Login 
 Search | |
| |
30-Jun-2009, 12:57 AM
#1 | |||||
| Hijack this log - this can't be good |
| |
01-Jul-2009, 09:43 PM
#2 | |||||
| An antivirus software (that I do not believe I installed) pops up messages. The most recent one says: Quote:
If my log is "clear" can someone please tell me that? Should I run another program and post a report (SpyBot?) or something? Thank you in advance  Oh, and here are the screen shots. The red one happens every time I load a new page. Last edited by Kara9080; 01-Jul-2009 at 10:00 PM.. Reason: adding pictures |
06-Jul-2009, 12:42 AM
#3 | |||||
| Bump? Please... my computer is moving slower than dial-up speed.1) it makes popping sounds in the background like a program is blocking pop ups, doing it does it every 2-3 minutes. 2) It has taken me 25 minutes from opening the browser to posting this. 3) The "Personal Anti-Virus" software pops up and I don't think I downloaded that one. If I did, I don't remember and it must have been from a long time ago. It has been giving me error messages in the bottom right corner of the screen. I wrote down the last three: -pav.exe - w32ackantta.b@mm (Didn't write down everything from this one. -trojan/mdropper.ac (Trojan.Mdropper.AC is a Trojan horse that may exploit the Microsoft Excel Unspecfied Remote Code Execution Vulnerability (BID 33870). It may also attempt to download files on to the compromised computer.) |
06-Jul-2009, 12:47 AM
#4 | |||||
| Bump? Please... my computer is moving slower than dial-up speed.1) it makes popping sounds in the background like a program is blocking pop ups, doing it does it every 2-3 minutes. 2) It has taken me 25 minutes from opening the browser to posting this. 3) The "Personal Anti-Virus" software pops up and I don't think I downloaded that one. If I did, I don't remember and it must have been from a long time ago. It has been giving me error messages in the bottom right corner of the screen. I wrote down the last three: -pav.exe - w32ackantta.b@mm (Didn't write down everything from this one. -trojan/mdropper.ac (Trojan.Mdropper.AC is a Trojan horse that may exploit the Microsoft Excel Unspecfied Remote Code Execution Vulnerability (BID 33870). It may also attempt to download files on to the compromised computer. |
09-Jul-2009, 05:40 PM
#9 | |||||
| Hi Kara sorry I didn't see your post sooner. I haven't been on much.You are in good hands with Kenny though!  |
10-Jul-2009, 08:59 AM
#11 | |||||
| Go to Start > Control Panel > Add/Remove Programs. Please remove these entries from Add/Remove Programs in the Control Panel J2SE Runtime Environment 5.0 Update 6 I want us to do a one, two punch and now run Superantispyware...Kara9080.. Please download SUPERAntiSpyware Home Edition (free version)
|
10-Jul-2009, 09:22 PM
#12 | |||||
| One snafu, when I rebooted my computer it locked up. I had to hold in the power button to make it shut down, then brought it back up. Connected to this issue? Other than that, I'm having no symptoms!  *happy, happy*Here are my logs: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 07/10/2009 at 07:09 PM Application Version : 4.26.1006 Core Rules Database Version : 3985 Trace Rules Database Version: 1925 Scan type : Complete Scan Total Scan Time : 00:33:55 Memory items scanned : 637 Memory threats detected : 0 Registry items scanned : 4562 Registry threats detected : 0 File items scanned : 18672 File threats detected : 46 Adware.Tracking Cookie C:\Documents and Settings\user.USER-R594DIQ5IW\Cookies\user@ads.techguy[2].txt C:\Documents and Settings\user.USER-R594DIQ5IW\Cookies\user@chitika[1].txt .tacoda.net [ C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ba58sa86.default\cookies.txt ] .tacoda.net [ C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ba58sa86.default\cookies.txt ] .tacoda.net [ C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ba58sa86.default\cookies.txt ] .tacoda.net [ C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ba58sa86.default\cookies.txt ] .tacoda.net [ C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ba58sa86.default\cookies.txt ] .tribalfusion.com [ C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ba58sa86.default\cookies.txt ] .tribalfusion.com [ C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ba58sa86.default\cookies.txt ] .doubleclick.net [ C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ba58sa86.default\cookies.txt ] .burstnet.com [ C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ba58sa86.default\cookies.txt ] .serving-sys.com [ C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ba58sa86.default\cookies.txt ] .serving-sys.com [ C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ba58sa86.default\cookies.txt ] .serving-sys.com [ C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ba58sa86.default\cookies.txt ] .serving-sys.com [ C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ba58sa86.default\cookies.txt ] .ads.pointroll.com [ C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ba58sa86.default\cookies.txt ] .ads.pointroll.com [ C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ba58sa86.default\cookies.txt ] .ads.pointroll.com [ C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ba58sa86.default\cookies.txt ] .ads.pointroll.com [ C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ba58sa86.default\cookies.txt ] .ads.pointroll.com [ C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ba58sa86.default\cookies.txt ] .mediaplex.com [ C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ba58sa86.default\cookies.txt ] .fastclick.net [ C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ba58sa86.default\cookies.txt ] www.findarticles.com [ C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ba58sa86.default\cookies.txt ] .findarticles.com [ C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ba58sa86.default\cookies.txt ] www.findarticles.com [ C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ba58sa86.default\cookies.txt ] .bfast.com [ C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ba58sa86.default\cookies.txt ] Application.PowerReg Scheduler C:\DOCUMENTS AND SETTINGS\USER.USER-R594DIQ5IW\START MENU\PROGRAMS\STARTUP\POWERREG SCHEDULER V3.EXE Adware.180solutions/Seekmo/Zango C:\SYSTEM VOLUME INFORMATION\_RESTORE{08F0ED72-B204-40AB-9BE8-E511C0E16442}\RP723\A0215564.