Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! [adware, Spyware, Virus, Etc.] Hijack Log!


  • Please log in to reply
1 reply to this topic

#1 JMitch

JMitch

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 04 May 2007 - 12:34 AM

OK here's whats up. Even though I have dial up my computer is slower than ever and pop-ups are coming ALL THE TIME. I run Ad-Aware and Spybot occasionally, and they detect some things but for some reason when I clean them they just come back. Here are my logs... maybe someone can help? I don't really wanna format at all.... I have tried running them also in safe mode and it still didn't work. Also, I ran Kaspersky anti virus software and it said it cleaned the things that it found, but they seemed to stiill be there..

Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\CallWave\IAM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HP Authorized Custom\Desktop\HiJackThis_v2\HiJackThis_v2.exe

O2 - BHO: (no name) - {3F9D0C61-737D-44D1-BD80-91AF857061CC} - C:\WINDOWS\system32\tuvvtuv.dll
O2 - BHO: (no name) - {7d290224-06eb-4e7a-8ac9-a56c0079d633} - C:\WINDOWS\system32\slayapi.dll
O2 - BHO: (no name) - {AF4E0C8E-965A-4AA4-B9A8-3A1F414776DE} - C:\WINDOWS\system32\mljge.dll
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\tmp9.tmp.dll
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O20 - Winlogon Notify: mljge - C:\WINDOWS\system32\mljge.dll
O20 - Winlogon Notify: slayapi - C:\WINDOWS\SYSTEM32\slayapi.dll
O20 - Winlogon Notify: tuvvtuv - C:\WINDOWS\SYSTEM32\tuvvtuv.dll
O20 - Winlogon Notify: __c0017752 - C:\WINDOWS\system32\__c0017752.dat
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

--
End of file - 1748 bytes















Spybot - Search & Destroy 1.4




--- Search result list ---
Smitfraud-C.Toolbar888: User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-602162358-1580436667-1060284298-1004\AtlMon.ReusableComp.5

Smitfraud-C.Toolbar888: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Araf15

Smitfraud-C.Toolbar888: Library (File, nothing done)
C:\WINDOWS\SYSTEM32\twlhxvwu.dll

Smitfraud-C.Toolbar888: Library (File, nothing done)
C:\WINDOWS\SYSTEM32\gdimblkj.dll

Microsoft.WindowsSecurityCenter.AntiVirusOverride: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride!=dword:0

Microsoft.WindowsSecurityCenter.UpdateDisableNoti fy: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify!=dword:0

Win32.VB.ahq: Settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-602162358-1580436667-1060284298-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\NOTEDAD.EXE

Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)


Avenue A, Inc.: Tracking cookie (Firefox: default) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)


DoubleClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


MediaPlex: Tracking cookie (Firefox: default) (Cookie, nothing done)


ReliableStats: Tracking cookie (Firefox: default) (Cookie, nothing done)


ReliableStats: Tracking cookie (Firefox: default) (Cookie, nothing done)


ReliableStats: Tracking cookie (Firefox: default) (Cookie, nothing done)


ReliableStats: Tracking cookie (Firefox: default) (Cookie, nothing done)


ReliableStats: Tracking cookie (Firefox: default) (Cookie, nothing done)


Winsoftware.WinAntiVirusPro2006: Tracking cookie (Firefox: default) (Cookie, nothing done)


Winsoftware.WinAntiVirusPro2006: Tracking cookie (Firefox: default) (Cookie, nothing done)


Winsoftware.WinAntiVirusPro2006: Tracking cookie (Firefox: default) (Cookie, nothing done)


Winsoftware.WinAntiVirusPro2006: Tracking cookie (Firefox: default) (Cookie, nothing done)





Ad-Aware SE Professional






Ad-Aware SE Build 1.06r1
Logfile Created on:Thursday, May 03, 2007 11:37:49 PM
Using definitions file:SE1R167 23.04.2007
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):9 total references
Win32.Trojan.Agent(TAC index:10):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

BC AdBot (Login to Remove)

 


#2 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:03:01 PM

Posted 04 May 2007 - 05:19 PM

Erg, can I see the whole hijackthis log? :thumbsup:
Greets Jürgenv

Donation: Click me.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users