Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DDS freezing computer HJT log included instead


  • This topic is locked This topic is locked
3 replies to this topic

#1 Luciachan

Luciachan

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:36 PM

Posted 13 May 2014 - 03:44 PM

ILogfile of Trend Micro HijackThis v2.0.5
Scan saved at 4:32:01 PM, on 5/13/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)


Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\PremierOpinion\pmropn.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe
C:\PROGRA~1\SearchProtect\SearchProtect\bin\cltmng.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\SearchProtect\UI\bin\cltmngui.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\END_USER\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?gd=&ctid=CT3324468&octid=EB_ORIGINAL_CTID&ISID=M3A1EC8E0-2B1D-4ED4-B2B0-6F571DBA21DC&SearchSource=55&CUI=&UM=5&UP=SPD5539B83-95CE-4034-AB80-BE6617690ECD&SSPV=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=file_14_19_ch&cd=2XzuyEtN2Y1L1QzutDtDtCtCtByDyEtA0A0C0A0DtDyDzz0BtN0D0Tzu0SzzyCtBtN1L2XzutBtFtBtDtFzytFtBtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2SyE0E0AyB0E0A0E0CtG0B0B0AtBtG0CyDtA0FtGyEzy0CtAtGtByD0BtDyEzz0E0AzztB0CyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzyzy0ByB0CyByBtGzy0F0E0DtGzyyD0F0BtGyDyE0AyCtGyCtDtBtBzz0DyEyDzyyByCzy2Q&cr=1458230356&ir=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>
R3 - URLSearchHook: (no name) - {93a3111f-4f74-4ed8-895e-d9708497629e} - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll (file missing)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: CostMin - {A219D750-20AB-8CEB-D3C8-47F161ECE593} - C:\Program Files\CostMin\q50P.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: webget - {dc264a72-fa75-4948-b881-ea8eff8e5dd2} - C:\Program Files\webget\webgetbho.dll (file missing)
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AppsHat] C:\Documents and Settings\END_USER\Local Settings\Application Data\WebPlayer\AppsHat\WebPlayer.exe
O4 - HKCU\..\Run: [fastclean] "C:\Program Files\FastClean PRO\fastcleanpro.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &Search - http://buttons.videodownloadconverter.com/one-toolbaredits/menusearch.jhtml?s=205320000&p2=^HJ^xdm019^YYA^ca&si=pconvIE&a=95631A71-ABC8-4EB9-9E62-AE2E629A4246&n=2013092417&cv=1
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1353098755981
O17 - HKLM\System\CCS\Services\Tcpip\..\{01691019-5A60-4D67-B394-6C3D0F279F6A}: NameServer = 24.226.1.93,24.226.10.193
O17 - HKLM\System\CS1\Services\Tcpip\..\{01691019-5A60-4D67-B394-6C3D0F279F6A}: NameServer = 24.226.1.93,24.226.10.193
O17 - HKLM\System\CS2\Services\Tcpip\..\{01691019-5A60-4D67-B394-6C3D0F279F6A}: NameServer = 24.226.1.93,24.226.10.193
O20 - AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
O20 - Winlogon Notify: PremierOpinion - C:\WINDOWS\system32\pmls.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Search Protect Service (CltMngSvc) - Client Connect LTD - C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Lenovo PM Service (IBMPMSVC) - Lenovo. - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Util sizlsearch - Unknown owner - C:\Program Files\sizlsearch\bin\utilsizlsearch.exe (file missing)

--
End of file - 6694 bytes
can access the Internet over wifi even though it says it's connected and there is a strange icon in the notification bar a red flag that when you hover over says pc status: at risk. I've run malwarebytes bytes, super anti spyware and Norman malware, all found things and fixed them but isn't fixing the initial issue. Hardwiring Internet to laptop works fine.
When I ran DDS it just froze the whole computer after 30 seconds so I got an HJT log, I do know it's now outdated but was the only option I had

BC AdBot (Login to Remove)

 


#2 Luciachan

Luciachan
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:36 PM

Posted 13 May 2014 - 03:47 PM

Sorry that's can't access Internet over wifi, I'm posting from my phone and don't seem to have an edit post option

#3 Luciachan

Luciachan
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:36 PM

Posted 14 May 2014 - 01:15 AM

Apologies, I ended up posting 2 different topics if anyone can delete this one would be greatly appreciated



#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:36 PM

Posted 16 May 2014 - 03:29 PM

OK, got help from here: http://www.bleepingcomputer.com/forums/t/534272/help-cant-access-internet-over-wifi-and-multiple-malware-concerns/#entry3368536

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users