Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adware Problem Please Help


  • This topic is locked This topic is locked
2 replies to this topic

#1 saravanan

saravanan

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 04 July 2006 - 07:50 AM

Logfile of HijackThis v1.99.1
Scan saved at 5:19:58 PM, on 7/3/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\U2FyYXZhbmFuLkEuVg\command.exe
c:\dfndrb_3.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\taskshed.exe
C:\Program Files\HijackThis\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Microsoft Configure] msconfigures.exe
O4 - HKLM\..\Run: [keyboard] c:\\kybrdb_3.exe
O4 - HKLM\..\Run: [defender] c:\\dfndrb_3.exe
O4 - HKLM\..\RunServices: [Microsoft Configure] msconfigures.exe
O4 - HKCU\..\Run: [Microsoft Configure] msconfigures.exe
O4 - HKCU\..\RunServices: [Microsoft Configure] msconfigures.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1151666262999
O17 - HKLM\System\CCS\Services\Tcpip\..\{18AEDB43-E05E-4DD2-8B92-46889198D02F}: NameServer = 202.9.145.6,202.9.145.7
O17 - HKLM\System\CS1\Services\Tcpip\..\{18AEDB43-E05E-4DD2-8B92-46889198D02F}: NameServer = 202.9.145.6,202.9.145.7
O17 - HKLM\System\CS2\Services\Tcpip\..\{18AEDB43-E05E-4DD2-8B92-46889198D02F}: NameServer = 202.9.145.6,202.9.145.7
O20 - Winlogon Notify: policies - C:\WINDOWS\system32\ir08l5du1.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U2FyYXZhbmFuLkEuVg\command.exe
O23 - Service: TskScheduler - Unknown owner - C:\WINDOWS\taskshed.exe

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:11:09 PM

Posted 05 July 2006 - 04:22 PM

Hello there,

It looks to me as though you have been slightly trigger happy here - I may be wrong but I suspect you have already run Hijackthis and fixed everything already :thumbsup:

Any reason why your windows isn't up to date? You don't have even ServicePack1 installed!
Remember that your system is extremely vulnerable without the necessary security patches/updates, so malware can get installed automatically while surfing without any problems.
Please visit http://www.microsoft.com/windowsxp/downloa...p1/network.mspx and update to Service Pack 1. Without this update, you're wide open to re-infection, and we're both just wasting our time.
When your system is clean afterwards, then update to SP2, because updating to SP2 CAN cause problems as long as you are infected.

You are missing one important program on that computer: An antivirus.
This is somewhat suicidal in today's digital world.
You need to install an antivirus program as soon as you can and run a complete scan of the computer.
AVG, Avira OR Avast are good FREE antivirus.
Never install more than one antivirusscanner or firewall on your system! Several together can give problems and decrease the reliability of it seriously!
Zonealarm, Agnitum Outpost Free OR Kerio are FREE firewalls.
Understanding and using firewalls

Please let me know how it goes and post a new Hijackthis log at the end.
David

#3 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:11:09 PM

Posted 04 August 2006 - 03:59 AM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending me
a PM with the address of the thread using the link here. This applies only to the original topic starter.

Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users