943,754 Members | Top Members by Rank

Hardware and Software > Microsoft Windows > Viruses, Spyware and other Nasties > Browser Redirects, Locked out of Task Manager; Errors Abound
Ad:
Permalink
Jan 13th, 2009
0

Browser Redirects, Locked out of Task Manager; Errors Abound

Expand Post »
Hi, I have a user whose machine I am trying to clean up. I've been locked out of task manager, so I can't kill any processes. When you try to access the file system, it will open a browser window that directs you to real-av.org, however none of the real-av files seemed to be installed... yet... at least not with those names.

Can anyone offer any advice? Thanks!

Logfile of HijackThis v1.99.1<br /> Scan saved at 9:44:37 AM, on 1/13/2009<br /> Platform: Windows XP SP3 (WinNT 5.01.2600)<br /> MSIE: Internet Explorer v7.00 (7.00.6000.16762)<br /> <br /> Running processes:<br /> C:\WINDOWS\System32\smss.exe<br /> C:\WINDOWS\system32\winlogon.exe<br /> C:\WINDOWS\system32\services.exe<br /> C:\WINDOWS\system32\lsass.exe<br /> C:\WINDOWS\system32\svchost.exe<br /> C:\WINDOWS\System32\svchost.exe<br /> C:\WINDOWS\system32\spoolsv.exe<br /> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe<br /> C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe<br /> C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe<br /> C:\Program Files\OU-VPN\OU-VPN Client\cvpnd.exe<br /> C:\Program Files\Symantec AntiVirus\DefWatch.exe<br /> C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE<br /> C:\Program Files\Symantec AntiVirus\SavRoam.exe<br /> C:\WINDOWS\Explorer.EXE<br /> C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe<br /> C:\Program Files\Analog Devices\Core\smax4pnp.exe<br /> C:\WINDOWS\system32\hkcmd.exe<br /> C:\WINDOWS\system32\igfxpers.exe<br /> C:\Program Files\ViewMate Wireless Mouse MW407\MOffice.exe<br /> C:\Program Files\Microsoft IntelliType Pro\type32.exe<br /> C:\Program Files\Common Files\Symantec Shared\ccApp.exe<br /> C:\PROGRA~1\SYMANT~1\VPTray.exe<br /> C:\Program Files\iTunes\iTunesHelper.exe<br /> C:\WINDOWS\system32\ctfmon.exe<br /> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe<br /> C:\Program Files\iPod\bin\iPodService.exe<br /> C:\Program Files\ViewMate Wireless Mouse MW407\MOUSE32A.EXE<br /> C:\WINDOWS\system32\svchost.exe<br /> C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe<br /> C:\WINDOWS\system32\mmc.exe<br /> C:\Documents and Settings\dick0390\Desktop\HijackThis.exe<br /> <br /> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.ou.edu/[/url]<br /> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://www.ou.edu[/url]<br /> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]<br /> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]<br /> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]<br /> R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [url]http://fin.ou.edu/[/url]<br /> F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\userints.exe,<br /> O2 - BHO: (no name) - {1C75D560-AFA6-4E61-BE1B-2277041938BF} - C:\WINDOWS\system32\dDstRJdb.dll (file missing)<br /> O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll<br /> O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll<br /> O2 - BHO: (no name) - {9218C678-AE88-40FA-BCB0-92D0F190EDDE} - C:\WINDOWS\system32\xxYrOfeF.dll (file missing)<br /> O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll<br /> O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll<br /> O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll<br /> O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"<br /> O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe<br /> O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe<br /> O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe<br /> O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe<br /> O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\ViewMate Wireless Mouse MW407\MOffice.exe<br /> O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"<br /> O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"<br /> O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe<br /> O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime<br /> O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"<br /> O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"<br /> O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe<br /> O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe<br /> O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000<br /> O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll<br /> O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll<br /> O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL<br /> O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll<br /> O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll<br /> O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)<br /> O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)<br /> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe<br /> O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe<br /> O10 - Unknown file in Winsock LSP: c:\windows\temp\ntdll64.dll<br /> O10 - Unknown file in Winsock LSP: c:\windows\temp\ntdll64.dll<br /> O11 - Options group: [INTERNATIONAL] International*<br /> O14 - IERESET.INF: START_PAGE_URL=http://www.ou.edu<br /> O15 - Trusted Zone: *.amaena.com<br /> O15 - Trusted Zone: *.avsystemcare.com<br /> O15 - Trusted Zone: *.onerateld.com<br /> O15 - Trusted Zone: *.safetydownload.com<br /> O15 - Trusted Zone: *.trustedantivirus.com<br /> O15 - Trusted Zone: *.virusschlacht.com<br /> O15 - Trusted Zone: *.amaena.com (HKLM)<br /> O15 - Trusted Zone: *.avsystemcare.com (HKLM)<br /> O15 - Trusted Zone: *.onerateld.com (HKLM)<br /> O15 - Trusted Zone: *.safetydownload.com (HKLM)<br /> O15 - Trusted Zone: *.trustedantivirus.com (HKLM)<br /> O15 - Trusted Zone: *.virusschlacht.com (HKLM)<br /> O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - [url]http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB[/url]<br /> O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - [url]http://lads.myspace.com/upload/MySpaceUploader1006.cab[/url]<br /> O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - [url]http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab[/url]<br /> O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1226509054976[/url]<br /> O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [url]http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153841470307[/url]<br /> O16 - DPF: {79515B71-353D-11D3-AB37-00105ACE45CA} (Decrypt Class) - [url]https://ws2.ost.state.ok.us/wsapp/viewers/checks/swp.cab[/url]<br /> O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - [url]http://www.worldwinner.com/games/shared/wwlaunch.cab[/url]<br /> O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - [url]http://download-games.pogo.com/online2/pogo/mahjong_escape_ancient_japan/SpinTopGamesLauncher.cab[/url]<br /> O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - [url]http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Coupons.cab[/url]<br /> O16 - DPF: {9C134253-E8A3-4759-9F98-302B7981922E} (MaxViewer Class) - [url]http://support.scansoft.com/pp/files/np_max.cab[/url]<br /> O16 - DPF: {B82FA17C-F3A9-11D2-B5DD-0050041B7FF6} (SAXFile FileDownload ActiveX Control) - [url]https://ws2.ost.state.ok.us/wsapp/viewers/checks/saxfile.cab[/url]<br /> O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - [url]http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab[/url]<br /> O16 - DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} (JInitiator 1.3.1.22) - [url]https://oas2.ost.state.ok.us/forms/jinitiator/jinit.exe[/url]<br /> O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - [url]http://www.adobe.com/products/acrobat/nos/gp.cab[/url]<br /> O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - [url]http://zone.msn.com/bingame/popcaploader_v10.cab[/url]<br /> O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sooner.net.ou.edu<br /> O17 - HKLM\Software\..\Telephony: DomainName = sooner.net.ou.edu<br /> O17 - HKLM\System\CCS\Services\Tcpip\..\{88D10980-DA46-4245-B00D-56662658B3B6}: NameServer = 129.15.1.120,129.15.1.121<br /> O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)<br /> O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll<br /> O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll<br /> O20 - Winlogon Notify: opnonlIa - opnonlIa.dll (file missing)<br /> O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll<br /> O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe<br /> O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Unknown owner - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe" -service (file missing)<br /> O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe<br /> O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe<br /> O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe<br /> O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\OU-VPN\OU-VPN Client\cvpnd.exe<br /> O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe<br /> O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe<br /> O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe<br /> O23 - Service: lmab_device - Lexmark International, Inc. - C:\WINDOWS\system32\LMabcoms.exe<br /> O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe<br /> O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe<br /> O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe<br /> O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
Reputation Points: 21
Solved Threads: 2
Light Poster
qt 3.14159 is offline Offline
41 posts
since Jun 2004
Permalink
Jan 13th, 2009
0

