Posted: 9/12/2007 5:50:27 PM EDT
|
A friend got bit badly surfing the net on an unprotected home PC. I'm trying to clean it up for her, and have downloaded AVG and gotten rid of a handful of viri. However, she's still getting a lot of pop ups and such. I downloaded the Yahoo spyware program, but it won't run. Nothing happens when the 'run'. selection is clicked. I've tried to download spybot S&D and Ad-Aware. but as soon as they beging to download, I get a ' error - internet explorer must close' message and cant complete the download. Hijackthis appears to identify a whole bunch of stuff as potential malware, and I'm hesitant to start 'fixing' stuff that might not be a problem. Ideas? Thanks, TT |
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:55:26 PM, on 9/12/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe C:\Program Files\Common Files\WinAntiSpyware 2007\was7cw.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\SYSTEM32\lndsrngo.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\alg.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\SmVhbiBEYXk\command.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\WINDOWS\System32\hlhvnpsb.exe C:\Program Files\Network Monitor\netmon.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\WINDOWS\System32\nwinomdt.exe C:\Program Files\Yahoo!\YPSR\ypsr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {0F9B93A6-25E8-4C13-A118-8C02424D7EEA} - C:\WINDOWS\System32\vtutu.dll (file missing) O2 - BHO: (no name) - {6E9AE97B-3307-470C-AF81-B1A9E691A237} - C:\WINDOWS\System32\pmkhi.dll (file missing) O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\System32\uxtbgjho.dll (file missing) O2 - BHO: (no name) - {E9BD0828-1FD9-410C-A50F-43EBE65D310F} - C:\WINDOWS\System32\ddcbcbx.dll (file missing) O2 - BHO: (no name) - {F93C5BFF-16F9-4DC5-B78C-EC46F896EE56} - C:\Program Files\Install Provider\InstallProvider.dll O2 - BHO: 0 - {FD3F9344-8AFA-4C0A-32AE-48AA9770362A} - C:\Program Files\Messenger\labumuz.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &InstallProvider Search Toolbar - {A9344DE7-59F2-40F8-9AE7-C203B67444DA} - C:\Program Files\Install Provider\InstallProvider.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [howyjovum] C:\Program Files\XEROX\howyjovum22011.exe O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe" O4 - HKLM\..\Run: [was7cw] C:\Program Files\Common Files\WinAntiSpyware 2007\was7cw.exe -c O4 - HKLM\..\Run: [updated] "C:\Program Files\Common Files\Update\updated.exe" -c -product=wa7p O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\System32\gjrhiijj.dll",forkonce O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\System32\nwinomdt.exe CHD003 O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [{95-56-6D-D1-ZN}] C:\WINDOWS\SYSTEM32\lndsrngo.exe CHD003 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [dgsetup] C:\WINDOWS\System32\dgsetup.exe O4 - HKCU\..\Run: [PopularScreensaversWallpaper] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\F3SCRCTR.DLL,LES O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Startup: TA_Start.lnk = C:\WINDOWS\SYSTEM32\lndsrngo.exe O4 - Startup: Think-Adz.lnk = C:\WINDOWS\SYSTEM32\nwinomdt.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029AJUS_ZBxdm046YYUS O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O12 - Plugin for .tiff: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O15 - Trusted Zone: *.amaena.com O15 - Trusted Zone: *.drivecleaner.com O15 - Trusted Zone: *.errorprotector.com O15 - Trusted Zone: *.errorsafe.com O15 - Trusted Zone: *.imageservr.com O15 - Trusted Zone: *.imagesrvr.com O15 - Trusted Zone: *.systemdoctor.com O15 - Trusted Zone: *.winantispyware.com O15 - Trusted Zone: *.winantivirus.com O15 - Trusted Zone: *.winfixer.com O15 - Trusted Zone: *.amaena.com (HKLM) O15 - Trusted Zone: *.drivecleaner.com (HKLM) O15 - Trusted Zone: *.errorprotector.com (HKLM) O15 - Trusted Zone: *.errorsafe.com (HKLM) O15 - Trusted Zone: *.imageservr.com (HKLM) O15 - Trusted Zone: *.imagesrvr.com (HKLM) O15 - Trusted Zone: *.systemdoctor.com (HKLM) O15 - Trusted Zone: *.winantispyware.com (HKLM) O15 - Trusted Zone: *.winantivirus.com (HKLM) O15 - Trusted Zone: *.winfixer.com (HKLM) O16 - DPF: DigiChat Applet - http://fanclubchat.musictoday.com/DigiChat/DigiClasses/Client_IE.cab O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} (SmartAccess Ctl Class) - https://install.charter.com/diskless/bin/ssctlsma.