Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hijacked IE and Malware Removal


  • Please log in to reply

#1
silverfox712

silverfox712

    New Member

  • Member
  • Pip
  • 4 posts
I followed your instructions and ran all the recommended spyware removal tools. The only one I had a problem with was with the on-line scan Trend Housecall. I received so many pop-up windows that the computer finally locked up. A few clues that might be helpful:
1. right after powerup IE6 goes and attempts to reach http://iesettingsupdate
2. unable to activate Windows firewall settings, are all locked out

Here is a log of Hijack This:
Logfile of HijackThis v1.99.1
Scan saved at 9:05:08 AM, on 9/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr_.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\kybrdff_e9.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\win3206021316363.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\program files\popupwithcast\septpop06apsept.exe
C:\dfndrff_e9.exe
C:\WINDOWS\Duce6.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\sys09316363021.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\win3208131636302.exe
c:\kybrdff_e12.exe
C:\DOCUME~1\Joe\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe
c:\dfndrff_e12.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.fin...siteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://iesettingsupdate/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,bpmbton.exe
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O4 - HKLM\..\Run: [w11f5c83.dll] RUNDLL32.EXE w11f5c83.dll,I2 0028e58b011f5c83
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr_.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [keyboard] c:\\kybrdff_e12.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [win3208131636302] C:\WINDOWS\win3208131636302.exe
O4 - HKLM\..\Run: [win3207213163630] C:\WINDOWS\win3207213163630.exe
O4 - HKLM\..\Run: [win3206021316363] C:\WINDOWS\win3206021316363.exe
O4 - HKLM\..\Run: [vg2juy8g] C:\Program Files\vg2juy8g\vg2juy8g.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [septpop06apsept] C:\program files\popupwithcast\septpop06apsept.exe
O4 - HKLM\..\Run: [Oaydvci] C:\Program Files\Naqtpbl\Ovlf.exe
O4 - HKLM\..\Run: [ms04630213163] C:\WINDOWS\ms04630213163.exe
O4 - HKLM\..\Run: [fahnmyq] C:\WINDOWS\system32\rgoldx.exe r
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKLM\..\Run: [defender] c:\\dfndrff_e12.exe
O4 - HKLM\..\Run: [adstart] "iexplore.exe" "http://iesettingsupdate"
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKLM\..\Run: [sys09316363021] C:\WINDOWS\sys09316363021.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O20 - Winlogon Notify: Explorer - C:\WINDOWS\system32\k4620ejoehoc0.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Si4gVHdhcmRvd3NraQ\command.exe (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Print Spooler Service (SpoolSvc212) - Unknown owner - C:\WINDOWS\system32\cjnr4r4ydfhj.exe
O23 - Service: Service Logon Protocol (SVSLOG) - Unknown owner - C:\WINDOWS\svslogon.exe (file missing)



Here is a log of DLLCompare:
* DLLCompare Log version(1.0.0.127)
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________

C:\WINDOWS\SYSTEM32\rwpcfgex.dll Tue Sep 19 2006 10:00:24p ..S.R 234,519 229.02 K
C:\WINDOWS\SYSTEM32\kqdgkl.dll Tue Sep 19 2006 10:06:38p ..S.R 234,519 229.02 K
C:\WINDOWS\SYSTEM32\ihm32.dll Tue Sep 19 2006 10:17:54p ..S.R 236,160 230.63 K
C:\WINDOWS\SYSTEM32\wsnetmgr.dll Tue Sep 19 2006 10:41:50p ..S.R 236,408 230.87 K
C:\WINDOWS\SYSTEM32\weploc.dll Tue Sep 19 2006 10:22:18p ..S.R 236,160 230.63 K
C:\WINDOWS\SYSTEM32\hp4023~1.dll Sat Sep 23 2006 9:02:50a ..S.R 234,269 228.78 K
C:\WINDOWS\SYSTEM32\mvr4l9~1.dll Tue Sep 19 2006 10:16:38p ..S.R 234,519 229.02 K
C:\WINDOWS\SYSTEM32\j2n2lc~1.dll Tue Sep 19 2006 10:00:24p ..S.R 235,771 230.24 K
C:\WINDOWS\SYSTEM32\m4460e~1.dll Tue Sep 19 2006 10:30:34p ..S.R 236,160 230.63 K
C:\WINDOWS\SYSTEM32\p4p6le~1.dll Tue Sep 19 2006 10:22:18p ..S.R 234,085 228.60 K
C:\WINDOWS\SYSTEM32\k4620e~1.dll Wed Sep 20 2006 10:26:52p ..S.R 236,408 230.87 K
________________________________________________

1,283 items found: 1,283 files (11 H/S), 0 directories.
Total of file sizes: 270,287,986 bytes 257.77 M

Administrator Account = True

--------------------End log---------------------
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP