Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help For My Mom


  • This topic is locked This topic is locked
2 replies to this topic

#1 sloanedone

sloanedone

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:59 AM

Posted 01 April 2007 - 08:56 PM

I can usually deal with spyware/virus issues on my own, but my mom is getting constant porn/gambling popups whether she is using a browser or not, and I need some expert help. I had her run spybot and put out a hijack this log. Any help would be appreciated. And it would save her from calling me 29 times a day.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 5:55:48 PM, on 4/1/2007
Platform: Windows XP (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SFA\command.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\{2D1316D2-01C3-1033-0622-991223980001}\Update.exe
C:\DOCUME~1\HP\APPLIC~1\SSTEM~1\nslookup.exe
C:\PROGRA~1\COMMON~1\kmqu\kmqum.exe
C:\Documents and Settings\HP\Application Data\?ppPatch\n?pdb.exe
C:\PROGRA~1\COMMON~1\kmqu\kmqua.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\HP\Local Settings\Temporary Internet Files\Content.IE5\GXA7W1AF\HiJackThis_v2.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {66E5D260-6085-3C51-A34B-68E348E8FACE} - C:\WINDOWS\System32\dlkisqod.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - HKCU\..\Run: [Stlr] "C:\DOCUME~1\HP\APPLIC~1\SSTEM~1\nslookup.exe" -vt yazb
O4 - HKCU\..\Run: [Jygw] "C:\Documents and Settings\HP\Application Data\?ssembly\l?gonui.exe"
O4 - HKCU\..\Run: [kmqu] C:\PROGRA~1\COMMON~1\kmqu\kmqum.exe
O4 - HKCU\..\Run: [Ezo] "C:\Documents and Settings\HP\Application Data\?ppPatch\n?pdb.exe"
O4 - HKCU\..\Policies\Explorer\Run: [{2D1316D2-01C3-1033-0622-991223980001}] "C:\Program Files\Common Files\{2D1316D2-01C3-1033-0622-991223980001}\Update.exe" te-110-12-0000132
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{2D1316D2-01C3-1033-0622-991223980001}] "C:\Program Files\Common Files\{2D1316D2-01C3-1033-0622-991223980001}\Update.exe" te-110-12-0000132 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{2D1316D2-01C3-1033-0622-991223980001}] "C:\Program Files\Common Files\{2D1316D2-01C3-1033-0622-991223980001}\Update.exe" te-110-12-0000132 (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200411...meInstaller.exe
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SFA\command.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 4264 bytes

BC AdBot (Login to Remove)

 


#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 02 April 2007 - 09:14 AM

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.
You are using TrendMicro's HijackThis which is still in the testing process at the moment, so there may be some problems with it. Therefore, please download version 1.99.1 of HijackThis from the following link:
HJT v1.99.1

From your log it appears that you are missing one important program: an antivirus. This is somewhat suicidal in today's digital world. Without one you are at a high-risk of reinfection; while I can try to sort your problem out, if you have no protection, the infections will keep resurfacing.
Here are some great free antivirus programs:
Antivir, Avast!, AVG, Bitdefender Free
Install one of these, then run a full scan, letting it quarantine/delete anything it finds. Let me know if there is anything that it reports but can not remove.

I have noticed that you do not appear to have a firewall installed. This is an essential piece of software that acts as an extra layer of security, which restricts access to your computer from the outside world.
Therefore, please download one of these free firewalls:
Zone Alarm
Kerio
If you would like some more information about firewalls and how to use them effectively, take a look here.

Download Combofix to your Desktop.
Double click combofix.exe
Follow the prompts that are displayed.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt. Post that in your next reply, along with a new HijackThis log.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 11 April 2007 - 03:41 AM

Due to lack of feedback, this topic is now closed.

If you need this topic reopened, please request this by sending me a Personal Message including a link to your thread.
This applies only to the original topic starter.

Everyone else please begin a New Topic.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users