After i have d/l and installed SUPERAnti-Spyware, Malwarebytes, and bitdefender and hijack this, the problem still exists. When i click on links in google it brings up different web pages.
[attachment deleted by admin]
No obvious signs of malware in your log.
However, are you running more than one antivirus at the same time? If so I would suggest you uninstall all except the one you prefer, as they can interfere with each other.
If you choose to uninstall Norton you should run their removal tool:
http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.
Updating Java:
[]Download the latest version of Java™ SE Runtime Environment 6u13.
[]Scroll down to where it says “The J2SE Runtime Environment (JRE) allows end-users to run Java applications”.
[]Click the “Download” button to the right.
[]Check the box that says: “[i]Accept License Agreement[/i]”.
[]The page will refresh.
[]Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
[]Close any programs you may have running - especially your web browser.
[]Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
[]Check any item with Java Runtime Environment (JRE or J2SE) in the name.
[]Click the Remove or Change/Remove button.
[]Repeat as many times as necessary to remove each Java versions.
[]Reboot your computer once all Java components are removed.
[*]Then from your desktop double-click on the download to install the newest version.
You may consider installing the AdBlock+ Firefox add-on.
Note: I am not an expert in analyzing HijackThis Logs.
The only possible object I found was this:
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
Read Here about it:
http://www.processlibrary.com/directory/files/msgplus/
Also, JamesFrance has some good advice about updating Java.
agame.com seem to need a shockwave Firefox plug-in to run their programs. The consensus on Web of Trust seems to be that they are legit.
Yes. I visited that link and the Shockwave game appeared. It seemed legit, so it removed it from my original post. 
I’ve checked you hijack this log.
Your PC has been infected with ROOTKITs.
I’ gonna talk about very important things.
O23 - Service: Norton2009 Reset (.norton2009Reset) - Unknown owner - C:\Program Files\Norton2009Reset.exe
: You installed norton trial reset ■■■■■ right?
Some of these cracks work fine but some of them have ROOTKITs inside.
You should be careful when you use cracks and keygens.
That ROOTKIT can’t not be detected with antivirus tools or antispyware tools even hijackthis can’t.
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
: Why did you install WinPcap? Do you use any packet capture software?
If you don’t use any of them, a hacker installed it to capture your in/out packets on your PC.
(sniffing)
Then the hacker removed it(he doesn’t wanted to leave a trace lol)
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\Apache Group\Apache2\bin\Apache.exe
:Do you use Apache web server?
If you don’t, a hacker installed this one too.
If you installed it, the hacker can connect your PC easly with a hacking. and then he installs
ROOTKITs on your PC.
Check C:\WINDOWS\system32\drivers\etc\HOSTS file
open HOSTS file with note pad.
There should be only ‘127.0.0.1 localhost’.
If there are other ‘127.0.0.1 xxx.xxx.xxx.xxx’, you’ve been hacked.
Anyway, YOU’VE BEEN OWNED.
Recommend: Format your HDD and reinstall Windows.
Yes that service is a rogue, I should have looked more carefully, my bad. I hadn’t seen it before and made the mistake of passing over something familiar looking.
1. O23 - Service: Norton2009 Reset (.norton2009Reset) - Unknown owner - C:\Program Files\Norton2009Reset.exe : You installed norton trial reset ■■■■■ right? Some of these cracks work fine but some of them have ROOTKITs inside. You should be careful when you use cracks and keygens. That ROOTKIT can't not be detected with antivirus tools or antispyware tools even hijackthis can't.Norton reset is a safe app. look here http://www.threatexpert.com/files/Norton2009Reset.exe.html or try it in reallife (I did :))
2. O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing) : Why did you install WinPcap? Do you use any packet capture software? If you don't use any of them, a hacker installed it to capture your in/out packets on your PC. (sniffing) Then the hacker removed it(he doesn't wanted to leave a trace lol)
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\Apache Group\Apache2\bin\Apache.exe
:Do you use Apache web server?
If you don’t, a hacker installed this one too.
If you installed it, the hacker can connect your PC easly with a hacking. and then he installs
ROOTKITs on your PC.
Check C:\WINDOWS\system32\drivers\etc\HOSTS file
open HOSTS file with note pad.
There should be only ‘127.0.0.1 localhost’.
If there are other ‘127.0.0.1 xxx.xxx.xxx.xxx’, you’ve been hacked.
I’m not sure if he’s owned, they COULD be valid.
http://searchtasks.answersthatwork.com/tasklist.php?File=Apache
I do however sujest you take a look at that apache, if that was is a fake/malicious used, the others will probably be also.
Xan
eXPerience you don’t understand what I’m talking about.
