View previous topic :: View next topic |
Author |
Message |
Choycolate Master Cheater Reputation: -1
Joined: 18 Oct 2008 Posts: 284
|
Posted: Tue Oct 05, 2010 3:36 am Post subject: can someone help me with this |
|
|
my computer has been like opening advertisements that i dont know where it came from but i tried to scan my computer with malwarebytes or eset 32
non of them gave any infections
_________________
|
|
Back to top |
|
|
ShadowHopeful Expert Cheater Reputation: 0
Joined: 19 Oct 2009 Posts: 122 Location: ~Cyberspace. Yours.~
|
Posted: Tue Oct 05, 2010 1:58 pm Post subject: |
|
|
Try HJT.
Post the log.
_________________
|
|
Back to top |
|
|
XSV GTH Moderator Reputation: 9
Joined: 12 Oct 2005 Posts: 1007 Location: USA
|
|
Back to top |
|
|
Choycolate Master Cheater Reputation: -1
Joined: 18 Oct 2008 Posts: 284
|
Posted: Tue Oct 05, 2010 5:26 pm Post subject: |
|
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:07:05 PM, on 10/5/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Trojan Remover\Trjscan.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Jookz Toolbar\tbsvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox 3.6 Beta 4\firefox.exe
C:\Program Files\Mozilla Firefox 3.6 Beta 4\plugin-container.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trojan Remover\sschk.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://browseusers.myspace.com/Browse/Browse.aspx
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: YSPManager - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperCam Toolbar\tbcore3.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: HyperCam Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll
O3 - Toolbar: Jookz Toolbar - {4C350B19-6CA1-4569-B14C-296D8D6535B2} - "C:\Program Files\Jookz Toolbar\jookztoolbar.dll" (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O9 - Extra 'Tools' menuitem: Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Jookz Toolbar Helper - Unknown owner - C:\Program Files\Jookz Toolbar\tbsvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 7130 bytes
_________________
|
|
Back to top |
|
|
kls85 I post too much Reputation: 22
Joined: 18 Jul 2008 Posts: 2757 Location: Under ur bed
|
Posted: Tue Oct 05, 2010 5:56 pm Post subject: |
|
|
Toolbar: Jookz Toolbar - {4C350B19-6CA1-4569-B14C-296D8D6535B2} - "C:\Program Files\Jookz Toolbar\jookztoolbar.dll" (file missing)
_________________
|
|
Back to top |
|
|
AhMunRa Grandmaster Cheater Supreme Reputation: 27
Joined: 06 Aug 2010 Posts: 1117
|
Posted: Tue Oct 05, 2010 7:53 pm Post subject: |
|
|
Why do you have so many trojan removers? Askbar.dll, did you install Askbar? You also have 2 entries for svchost.exe one C:\WINDOWS\System32\ and one C:\WINDOWS\system32\, could merit further inspection.
_________________
<Wiccaan> Bah that was supposed to say 'not saying its dead' lol. Fixing >.> |
|
Back to top |
|
|
Choycolate Master Cheater Reputation: -1
Joined: 18 Oct 2008 Posts: 284
|
Posted: Tue Oct 05, 2010 9:34 pm Post subject: |
|
|
I GOT MANY CAUSE I NEED TO BE MORE CAUTIOUS CAUSE I CANT BUY ANOTHER PC.
oya can you help me with those svchost.exe i dont know how to inspect it
_________________
|
|
Back to top |
|
|
SpikeSkull Expert Cheater Reputation: -1
Joined: 07 Sep 2010 Posts: 128
|
Posted: Wed Oct 06, 2010 12:18 am Post subject: |
|
|
It must be from some toolbar you've installed.
|
|
Back to top |
|
|
SF I'm a spammer Reputation: 119
Joined: 19 Mar 2007 Posts: 6028
|
Posted: Wed Oct 06, 2010 1:30 am Post subject: |
|
|
Did you download jookz screensavers? Remove them, seriously. Just googling shows that mcafee site advisor flagged their screensavers as adware. I'd get rid of the toolbar too, I'd get rid of all your toolbars, they cause more problems than they help.
http://www.siteadvisor.com/sites/jookz.com/summary/
_________________
|
|
Back to top |
|
|
kls85 I post too much Reputation: 22
Joined: 18 Jul 2008 Posts: 2757 Location: Under ur bed
|
Posted: Wed Oct 06, 2010 4:25 pm Post subject: |
|
|
More toolbars= being cautious?!
This is the most stupidest thing I've ever heard.
In fact looks like OP isn't cautious at all especially all of these toolbars can be avoided if he actually bothers to pay attention to the programs being installed.
_________________
|
|
Back to top |
|
|
AhMunRa Grandmaster Cheater Supreme Reputation: 27
Joined: 06 Aug 2010 Posts: 1117
|
Posted: Wed Oct 06, 2010 6:51 pm Post subject: |
|
|
Cautious is not going to places where you suspect there may be trojans in the first place. Paranoid is having 20 million root kit and trojan killers. Let's face it, those toolbars come in handy, it saves having to type google.com and waiting for all that crap to load before you can search.
Seriously though, toolbars, and browser helper objects really aren't as helpful as they make them out to be, they aren't as safe either. It's the equivalent of letting an unknown Active X control install itself.
_________________
<Wiccaan> Bah that was supposed to say 'not saying its dead' lol. Fixing >.> |
|
Back to top |
|
|
Gypsy++ Master Cheater Reputation: -1
Joined: 25 Aug 2010 Posts: 398
|
Posted: Sun Oct 10, 2010 3:51 pm Post subject: |
|
|
Who the fuck needs a tool bar? When you have this...
I don't get it...common sense much?
|
|
Back to top |
|
|
SF I'm a spammer Reputation: 119
Joined: 19 Mar 2007 Posts: 6028
|
Posted: Mon Oct 11, 2010 12:06 am Post subject: |
|
|
Pain332 wrote: | Who the fuck needs a tool bar? When you have this...
I don't get it...common sense much? |
A toolbar is used to access things quicker.
Quite hypocritical too, since the fancy dock you have there is just a toolbar for windows.
_________________
|
|
Back to top |
|
|
Choycolate Master Cheater Reputation: -1
Joined: 18 Oct 2008 Posts: 284
|
|
Back to top |
|
|
SF I'm a spammer Reputation: 119
Joined: 19 Mar 2007 Posts: 6028
|
Posted: Thu Oct 14, 2010 2:00 am Post subject: |
|
|
...Did you do what people here suggested you do?
_________________
|
|
Back to top |
|
|
|