Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92374 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] I have problems with my computer and need help


  • This topic is locked This topic is locked
2 replies to this topic

#1 Gordon22

Gordon22

    Authentic Member

  • Authentic Member
  • PipPip
  • 54 posts

Posted 22 November 2009 - 12:24 AM

I have some malware, spyware and other problems on my computer and need help getting rid of them. Any help would be appreciated. I will post a hijackthis log.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:14, on 2009-11-22
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qwest.live.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.mywa...idebar.jsp?p=DE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net?cid=112209
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Qwest
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Comcast Toolbar - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [calc] rundll32.exe C:\WINDOWS\system32\calc.dll,_IWMPEvents@0
O4 - HKLM\..\Run: [yavogonol] Rundll32.exe "c:\windows\system32\danejeto.dll",a
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ComcastAntispyClient] "C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Qwest Live - {EF8ECFCC-681D-4BF2-A249-D2653F39273A} - http://qwest.live.com (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com...OnlineGames.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory....ap/PhtPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory....ap/DigWXMSN.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...808/mcfscan.cab
O20 - AppInit_DLLs: c:\windows\system32\tanuwino.dll c:\windows\system32\fegakaya.dll c:\windows\system32\memazafu.dll c:\windows\system32\gihodisu.dll c:\windows\system32\julolufe.dll c:\windows\system32\zedaduwu.dll c:\windows\system32\wowipumi.dll c:\windows\system32\madubiha.dll c:\windows\system32\yikizafe.dll c:\windows\system32\rekiyegi.dll c:\windows\system32\tujitoyo.dll c:\windows\system32\josanoga.dll c:\windows\system32\rupimuti.dll c:\windows\system32\valedabi.dll c:\windows\system32\jaroduku.dll c:\windows\system32\nololoyu.dll c:\windows\system32\nolayewo.dll c:\windows\system32\rabofefa.dll ketuyeto.dll c:\windows\system32\divutipe.dll c:\windows\system32\fipubedi.dll c:\windows\system32\danejeto.dll
O21 - SSODL: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - (no file)
O21 - SSODL: rutilibew - {8af62da8-e5da-4dd2-a115-150cfbac45d8} - (no file)
O21 - SSODL: lagohelig - {2aa0788f-e84e-4ae5-a1e1-7be5ad1d9a1d} - (no file)
O21 - SSODL: wamukupel - {d96f08fa-ea49-40be-ba68-a03ee11cc016} - (no file)
O21 - SSODL: gapabaged - {f7a8e606-582a-4c8d-815d-e7b4ace1bdc4} - (no file)
O21 - SSODL: resuyewik - {b8339b9e-a8c0-4590-a662-e5bd83852445} - (no file)
O21 - SSODL: mavikulaf - {7643cb2e-b384-4580-b2c5-4ace88350350} - (no file)
O21 - SSODL: vavizuger - {f8add0ae-0611-43c0-ac69-782b6824d569} - (no file)
O21 - SSODL: morihidow - {99674097-c709-497b-a18e-4414b75dbc16} - (no file)
O21 - SSODL: rijuzuyod - {d6bd020e-7e2d-4c0d-8aff-a2424585aa92} - (no file)
O21 - SSODL: lipafozog - {1d1ba5bf-1052-4309-abbb-558c6d9774bc} - c:\windows\system32\danejeto.dll
O22 - SharedTaskScheduler: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - (no file)
O22 - SharedTaskScheduler: kupuhivus - {8af62da8-e5da-4dd2-a115-150cfbac45d8} - (no file)
O22 - SharedTaskScheduler: tokatiluy - {2aa0788f-e84e-4ae5-a1e1-7be5ad1d9a1d} - (no file)
O22 - SharedTaskScheduler: jkshf8a3rudbfa873fudfhbdugf87whjdb - {B45A4B16-23F2-41AD-F4E4-00AAC39C0004} - (no file)
O22 - SharedTaskScheduler: tokatiluy - {d96f08fa-ea49-40be-ba68-a03ee11cc016} - (no file)
O22 - SharedTaskScheduler: tokatiluy - {f7a8e606-582a-4c8d-815d-e7b4ace1bdc4} - (no file)
O22 - SharedTaskScheduler: mujuzedij - {b8339b9e-a8c0-4590-a662-e5bd83852445} - (no file)
O22 - SharedTaskScheduler: tokatiluy - {7643cb2e-b384-4580-b2c5-4ace88350350} - (no file)
O22 - SharedTaskScheduler: tokatiluy - {f8add0ae-0611-43c0-ac69-782b6824d569} - (no file)
O22 - SharedTaskScheduler: jugezatag - {99674097-c709-497b-a18e-4414b75dbc16} - (no file)
O22 - SharedTaskScheduler: gahurihor - {d6bd020e-7e2d-4c0d-8aff-a2424585aa92} - (no file)
O22 - SharedTaskScheduler: gahurihor - {1d1ba5bf-1052-4309-abbb-558c6d9774bc} - c:\windows\system32\danejeto.dll
O23 - Service: Comcast AntiSpyware (AntiSpywareService) - Unknown owner - C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 9390 bytes

