Jump to content



Recommended Posts

there is a pop up that will not leave me alone

here is my hijack this log

can you help me?

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 5:05:26 PM, on 10/30/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

Running processes:







C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe


C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe



C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE





C:\Program Files\HP\HP Software Update\HPwuSchd2.exe


C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe

C:\Program Files\DISC\DiscUpdMgr.exe

C:\Program Files\DISC\DISCover.exe


C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Bellsouth\HelpCenter\bin\sprtcmd.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Zango\bin\10.0.370.0\OEAddOn.exe

C:\Program Files\Zango\bin\10.0.370.0\ZangoSA.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe



C:\Program Files\Messenger\msmsgs.exe


C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe


C:\Program Files\DISC\DiscStreamHub.exe

C:\Program Files\iPod\bin\iPodService.exe


C:\Program Files\MalwareAlarm\MalwareAlarm.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe

C:\Program Files\LimeWire\LimeWire.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe



C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\RogueRemover FREE\RogueRemover.exe


C:\Documents and Settings\alex\Local Settings\Temporary Internet Files\Content.IE5\2I0Z4WD7\HiJackThis_v2[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://*.trymedia.com (HKLM)

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1157837934984

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer =

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer =

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O24 - Desktop Component 0: (no name) - http://sjl-static8.sjl.youtube.com/vi/4dSKr0dc6VU/2.jpg


End of file - 14647 bytes

Link to post
Share on other sites

Hello Bualc :angry:

Welcome to the Malwarebytes forum. Sorry you are having malware trouble.

1. Please download FixWareout from here

2. Please download ComboFix from here.

3. Please save both removal tools to your desktop.

Please do not run either tool yet.

4. Disconnect your PC from all Internet access.

5. Please temporarily disable your Norton Internet Security realtime protection.

Procedure instructions can be found here. and here.

6. Go to Control Panel, Add or Remove Programs, and uninstall My Web Search, MalwareAlarm and all Zango programs.

7. After uninstalling the programs, reboot PC.

8. Double-click on the FixWareout.exe icon.

9. After double-clicking on the icon you will be presented with the first setup screen.

10. Simply press the Next button to continue the installation.

11. You will now be presented with the next installation screen.

12. Press the Install button to install FixWareout to the C:\FixWareout folder.

13. You will now be at the last screen of the FixWareout setup. Make sure that the checkbox labeled Run fixit is checked.

14. Then click on the Finish button to automatically start FixWareout.

15. FixWareout will start and you will see a screen.

16. Press any key on your keyboard to start the removal process.

17. FixWareout will now display a prompt stating that you will need to reboot your computer to continue with the fix.

18. Click on the OK button to start the reboot process.

19. Your computer will now reboot. Please be aware that the reboot time of your computer may be longer than normal due to the running of this fix. Before your desktop appears, you will see a prompt.

20. Press the OK button to continue with the removal process. This process can take a while, so please be patient.

21. Finally you will see a prompt stating that FixWareout has finished.

22. When the desktop appears a file called report.txt will automatically open in Notepad. This contains a list of some of the files that FixWareout found and removed on your computer.

23. Open Hijackthis, check both boxes below and select Fix checked

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer =

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer =

24. Close HijackThis, and click OK.

25. Go to the Control Panel. If you are using Windows XP's Category View, select the Network and Internet Connections category. If you are in Classic View, go to the step 22.

26. Double-click the Network Connections icon

27. Right-click the Local Area Connection icon and select Properties.

28. Highlight Internet Protocol (TCP/IP) and click the Properties button.

29. Be sure Obtain DNS server address automatically is selected.

30. Click OK.

31. Go to Start, Run and type in cmd

32. Click OK. This will open the command prompt.

33. Type or copy and paste the following line in the command window:

ipconfig /flushdns

34. Hit Enter.

35. Close the command window.

36. Reboot your PC again.

37. Please post the contents of the logfile C:\fixwareout\report.txt along with a new HijackThis log.

38. Do not run the ComboFix tool yet.

Link to post
Share on other sites

  • 2 weeks later...

Thank you SirJon for your assistance. Due to no reply I will close the topic to prevent others from posting into it.

The fixes in this topic are for this system only. Do not apply to any other. For assistance please open a new topic and someone will be happy to help.

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.