I started having trouble with my CPU about two weeks ago. My browser is getting redirected to random, sometimes semi-related, websites after I search on Google. Also, I tried doing a system restore and found I couldn't, it wouldn't let me and it gave no error message, nothing happened when I would click next to start the restore process. In addition, disk defrag will not work either. Any help on how to stop these problems and get everything back to normal would be greatly appreciated!
Trojan Troubles 8 Step Completed w/ 3 Logs
- Thread starter breezyg
- Start date
- Status
touch
Posts: 976 +0
Hello breezyg
Download the Norton Removal Tool (SymNRT) to your Desktop.
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039
Once downloaded please close ALL open browsers, also save any work because this may require a restart.
Go to your desktop and double click on the removal tool and then click Setup.
Once open Click Next
Accept the license agreement and click Next
Type in the letters/numbers that you see into the text box then click Next.
Then click Next and the tool will start running.
Once finished restart the PC and run the tool again to ensure everything has been removed.
Delete Nortonremoval tool from your Desktop.
Viewpoint is considered foistware and is not needed on your computer.
Download and unzip to own folder on Desktop - http://bellsouthpwp.net/p/r/prprogramsstudios/viewpointkiller.zip
Run ViewpointKiller.exe
Reboot.
Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and will typically cause your computer to crash, and will provide less protection.
Not more."
Remove/uninstall from "add/remove programs" in controlpanel:
Avast or Avira
Reboot.
Attach new hijackthis log, and tell how things are running ?
Download the Norton Removal Tool (SymNRT) to your Desktop.
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039
Once downloaded please close ALL open browsers, also save any work because this may require a restart.
Go to your desktop and double click on the removal tool and then click Setup.
Once open Click Next
Accept the license agreement and click Next
Type in the letters/numbers that you see into the text box then click Next.
Then click Next and the tool will start running.
Once finished restart the PC and run the tool again to ensure everything has been removed.
Delete Nortonremoval tool from your Desktop.
Viewpoint is considered foistware and is not needed on your computer.
Download and unzip to own folder on Desktop - http://bellsouthpwp.net/p/r/prprogramsstudios/viewpointkiller.zip
Run ViewpointKiller.exe
Reboot.
Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and will typically cause your computer to crash, and will provide less protection.
Not more."
Remove/uninstall from "add/remove programs" in controlpanel:
Avast or Avira
Reboot.
Attach new hijackthis log, and tell how things are running ?
touch
Posts: 976 +0
Sounds good 
Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: E:\WINDOWS\system32\afnoinkdsfe.dll - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - E:\WINDOWS\system32\afnoinkdsfe.dll (file missing)
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~4\INetRepl.dll (file missing)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~4\INetRepl.dll (file missing)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~4\INetRepl.dll (file missing)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) –
O20 - Winlogon Notify: xxywxut - xxywxut.dll (file missing)
O22 - SharedTaskScheduler: sdfsefsfdvdubgiungfuyd - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - E:\WINDOWS\system32\afnoinkdsfe.dll (file missing)
Reboot. That´s all.
If you are getting redirected again, keep me posted.
Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: E:\WINDOWS\system32\afnoinkdsfe.dll - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - E:\WINDOWS\system32\afnoinkdsfe.dll (file missing)
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~4\INetRepl.dll (file missing)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~4\INetRepl.dll (file missing)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~4\INetRepl.dll (file missing)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) –
O20 - Winlogon Notify: xxywxut - xxywxut.dll (file missing)
O22 - SharedTaskScheduler: sdfsefsfdvdubgiungfuyd - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - E:\WINDOWS\system32\afnoinkdsfe.dll (file missing)
Reboot. That´s all.
If you are getting redirected again, keep me posted.
Ok, I thought I would give it some time and run the anti-virus programs, but my browser is still being hijacked, mostly when searching from google. Sometimes I have to click a link 5 or 6 times before I'm actually directed to the correct website. I re-ran HJT and posted the log.
touch
Posts: 976 +0
Ok. Please post a combolog ->
Please download Combofix:
http://subs.geekstogo.com/ComboFix.exe
And save to the desktop.
Close all other browser windows.
Please connect all your external hard drive/flash drive before running Combofix, if you have any
Double-click on the combofix icon found on your desktop.
Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.
Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post
Please download Combofix:
http://subs.geekstogo.com/ComboFix.exe
And save to the desktop.
Close all other browser windows.
Please connect all your external hard drive/flash drive before running Combofix, if you have any
Double-click on the combofix icon found on your desktop.
Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.
Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post
touch
Posts: 976 +0
Open notepad and copy/paste the text in the quotebox below into it:
Name the file as CFScript
and Save it on the desktop
http://www.fromsej.saknet.dk/billeder/cfscript.gif
Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe.
Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Name the file as CFScript
and Save it on the desktop
http://www.fromsej.saknet.dk/billeder/cfscript.gif
Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe.
Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
touch
Posts: 976 +0
I suggest you run GooredFix -
Please download http://jpshortstuff.247fixes.com/GooredFix.exe
and save it to your Desktop. Double-click GooredFix.exe to run it. Select "Find Goored (no fix)" by typing 1 and pressing Enter.
You will be presented with a log, please attach the contents of that log in your next reply. (It can also be found on your desktop
Please download http://jpshortstuff.247fixes.com/GooredFix.exe
and save it to your Desktop. Double-click GooredFix.exe to run it. Select "Find Goored (no fix)" by typing 1 and pressing Enter.
You will be presented with a log, please attach the contents of that log in your next reply. (It can also be found on your desktop
Ok, just ran GooredFix and attached the log file. Just in case this helps, when I get redirected, it usually happens three or four times before I actually get through to the correct page, and right before I do I always go to www.google.com/undefined. I don't know if that tells you anything, but I thought I'd throw it out there.
- Status
Similar threads
Latest posts
-
Logitech thinks the computer mouse needs an AI upgrade- Dimitrios replied
-
Gamers are renting out GPU power for AI porn generation in return for Fortnite skins- Squid Surprise replied
-
PlayStation 5 Pro will be bigger, faster, and better using the same CPU
- Squid Surprise replied
-
Intel is finally investigating reports of high-end 13th/14th-gen CPUs causing game crashes
- Squid Surprise replied
-
Fallout TV show secures second season after stellar debut- VitalyT replied
-
Amazon denies reports it started a business just to spy on rivals- Lew Zealand replied
-
Russia-backed hacking group suspected of attack on US water system
- axiomatic13 replied
