Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

JUST ADS SAYING "YOUR PRIVACY DATA IS IN DANGER"

Started by sodmoneyboy , Apr 03 2008 04:25 PM

  • Please log in to reply

#1
sodmoneyboy
Posted 03 April 2008 - 04:25 PM

sodmoneyboy

    New Member

  • Member
  • Pip
  • 5 posts
HONESTLY I'VE TRIED ALL THE SPYWARE, MALWARE, ADWARE PROGRAMS THERE IS!!!!!!!!!!!!!!!!! I JUST :)

But Yes it says this on ADVERTISEMENTS not my desktop it hasnt gotten that bad YET, I see these type of advertisements on GOOD sites such as myspace.com, youtube.com various forums and basically any other blog sites mainly. And whats worse, I know myspace doesn't advertise ads like this but RARELY a add of "CLICK HERE MEET SINGLES NOW" with women dancing in their panties flashing around with the most ANNOYING SONG PLAYING!!!!!!!!!!! its properties say its redirecting to singlesnet.com

Anyways heres the HIJACK THIS LOG, I WILL POST ANOTHER THATS SMARTFRAUD FIX!!!!!!!!!!!



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:24:52 PM, on 4/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker.exe
C:\Program Files\Common Files\AOL\1205137941\ee\aolsoftware.exe
c:\program files\common files\aol\1205137941\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1205137941\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: (no name) - {814E1FEA-6D4F-45C6-AD8D-4EB97114F813} - (no file)
O2 - BHO: {904ee72f-56c0-411a-ffc4-66235896a65b} - {b56a6985-3266-4cff-a114-0c65f27ee409} - C:\WINDOWS\system32\lhqfpawq.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [SystemGuardAlerter] SystemGuardAlerter.exe
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [9c2a6a35] rundll32.exe "C:\WINDOWS\system32\baosudiu.dll",b
O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
O4 - HKLM\..\Run: [BM9f1959a9] Rundll32.exe "C:\WINDOWS\system32\guloksuy.dll",s
O4 - HKCU\..\Run: [System Mechanic Popup Blocker] "C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker.exe"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: desktop(2).ini
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: desktop(2).ini
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Popup Blocker - Add to Black List - C:\Program Files\iolo\Common\Lib\AddToPSBlackList.htm
O8 - Extra context menu item: Popup Blocker - Add to White List - C:\Program Files\iolo\Common\Lib\AddToPSWhiteList.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc...oad/ppcwebi.cab
O20 - Winlogon Notify: mljjiji - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 4917 bytes
  • 0

Advertisements

#2
sodmoneyboy
Posted 03 April 2008 - 04:31 PM

sodmoneyboy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
I cant upload the smartfraudfix its outdated.........
  • 0

#3
kahdah
Posted 03 April 2008 - 06:45 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello sodmoneyboy

Welcome to G2Go. :)
=====================
The first thing I will need you to do is to Download this anti-virus program and install it.
This is free.
AVG free
===============
Please also disable Spyware Doctor before Running Combofix.

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#4
sodmoneyboy
Posted 03 April 2008 - 08:28 PM

sodmoneyboy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
ComboFix 08-04-03.2 - Don Corleone 2008-04-03 21:57:20.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.153 [GMT -8:00]
Running from: C:\Documents and Settings\Don Corleone\Desktop\New Era\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
TimedOut: progfile.dat

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM9f1959a9.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\Fonts\'
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\DcadsSocial-uninstall.exe
C:\WINDOWS\system32\fnjgmsnn.dll
C:\WINDOWS\system32\gvorhdwx.dll
C:\WINDOWS\system32\hronicif.ini
C:\WINDOWS\system32\ihlpondf.dll
C:\WINDOWS\system32\jgracakq.dll
C:\WINDOWS\system32\jtakdgws.dll
C:\WINDOWS\system32\jxynsghc.dll
C:\WINDOWS\system32\kduyyjvv.ini
C:\WINDOWS\system32\kiohvoiw.dll
C:\WINDOWS\system32\lxadxhke.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\neotfudm.ini2
C:\WINDOWS\system32\neotfudm.tmp
C:\WINDOWS\system32\oqtwa.ini
C:\WINDOWS\system32\oqtwa.ini2
C:\WINDOWS\system32\rypoefnw.dll
C:\WINDOWS\system32\selktdpe.dll
C:\WINDOWS\system32\swgdkatj.ini
C:\WINDOWS\system32\sysdm.exe
C:\WINDOWS\system32\uidusoab.ini
C:\WINDOWS\system32\urcxgres.dll
C:\WINDOWS\system32\utrutqvx.dll
C:\WINDOWS\system32\vfwbsqro.dll
C:\WINDOWS\system32\vtsqo(2).dll
C:\WINDOWS\system32\wkmrrghg.dll
C:\WINDOWS\system32\wnfeopyr.ini
C:\WINDOWS\system32\xvqturtu.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NWSAPAGENT
-------\Service_NwSapAgent


((((((((((((((((((((((((( Files Created from 2008-03-04 to 2008-04-04 )))))))))))))))))))))))))))))))
.

