Trojan Troubles 8 Step Completed w/ 3 Logs

By breezyg · 12 replies
May 5, 2009
  1. I started having trouble with my CPU about two weeks ago. My browser is getting redirected to random, sometimes semi-related, websites after I search on Google. Also, I tried doing a system restore and found I couldn't, it wouldn't let me and it gave no error message, nothing happened when I would click next to start the restore process. In addition, disk defrag will not work either. Any help on how to stop these problems and get everything back to normal would be greatly appreciated!
  2. touch

    touch TS Rookie Posts: 978

    Hello breezyg

    Download the Norton Removal Tool (SymNRT) to your Desktop.
    Once downloaded please close ALL open browsers, also save any work because this may require a restart.

    Go to your desktop and double click on the removal tool and then click Setup.
    Once open Click Next
    Accept the license agreement and click Next
    Type in the letters/numbers that you see into the text box then click Next.
    Then click Next and the tool will start running.
    Once finished restart the PC and run the tool again to ensure everything has been removed.
    Delete Nortonremoval tool from your Desktop.

    Viewpoint is considered foistware and is not needed on your computer.
    Download and unzip to own folder on Desktop -

    Run ViewpointKiller.exe


    Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and will typically cause your computer to crash, and will provide less protection.
    Not more."
    Remove/uninstall from "add/remove programs" in controlpanel:
    Avast or Avira


    Attach new hijackthis log, and tell how things are running ?
  3. breezyg

    breezyg TS Rookie Topic Starter

    Alright, I got rid of Avira, Nortons, and Viewpoint. So far, everything seems to be working alright, my browser hasn't gotten redirected since I've done all that, but we'll see. I ran HJT and posted a new log. Thanks a lot for your help!
  4. touch

    touch TS Rookie Posts: 978

    Sounds good :)

    Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):
    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: E:\WINDOWS\system32\afnoinkdsfe.dll - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - E:\WINDOWS\system32\afnoinkdsfe.dll (file missing)
    O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~4\INetRepl.dll (file missing)
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~4\INetRepl.dll (file missing)
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~4\INetRepl.dll (file missing)
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) –
    O20 - Winlogon Notify: xxywxut - xxywxut.dll (file missing)
    O22 - SharedTaskScheduler: sdfsefsfdvdubgiungfuyd - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - E:\WINDOWS\system32\afnoinkdsfe.dll (file missing)

    Reboot. That´s all.

    If you are getting redirected again, keep me posted.
  5. breezyg

    breezyg TS Rookie Topic Starter

    Ok, I thought I would give it some time and run the anti-virus programs, but my browser is still being hijacked, mostly when searching from google. Sometimes I have to click a link 5 or 6 times before I'm actually directed to the correct website. I re-ran HJT and posted the log.
  6. touch

    touch TS Rookie Posts: 978

    Ok. Please post a combolog ->

    Please download Combofix:

    And save to the desktop.

    Close all other browser windows.

    Please connect all your external hard drive/flash drive before running Combofix, if you have any

    Double-click on the combofix icon found on your desktop.

    Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

    Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post
  7. breezyg

    breezyg TS Rookie Topic Starter

    Ok, I ran ComboFix. Don't worry about the different name on the log file, I saved it too my desktop and renamed it so I would remember what it was.
  8. touch

    touch TS Rookie Posts: 978

    Open notepad and copy/paste the text in the quotebox below into it:
    Name the file as CFScript
    and Save it on the desktop

    Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe.

    Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post

    Do not mouseclick combofix's window whilst it's running. That may cause it to stall
  9. breezyg

    breezyg TS Rookie Topic Starter

    Alright, all finished. It hasn't redirected my browser yet, but we'll see.
  10. touch

    touch TS Rookie Posts: 978

    Clean log.

    Please let Me know if it starts to redirect again
  11. breezyg

    breezyg TS Rookie Topic Starter

    It's still being redirected. I ran avast, superantispyware, and malware bytes and they all came up clean. Unless you have any more suggestions I think I'll probably just do a complete re-format.
  12. touch

    touch TS Rookie Posts: 978

    I suggest you run GooredFix -

    Please download
    and save it to your Desktop. Double-click GooredFix.exe to run it. Select "Find Goored (no fix)" by typing 1 and pressing Enter.
    You will be presented with a log, please attach the contents of that log in your next reply. (It can also be found on your desktop
  13. breezyg

    breezyg TS Rookie Topic Starter

    Ok, just ran GooredFix and attached the log file. Just in case this helps, when I get redirected, it usually happens three or four times before I actually get through to the correct page, and right before I do I always go to I don't know if that tells you anything, but I thought I'd throw it out there.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...