Home   News  Product reviews  Website reviews  Forums   Competitions  Subscribe 
Search
You are not logged in.
Login | New user registration 		Main Index | Search | Active Topics | Who's Online | FAQ / HELP

Security >> HijackThis logs help and analysis
Previous thread Previous   View all threads Index   Next thread Next   Flat Mode Flat  

 |  Print Thread
God_Is_The_Light
new user


Reg'd: Tue
Posts: 13
Spyware has infected my computer and I need help to remove it.
      Tue Apr 15 2008 07:24 PM
Reply to this post Reply   Reply to this post Quote  


On 4/13/08 while trying to download a image converter program from the internet I downloaded some type of spyware programs on my computer. After the download I first noticed that my internet explorer window at the top was unreadable,(the words turned into little boxes) and my homepage was changed to some spyware removal site. Also the spyware keeps open multipule ie7 browser windows going to spyware removal sites. I also had 3 desktop icons "error cleaner, Privacy Protector, and Spyware & M Protection. I ran my spyware removal program(Defender Pro 15 in 1) and did a complete scan and it removed the spyware files. but it is still on my computer. In the bottom right hand corner of my computer there is a red circle with an X in it flashing and a yellow triangle and messages keep appering saying "system alert" and "Security warning.
I came upon this sit and saw someone name BriCat that helped a user with a similar problem. So I joined this orum to get some HELP. i downloaded the program hijackthis and ran a system check and saved the log. I am pasting below. I look forward to getting some help soon. Thank you all so much.

======================================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:39 AM, on 4/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\ehsfahad\klivyxeh.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 7100 Series\lxbxmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lexmark 7100 Series\ezprint.exe
C:\Program Files\DefenderPro AntiSpy\TSAntiSpy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\sloxafkp.exe
C:\Program Files\Defender Pro\Defender Pro Uninstaller\UIWatcher.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\lxbxcoms.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: sgoblxtm - {57ABA3CE-E927-4C81-BE2E-E20CAEC6645F} - C:\WINDOWS\sgoblxtm.dll
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LXBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxbxmon.exe] "C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 7100 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7100 Series\ezprint.exe"
O4 - HKLM\..\Run: [Sound Card Driver] C:\My Games\LIBERTY-F82BA2D\svchost.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kav.exe" /minimize
O4 - HKLM\..\Run: [LaunchAntiSpy] C:\Program Files\DefenderPro AntiSpy\TSAntiSpy.exe /startup
O4 - HKLM\..\Run: [381dc66f] rundll32.exe "C:\WINDOWS\system32\hhbtlmht.dll",b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [zxcrqdht] C:\WINDOWS\system32\sloxafkp.exe
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Defender Pro\Defender Pro Uninstaller\UIWatcher.exe
O4 - HKLM\..\Policies\Explorer\Run: [kEU1gkL26I] C:\Documents and Settings\All Users.WINDOWS\Application Data\ehsfahad\klivyxeh.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsu...b?1204853167340
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/...ows-i586-jc.cab
O21 - SSODL: dsktbwfe - {7CA33675-46B4-4D72-9588-CAF2A0A63423} - C:\WINDOWS\dsktbwfe.dll
O21 - SSODL: ogxtsepr - {CA5E9037-65E9-4D9C-AC99-F99C6A3A6A79} - C:\WINDOWS\ogxtsepr.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Defender Pro LLC - C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kavsvc.exe
O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbxcoms.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 7425 bytes

Post Extras Print Post   Remind Me!     Notify Moderator
Rate this thread

Jump to


Entire topic
Subject Posted by Posted on
* Spyware has infected my computer and I need help to remove it. God_Is_The_Light Tue Apr 15 2008 07:24 PM
. * * Re: Spyware has infected my computer and I need help to remove it. bricatModerator   Tue Apr 15 2008 11:57 PM
. * * Re: Spyware has infected my computer and I need help to remove it. God_Is_The_Light   Wed Apr 16 2008 02:29 AM
. * * Re: Spyware has infected my computer and I need help to remove it. bricatModerator   Wed Apr 16 2008 09:58 AM
. * * Re: Spyware has infected my computer and I need help to remove it. God_Is_The_Light   Thu Apr 17 2008 01:01 AM
. * * Re: Spyware has infected my computer and I need help to remove it. bricatModerator   Thu Apr 17 2008 01:45 AM
. * * Re: Spyware has infected my computer and I need help to remove it. God_Is_The_Light   Thu Apr 17 2008 05:57 AM
. * * Re: Spyware has infected my computer and I need help to remove it. bricatModerator   Thu Apr 17 2008 09:41 AM
. * * Re: Spyware has infected my computer and I need help to remove it. God_Is_The_Light   Thu Apr 17 2008 04:14 PM
. * * Re: Spyware has infected my computer and I need help to remove it. bricatModerator   Thu Apr 17 2008 06:38 PM
. * * Re: Spyware has infected my computer and I need help to remove it. God_Is_The_Light   Fri Apr 18 2008 02:14 AM
. * * Re: Spyware has infected my computer and I need help to remove it. bricatModerator   Fri Apr 18 2008 09:52 AM
. * * Re: Spyware has infected my computer and I need help to remove it. God_Is_The_Light   Sat Apr 19 2008 05:10 AM
. * * Re: Spyware has infected my computer and I need help to remove it. bricatModerator   Sat Apr 19 2008 11:09 AM
. * * Re: Spyware has infected my computer and I need help to remove it. God_Is_The_Light   Sat Apr 19 2008 06:34 PM
. * * Re: Spyware has infected my computer and I need help to remove it. bricatModerator   Sat Apr 19 2008 07:13 PM
. * * Re: Spyware has infected my computer and I need help to remove it. God_Is_The_Light   Sat Apr 19 2008 08:12 PM
. * * Re: Spyware has infected my computer and I need help to remove it. MouseModerator   Sun Apr 20 2008 12:00 AM
. * * Re: Spyware has infected my computer and I need help to remove it. God_Is_The_Light   Sun Apr 20 2008 12:58 AM
. * * Re: Spyware has infected my computer and I need help to remove it. bricatModerator   Sun Apr 20 2008 10:01 AM
. * * Re: Spyware has infected my computer and I need help to remove it. God_Is_The_Light   Tue Apr 22 2008 09:47 AM
. * * Re: Spyware has infected my computer and I need help to remove it. bricatModerator   Tue Apr 22 2008 10:11 AM
. * * Re: Spyware has infected my computer and I need help to remove it. God_Is_The_Light   Wed Apr 23 2008 06:06 AM
. * * Re: Spyware has infected my computer and I need help to remove it. bricatModerator   Wed Apr 23 2008 09:18 AM

Extra information
0 registered and 9 anonymous users are browsing this forum.

Moderator:  putasolutions, greysts, bricat, AndrewC, Joe_London, John_McKenna, Mouse, Hello_There, TheFatControlleR, Nanook, Noviciate 


Print Thread
Forum Permissions
      You cannot start new topics
      You cannot reply to topics
      HTML is disabled
      Mark-up is enabled

Rating:
Thread views: 0

Contact Us | Privacy statement Main website
Hitwise Top 10 Award Winner - Jan-Mar 2005

About us | Contact us | Link to us | Terms & Conditions | Privacy Policy
© Copyright IPC Media Limited, All rights reserved