Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer infected?-post my hijackthis log


  • This topic is locked This topic is locked
2 replies to this topic

#1 que609

que609

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:14 AM

Posted 26 June 2012 - 12:28 PM

My computer is acting like it has a virus or malware. My mouse takes on a life of it's own, computer runs slow, my entries get redirected. This happened about 1 1/2 years ago and then crashed. Smart neighbor brought it back to life.

I have a Dell pc, running Windows XP with Service Pack 3. I know it's old but I need to use it until end of year.

I ran the Microsoft security scans, ran the Microsoft web site tool, virus and malware scans and I can't find anything.

I spoke to a Microsoft tech and he said my logs show I'm on the brink of a crash but couldn't help me without a large sum of money.

I downloaded HiJackThis and would like to post my log for you to look over.

Also, just now I realized there was a Games icon on my desktop. I didn't download it and I don't know how it got on my computer.

The address is:

hxxp://dl.freeze.com/Download/index.aspx?s=games&c=738400&SessionId=4acc405f-66e6-48c6-9443-b0fe4c7c7faf&BrowserMapId=1980&fn=games

Anyone know of this? I appreciate any help you can give me.

Thank you.

Edited by SweetTech, 27 June 2012 - 08:21 AM.
disabled live link.-ST


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:14 AM

Posted 01 July 2012 - 07:57 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Disable Microsoft Windows Defender:

We need to disable your Microsoft Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
  • Open Microsoft Windows Defender. Click Start, Programs, Windows Defender
  • Click on Tools, General Settings.
  • Under Real-time protection options, unselect the Turn on real-time protection check box
  • Click Save

After all of the fixes are complete it is very important that you enable Real-time Protection again.
===

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

R3 - URLSearchHook: NetAssistant - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll
R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: NetAssistantBHO - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O23 - Service: Coupon AlertService (CouponAlert_2pService) - Unknown owner - C:\PROGRA~1\COUPON~2\bar\1.bin\2pbarsvc.exe (file missing)



Click on Fix Checked when finished and exit HijackThis.
===

Delete this folder in bold.
C:\Program Files\Freeze.com\
===

Please run Notepad and copy the following text into a new file:

sc config CouponAlert_2pService start= disabled
sc stop CouponAlert_2pService
sc delete CouponAlert_2pService


Save the file to the desktop as remove.bat and make sure the "Save as type" field says "All files". Locate remove.bat on the Desktop and double-click on it to run it. A DOS box will open and close, that is normal.
If any errors errors encountered please post.
When done you can delete the remove.bat file.
===

Restart the computer normally.


Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs and let me know what problem persists.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:14 AM

Posted 08 July 2012 - 10:30 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users