Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

computer restarting, IE pop-ups, malware?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

computer restarting, IE pop-ups, malware?

Unread postby asai » April 6th, 2009, 12:03 pm

I think I have 3 trojans, maybe more but I can't seem to remove them no matter what program I use. This is the log HijackThis gave me:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:56:23 AM, on 4/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
I:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
I:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
I:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
I:\Program Files\Mozilla Firefox 3.1 Beta 1\firefox.exe
I:\PROGRA~1\AVG\AVG8\avgrsx.exe
I:\PROGRA~1\AVG\AVG8\avgemc.exe
I:\PROGRA~1\AVG\AVG8\avgnsx.exe
I:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

O2 - BHO: (no name) - {08e59be6-b5ae-4ec4-845f-934de077faaa} - C:\WINDOWS\system32\difiyulu.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - I:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {E7AE985A-682D-41DF-9E0E-6C7EF8EBC3A4} - C:\WINDOWS\system32\efcYSiIy.dll (file missing)
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinPatrol] I:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [CPMdb67a858] Rundll32.exe "c:\windows\system32\lewazasu.dll",a
O4 - HKLM\..\Run: [d8549bc4] rundll32.exe "C:\WINDOWS\system32\gibuyata.dll",b
O4 - HKLM\..\Run: [seyaredawe] Rundll32.exe "C:\WINDOWS\system32\dahurawa.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] I:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - I:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: c:\windows\system32\jidogiwi.dll c:\windows\system32\lewazasu.dll,C:\WINDOWS\system32\tazobogi.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: urqrOfdC - urqrOfdC.dll (file missing)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\lewazasu.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\lewazasu.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - I:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - I:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

--
End of file - 3863 bytes


The 3 things I think are bad are lewazasu, gibuyata and dahurawa. Whenver I go browsing my drives (through folders, etc) my computer automatically resets, so I can't get in there to try to find anything manually. When I use msconfig to try to remove them from startup, they automatically get back on the list somehow. Please help!
asai
Active Member
 
Posts: 3
Joined: April 6th, 2009, 11:58 am
Advertisement
Register to Remove

Re: computer restarting, IE pop-ups, malware?

Unread postby Bv202 » April 7th, 2009, 3:59 am

Welcome to Malware Removal!
My name is Bjorn, known as Bv202 on this forum and I'll be happy to assist you with all your malware problems you have on your computer.

Before we start fixing your computer, there are a few points you need to know:
  • Please don't start a new topic, but reply on this one.
  • If you don't understand something, please ask!
  • If you find any new problems and/or details, please post them!
  • Please always try to reply within 5 days. If you know you won't be able to reply for any reason, please tell me so we don't close your thread.
  • As I'm still in training here at Malware Removal, all my posts needs to be checked by an expert first.

Remember: absence of symptoms does not mean your computer is clean!!
Please reply to this topic until I say your computer is clean.

I'm now researching your log. Once it's done, I'll be back to you.

In the meantime, please do this:
  • Open HijackThis.
  • Look under System tools.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please copy and paste the contents of this log in your next reply.
Bv202
Regular Member
 
Posts: 1732
Joined: May 3rd, 2008, 10:46 am
Location: Belgium (GMT +1)

Re: computer restarting, IE pop-ups, malware?

Unread postby Bv202 » April 7th, 2009, 5:37 am

Hi asai

That's right; these files are bad :)

Download and run Combofix
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here.
You should disable: Winpatrol, Spybot S&D Teatimer and AVG8.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
Bv202
Regular Member
 
Posts: 1732
Joined: May 3rd, 2008, 10:46 am
Location: Belgium (GMT +1)

Re: computer restarting, IE pop-ups, malware?

Unread postby asai » April 8th, 2009, 12:01 pm

Thanks for the help, I managed to get everything cleared up with this! :cheers:
asai
Active Member
 
Posts: 3
Joined: April 6th, 2009, 11:58 am

Re: computer restarting, IE pop-ups, malware?

Unread postby Bv202 » April 9th, 2009, 4:54 am

Hi asai

Please read this again:
Remember: absence of symptoms does not mean your computer is clean!!

In many cases, the infection is not fully removed. Please post back the c:\combofix.txt logfile so I can check if there are still infections in there :)
Bv202
Regular Member
 
Posts: 1732
Joined: May 3rd, 2008, 10:46 am
Location: Belgium (GMT +1)

Re: computer restarting, IE pop-ups, malware?

Unread postby Bv202 » April 12th, 2009, 4:35 am

Hi asai

It's been 3 days since my last post. Do you still require help? If not, please tell us so we can close the thread.

If you fail to reply within 2 days, we'll need to archive this thread.
Bv202
Regular Member
 
Posts: 1732
Joined: May 3rd, 2008, 10:46 am
Location: Belgium (GMT +1)

Re: computer restarting, IE pop-ups, malware?

Unread postby asai » April 13th, 2009, 12:52 am

You may close the thread. Thanks again! =)
asai
Active Member
 
Posts: 3
Joined: April 6th, 2009, 11:58 am
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 65 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware