Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HijackThis Log---Help me remove Clicksearchclick!

Started by homegolfer , Jul 07 2005 08:22 PM

  • Please log in to reply

#1
homegolfer
Posted 07 July 2005 - 08:22 PM

homegolfer

    Member

  • Member
  • PipPip
  • 23 posts
Help me!!! My computer was occupied by Clicksearchclick, a lots of pop-up that can't be closed, CPU fully occupied and takes 3 minutes to link a new site, all download was blocked. Here is my HJT log, please help me to remove it!!!
By the way, why can't Ad-aware and Skybot remove this? What tool can protect
me from this mean malware?

Logfile of HijackThis v1.99.1
Scan saved at 上午 10:16:46, on 2005/7/8
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
C:\WINDOWS\stchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Compaq\EAB\EabServr.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Santa Cruz Networks\vSkype\vSkype.exe
C:\WINDOWS\System32\SMCSTA.EXE
C:\WINDOWS\System32\Services\{148F9918-389A-4536-A362-D53F73F0CF0B}\SVCHOST.EXE
C:\WINDOWS\System32\winldra.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\win32.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Nikon\NkView5\NkvMon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\新資料夾\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {B75F75B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\System32\zolker002.dll
O2 - BHO: ZToolbar Activator Class - {FFF5092F-7172-4018-827B-FA5868FB0478} - C:\WINDOWS\System32\ztoolb002.dll
O3 - Toolbar: ZToolbar - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - C:\WINDOWS\System32\ztoolb002.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [vSkype] C:\Program Files\Santa Cruz Networks\vSkype\vSkype.exe no
O4 - HKLM\..\Run: [SMCSTA.EXE] SMCSTA.EXE START
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{8A44EA0B-0644-4E19-8E16-F4B077BA045F}\SVCHOST.EXE
O4 - HKLM\..\Run: [load32] C:\WINDOWS\System32\winldra.exe
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [wupd] C:\WINDOWS\System32\win32.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (趨勢科技線上掃毒程式) - http://a840.g.akamai...all/xscan53.cab
O18 - Protocol: vskype - (no CLSID) - (no file)
O21 - SSODL: System - {A6A5AF50-045D-41C1-9302-D7921BFBD068} - vr_sys.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
O23 - Service: stchost.exe (moto) - Unknown owner - C:\WINDOWS\stchost.exe
  • 0

Advertisements

#2
therock247uk
Posted 08 July 2005 - 08:18 AM

therock247uk

    Expert

  • Expert
  • 14,672 posts
  • MVP
We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here: http://www.microsoft...p1/default.mspx
Apply the update, reboot, and post a fresh Hijack This log.
  • 0

#3
homegolfer
Posted 08 July 2005 - 08:41 AM

homegolfer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hi,

Thanks much for your advice. However since I can't even download anything,
it links every Underline to Clicksearchclick website and I can't active the download.
I try to download the service pack 1a once and try to go to Trend house call but
all failed. I think that before the malware removed I can't do anything. Please help
and advise me. Thanks!!!!
  • 0

#4
therock247uk
Posted 08 July 2005 - 09:03 AM

therock247uk

    Expert

  • Expert
  • 14,672 posts
  • MVP
Ok I'm going to help you just get rid of this one infection thats getting in the way of you installing a service pack as you have more than one infection.

1. Make sure your PC is set to show all hidden files and folders go here for instructions on how to do this. http://www.xtra.co.n...1916458,00.html

2. Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.

3. While in safemode open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.

O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{8A44EA0B-0644-4E19-8E16-F4B077BA045F}\SVCHOST.EXE

4. Delete the folders. (if present)

C:\WINDOWS\System32\Services

5. Reboot and post a new Hijackthis log here in a reply.
  • 0

#5
homegolfer
Posted 08 July 2005 - 09:32 AM

homegolfer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Great!!! I'll follow your instruction tonight and will post the new log after.
Thanks again.
  • 0

#6
Kat
Posted 08 July 2005 - 10:24 PM

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Rocky:

Looks as though this user of yours cannot click on even THIS topic in order to reply to you, as clicking on ANYTHING takes them to the clicksearchclick still. The entry you had them remove did NOT go away, it's still in the log.

HERE is their newest log.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP