts: 127.0.0.21 www.mcafeesecurity.com
O1 - Hosts: 127.0.0.21 mcafeesecurity.net
O1 - Hosts: 127.0.0.21 www.mcafeesecurity.net
O1 - Hosts: 127.0.0.21 mcafeesecurity.org
O1 - Hosts: 127.0.0.21 www.mcafeesecurity.org
O1 - Hosts: 127.0.0.21 mcafeeb2b.com
O1 - Hosts: 127.0.0.21 www.mcafeeb2b.com
O1 - Hosts: 127.0.0.21 mcafeeb2b.net
O1 - Hosts: 127.0.0.21 www.mcafeeb2b.net
O1 - Hosts: 127.0.0.21 mcafeeb2b.org
O1 - Hosts: 127.0.0.21 www.mcafeeb2b.org
O1 - Hosts: 127.0.0.21 nai.com
O1 - Hosts: 127.0.0.21 www.nai.com
O1 - Hosts: 127.0.0.21 nai.net
O1 - Hosts: 127.0.0.21 www.nai.net
O1 - Hosts: 127.0.0.21 nai.org
O1 - Hosts: 127.0.0.21 www.nai.org
O1 - Hosts: 127.0.0.21 vil.nai.com
O1 - Hosts: 127.0.0.21 www.vil.nai.com
O1 - Hosts: 127.0.0.21 vil.nai.net
O1 - Hosts: 127.0.0.21 www.vil.nai.net
O1 - Hosts: 127.0.0.21 vil.nai.org
O1 - Hosts: 127.0.0.21 www.vil.nai.org
O1 - Hosts: 127.0.0.21 grisoft.com
O1 - Hosts: 127.0.0.21 www.grisoft.com
O1 - Hosts: 127.0.0.21 grisoft.net
O1 - Hosts: 127.0.0.21 www.grisoft.net
O1 - Hosts: 127.0.0.21 grisoft.org
O1 - Hosts: 127.0.0.21 www.grisoft.org
O1 - Hosts: 127.0.0.21 kaspersky-labs.com
O1 - Hosts: 127.0.0.21 www.kaspersky-labs.com
O1 - Hosts: 127.0.0.21 kaspersky-labs.net
O1 - Hosts: 127.0.0.21 www.kaspersky-labs.net
O1 - Hosts: 127.0.0.21 kaspersky-labs.org
O1 - Hosts: 127.0.0.21 www.kaspersky-labs.org
O1 - Hosts: 127.0.0.21 kaspersky.com
O1 - Hosts: 127.0.0.21 www.kaspersky.com
O1 - Hosts: 127.0.0.21 kaspersky.net
O1 - Hosts: 127.0.0.21 www.kaspersky.net
O1 - Hosts: 127.0.0.21 kaspersky.org
O1 - Hosts: 127.0.0.21 www.kaspersky.org
O1 - Hosts: 127.0.0.21 downloads1.kaspersky-labs.com
O1 - Hosts: 127.0.0.21 www.downloads1.kaspersky-labs.com
O1 - Hosts: 127.0.0.21 downloads1.kaspersky-labs.net
O1 - Hosts: 127.0.0.21 www.downloads1.kaspersky-labs.net
O1 - Hosts: 127.0.0.21 downloads1.kaspersky-labs.org
O1 - Hosts: 127.0.0.21 www.downloads1.kaspersky-labs.org
O1 - Hosts: 127.0.0.21 downloads2.kaspersky-labs.com
O1 - Hosts: 127.0.0.21 www.downloads2.kaspersky-labs.com
O1 - Hosts: 127.0.0.21 downloads2.kaspersky-labs.net
O1 - Hosts: 127.0.0.21 www.downloads2.kaspersky-labs.net
O1 - Hosts: 127.0.0.21 downloads2.kaspersky-labs.org
O1 - Hosts: 127.0.0.21 www.downloads2.kaspersky-labs.org
O1 - Hosts: 127.0.0.21 downloads3.kaspersky-labs.com
O1 - Hosts: 127.0.0.21 www.downloads3.kaspersky-labs.com
O1 - Hosts: 127.0.0.21 downloads3.kaspersky-labs.net
O1 - Hosts: 127.0.0.21 www.downloads3.kaspersky-labs.net
O1 - Hosts: 127.0.0.21 downloads3.kaspersky-labs.org
O1 - Hosts: 127.0.0.21 www.downloads3.kaspersky-labs.org
O1 - Hosts: 127.0.0.21 downloads4.kaspersky-labs.com
O1 - Hosts: 127.0.0.21 www.downloads4.kaspersky-labs.com
O1 - Hosts: 127.0.0.21 downloads4.kaspersky-labs.net
O1 - Hosts: 127.0.0.21 www.downloads4.kaspersky-labs.net
