Bad Image Hijack This

Status
Not open for further replies.
Hi, I followed a thread talking about the Bad Image popups which I have on my Dell desktop. I followed the instructions for the HijackThis log and am attaching the logfile. Any one who can help? I loaded AVG v8.5 and have had trouble ever since. Their tech help is pretty poor.
 
Bad Image followup - logs attached

Hi - thanks for the help with this - I followed the 8 step preliminary removal steps and the logs are attached. Besides the pop ups, my AVG antivirus takes on average 5 hours to scan. I have been communicating with AVG and they recommend uninstalling and installing again. Also my kids have used LimeWire in the past but tell me they have uninstalled it. I could not find it on the computer but I did notice some files flashed by during one of the scans. Hopefully it is off and doesn't mess up the fix. thanks again, Nick
 
Also my kids have used LimeWire in the past but tell me they have uninstalled it.

The thing about Tracking Cookies is they are as good as History and I've giving you this information because you need to see it. The names of some of the sites would most likely make your hair stand straight up- it's pretty scary. What you do about it is up to you:

griffin_comerc is also a porn fan and using bit torrent

adam is watching porn movies, going to porn sites and looking for crack keys to pirate programs.

nicholas comerci is also in to the same, along with playing 3D sex games. He also visited.has some 'female' related sites.

'owner', that would be BETH has also had her share of porn visits.

If you want specifics, open the SAS log and look at the Tracking Cookie. You also need to get a cap on those Cookies:

Reset Cookies:
For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

For Firefox: Tools> Options> Privacy> Cookies> CHECK ‘accept Cookies from Sites’> UNCHECK 'accept third party Cookies'> set Cookie removal to keep "until they expire."

I'm not going to handle the malware-that's touch's job, but I can tell you that the system is very badly infected with a multitude of different malware infections. It's entirely possible that only a reformat and reinstall will clear it.

touch, I leave the rest to you.
 
Thanks Bobbye :D

Viewpoint is considered foistware and is not needed on your computer.
Download and unzip to own folder on Desktop - http://bellsouthpwp.net/p/r/prprogramsstudios/viewpointkiller.zip

Run ViewpointKiller.exe

Reboot.

Please download Combofix:
http://subs.geekstogo.com/ComboFix.exe
And save to the desktop.

Open notepad and copy/paste the text in the quotebox below into it:
Name the file as CFScript
and Save it on the desktop

Killall::
Snapshot::
File::
C:\WINDOWS\system32\gesiwoha.dll
c:\windows\system32\zinowile.dll
c:\windows\system32\jorujedi.dll
c:\windows\system32\pakipeku.dll
c:\windows\system32\hakodoso.dll
c:\windows\system32\difebebu.dll
c:\windows\system32\hejiripe.dll
c:\windows\system32\rotoyudo.dll
c:\windows\system32\lumafeta.dll
c:\windows\system32\yenojupa.dll
c:\windows\system32\masavaji.dll
c:\windows\system32\tigisuba.dll
c:\windows\system32\vumefesa.dll
c:\windows\system32\nuzehiwi.dll
c:\windows\system32\libupune.dll

http://www.fromsej.saknet.dk/billeder/cfscript.gif

Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
 
Status
Not open for further replies.
Back