Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

so many adwares checked by hijack this, chck my log file


  • Please log in to reply
1 reply to this topic

#1 HELP MASK

HELP MASK

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 11 January 2010 - 01:35 PM

hi there,
i m not a professional, so i need a little help from u guys,
i m using xp sp3, my downloading speed is enough for me, but surfing s...ks, plz help me out, i've tried hijack this, and the log file is as



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:44 PM, on 1/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\M@$K\LOCALS~1\Temp\auton.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\_hijackthis.exe

O1 - Hosts: 74.125.19.147 msnfix.changelog.fr
O1 - Hosts: 74.125.19.147 www.incodesolutions.com
O1 - Hosts: 74.125.19.147 virusinfo.prevx.com
O1 - Hosts: 74.125.19.147 download.bleepingcomputer.com
O1 - Hosts: 74.125.19.147 www.dazhizhu.cn
O1 - Hosts: 74.125.19.147 foro.noticias3d.com
O1 - Hosts: 74.125.19.147 www.spybotupdates.com
O1 - Hosts: 74.125.19.147 club.myce.com
O1 - Hosts: 74.125.19.147 www.k7computing.com
O1 - Hosts: 74.125.19.147 www.nabble.com
O1 - Hosts: 74.125.19.147 lurker.clamav.net
O1 - Hosts: 74.125.19.147 lexikon.ikarus.at
O1 - Hosts: 74.125.19.147 research.sunbelt-software.com
O1 - Hosts: 74.125.19.147 www.virusdoctor.jp
O1 - Hosts: 74.125.19.147 www.elitepvpers.de
O1 - Hosts: 74.125.19.147 guru.avg.com
O1 - Hosts: 74.125.19.147 downloads.sophos.com
O1 - Hosts: 74.125.19.147 share.skype.com
O1 - Hosts: 74.125.19.147 myantispyware.com
O1 - Hosts: 74.125.19.147 www.superuser.co.kr
O1 - Hosts: 74.125.19.147 ntfaq.co.kr
O1 - Hosts: 74.125.19.147 v.dreamwiz.com
O1 - Hosts: 74.125.19.147 cit.kookmin.ac.kr
O1 - Hosts: 74.125.19.147 forums.whatthetech.com
O1 - Hosts: 74.125.19.147 forum.hijackthis.de
O1 - Hosts: 74.125.19.147 avg.vo.llnwd.net
O1 - Hosts: 74.125.19.147 ftp.drweb.com
O1 - Hosts: 74.125.19.147 www.zonealarm.com
O1 - Hosts: 74.125.19.147 smadaver.com
O1 - Hosts: 74.125.19.147 www.huaifai.go.th
O1 - Hosts: 74.125.19.147 www.mostz.com
O1 - Hosts: 74.125.19.147 www.krupunmai.com
O1 - Hosts: 74.125.19.147 www.cddchiangmai.net
O1 - Hosts: 74.125.19.147 forum.malekal.com
O1 - Hosts: 74.125.19.147 tech.pantip.com
O1 - Hosts: 74.125.19.147 sapcupgrades.com
O1 - Hosts: 74.125.19.147 www.elguruinformatico.com
O1 - Hosts: 74.125.19.147 forums.avg.com
O1 - Hosts: 74.125.19.147 zastita.com
O1 - Hosts: 74.125.19.147 www.247fixes.com
O1 - Hosts: 74.125.19.147 forum.sysinternals.com
O1 - Hosts: 74.125.19.147 forum.telecharger.01net.com
O1 - Hosts: 74.125.19.147 foros.softonic.com
O1 - Hosts: 74.125.19.147 avast-home.uptodown.com
O1 - Hosts: 74.125.19.147 dr-web-cureit.softonic.com
O1 - Hosts: 74.125.19.147 heavenward.ru
O1 - Hosts: 74.125.19.147 forum.smadav.net
O1 - Hosts: 74.125.19.147 www.chkrootkit.org
O1 - Hosts: 74.125.19.147 diamondcs.com.au
O1 - Hosts: 74.125.19.147 www.rootkit.nl
O1 - Hosts: 74.125.19.147 www.sysinternals.com
O1 - Hosts: 74.125.19.147 z-oleg.com
O1 - Hosts: 74.125.19.147 espanol.dir.groups.yahoo.com
O1 - Hosts: 74.125.19.147 ftp01net.telechargement.fr