    Advertisements

Register to Remove


#2 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 22 November 2009 - 12:51 AM

Hi,

Please do the following:


  • Open HiJackThis
  • Click on Do a system scan only
  • Check the boxes next to ONLY the entries listed below (if still present):


O4 - HKLM\..\Run: [calc] rundll32.exe C:\WINDOWS\system32\calc.dll,_IWMPEvents@0
O4 - HKLM\..\Run: [yavogonol] Rundll32.exe "c:\windows\system32\danejeto.dll",a
O20 - AppInit_DLLs: c:\windows\system32\tanuwino.dll c:\windows\system32\fegakaya.dll c:\windows\system32\memazafu.dll c:\windows\system32\gihodisu.dll c:\windows\system32\julolufe.dll c:\windows\system32\zedaduwu.dll c:\windows\system32\wowipumi.dll c:\windows\system32\madubiha.dll c:\windows\system32\yikizafe.dll c:\windows\system32\rekiyegi.dll c:\windows\system32\tujitoyo.dll c:\windows\system32\josanoga.dll c:\windows\system32\rupimuti.dll c:\windows\system32\valedabi.dll c:\windows\system32\jaroduku.dll c:\windows\system32\nololoyu.dll c:\windows\system32\nolayewo.dll c:\windows\system32\rabofefa.dll ketuyeto.dll c:\windows\system32\divutipe.dll c:\windows\system32\fipubedi.dll c:\windows\system32\danejeto.dll
O21 - SSODL: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - (no file)
O21 - SSODL: rutilibew - {8af62da8-e5da-4dd2-a115-150cfbac45d8} - (no file)
O21 - SSODL: lagohelig - {2aa0788f-e84e-4ae5-a1e1-7be5ad1d9a1d} - (no file)
O21 - SSODL: wamukupel - {d96f08fa-ea49-40be-ba68-a03ee11cc016} - (no file)
O21 - SSODL: gapabaged - {f7a8e606-582a-4c8d-815d-e7b4ace1bdc4} - (no file)
O21 - SSODL: resuyewik - {b8339b9e-a8c0-4590-a662-e5bd83852445} - (no file)
O21 - SSODL: mavikulaf - {7643cb2e-b384-4580-b2c5-4ace88350350} - (no file)
O21 - SSODL: vavizuger - {f8add0ae-0611-43c0-ac69-782b6824d569} - (no file)
O21 - SSODL: morihidow - {99674097-c709-497b-a18e-4414b75dbc16} - (no file)
O21 - SSODL: rijuzuyod - {d6bd020e-7e2d-4c0d-8aff-a2424585aa92} - (no file)
O21 - SSODL: lipafozog - {1d1ba5bf-1052-4309-abbb-558c6d9774bc} - c:\windows\system32\danejeto.dll
O22 - SharedTaskScheduler: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - (no file)
O22 - SharedTaskScheduler: kupuhivus - {8af62da8-e5da-4dd2-a115-150cfbac45d8} - (no file)
O22 - SharedTaskScheduler: tokatiluy - {2aa0788f-e84e-4ae5-a1e1-7be5ad1d9a1d} - (no file)
O22 - SharedTaskScheduler: jkshf8a3rudbfa873fudfhbdugf87whjdb - {B45A4B16-23F2-41AD-F4E4-00AAC39C0004} - (no file)
O22 - SharedTaskScheduler: tokatiluy - {d96f08fa-ea49-40be-ba68-a03ee11cc016} - (no file)
O22 - SharedTaskScheduler: tokatiluy - {f7a8e606-582a-4c8d-815d-e7b4ace1bdc4} - (no file)
O22 - SharedTaskScheduler: mujuzedij - {b8339b9e-a8c0-4590-a662-e5bd83852445} - (no file)
O22 - SharedTaskScheduler: tokatiluy - {7643cb2e-b384-4580-b2c5-4ace88350350} - (no file)
O22 - SharedTaskScheduler: tokatiluy - {f8add0ae-0611-43c0-ac69-782b6824d569} - (no file)
O22 - SharedTaskScheduler: jugezatag - {99674097-c709-497b-a18e-4414b75dbc16} - (no file)
O22 - SharedTaskScheduler: gahurihor - {d6bd020e-7e2d-4c0d-8aff-a2424585aa92} - (no file)
O22 - SharedTaskScheduler: gahurihor - {1d1ba5bf-1052-4309-abbb-558c6d9774bc} - c:\windows\system32\danejeto.dll

  • Close all windows except Hijackthis and click Fix Checked
  • Click Yes when prompted
  • Close HijackThis.


NEXT

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.pif to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT


Posted Image
Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and post it in your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#3 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 30 November 2009 - 06:20 PM

Due to inactivity this topic will be closed. If you need help please start a new thread.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users