Viruses, Spyware and...

Viruses, Spyware and other Nasties RSS

Browser Redirects, Locked out of Task Manager; Errors Abound

Thread Solved

•

Join Date: Jun 2004

Posts: 41

Reputation: qt 3.14159 is an unknown quantity at this point

Solved Threads: 1

qt 3.14159 qt 3.14159 is offline

Offline

Light Poster

Browser Redirects, Locked out of Task Manager; Errors Abound

Jan 13th, 2009

Hi, I have a user whose machine I am trying to clean up. I've been locked out of task manager, so I can't kill any processes. When you try to access the file system, it will open a browser window that directs you to real-av.org, however none of the real-av files seemed to be installed... yet... at least not with those names.

Can anyone offer any advice? Thanks!

$Logfile of HijackThis v1.99.1 Scan saved at 9:44:37 AM, on 1/13/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\OU-VPN\OU-VPN Client\cvpnd.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\ViewMate Wireless Mouse MW407\MOffice.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\ViewMate Wireless Mouse MW407\MOUSE32A.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe C:\WINDOWS\system32\mmc.exe C:\Documents and Settings\dick0390\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.ou.edu/[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://www.ou.edu[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [url]http://fin.ou.edu/[/url] F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\userints.exe, O2 - BHO: (no name) - {1C75D560-AFA6-4E61-BE1B-2277041938BF} - C:\WINDOWS\system32\dDstRJdb.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {9218C678-AE88-40FA-BCB0-92D0F190EDDE} - C:\WINDOWS\system32\xxYrOfeF.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\ViewMate Wireless Mouse MW407\MOffice.exe O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\temp\ntdll64.dll O10 - Unknown file in Winsock LSP: c:\windows\temp\ntdll64.dll O11 - Options group: [INTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.ou.edu O15 - Trusted Zone: *.amaena.com O15 - Trusted Zone: *.avsystemcare.com O15 - Trusted Zone: *.onerateld.com O15 - Trusted Zone: *.safetydownload.com O15 - Trusted Zone: *.trustedantivirus.com O15 - Trusted Zone: *.virusschlacht.com O15 - Trusted Zone: *.amaena.com (HKLM) O15 - Trusted Zone: *.avsystemcare.com (HKLM) O15 - Trusted Zone: *.onerateld.com (HKLM) O15 - Trusted Zone: *.safetydownload.com (HKLM) O15 - Trusted Zone: *.trustedantivirus.com (HKLM) O15 - Trusted Zone: *.virusschlacht.com (HKLM) O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - [url]http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB[/url] O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - [url]http://lads.myspace.com/upload/MySpaceUploader1006.cab[/url] O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - [url]http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab[/url] O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1226509054976[/url] O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [url]http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153841470307[/url] O16 - DPF: {79515B71-353D-11D3-AB37-00105ACE45CA} (Decrypt Class) - [url]https://ws2.ost.state.ok.us/wsapp/viewers/checks/swp.cab[/url] O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - [url]http://www.worldwinner.com/games/shared/wwlaunch.cab[/url] O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - [url]http://download-games.pogo.com/online2/pogo/mahjong_escape_ancient_japan/SpinTopGamesLauncher.cab[/url] O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - [url]http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Coupons.cab[/url] O16 - DPF: {9C134253-E8A3-4759-9F98-302B7981922E} (MaxViewer Class) - [url]http://support.scansoft.com/pp/files/np_max.cab[/url] O16 - DPF: {B82FA17C-F3A9-11D2-B5DD-0050041B7FF6} (SAXFile FileDownload ActiveX Control) - [url]https://ws2.ost.state.ok.us/wsapp/viewers/checks/saxfile.cab[/url] O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - [url]http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab[/url] O16 - DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} (JInitiator 1.3.1.22) - [url]https://oas2.ost.state.ok.us/forms/jinitiator/jinit.exe[/url] O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - [url]http://www.adobe.com/products/acrobat/nos/gp.cab[/url] O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - [url]http://zone.msn.com/bingame/popcaploader_v10.cab[/url] O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sooner.net.ou.edu O17 - HKLM\Software\..\Telephony: DomainName = sooner.net.ou.edu O17 - HKLM\System\CCS\Services\Tcpip\..\{88D10980-DA46-4245-B00D-56662658B3B6}: NameServer = 129.15.1.120,129.15.1.121 O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: opnonlIa - opnonlIa.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Unknown owner - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe" -service (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\OU-VPN\OU-VPN Client\cvpnd.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: lmab_device - Lexmark International, Inc. - C:\WINDOWS\system32\LMabcoms.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe$

•

Join Date: Nov 2008

Posts: 34

Reputation: firekid1239 is an unknown quantity at this point

Solved Threads: 5

firekid1239 firekid1239 is offline

Offline

Light Poster

Re: Browser Redirects, Locked out of Task Manager; Errors Abound

Jan 13th, 2009

I would recommend uninstalling Internet explorer (control panel>Add Remove Programs>Windows Components) and installing a browser such as Mozilla Firefox. Since firefox is not hijacked it should help SOME of your problems. Update Spybot to the latest definitions and run a complete scan. Install another adware removal program such as Malwarebytes, update it and run it as well. Then I would download AVG antivirus free edition, update it, and run a full scan. If this does not find most of the problems and fix them I would reccomend reinstalling the system. You could chase individual problems and nuke them one by one, but it would take a lot more time and hassle. In the long run it may just be easier to reinstall.

If there is anything I have missed please forgive me and correct me as well. I read your post and Hijackthis log the best I could.

•

Join Date: Jun 2004

Posts: 41

Reputation: qt 3.14159 is an unknown quantity at this point

Solved Threads: 1

qt 3.14159 qt 3.14159 is offline

Offline

Light Poster

Re: Browser Redirects, Locked out of Task Manager; Errors Abound

Jan 13th, 2009

Thanks for the response, firekid. After reading some of the other posts here I downloaded the Malwarebyte's Anti Malware program and ran it. And it does seem to have fixed the problems. Thanks!

Quick Reply to Thread

Show Printable Version

Other Threads in the Viruses, Spyware and other Nasties Forum

Previous Thread: Security problems - unable to update avg or run hijackthis normally, and redirecting
Next Thread: w32.sality virus problem

Thread Tools	Search this Thread
Show Printable Version Email this Page

DaniWeb Message

Cancel Changes