O1 - Hosts: 74.125.19.147 modelayu.com
O1 - Hosts: 74.125.19.147 vaksin.com
O1 - Hosts: 74.125.19.147 www.castlecrops.com
O1 - Hosts: 74.125.19.147 www.misec.net
O1 - Hosts: 74.125.19.147 safecomputing.umn.edu
O1 - Hosts: 74.125.19.147 www.antirootkit.com
O1 - Hosts: 74.125.19.147 www.greatis.com
O1 - Hosts: 74.125.19.147 ar.answers.yahoo.com
O1 - Hosts: 74.125.19.147 www.elhacker.org
O1 - Hosts: 74.125.19.147 research.pandasecurity.com
O1 - Hosts: 74.125.19.147 www.tpu.ro
O1 - Hosts: 74.125.19.147 www.pinoyden.com
O1 - Hosts: 74.125.19.147 www.rootkit.com
O1 - Hosts: 74.125.19.147 www.pctools.com
O1 - Hosts: 74.125.19.147 www.pcsupportadvisor.com
O1 - Hosts: 74.125.19.147 www.resplendence.com
O1 - Hosts: 74.125.19.147 www.personal.psu.edu
O1 - Hosts: 74.125.19.147 foro.ethek.com
O1 - Hosts: 74.125.19.147 foro.elhacker.net
O1 - Hosts: 74.125.19.147 download.zonealarm.com
O1 - Hosts: 74.125.19.147 spywarehammer.com
O1 - Hosts: 74.125.19.147 vil.nail.com
O1 - Hosts: 74.125.19.147 search.mcafee.com
O1 - Hosts: 74.125.19.147 wwww.mcafee.com
O1 - Hosts: 74.125.19.147 download.nai.com
O1 - Hosts: 74.125.19.147 wwww.experts-exchange.com
O1 - Hosts: 74.125.19.147 www.bakunos.com
O1 - Hosts: 74.125.19.147 www.darkclockers.com
O1 - Hosts: 74.125.19.147 www2.gmer.net
O1 - Hosts: 74.125.19.147 ariefew.com
O1 - Hosts: 74.125.19.147 www.emsisoft.com
O1 - Hosts: 74.125.19.147 www.Merijn.org
O1 - Hosts: 74.125.19.147 www.spywareinfo.com
O1 - Hosts: 74.125.19.147 www.spybot.info
O1 - Hosts: 74.125.19.147 www.hijackthis.de
O1 - Hosts: 74.125.19.147 ftp.f-secure.com
O1 - Hosts: 74.125.19.147 forum.kaspersky.com
O1 - Hosts: 74.125.19.147 es.trendmicro-europe.com
O1 - Hosts: 74.125.19.147 www.hvaonline.net
O1 - Hosts: 74.125.19.147 forum.lowyat.net
O1 - Hosts: 74.125.19.147 majorgeeks.com
O1 - Hosts: 74.125.19.147 www.virustotal.com
O1 - Hosts: 74.125.19.147 linhadefensiva.uol.com.br
O1 - Hosts: 74.125.19.147 cmmings.cn
O1 - Hosts: 74.125.19.147 www.sergiwa.com
O1 - Hosts: 74.125.19.147 www.el-hacker.com
O1 - Hosts: 74.125.19.147 dl2.agnitum.com
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FLASHGET\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MS Virtual CLS] C:\WINDOWS\system32\msvmcls64.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8DF10F5-DA5D-4343-9203-CC50671CC9A8}: NameServer = 203.99.163.243,203.99.163.240
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 10308 bytes

Edit: Moved topic from XP to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 Tomk_

Tomk_

    Malware Eradicator


  • Malware Response Team
  • 686 posts
  • OFFLINE
  •  
  • Local time:03:08 PM

Posted 16 January 2010 - 07:25 PM

Hi HELP MASK,

Welcome to Bleeping Computers

My name is Tomk_. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

I apologize for the delay in response. We get overwhelmed at times but we are trying our best to keep up.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean

Then

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot (shut down your computer then restart it).

Also please describe how your computer behaves at the moment.


Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users