Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


so many adwares checked by hijack this, chck my log file

  • Please log in to reply
1 reply to this topic



  • Members
  • 1 posts
  • Local time:10:02 PM

Posted 11 January 2010 - 01:35 PM

hi there,
i m not a professional, so i need a little help from u guys,
i m using xp sp3, my downloading speed is enough for me, but surfing s...ks, plz help me out, i've tried hijack this, and the log file is as

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:44 PM, on 1/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\_hijackthis.exe

O1 - Hosts: msnfix.changelog.fr
O1 - Hosts: www.incodesolutions.com
O1 - Hosts: virusinfo.prevx.com
O1 - Hosts: download.bleepingcomputer.com
O1 - Hosts: www.dazhizhu.cn
O1 - Hosts: foro.noticias3d.com
O1 - Hosts: www.spybotupdates.com
O1 - Hosts: club.myce.com
O1 - Hosts: www.k7computing.com
O1 - Hosts: www.nabble.com
O1 - Hosts: lurker.clamav.net
O1 - Hosts: lexikon.ikarus.at
O1 - Hosts: research.sunbelt-software.com
O1 - Hosts: www.virusdoctor.jp
O1 - Hosts: www.elitepvpers.de
O1 - Hosts: guru.avg.com
O1 - Hosts: downloads.sophos.com
O1 - Hosts: share.skype.com
O1 - Hosts: myantispyware.com
O1 - Hosts: www.superuser.co.kr
O1 - Hosts: ntfaq.co.kr
O1 - Hosts: v.dreamwiz.com
O1 - Hosts: cit.kookmin.ac.kr
O1 - Hosts: forums.whatthetech.com
O1 - Hosts: forum.hijackthis.de
O1 - Hosts: avg.vo.llnwd.net
O1 - Hosts: ftp.drweb.com
O1 - Hosts: www.zonealarm.com
O1 - Hosts: smadaver.com
O1 - Hosts: www.huaifai.go.th
O1 - Hosts: www.mostz.com
O1 - Hosts: www.krupunmai.com
O1 - Hosts: www.cddchiangmai.net
O1 - Hosts: forum.malekal.com
O1 - Hosts: tech.pantip.com
O1 - Hosts: sapcupgrades.com
O1 - Hosts: www.elguruinformatico.com
O1 - Hosts: forums.avg.com
O1 - Hosts: zastita.com
O1 - Hosts: www.247fixes.com
O1 - Hosts: forum.sysinternals.com
O1 - Hosts: forum.telecharger.01net.com
O1 - Hosts: foros.softonic.com
O1 - Hosts: avast-home.uptodown.com
O1 - Hosts: dr-web-cureit.softonic.com
O1 - Hosts: heavenward.ru
O1 - Hosts: forum.smadav.net
O1 - Hosts: www.chkrootkit.org
O1 - Hosts: diamondcs.com.au
O1 - Hosts: www.rootkit.nl
O1 - Hosts: www.sysinternals.com
O1 - Hosts: z-oleg.com
O1 - Hosts: espanol.dir.groups.yahoo.com
O1 - Hosts: ftp01net.telechargement.fr
O1 - Hosts: modelayu.com
O1 - Hosts: vaksin.com
O1 - Hosts: www.castlecrops.com
O1 - Hosts: www.misec.net
O1 - Hosts: safecomputing.umn.edu
O1 - Hosts: www.antirootkit.com
O1 - Hosts: www.greatis.com
O1 - Hosts: ar.answers.yahoo.com
O1 - Hosts: www.elhacker.org
O1 - Hosts: research.pandasecurity.com
O1 - Hosts: www.tpu.ro
O1 - Hosts: www.pinoyden.com
O1 - Hosts: www.rootkit.com
O1 - Hosts: www.pctools.com
O1 - Hosts: www.pcsupportadvisor.com
O1 - Hosts: www.resplendence.com
O1 - Hosts: www.personal.psu.edu
O1 - Hosts: foro.ethek.com
O1 - Hosts: foro.elhacker.net
O1 - Hosts: download.zonealarm.com
O1 - Hosts: spywarehammer.com
O1 - Hosts: vil.nail.com
O1 - Hosts: search.mcafee.com
O1 - Hosts: wwww.mcafee.com
O1 - Hosts: download.nai.com
O1 - Hosts: wwww.experts-exchange.com
O1 - Hosts: www.bakunos.com
O1 - Hosts: www.darkclockers.com
O1 - Hosts: www2.gmer.net
O1 - Hosts: ariefew.com
O1 - Hosts: www.emsisoft.com
O1 - Hosts: www.Merijn.org
O1 - Hosts: www.spywareinfo.com
O1 - Hosts: www.spybot.info
O1 - Hosts: www.hijackthis.de
O1 - Hosts: ftp.f-secure.com
O1 - Hosts: forum.kaspersky.com
O1 - Hosts: es.trendmicro-europe.com
O1 - Hosts: www.hvaonline.net
O1 - Hosts: forum.lowyat.net
O1 - Hosts: majorgeeks.com
O1 - Hosts: www.virustotal.com
O1 - Hosts: linhadefensiva.uol.com.br
O1 - Hosts: cmmings.cn
O1 - Hosts: www.sergiwa.com
O1 - Hosts: www.el-hacker.com
O1 - Hosts: dl2.agnitum.com
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FLASHGET\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MS Virtual CLS] C:\WINDOWS\system32\msvmcls64.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8DF10F5-DA5D-4343-9203-CC50671CC9A8}: NameServer =,
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

End of file - 10308 bytes

Edit: Moved topic from XP to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)


#2 Tomk_


    Malware Eradicator

  • Malware Response Team
  • 686 posts
  • Local time:10:02 AM

Posted 16 January 2010 - 07:25 PM


Welcome to Bleeping Computers

My name is Tomk_. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

I apologize for the delay in response. We get overwhelmed at times but we are trying our best to keep up.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean


Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot (shut down your computer then restart it).

Also please describe how your computer behaves at the moment.

Posted Image

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users