Sure I’ve tried that too. But important thing is that is not always safe.
Because anybody can modify those cracks and keygens with bad purpose.
Do you know why some release groups put ‘CRC check files’ into the cracks and keygens?
There are lots of people who thinks cracks and keygens are
safe. That’s why zombie pc admins and hackers inject rootkits, malwares into
cracks and keygens. Lots of people have been infected by keygens and cracks now
a day.
Why?
Tons of people are using Emule, Torrent etc and visit websites (increasing fast recently).
They don’t exactly know what is safe or not without using antivirus or not.
And too much trust antivirus and firewall softwares.
One of my friend tried to use Norton2009Reset.exe to reset norton products.
He felt something wrong with it then he investigated that file.
Do you know why he felt just like that?
He compared HASH Value with original file(spreaded widely one), then he investigated
it with me with Reverse Engineering. Finally he found a rootkit from China.
And then I’ve checked Norton Internet security 2009 trial software, it had a malware too.
Why don’t we report every suspicious and investigated files?
It bothers us sometimes. I see tons of infected cracks and keygens everyday.
There is another real world example, somebody put rootkit into Winamp a few month ago.
The hacker had distributed it with Torrent. Modified Winamp has no digital sign and different hash value.
Finally rootkit founded.
Nobody can say cracks and keygens are just ok.
You are living in the small life and world.
Open your eyes and take a look around real world.
Search engines don’t tell you everything.
You are not late.
Visit Chinese, Russian Web sites where selling lots of undetectable rootkits and
hacking softwares for controlling zombie PCs.
Those of hacking tools almost never identified until they’ve been caught or forever.
(the tools are not for public purpose and it’s very expensive
For instance, a cheap tool’s price is about $30000 for hacking bank accounts
and related in Stock Exchaning etc.)
There are underworld you don’t know.
Have I ever seen it before? yes I’ve seen it many times in real life .
You told [I’m not sure if he’s owned, they COULD be valid.]
It doesn’t matter vaild or not.
Don’t you know how to hack Apache Web server?
It doesn’t matter PC owner install Apache or hacker installs apache.
That’s not important.
The important thing is there is nothing to defend any attacks on his Apache web server.
It means he goes to the battlefield with naked.
There are lots of tools and hacking techniques for hacking apache webserver.
Have you ever tried it? If unprotected apache server can be hacked
EASLY~~~~~~~~.
Also if there is Mysql DB system?
That’s is the heaven for hackers with SQL Injection.
Well proctected web server can’t be hacked easly.
But If unprotected well, it’s really easy.
When hackers want to make somebody’s pc to Zombie,
they inject rootkits or just pass into the PC with hacking.
Or they make rogue web site , if people visit that web site even onetime
the people can be infected easly.(eg. Remote code excution)
And the hackers installs web server in the Victim’s PC.
Why hackers do that? He can connect that website for IP laundering
or any other purpose.
There is one more thing I can tell you,
software firewalls are not always safe in the real world.
Oneday I’m gonna talk about Real World hacking and security.
OPEN YOUR EYES.
Hi Xan,
Your Nortonreset link only shows 3 examples checked, but I find many examples of helpers instructing users to run scripts to remove it, so it is at least suspicious and the other clues have reinforced the suspicion don’t you think?
Hopefully McDaid will be back to say whether he installed all this stuff for a reason.
Well i did download that myself, as i was looking for a free antivirus, before i came across comodo of course. It then turned out it was malware of some kind, it was detected by the antivirus and then removed.
As for the remote packet capture tool, i didnt install this, unless it may come in different aliases, i dont know.
I installed the apache home server myself, it is protected with .htaccess file.
Are there any ideas about what may be wrong, and how i can remove the packet capture tool?
You could use Windows Explorer to see if this file is still there:
C:\Program Files\WinPcap\rpcapd.exe
or anything else in WinPcap, but it looks like it has been uninstalled already.
No idea about what may be wrong though, as I said before not much showing.
If you didn’t install it, the hacker did it.
He installed and removed it. but he left the trace what I told you before.
I installed the apache home server myself, it is protected with .htaccess file.
It can’t protect you, there are a lot of ways to attack apache server.
You server is not protected ,100%.
So you have to use firewall for web server.
I recommed you some of free tools to do so.
Snort- http://www.snort.org
Honeynet Security console- http://www.activeworx.org
WinPcap - http://www.winpcap.org
NET Framework
Are there any ideas about what may be wrong, and how i can remove the packet capture tool?
I already told you.
Can I ask you something?
Why do you use Apache? what’s the purpose?
If you tell me why, I can tell you more easy way.