2 replies to this topic

[WikieWaters]

So after several various cycles of getting and removing viruses, I've hit a wall. Malwarebyte won't run as Mbma.exe gets deleted as soon as it's installed, and neither system restore nor safemode will work.

And thus, here I am with an account.

What am I to do? I know I should be posting a log, but I'm not sure what to post.

Any help would be gratefully appreciated.

Thanks,

[WikieWaters]

Oh, and I am also constantly (about 75% of the time) redirected from all links.

[WikieWaters]

I tried to find an edit button, in order to turn these posts into one post, but it seems I already screwed that up. I apologize for jumping the gun, here is the Hijack this Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:42:30 PM, on 11/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Clearwire\InstaLAN\AffinegyService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\syntplpr .exe
C:\Program Files\Synaptics\SynTP\syntpenh .exe
C:\Program Files\CyberLink\PowerDVD\dvdlauncher .exe
C:\WINDOWS\system32\hkcmd .exe
C:\Program Files\iTunes\ituneshelper .exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm .exe
C:\Program Files\Dell\Media Experience\dmxlauncher .exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_a00fb6d40db .exe
C:\WINDOWS\system32\igfxpers .exe
C:\Documents and Settings\Administrator\rundll32.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\system.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\avp.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mdm.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nvsvc32.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\user.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nyi3je1 .exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nyi3je1 .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\acrotray .exe
C:\Program Files\Adobe\acrotray .exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\notepad.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\win16.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\drweb.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\csrss.exe
C:\Program Files\Windows Live\Messenger\msnmsgr .exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\win32.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\debug.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\notepad.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\notepad.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\notepad.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\notepad.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\notepad.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\notepad.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\notepad.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com...de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O1 - Hosts: ::1 localhost
O1 - Hosts: 209.44.111.57 security.microsoft.com
O1 - Hosts: 209.44.111.57 inetavirus.com
O1 - Hosts: 209.44.111.57 www.inetavirus.com
O2 - BHO: C:\WINDOWS\system32\h5ly4yjp.dll - {B45A4B16-23F2-41AD-F4E4-00AAC39C0004} - C:\WINDOWS\system32\h5ly4yjp.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NACAgentUI] C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [calc] rundll32.exe C:\WINDOWS\system32\calc.dll,_IWMPEvents@0
O4 - HKLM\..\Run: [sagamapiw] Rundll32.exe "c:\windows\system32\fefemisi.dll",a
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarbytes' Anti-Malwaru\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr .exe" /background
O4 - HKCU\..\Run: [A00FB6D40DB.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_A00FB6D40DB.exe
O4 - HKCU\..\Run: [calc] rundll32.exe C:\DOCUME~1\ADMINI~1\ntuser.dll,_IWMPEvents@0
O4 - HKCU\..\Run: [jsh87r3huiehf89esiudgd] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nyi3je1 .exe
O4 - HKCU\..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\avp.exe
O4 - HKCU\..\Run: [A00F24670.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_A00F24670.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: homirohu.dll c:\windows\system32\gohunone.dll c:\windows\system32\fefemisi.dll
O20 - Winlogon Notify: __c00B0BA - C:\WINDOWS\system32\__c00B0BA.dat
O21 - SSODL: fesumojan - {e9bc7059-1461-4884-815e-c2dffdc1777a} - c:\windows\system32\gohunone.dll (file missing)
O21 - SSODL: jevizimoh - {b0ea48d3-dc96-4de1-a678-7e908526c389} - c:\windows\system32\fefemisi.dll
O22 - SharedTaskScheduler: jkshf8a3rudbfa873fudfhbdugf87whjdb - {B45A4B16-23F2-41AD-F4E4-00AAC39C0004} - C:\WINDOWS\system32\h5ly4yjp.dll
O22 - SharedTaskScheduler: mujuzedij - {e9bc7059-1461-4884-815e-c2dffdc1777a} - c:\windows\system32\gohunone.dll (file missing)
O22 - SharedTaskScheduler: mujuzedij - {b0ea48d3-dc96-4de1-a678-7e908526c389} - c:\windows\system32\fefemisi.dll
O23 - Service: AffinegyService - Affinegy Inc - C:\Program Files\Clearwire\InstaLAN\AffinegyService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Cisco NAC Agent (NACAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9401 bytes