2008-04-03 21:52 . 2008-04-03 21:52 1,181,022 --a------ C:\WINDOWS\system32\TmpA46251640
2008-04-03 21:26 . 2008-04-03 21:55 <DIR> d-------- C:\Documents and Settings\Don Corleone\Application Data\AVG7
2008-04-03 21:25 . 2008-04-03 21:25 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-03 21:25 . 2008-04-03 21:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-03 21:25 . 2008-04-03 21:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-04-03 18:29 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-03 18:29 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-03 18:29 . 2008-03-28 23:19 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-03 18:29 . 2008-03-26 08:50 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-03 18:29 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-03 18:29 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-03 18:29 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-03 18:24 . 2008-04-03 18:24 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-03 00:41 . 2008-04-03 00:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-03 00:41 . 2008-04-03 00:41 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-02 04:46 . 2008-04-02 04:46 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-02 04:46 . 2008-04-02 04:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-31 23:01 . 2008-03-31 23:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-03-31 23:00 . 2008-03-31 23:04 <DIR> d-------- C:\Program Files\AIM6
2008-03-29 12:04 . 2008-04-01 11:54 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-03-29 12:04 . 2007-04-19 15:18 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-03-29 12:04 . 2007-04-19 15:18 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-03-29 12:04 . 2007-04-19 15:18 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-03-29 12:04 . 2007-04-19 15:18 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2008-03-29 12:04 . 2007-04-19 15:18 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-03-24 11:21 . 2008-03-29 12:13 <DIR> d-------- C:\Program Files\Azureus
2008-03-17 05:24 . 2008-03-17 05:24 <DIR> d-------- C:\Program Files\Opera
2008-03-16 16:30 . 2008-03-16 16:31 <DIR> d-------- C:\Perl
2008-03-15 23:59 . 2008-03-15 00:41 1,348,096 ---hs---- C:\WINDOWS\system32\fnapdjxx.ini
2008-03-15 19:12 . 2008-03-15 19:12 <DIR> d-------- C:\Program Files\Antares
2008-03-15 19:04 . 2008-04-03 21:53 <DIR> d-------- C:\Program Files\Antares Audio Technologies
2008-03-15 19:04 . 2003-06-20 12:28 1,777,664 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-03-15 08:46 . 2008-03-29 12:17 <DIR> d-------- C:\Program Files\SpywareGuard
2008-03-14 03:42 . 2008-03-14 03:42 <DIR> d-------- C:\Documents and Settings\Don Corleone\Application Data\Malwarebytes
2008-03-14 03:40 . 2008-03-14 03:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-14 03:15 . 2008-03-14 03:11 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-03-14 03:10 . 2008-03-15 12:20 <DIR> d-------- C:\Documents and Settings\Don Corleone\.housecall6.6
2008-03-14 03:09 . 2008-03-14 03:09 1,346,750 ---hs---- C:\WINDOWS\system32\mludjxyr.tmp
2008-03-14 00:00 . 2008-03-15 12:20 <DIR> d-------- C:\Program Files\Windows Defender
2008-03-13 14:21 . 2008-03-13 14:21 <DIR> d-------- C:\Program Files\ASIO4ALL v2
2008-03-13 14:08 . 2008-03-13 14:08 <DIR> d-------- C:\Program Files\Outsim
2008-03-13 09:01 . 2008-03-17 12:23 598 --a------ C:\WINDOWS\system\CmcnfgU.ini
2008-03-13 08:55 . 2006-09-04 03:54 5,464,064 -ra------ C:\WINDOWS\system\cmcnfgu.cpl
2008-03-13 08:55 . 2006-09-04 03:54 1,414,528 -ra------ C:\WINDOWS\system32\drivers\cmudaxu.sys