Re: Browser Redirects, Locked out of Task Manager; Errors Abound

I would recommend uninstalling Internet explorer (control panel>Add Remove Programs>Windows Components) and installing a browser such as Mozilla Firefox. Since firefox is not hijacked it should help SOME of your problems. Update Spybot to the latest definitions and run a complete scan. Install another adware removal program such as Malwarebytes, update it and run it as well. Then I would download AVG antivirus free edition, update it, and run a full scan. If this does not find most of the problems and fix them I would reccomend reinstalling the system. You could chase individual problems and nuke them one by one, but it would take a lot more time and hassle. In the long run it may just be easier to reinstall.

If there is anything I have missed please forgive me and correct me as well. I read your post and Hijackthis log the best I could.
Reputation Points: 48
Solved Threads: 5
Light Poster
firekid1239 is offline Offline
36 posts
since Nov 2008
Permalink
Jan 13th, 2009
0

Re: Browser Redirects, Locked out of Task Manager; Errors Abound

Thanks for the response, firekid. After reading some of the other posts here I downloaded the Malwarebyte's Anti Malware program and ran it. And it does seem to have fixed the problems. Thanks!
Reputation Points: 21
Solved Threads: 2
Light Poster
qt 3.14159 is offline Offline
41 posts
since Jun 2004

This thread is solved

Either the thread starter or a moderator has marked this thread as solved. You can most likely trust the responses and answers given. There is most likely no reason for any further responses to be posted here. If you have a related question, please start a new thread in this forum instead.

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: Security problems - unable to update avg or run hijackthis normally, and redirecting
Next Thread in Viruses, Spyware and other Nasties Forum Timeline: w32.sality virus problem





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC