Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HijackThis log plus known problems (Any help appreciated)

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

HijackThis log plus known problems (Any help appreciated)

Unread postby pheyos » October 31st, 2009, 4:55 am

Thank you very much for any help. It is much appreciated.

Known problems with my computer: Google links are hijacked in IE if clicked on (right click and opening in a new tab works still), .exe files will not open (but I can download and run them from IE), and downloads need to be double-clicked to start in Firefox.

I have run virus scans with multiple programs, but have not been able to remove them all. When I ran HijackThis it warned me it was denied access to Hosts file, and that edits may have to be done manually.

Thank you for your time.

------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:32:55 AM, on 10/31/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\BUFFALO\SLManagerEasy\Bufssvr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\BUFFALO\SLManagerEasy\Inputps.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Rohit Karnik\My Documents\Downloads\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.starbarsearch.com/?useie5=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.starbarsearch.com/?useie5=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [imjpmig] "C:\IME\IMJP\imjpmig.exe" /RemAdvDef /AIMEREG /Migration /SetPreload
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.aumha.org
O15 - Trusted Zone: http://download.bleepingcomputer.com
O15 - Trusted Zone: *.deviantart.com
O15 - Trusted Zone: *.gigenet.com
O15 - Trusted Zone: http://www.java.com
O15 - Trusted Zone: http://www.malwarebytes.org
O15 - Trusted Zone: *.sprintpcs.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 3971243306
O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O20 - Winlogon Notify: awtrPiiG - awtrPiiG.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bufssvr - BUFFALO INC. - C:\Program Files\BUFFALO\SLManagerEasy\Bufssvr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8616 bytes
pheyos
Active Member
 
Posts: 7
Joined: October 28th, 2009, 12:54 am
Advertisement
Register to Remove

Re: HijackThis log plus known problems (Any help appreciated)

Unread postby MWR 3 day Mod » November 4th, 2009, 3:45 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: HijackThis log plus known problems (Any help appreciated)

Unread postby turtledove » November 6th, 2009, 2:31 am

Hello pheyos and welcome to the forums :)

I am turtledove, and will be assisting you with your log.
If you still need assistance, please do the following:

*Print all instructions or Copy to Notepad for reference.
*Please note, unless I'm notified ahead of time, this topic will close if there is not a response in 3 Days.
*Place a link to this thread in your Favorites/Bookmarks for easily returning here.
*Please respond until I give the all clear, as absence of symptoms does NOT always mean Clean.
*Please do not run any other tools/scans unless requested*
**Please be sure you have read the Notice about Peer to Peer File Sharing Programs at the top of this forum**
Link: http://www.malwareremoval.com/forum/viewtopic.php?f=11&t=33112
*If you can do the above all should go well.

**As I am an Undergrad, my responses will be approved by an Expert/Teacher before I post to you; therefore it may take a tad bit more time to reply.
Thanks for your patience.


Since it has been some time since your above post, please post the following logs. I will go over the new logs and return as soon as possible.

Step 1
Please make an Uninstall list :
To access the Uninstall Manager, please do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad here on your next reply.

Step 2
Rerun HijackThis and Save the log.

Post the New HijackThis and the Uninstall list using the Reply button.

Thank you
turtledove
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: HijackThis log plus known problems (Any help appreciated)

Unread postby pheyos » November 6th, 2009, 3:31 pm

Hi turtledove,

Thank you for your reply. Unfortunately, since my 72 hour forum post my computer has given me the Blue Screen of Death upon startup. I cannot start the computer in any of the safe modes either. If there's a way around this, please let me know. Thank you for your help.

pheyos
pheyos
Active Member
 
Posts: 7
Joined: October 28th, 2009, 12:54 am

Re: HijackThis log plus known problems (Any help appreciated)

Unread postby turtledove » November 6th, 2009, 10:36 pm

Hello pheyos,

Thank you for letting me know. I will advise as soon as possible.

turtledove
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: HijackThis log plus known problems (Any help appreciated)

Unread postby turtledove » November 7th, 2009, 4:32 pm

Hello pheyos,

Can you tell me what error message or code the BSOD states?
Was Last Known Good Configuration tried?
And let me me know if you have XP disks or can borrow one, same version as yours please.
We will go from there.

Thank you

TD
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: HijackThis log plus known problems (Any help appreciated)

Unread postby pheyos » November 9th, 2009, 1:20 am

Hi turtledove,

The error reads: 0X0000007E (0XC0000005, 0X8A89948B, 0XBA4CAC50, OXBA4CA94C)

I do not have any startup cds for this computer (bought it used, never got the cds). I'll try to find some to borrow.

