Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hijackthis log with alot of bleep on it!


  • Please log in to reply
3 replies to this topic

#1 macphisto

macphisto

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 22 June 2005 - 06:12 PM

Here is a copy of my hijackthis log. many thanks to the people who could give advice on what to get rid of and how to rid myself of it.

Logfile of HijackThis v1.99.1
Scan saved at 7:09:00 PM, on 6/22/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\security\FireDaemon.exe
C:\WINDOWS\security\FireDaemon.exe
C:\WINDOWS\security\msagent.exe
C:\WINDOWS\security\netclient.exe
C:\WINDOWS\security\FireDaemon.exe
C:\WINDOWS\security\winsecure.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\program files\tvs\tvs_b.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\hnetwiz.exe
C:\WINDOWS\system\dfbpb.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\System32\gpkmeng.exe
C:\WINDOWS\System32\hli2c.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Java\jre1.5.0_02\bin\javaw.exe
C:\Program Files\Cas\Client\casclient.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\HijackThis1991.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O4 - HKLM\..\Run: [TVS_B] C:\program files\tvs\tvs_b.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PSof1] C:\WINDOWS\System32\PSof1.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [exp] C:\WINDOWS\System32\exp
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
O4 - HKLM\..\Run: [o3nj38O] hli2c.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [WeirdOnTheWeb] "C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe"
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitelvx32.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [hnetwiz] C:\WINDOWS\System32\hnetwiz.exe
O4 - HKCU\..\Run: [Z04tRUi3S] gpkmeng.exe
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O4 - HKCU\..\Run: [180ClientStubInstall] "C:\temp\stubinstaller6480.exe"
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O10 - Unknown file in Winsock LSP: c:\program files\trackzapper.com\tz spyware-remover\apptoport.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/17cd11955630e0...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1118935222788
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\Cas\Client\casmf.dll
O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\dsvx_xx11.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbtcoms.exe
O23 - Service: FireDaemon Service: msagent (msagent) - Sublime Solutions Pty Ltd - C:\WINDOWS\security\FireDaemon.exe
O23 - Service: FireDaemon Service: netclient (netclient) - Sublime Solutions Pty Ltd - C:\WINDOWS\security\FireDaemon.exe
O23 - Service: FireDaemon Service: winsecure (winsecure) - Sublime Solutions Pty Ltd - C:\WINDOWS\security\FireDaemon.exe

thank you

BC AdBot (Login to Remove)

 


#2 macphisto

macphisto
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 22 June 2005 - 09:25 PM

I don't know what to do am at my wits end. I have used cwshredder and spybot and adaware and kill2me but still have problems. cwshredder keeps telling me vx2.look2me has been be found and fixed, but it keeps appearing everytime I run cwshredder.

If you have any suggestions, I would greatly appreciate it.

#3 macphisto

macphisto
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 23 June 2005 - 09:44 AM

Ok i have done afew things to improve my plight. however I still have popups from time to time. I think it is look2me, because cwshredder always says that it is removed when I run cwshredder. Here is my updated hijackthis log, any help is greatly appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 7:32:49 AM, on 6/23/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\security\FireDaemon.exe
C:\WINDOWS\security\FireDaemon.exe
C:\WINDOWS\security\msagent.exe
C:\WINDOWS\security\netclient.exe
C:\WINDOWS\security\FireDaemon.exe
C:\WINDOWS\security\winsecure.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system\hjfqfcbrig.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\hijachthis\HijackThis1991.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.usachoice.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitelvx32.exe
O4 - HKLM\..\Run: [RWCProxy] C:\Program Files\R-Wipe&Clean\RWipeRun.exe /DELETESWPCFG
O4 - HKCU\..\Run: [RWCSwpRem] C:\Program Files\R-Wipe&Clean\RWipeRun.exe /DELETESWAPFILES
O10 - Unknown file in Winsock LSP: c:\program files\trackzapper.com\tz spyware-remover\apptoport.dll
O20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\lv2209foe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CWShredder Service - InterMute, Inc. - D:\cwshredder.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbtcoms.exe
O23 - Service: FireDaemon Service: msagent (msagent) - Sublime Solutions Pty Ltd - C:\WINDOWS\security\FireDaemon.exe
O23 - Service: FireDaemon Service: netclient (netclient) - Sublime Solutions Pty Ltd - C:\WINDOWS\security\FireDaemon.exe
O23 - Service: FireDaemon Service: winsecure (winsecure) - Sublime Solutions Pty Ltd - C:\WINDOWS\security\FireDaemon.exe

#4 QuietFusion

QuietFusion

    Got Malware?


  • Members
  • 264 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 24 June 2005 - 03:40 PM

Nice work mate!

Lets see if you have L2M here

http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users