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.drivecleaner.com/installdrivecleanerstart.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133742883619 O20 - Winlogon Notify: ddcbcbx - ddcbcbx.dll (file missing) O20 - Winlogon Notify: pmkhi - C:\WINDOWS\System32\pmkhi.dll (file missing) O20 - Winlogon Notify: vtutu - C:\WINDOWS\System32\vtutu.dll (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: DomainService - - C:\WINDOWS\System32\hlhvnpsb.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 11251 bytes |
|
Sounds like there's a possibility for more than just spyware. Unless there is some very important information on the computer that must keep from being reformated from the operating system disc and starting fresh than reformate it. Than after loading all the drivers, needed software,(like virus protection) and Windows updates, go to Download.com first thing and download Ad-Aware, Spybot, Window Defender Beta, SpywareBlaster and Hijack This. Windows should provide firewall protection, but if not than get some. |
|
You have Winantispyware\winfixer\winantivirus2007 and you also got the Vundo. I deal with those on a daily basis at work. 10 infected computers a week with those alone. 1. Download AVG antispyware. 30 day trial. It is perhaps the best at this time. if more needs to be done - Rogue Remover will kill Winantispyware RogueRemover VundoFix will kill off the Vundos VundoFix Also make sure you shut off System Restore before running the antivirus program. Crap hides in there all the time. Shut it off and reboot then scan with av. Install the other programs but run in safe mode. |
Keep this
Delete/remove/turn off the rest of that crap |
Helped tremendously. Thank you. |
|
Nothing on this planet can surpass PREVX 2.0 I'm a sysadmin for a big company and let me tell you, PREVX 2.0 is the best spyware prevention and cleanup tool bar none. A mod on here used it and thanked me for showing him PREVX. I'll just come out and say I bootleg/pir8 all software but this GEM? I purchased. Straight up. www.prevx.com/  You'll thank me later. Class dismissed. |
+1; If you have to use Windows, don't use IE unless you HAVE to. Firefox, Opera, Safari - something beside IE.
Funny how you always hear about "Format teh harddrive if you want Windows to work better  ". It's like Jim Gaffigan telling you stick a hot pocket in a toilet. I've never had to format a Linux computer because it got bogged down with crap. OTOH - *nix is actually a pretty secure operating system
|
good grief, don't follow this advice about deleting all the other stuff  we have a urbancommandoes forum FOR A REASON
|
I just purchased PREVX, and I'll give it a try.. Thanks for the heads up! 
|
It's the only way to be sure. You are never going to restore that system to trusted status (would you use your credit card on it?) with any anti- software. Firefox isn't 100%, but it is less of a target than IE. It's the only thing we surf with at home. I've switched my old desktop over to Ubuntu Linux (Feisty Fawn) and am liking it. The setup was easier than ANY Windows install I've ever done. BSW |
I know I sound like posting commercial but if anything could restore a system to trusdted status... PREVX baby. One of these days I'll do some charity work and run PREVX on a totally fubared machine to see how well it cleans it up. |
| in the future dont buy a windows based pc buy a mac or something... or have one build with linux or unix.been on both most of my life and mac has never givn me any trouble. None what so ever. Doesnt have to be a mac but any thing but windows!!!!!!!windows is the anichrist |