Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

red flag


  • Please log in to reply
9 replies to this topic

#1 lkabl

lkabl

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 17 November 2009 - 06:20 PM

I was told by a techy friend of mine that there were somethings in my hijack log that were giving him some red flags, could anyone take a look at them? they might be the cause for so much distress in my computer's speed and unable to pretty much run anything well.


Thanks, Kab.

Attached Files


Edited by lkabl, 17 November 2009 - 06:49 PM.


BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:45 AM

Posted 18 November 2009 - 04:49 AM

Hi,

Please uninstall the Ask Toolbar since this one is not recommended.
Then, * Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.
  • Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 lkabl

lkabl
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 18 November 2009 - 05:12 PM

Here they are

Attached Files



#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:45 AM

Posted 19 November 2009 - 01:43 AM

Hi,

Go to start > controlpanel > software > add/remove programs and look if you have one or more of next programs installed and uninstall them:

3wPlayer
Anti-Leech
Bitgrabber
BitRoll
Bitdownload
Browser Enhancer
CiD Help
CiD Manager
DivoCodec version X.X.X.X (X are numbers)
DivoPlayer version X.X.X.X (X are numbers)
DomPlayer
Download Plugin for Internet Explorer
Get-Torrent version X.X.X.X (X are numbers)
KitPlayer
Lop.com
LOP SEARCH
Messenger Plus! Live & Sponsor (CiD)
Messenger Plus or Messenger Plus and Client
Netpumper
Search Plugin
Torrent101
TorrentQ
TorrentSpeeder version X.X.X.X (X are numbers)
Ultimate Browser Enhancer
Window Search
Window Searching
WinZix
W3player
Zone Media


This because they are bundled with the malware you are dealing with (swizzor aka lop).

This will uninstall the malware application.
In case, during uninstall, when asked for the uninstall Verification, please enter the numbers that will appear in the window.
In case it says that the file was not found, doublecheck again if you entered the exact command. If still the same, proceed with next steps.


In case you can't find them,

* Go to start > run and copy and paste next command below in the field:
(Please make sure you copy and paste it exactly as you'll find below)

"C:\DOCUME~1\OWNER~1.FAM\APPLIC~1\BROWSE~1\BallDaleFirst.exe" -uninstall

Hit enter.

Then,

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 74.125.19.147 hechoenperu.net
O1 - Hosts: 74.125.19.147 www.hechoenperu.net
O1 - Hosts: 74.125.19.147 http://hechoenperu.net
O1 - Hosts: 74.125.19.147 http://www.hechoenperu.net/index.php
O1 - Hosts: 74.125.19.147 portablessa.com
O1 - Hosts: 74.125.19.147 www.portablessa.com
O1 - Hosts: 74.125.19.147 http://portablessa.com
O1 - Hosts: 74.125.19.147 http://www.portablessa.com
O2 - BHO: (no name) - {1721C93A-63EB-46BF-9DF3-E312C43725D4} - (no file)
O2 - BHO: (no name) - {479B127A-EE1D-4FAC-B21E-0E4E17E6E6D0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {7FE1CB59-3A2C-4102-B942-4FE58246A333} - (no file)
O2 - BHO: (no name) - {A41F82E2-03F1-45FB-BEDB-1C0F748E2C9A} - (no file)
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [SymLnch] C:\DOCUME~1\OWNER~1.FAM\LOCALS~1\Temp\LnchStub.exe
O4 - HKCU\..\Run: [UserFive] C:\DOCUME~1\OWNER~1.FAM\APPLIC~1\BROWSE~1\BallDaleFirst.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/OWNER~1.FAM/LOCALS~1/Temp/msoclip1/01/clip_image002.jpg


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Then reboot. Important!

After reboot,

* Download Deljob.exe and save it on your desktop.
Doubleclick Deljob.exe.

A log, (logit.txt) should open afterwards. This log will be present on your desktop
Post the contents of the logfile in your next reply together with a new Hijackthislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 lkabl

lkabl
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 19 November 2009 - 04:09 PM

Here they are, thanks.

Attached Files



#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:45 AM

Posted 19 November 2009 - 04:19 PM

Hi,

Check and fix next entry in HIjackThis as well:

O4 - Startup: JavaUpdater.jar

Then,
Please set your system to show all files.
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Navigate to and delete the following folders:

C:\Documents and Settings\Owner.familyroom2006\Application Data\browsemapisize
C:\Documents and Settings\All Users\Application Data\Aim stop wma bias
C:\Documents and Settings\All Users\Application Data\dog bags web logo

Please hide your hidden files and folders afterwards again, when we are done with this thread and your problems are solved, because above instructions to set your system to show all files, unhide legit files and folders as well.
And I don't want you to delete them because they may look suspicious. To hide them again, just perform the above instructions in the opposite way.


Let me know in your next reply how things are now....
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 lkabl

lkabl
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 19 November 2009 - 05:47 PM

Things seem to be a bit faster, but the main issue for me and the reason i came here is because i was having trouble playing the game at this site http://www.battlefieldheroes.com/, everytime i try to connect it says Error 1001 unable to connect, i was told by a moderator there that it was a DNS problem, i was not able to connect to there servers. We have been trying to solve it for 2 weeks now and one of the many solutions we are trying was to post my HJT log on Bleeping computer because he saw some stuff that thought might interfere.

Anyway, thanks alot, if you notice anything you think could interfere with such a program let me know.

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:45 AM

Posted 19 November 2009 - 05:55 PM

Hi,

Have you already tried to disable your Norton and see if that works?
In either way, I suggest that you ask your question on their forums as they are familiar with all these errors and know what may cause this:
http://www.battlefieldheroes.com/forum/index.php
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 lkabl

lkabl
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 19 November 2009 - 07:25 PM

I tried alot of stuff and had one of there moderators discuss with me over the past 2 weeks with many solutions suggested. That was teh first.

If there is anything you think might interfere with me connecting to there server, please let me know :] thanks.

#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:45 AM

Posted 20 November 2009 - 02:13 AM

Hi,

As I said, have you already tried to disable Norton and see if that works?
Also, if I were you, I would uninstall Achorfree Hotspot shield as it may be a cause as well.
I don't really recommend Hotspot shield anyway because it changes the search function in the browser, and puts advertising in the top of web pages.
Reboot after uninstall.

Also, see here related with punkbuster: http://activision.custhelp.com/cgi-bin/act...amp;p_topview=1
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users