I did try the Last Known Good Configuration option, but it didn't start up either.

Thank you for your continued help.

pheyos
pheyos
Active Member
 
Posts: 7
Joined: October 28th, 2009, 12:54 am

Re: HijackThis log plus known problems (Any help appreciated)

Unread postby turtledove » November 9th, 2009, 12:30 pm

Hello pheyos,

Thank you. Could you let me know all information on the BSOD and is it always the same code?
When borrowing a disk, remember it must have the same version your computer came with including Service Pack or no Service Pack if yours didn't.
Also, does the Computer case have the product Key sticker on in?
Meanwhile, checking out information on the error. Also, what Brand is the Computer? Is it an Intel or AMD motherboard? We may have a case of driver or application conflict.
If you try, several reboots into normal mode, will it eventually boot up? If so try the steps to run the RSIT Scan I gave in above post.
Thanks

TD
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: HijackThis log plus known problems (Any help appreciated)

Unread postby pheyos » November 11th, 2009, 12:34 am

Hi turtledove,

Thank you for your continued work on this. I am unable to find any cds to borrow (everyone is running Vista or a Mac around here). The computer is a Dell, running an Intel Celeron, and it has a product key on the bottom.

It will not start up after repeated tries, and the BSOD gives the same code:

Technical information:
*** STOP: 0X0000007E (0XC0000005,0X8A89948B,0XBA4CAC50,0XBA4CA94C)

The screen lets me know a problem has been detected and Windows has been shut down to prevent damage. If this is the first time I've seen this screen, follow some steps. Check disk space, check a driver if the error message identifies one. Check with the hardware vendor for BIOS updates, disable BIOS memory options like caching, start in Safe mode if I need to remove components.

Thank you again for your help.
pheyos
Active Member
 
Posts: 7
Joined: October 28th, 2009, 12:54 am

Re: HijackThis log plus known problems (Any help appreciated)

Unread postby turtledove » November 11th, 2009, 6:26 pm

Hello pheyos,

Thanks for the information and you're very welcome.

Unfortunately, you need to take your computer to a local respected repair, or purchase XP. Without the disk, we can not start a repair.
I would check around, depending on your computer's age, you may be able to get XP or Vista. That is the best advice in your situation.

I would advise watching financial accounts if used online; since we do not know the infections you have. From a known clean computer change ALL Usernames/Passwords to be safe.

Let me know you've read this and can close this topic.

Stay Safe

TD
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: HijackThis log plus known problems (Any help appreciated)

Unread postby pheyos » November 13th, 2009, 2:37 am

Hi turtledove,

Thank you for all the help you've provided. I've gone and changed my passwords and inspected my accounts.

I'll continue checking around to see if I can locate a startup CD. The computer has had a good run, and maybe it's time to think of upgrading.

If I do go for a new computer, is there a forum here or another site you could recommend where I could discuss anti-virus/firewall options, and browser security setup?

Thanks again and I wish you luck with your training.

pheyos
pheyos
Active Member
 
Posts: 7
Joined: October 28th, 2009, 12:54 am

Re: HijackThis log plus known problems (Any help appreciated)

Unread postby turtledove » November 13th, 2009, 5:01 am

Hello pheyos, your are welcome.

For setting up your computer, be it a fresh XP install or upgrade, the best place would be one of the following sites. Bear in mind, many opinions abound about which Anti Virus and Firewall are best. The choice needs to be based on your ease of use of an item chosen, as well as cost. Links are in my signature to what I use personally. But do check to see which will suit your need for ease in Anti Virus and a 2 way firewall.
Sites:

http://forums.whatthetech.com/forums.html
or
http://www.bleepingcomputer.com/forums/

Hope that helps. Let me know you are done here, and we will close the topic.
Best in the future and surf safe.
Thank you for the good wishes as well.
turtledove
:)
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: HijackThis log plus known problems (Any help appreciated)

Unread postby pheyos » November 14th, 2009, 6:52 pm

Hi turtledove,

Thank you for your recommendations. I am done for now. Good luck with your future saves!

pheyos
pheyos
Active Member
 
Posts: 7
Joined: October 28th, 2009, 12:54 am

Re: HijackThis log plus known problems (Any help appreciated)

Unread postby chryssi2001 » November 15th, 2009, 2:30 pm

Since we have done all we can, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 50 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware