Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hi ! Since I Have Some Problems With My Computer ....


  • This topic is locked This topic is locked
8 replies to this topic

#1 maje1710

maje1710

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:02 PM

Posted 25 October 2006 - 07:37 PM

i repost my topic here because i was posting it in the wrong forum ....sorry for that .......

hi ! since i have some problems with my computer .... i would like you to check my hijackthis log please in case you find something strange in it !

Logfile of HijackThis v1.99.1
Scan saved at 8:18:16 PM, on 25/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\heresmylog.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.ca
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: 209.123.109.175 www.broadbandreports.com
O1 - Hosts: 209.132.230.91 www.listgame.com
O1 - Hosts: 216.211.129.2 acomdata.com
O1 - Hosts: 216.92.56.121 www.duxcw.com
O1 - Hosts: 66.94.229.254 www.alltheweb.com
O1 - Hosts: 209.133.53.130 www.annoyances.org
O1 - Hosts: 62.146.66.186 forum.antivir-pe.de
O1 - Hosts: 17.112.152.32 www.apple.com
O1 - Hosts: 17.112.152.32 www.apple.com
O1 - Hosts: 216.113.103.63 www.archambault.ca
O1 - Hosts: 69.31.91.3 astalavista.box.sk
O1 - Hosts: 216.148.234.177 usa.asus.com
O1 - Hosts: 217.22.64.72 www.audiocovers.nl
O1 - Hosts: 204.19.20.53 www.occasionenor.com
O1 - Hosts: 70.87.106.66 www.avast.com
O1 - Hosts: 216.239.122.220 reviews.cnet.com
O1 - Hosts: 217.160.248.33 www.bandwidthplace.com
O1 - Hosts: 83.222.6.245 www.legalsounds.com
O1 - Hosts: 209.202.96.232 www.bestbuy.ca
O1 - Hosts: 209.202.96.232 www.bestbuy.ca
O1 - Hosts: 64.246.48.46 www.bestdownload.net
O1 - Hosts: 69.70.47.231 bibliotheque.ville.longueuil.qc.ca
O1 - Hosts: 198.168.27.3 www.banq.qc.ca
O1 - Hosts: 199.246.67.171 francais.workopolis.com
O1 - Hosts: 213.150.62.120 www.bitdefender.com
O1 - Hosts: 213.150.62.120 www.bitdefender.com
O1 - Hosts: 216.213.19.27 www.bleepingcomputer.com
O1 - Hosts: 24.200.251.24 www.bureauengros.com
O1 - Hosts: 206.47.72.114 canada411.sympatico.ca
O1 - Hosts: 129.33.178.11 www.canadiantire.ca
O1 - Hosts: 207.150.188.11 www.caratulandia.net
O1 - Hosts: 213.186.62.52 www.cartepostalevirtuelle.com
O1 - Hosts: 82.192.86.150 www.sharereactor.com
O1 - Hosts: 82.196.5.71 www.ifrance.com
O1 - Hosts: 209.59.170.10 mega-search.net
O1 - Hosts: 82.192.71.248 www.cd-hoesjes.nl
O1 - Hosts: 212.199.125.55 www.cdcovers.cc
O1 - Hosts: 207.134.67.160 www.radioenergie.com
O1 - Hosts: 64.235.194.162 www.ckoi.com
O1 - Hosts: 72.232.38.94 www.clips4you.nu
O1 - Hosts: 69.51.2.182 www.sengpielaudio.com
O1 - Hosts: 207.44.246.22 forum.digital-digest.com
O1 - Hosts: 170.167.8.7 www.costco.ca
O1 - Hosts: 159.18.53.8 www.purolator.com
O1 - Hosts: 83.149.103.114 covertarget.com
O1 - Hosts: 212.199.125.55 www.cdcovers.cc
O1 - Hosts: 64.92.222.173 www.freecovers.net
O1 - Hosts: 70.85.237.28 www.cucusoft.com
O1 - Hosts: 70.86.79.146 www.2bcalvi.com
O1 - Hosts: 216.55.128.47 www.davidyounker.com
O1 - Hosts: 142.195.192.35 www.desjardins.com
O1 - Hosts: 204.228.150.3 www.computerhope.com
O1 - Hosts: 216.239.122.225 www.download.com
O1 - Hosts: 203.146.127.131 www.songtoday.com
O1 - Hosts: 209.87.181.77 www.hotdownloads.com
O1 - Hosts: 63.116.164.216 driveragent.com
O1 - Hosts: 207.253.8.10 www.dumoulin.ca
O1 - Hosts: 206.83.33.132 www.menv.gouv.qc.ca
O1 - Hosts: 192.197.77.149 emplois.gc.ca
O1 - Hosts: 213.225.83.193 www.five.no
O1 - Hosts: 208.152.64.30 www.epson.com
O1 - Hosts: 69.51.204.253 www.expo-agricole.com
O1 - Hosts: 87.106.4.7 www.mecronome.de
O1 - Hosts: 69.65.100.107 filext.com
O1 - Hosts: 216.191.215.36 216.191.215.36
O1 - Hosts: 65.39.231.201 filmonline.ca
O1 - Hosts: 207.44.216.41 www.flashgames247.com
O1 - Hosts: 66.244.221.238 www.themix.com
O1 - Hosts: 66.152.170.66 www.clean-start.net
O1 - Hosts: 209.197.92.250 www.allfreespot.com
O1 - Hosts: 213.150.62.120 www.bitdefender.com
O1 - Hosts: 66.212.224.244 www.frostys.qc.ca
O1 - Hosts: 66.29.9.69 www.fulldls.com
O1 - Hosts: 24.200.251.34 www.futureshop.ca
O1 - Hosts: 209.73.169.127 www.gamesdomain.com
O1 - Hosts: 72.36.255.202 www.goggleboxtv.com
O1 - Hosts: 198.103.238.30 www.canada.gc.ca
O1 - Hosts: 64.211.45.84 www.all-yours.net
O1 - Hosts: 142.236.154.26 www.jobbank.gc.ca
O1 - Hosts: 207.35.124.101 placement.emploiquebec.net
O1 - Hosts: 216.113.79.100 hebdo.net
O1 - Hosts: 207.253.106.223 horairetele.canoe.com
O1 - Hosts: 65.54.179.248 login.live.com
O1 - Hosts: 67.19.225.212 forum.videohelp.com
O1 - Hosts: 208.101.46.84 www.cybertechhelp.com
O1 - Hosts: 82.165.128.199 www.michaelstevenstech.com
O1 - Hosts: 217.112.42.33 all-streaming-media.com
O1 - Hosts: 216.213.19.27 www.bleepingcomputer.com
O1 - Hosts: 157.254.235.215 www.rca.com
O1 - Hosts: 69.42.87.5 www.icall.com
O1 - Hosts: 195.60.188.40 www.paroles.net
O1 - Hosts: 207.253.86.135 www.inexspacer.com
O1 - Hosts: 70.85.238.43 forums.pcpitstop.com
O1 - Hosts: 207.97.223.202 www.us.infogrames.com
O1 - Hosts: 72.29.70.71 maidenmidi.com
O1 - Hosts: 72.5.124.95 www.java.com
O1 - Hosts: 157.254.235.97 jensen.com
O1 - Hosts: 217.174.215.102 www.jeuxvideo.com
O1 - Hosts: 206.191.20.44 www.jvc.ca
O1 - Hosts: 64.18.66.18 www.lescircuitsval-va.com
O1 - Hosts: 217.174.215.102 www.jeuxvideo.com
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite...vex-2.0.6.0.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1150167590968
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/MsnChat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe


can someone please can tell me why i have a lot of "01-HOST : ....... " in my logs ???? is it normal ???? is this could be the raison why my connection speed is "slow" and "unstable" these days ?

thank you in advance ....

Mark

Edited by maje1710, 25 October 2006 - 07:41 PM.


BC AdBot (Login to Remove)

 


#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 26 October 2006 - 09:48 AM

Hello maje1710, and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.

Please take note of the following:
  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
Please give me some time to look over your log and I will get back to you as soon as possible.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 maje1710

maje1710
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:02 PM

Posted 26 October 2006 - 02:09 PM

Hello Charles, hope to hear from you soon .....

i'm replying like you ask from this thread .

Mark

#4 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 26 October 2006 - 02:57 PM

Hello maje1710, sorry for the delay in getting back to you.

======

Update Java:
  • Go to Start > Control Panel double-click on the Software icon > add/remove programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )

    It should have this icon next to it: Posted Image
    Select it and click Remove.
  • The current version can be downloaded from Sun here: http://java.sun.com/javase/downloads/index.jsp Scroll down the page to 'Java Runtime Environment (JRE) 5.0 Update 9' and press the 'Download' button. On the new web page, click the 'Accept License Agreement' button. Then select 'Windows Offline Installation, Multi-language' in the Windows Platform area just below the Accept button.
======

Please download Hoster from here
Unzip Hoster.zip
Open Hoster.exe
Then click on "Restore Original Hosts"
Close program when complete.

======

Scan again with HijackThis and put a checkmark next to each of the following entries (if present):

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =


Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

======

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
======

Post the Panda log, along with a new HijackThis log.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#5 maje1710

maje1710
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:02 PM

Posted 26 October 2006 - 08:34 PM

hi again, i have done what you asked .....

- Panda's ActiveScan didn't find anything.

- here's my hijackthis scan :

Logfile of HijackThis v1.99.1
Scan saved at 9:21:05 PM, on 26/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\heresmylog.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.ca
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite...vex-2.0.6.0.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1150167590968
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/MsnChat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe


give me some news about this please....

thanks

Mark

#6 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 27 October 2006 - 04:05 AM

Hey Mark,
Can you please post me the Panda Activescan report as well please.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#7 maje1710

maje1710
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:02 PM

Posted 27 October 2006 - 03:00 PM

Hi Charles, there was no report from the Panda Activescan ! that's why i didn't send to you...
to be sure i rescan today, and again there was no report ! (No viruses or other malicious software have been found!). (Virus 0 0
Spyware 0 0
Hacking Tools and potentially unwanted tools 0 0
Dialers 0 0
Security Risks 0 0
Suspicious files 0 0 ).

btw, is the hijackthis clean ?

thanks

Mark

#8 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 28 October 2006 - 07:53 AM

Hey maje1710.

give me some news about this please....

Yes, I do have some good news- your HJT log is clean! great job :thumbsup:

======

Now that you're free from malware, please follow these simple steps to decrease the likelihood of getting re-infected again:

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

5) Finally, consider maintaining a firewall. Some good free firewalls are ZoneAlarm, Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place
Hopefully this should take care of your problems, good luck!
Thanks and happy computing,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#9 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 06 November 2006 - 12:18 PM

Since this issue appears resolved, this topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users