Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sorry, another HJT log... Multiple Trojans/Redirecting/Tracking Cookies...and then some :-(


  • This topic is locked This topic is locked
2 replies to this topic

#1 LauraLi1123

LauraLi1123

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 08 July 2009 - 11:36 PM

i guess i'm supposed to just copy and paste my log? if I'm doing this wrong, I'm sorry and just tell me what to do.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:53:09 PM, on 7/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSSystem32svchost.exe
C:PROGRA~1AVGAVG8avgwdsvc.exe
C:WINDOWSSystem32svchost.exe
C:PROGRA~1AVGAVG8avgrsx.exe
C:PROGRA~1AVGAVG8avgnsx.exe
C:WINDOWSSystem32hkcmd.exe
C:Program FilesGoogleGmail NotifierG001-1.0.25.0gnotify.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:Program FilesDigital Line DetectDLG.exe
C:Program FilesNETGEARWG111 Configuration UtilityWG111.exe
C:PROGRA~1AVGAVG8avgemc.exe
C:Program FilesAVGAVG8avgcsrvx.exe
C:WINDOWSsystem32wuauclt.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32driverssmss.exe
C:Program FilesAVGAVG8avgui.exe
C:Program FilesAVGAVG8avgscanx.exe
C:Program FilesAVGAVG8avgcsrvx.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe
C:WINDOWSsystem32wbemwmiprvse.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.dell4me.com/myway
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:Program FilesAVGAVG8ToolbarIEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=C:WINDOWSsystem32userinit.exe,C:WINDOWSsystem32driverssmss.exe
O2 - BHO: C:WINDOWSsystem32sdcvddd.dll - {D76AB2A1-00F3-42BD-F434-00BBC39C8953} - C:WINDOWSsystem32sdcvddd.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:Program FilesAVGAVG8ToolbarIEToolbar.dll
O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSSystem32hkcmd.exe
O4 - HKLM..Run: [RecoverFromReboo] C:WINDOWSTempRECOVE~1.EXE
O4 - HKLM..Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:Program FilesGoogleGmail NotifierG001-1.0.25.0gnotify.exe
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKLM..Run: [iTunesHelper] C:Program FilesiTunesiTunesHelper.exe
O4 - HKLM..Run: [AVG8_TRAY] "c:documents and settingsall users_qbothome_qbotinj.exe" "c:documents and settingsall users_qbothome_qbot.dll" /c c:progra~1avgavg8avgtray.exe
O4 - HKLM..Run: [net] "C:WINDOWSsystem32net.net"
O4 - HKLM..Run: [19896874] C:Documents and SettingsAll UsersApplication Data1989687419896874.exe
O4 - HKLM..Run: [99906866] C:Documents and SettingsAll UsersApplication Data9990686699906866.exe
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [net] "C:WINDOWSsystem32net.net"
O4 - HKLM..PoliciesExplorerRun: [homepage.monitor.exe] C:Program FilesstrCodecisamonitor.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O4 - Global Startup: Photo Loader supervisory.lnk = C:Program FilesCASIOPhoto LoaderPlauto.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:Program FilesAIM ToolbarAIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:Program FilesAOL Toolbartoolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Viewpoint Search - res://C:Program FilesViewpointViewpoint ToolbarViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:WINDOWSsystem32GPhotos.scr/200
O17 - HKLMSystemCCSServicesTcpip..{F5E0F5E9-2CAC-46E9-8ACB-65E54856F36B}: NameServer = 85.255.112.185,85.255.112.193
O17 - HKLMSystemCS1ServicesTcpipParameters: NameServer = 85.255.112.185,85.255.112.193
O17 - HKLMSystemCS2ServicesTcpipParameters: NameServer = 85.255.112.185,85.255.112.193
O17 - HKLMSystemCCSServicesTcpipParameters: NameServer = 85.255.112.185,85.255.112.193
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program FilesAVGAVG8avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:WINDOWSSYSTEM32avgrsstx.dll
O22 - SharedTaskScheduler: rtasgvfu76ew8ndkfno94 - {D76AB2A1-00F3-42BD-F434-00BBC39C8953} - C:WINDOWSsystem32sdcvddd.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:PROGRA~1AVGAVG8avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:PROGRA~1AVGAVG8avgwdsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:Program FilesDellSupportbrkrsvc.exe
O23 - Service: getPlusŪ Helper - NOS Microsystems Ltd. - C:Program FilesNOSbingetPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:Program FilesViewpointCommonViewpointService.exe

--
End of file - 5537 bytes



I sincerely appreciate any help. I've already scanned several times with AVG. I've been careful not to delete anything. Nothing I try seems to fix this. I'm desperate.

Going CRAZY.... "system security" immediately makes my desktop black, I can't open up the task manager to start ending all the crazy processes, I can't open up Firefox, I can't do a system restore. I can't do anything. I need help! :thumbup2:

~Laura

Merged topics then posts. ~ OB

Edited by Orange Blossom, 09 July 2009 - 09:58 PM.


BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:09 AM

Posted 10 July 2009 - 12:32 PM

Hello Laura,


Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.

****************


Please download Malwarebytes' Anti-Malware from one of these places:
http://download.cnet.com/Malwarebytes-Anti...&tag=button
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/mbam/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Full Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:09 AM

Posted 19 July 2009 - 12:47 AM

Due to inactivity, this thread will now be closed.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users