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{08F0ED72-B204-40AB-9BE8-E511C0E16442}\RP723\A0215565.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{08F0ED72-B204-40AB-9BE8-E511C0E16442}\RP723\A0215566.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{08F0ED72-B204-40AB-9BE8-E511C0E16442}\RP723\A0215567.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{08F0ED72-B204-40AB-9BE8-E511C0E16442}\RP723\A0215568.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{08F0ED72-B204-40AB-9BE8-E511C0E16442}\RP723\A0215569.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{08F0ED72-B204-40AB-9BE8-E511C0E16442}\RP723\A0215571.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{08F0ED72-B204-40AB-9BE8-E511C0E16442}\RP723\A0215573.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{08F0ED72-B204-40AB-9BE8-E511C0E16442}\RP723\A0215574.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{08F0ED72-B204-40AB-9BE8-E511C0E16442}\RP723\A0215575.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{08F0ED72-B204-40AB-9BE8-E511C0E16442}\RP723\A0215576.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{08F0ED72-B204-40AB-9BE8-E511C0E16442}\RP723\A0215577.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{08F0ED72-B204-40AB-9BE8-E511C0E16442}\RP723\A0215578.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{08F0ED72-B204-40AB-9BE8-E511C0E16442}\RP723\A0215579.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{08F0ED72-B204-40AB-9BE8-E511C0E16442}\RP724\A0215596.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{08F0ED72-B204-40AB-9BE8-E511C0E16442}\RP724\A0215597.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{08F0ED72-B204-40AB-9BE8-E511C0E16442}\RP724\A0215598.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{08F0ED72-B204-40AB-9BE8-E511C0E16442}\RP724\A0215599.DLL Trace.Known Threat Sources C:\Documents and Settings\user.USER-R594DIQ5IW\Local Settings\Temporary Internet Files\Content.IE5\MSV4MRL1\content.licenseacquisition[1].htm Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:29:01 PM, on 7/10/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOZE\System32\smss.exe C:\WINDOZE\system32\winlogon.exe C:\WINDOZE\system32\services.exe C:\WINDOZE\system32\lsass.exe C:\WINDOZE\System32\Ati2evxx.exe C:\WINDOZE\system32\svchost.exe C:\WINDOZE\System32\svchost.exe C:\WINDOZE\system32\svchost.exe C:\WINDOZE\system32\spoolsv.exe C:\WINDOZE\system32\Ati2evxx.exe C:\WINDOZE\Explorer.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOZE\CTHELPER.EXE C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe C:\WINDOZE\SOUNDMAN.EXE C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\mcshield.exe C:\Program Files\Network Associates\VirusScan\vstskmgr.exe C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe C:\WINDOZE\System32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/Serv...t<mplcache=2 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOZE\system32\NeroCheck.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOZE\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOZE\system32\ati2sgag.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- End of file - 7992 bytes |
11-Jul-2009, 08:26 PM
#13 | |||||
| Hi Kara9080.... Quote:
Now that your system is clean you should SET A NEW RESTORE POINT to prevent future reinfection from the old restore point AFTER cleaning your system of any malware infection. Any trojans or spyware you picked up could have been saved in System Restore and are waiting to re-infect you. Since System Restore is a protected directory, your tools can not access it to delete files, trapping viruses inside. Setting a new restore point should be done to prevent any future reinfection from the old restore point and enable your computer to "roll-back" in case there is a future problem. To SET A NEW RESTORE POINT: 1. Go to Start > Programs > Accessories > System Tools and click "System Restore". 2. Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore. 3. Then go to Start > Run and type: Cleanmgr 4. Click "OK". 5. Click the "More Options" Tab. 6. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one. Graphics for doing this are in the following links if you need them. How to Create a Restore Point. How to use Cleanmgr. ====================================== Here is some useful information on keeping your computer clean:
Here are the link to install SiteAdisor in Internet Explorer and Firefox Here are some additional links for you to check out to help you with your computer security. How did I get infected in the first place. Secunia software inspector & update checker Malware And Spyware Tips[/QUOTE] -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Disk Cleanup: http://www.theeldergeek.com/disk_cleanup_utility.htm Defrag your HD: http://artsweb.bham.ac.uk/artsit/Info/Guid...rag-win2kxp.htm Run chkdsk: To use Chkdsk, click Start and My Computer. Right-click the hard drive you want to check, and click Properties. Select the Tools tab and click Check Now. Check both boxes. Click Start. You'll get a message that the computer must be rebooted to run a complete check. Click Yes and reboot. Chkdsk will take awhile, so run it when you don't need to use the computer for something else. And let me know how are things now? |
 |
| |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| |
| You Are Using:  |
Advertisements do not imply our endorsement of that product or service. All times are GMT -4. The time now is 03:01 PM. Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved. |  |
Facebook
Twitter
TechGuy.tv
TSG Mobile