Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log


  • This topic is locked This topic is locked
2 replies to this topic

#1 coldfire1

coldfire1

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 02 August 2010 - 11:49 PM

Hello, everyone!

I hope someone can help with this. I constantly have these 4 items showing in my HijackThis Log that appear to be registry items that seem to be negatively affecting my computer. This has been happening for the past 2 or three days, after my son was doing google searches for online game cheats/tips. I may have gone overboard in downloading free versions of reputable antivirus/anti malware software, but none of them seem to remove these 4 items.

Also, my AVAST! (free version) suddenly started going haywire after I downloaded and tried "HOUSECALL" by Trend Micro, I think. I stopped it in the middle of the free scan because the real-time "file system shield" of AVAST! will give me 51 pop-ups in a row saying that a virus has been detected and blocked--then start all over again. Now it's this way all the time and I've had to turn off the "Real time shields" feature today, so that I can perform other tasks in peace.

Also, my Ad-Aware "Ad watch live!" Alert is consistently giving me a pop-up that "Ad watch live! has blocked SVCHOST.EXE from connecting to a malicious site on the internet." I tried to jot down the IP Address for you, but I was not fast enough--I can do it the next time the pop-up appears!

So...a real cornucopia of problems, it would seem. Can anyone help?

Thank you!


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:20:37 AM, on 8/3/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Trend Micro\Browser Guard 2010\BGUI.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\Browser Guard 2010\tmiegsrv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: TMIEGBHO - {F1AD4A42-BA52-47BC-89DF-3F68F24C017F} - C:\Program Files\Trend Micro\Browser Guard 2010\TMAMS.dll
O3 - Toolbar: TMBGBAR TOOLBAR - {C8137A8D-415D-450C-A1B1-D0C519D45296} - C:\Program Files\Trend Micro\Browser Guard 2010\tmeig.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Trend Micro Browser Guard v2.0 Beta] "C:\Program Files\Trend Micro\Browser Guard 2010\BGUI.EXE"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [qomljgsys] rundll32.exe "vtustt.dll",s
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [wvwwursys] rundll32.exe "vtustt.dll",s (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [wvwwursys] rundll32.exe "vtustt.dll",s (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{234C353E-EB8C-4554-BE1E-4D36D52DF6D1}: NameServer = 207.164.234.193 207.164.234.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{234C353E-EB8C-4554-BE1E-4D36D52DF6D1}: NameServer = 207.164.234.193 207.164.234.129
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 4359 bytes

BC AdBot (Login to Remove)

 


#2 coldfire1

coldfire1
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 08 August 2010 - 09:11 PM

Never mind. My request for help was completely ignored, anyway. Thanks for nothing.

Updated on Aug 09, 2010: I've elected to add an edit to my 2nd post, to avoid further "bumping" or confusion--I hope this is not considered to be in poor form or bending some forum rule, etc. I just wanted anyone who reads this to be aware that I've repaired any problems that I reported in my original post and have successfully restored my computer to it's prior, non-infected/non-compromised condition. I found many of the tips and tutorials here to be most helpful in this regard, and I managed to correct things on my own. I no longer require any assistance. Thank you.

Edited by Orange Blossom, 21 October 2010 - 07:14 PM.
Removed no longer relevant content. ~ OB


#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:37 AM

Posted 11 August 2010 - 07:35 PM

Thanks for letting us know. As Orange Blossom has stated, we do not ignore any topic, sorry we took so long getting to yours but glad that you were able to sort it out.

------------------------------------------------------------------------------------------

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users