O1 - Hosts: 127.0.0.21 downloads4.kaspersky-labs.org
O1 - Hosts: 127.0.0.21 www.downloads4.kaspersky-labs.org
O1 - Hosts: 127.0.0.21 download.mcafee.com
O1 - Hosts: 127.0.0.21 www.download.mcafee.com
O1 - Hosts: 127.0.0.21 download.mcafee.net
O1 - Hosts: 127.0.0.21 www.download.mcafee.net
O1 - Hosts: 127.0.0.21 download.mcafee.org
O1 - Hosts: 127.0.0.21 www.download.mcafee.org
O1 - Hosts: 127.0.0.21 norton.com
O1 - Hosts: 127.0.0.21 www.norton.com
O1 - Hosts: 127.0.0.21 norton.net
O1 - Hosts: 127.0.0.21 www.norton.net
O1 - Hosts: 127.0.0.21 norton.org
O1 - Hosts: 127.0.0.21 www.norton.org
O1 - Hosts: 127.0.0.21 symantec.com
O1 - Hosts: 127.0.0.21 www.symantec.com
O1 - Hosts: 127.0.0.21 symantec.net
O1 - Hosts: 127.0.0.21 www.symantec.net
O1 - Hosts: 127.0.0.21 symantec.org
O1 - Hosts: 127.0.0.21 www.symantec.org
O1 - Hosts: 127.0.0.21 liveupdate.symantecliveupdate.com
O1 - Hosts: 127.0.0.21 www.liveupdate.symantecliveupdate.com
O1 - Hosts: 127.0.0.21 liveupdate.symantecliveupdate.net
O1 - Hosts: 127.0.0.21 www.liveupdate.symantecliveupdate.net
O1 - Hosts: 127.0.0.21 liveupdate.symantecliveupdate.org
O1 - Hosts: 127.0.0.21 www.liveupdate.symantecliveupdate.org
O1 - Hosts: 127.0.0.21 liveupdate.symantec.com
O1 - Hosts: 127.0.0.21 www.liveupdate.symantec.com
O1 - Hosts: 127.0.0.21 liveupdate.symantec.net
O1 - Hosts: 127.0.0.21 www.liveupdate.symantec.net
O1 - Hosts: 127.0.0.21 liveupdate.symantec.org
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: HbTools - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\HbTools\Bin\4.7.0.0\HbtHostIE.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\HbTools\Bin\4.7.0.0\HbtHostIE.dll
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [A7368r] "C:\WINDOWS\j6456422.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [y1266use] "C:\WINDOWS\System32\n4431\sv71808230r.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [A7368r] "C:\WINDOWS\_default45642.pif"
O4 - HKCU\..\Policies\Explorer\Run: [y1266use] "C:\Documents and Settings\user\Local Settings\Application Data\dv680820x\yesbron.com"
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (HbtInstObj) - http://installs.hotbar.com/installs/hbtool...ams/hbtools.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 9665 bytes




Which line items i have to remove/

Thanks.

Edited by Orange Blossom, 06 April 2009 - 10:12 PM.
Deactivate link by putting in code box. ~ OB


BC AdBot (Login to Remove)

 


#2 Alisampras

Alisampras
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 06 April 2009 - 10:04 PM

Request to case closure.

Thanks.

#3 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:48 PM

Posted 06 April 2009 - 10:08 PM

This topic is closed.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users