2008-03-13 08:55 . 2006-09-04 03:54 917,504 -ra------ C:\WINDOWS\system\cmds3du.dll
2008-03-13 08:55 . 2006-09-04 03:54 712,704 -ra------ C:\WINDOWS\system32\a3dpropu.dll
2008-03-13 08:55 . 2006-09-04 03:54 315,392 -ra------ C:\WINDOWS\system\cmifltr.dll
2008-03-13 08:55 . 2006-09-04 03:54 253,952 -ra------ C:\WINDOWS\system32\cmdrvrmu.exe
2008-03-13 08:55 . 2006-09-04 03:54 98,304 -ra------ C:\WINDOWS\system32\cmudau.dll
2008-03-13 08:55 . 2006-09-04 03:54 61,440 -ra------ C:\WINDOWS\system\cmsnxeye.exe
2008-03-13 08:55 . 2006-09-04 03:54 16,384 -ra------ C:\WINDOWS\system32\cmpropu.dll
2008-03-13 08:55 . 2006-09-29 22:44 4,356 -ra------ C:\WINDOWS\system32\cmdrvrmu.dll
2008-03-13 08:54 . 2008-03-13 08:54 <DIR> d-------- C:\Program Files\C-Media USB Sound
2008-03-13 08:54 . 2006-09-04 03:54 258,048 -ra------ C:\WINDOWS\CmiUSB2Uninstall.exe
2008-03-13 08:54 . 2006-09-04 03:54 44,276 -ra------ C:\WINDOWS\256.bmp
2008-03-13 08:54 . 2006-09-04 03:54 5,632 -ra------ C:\WINDOWS\Thumbs.db
2008-03-13 08:54 . 2006-09-04 03:54 5,123 -ra------ C:\WINDOWS\Cmudau.ini
2008-03-13 08:54 . 2006-09-04 03:54 5,123 -ra------ C:\WINDOWS\Cmudau(1).ini
2008-03-13 07:55 . 2008-03-13 08:01 201 --a------ C:\WINDOWS\MyDrivers.ini
2008-03-12 14:45 . 2003-01-01 00:05 502,878,208 --a------ C:\WINDOWS\MEMORY.DMP
2008-03-12 04:16 . 2008-03-12 04:16 1,291,413 --ahs---- C:\WINDOWS\system32\ufmcbpdt.tmp
2008-03-11 20:03 . 2008-03-31 09:51 2,560 --a------ C:\WINDOWS\system32\drivers\mchInjDrv.sys
2008-03-10 14:46 . 2008-03-11 18:24 1,318,883 --ahs---- C:\WINDOWS\system32\dmvglkxn.ini
2008-03-10 14:18 . 2008-03-11 23:28 <DIR> d-------- C:\Program Files\Pop up Blocker
2008-03-10 14:03 . 2003-01-01 00:12 <DIR> d-------- C:\Program Files\EmailMarketingDirector
2008-03-10 00:34 . 2008-03-10 00:34 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-03-09 23:38 . 2008-03-09 23:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-03-09 23:06 . 2008-03-10 13:55 1,308,281 --ahs---- C:\WINDOWS\system32\hugwyrya.ini
2008-03-09 04:22 . 2005-09-23 06:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-03-08 19:32 . 2008-03-23 18:05 <DIR> d-------- C:\Program Files\MySpace Views Increaser
2008-03-07 18:17 . 2008-03-09 22:45 1,307,810 --ahs---- C:\WINDOWS\system32\henfabgd.ini
2008-03-06 17:37 . 2008-03-06 17:37 <DIR> d-------- C:\Program Files\SongBoost, LLC
2008-03-06 07:11 . 2008-03-06 07:11 4,388 --a------ C:\WINDOWS\smproflt.dll
2008-03-06 07:11 . 2008-03-06 07:11 138 --a------ C:\WINDOWS\smproflt.inf
2008-03-04 15:02 . 2008-03-04 15:02 <DIR> d-------- C:\Documents and Settings\Don Corleone\Application Data\mioObjects
2008-03-04 15:02 . 2008-03-04 15:02 407,047 --a------ C:\WINDOWS\system32\mioengine.exe
2008-03-04 14:59 . 2008-03-04 14:59 96 --a------ C:\WINDOWS\EBrander.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-04 05:53 --------- d-----w C:\Program Files\VSTplugins
2008-04-02 12:45 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-01 07:03 --------- d-----w C:\Program Files\Viewpoint
2008-03-29 20:16 --------- d-----w C:\Program Files\Kaspersky Lab
2008-03-27 19:24 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-24 20:35 --------- d-----w C:\Program Files\Hide IP Platinum
2008-03-24 19:30 --------- d-----w C:\Documents and Settings\Don Corleone\Application Data\Azureus
2008-03-24 10:11 --------- d-----w C:\Program Files\FriendBlasterPro
2008-03-20 06:28 --------- d-----w C:\Program Files\Screwlab
2008-03-20 06:23 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-03-20 06:23 286,720 ------w C:\WINDOWS\Setup1.exe
2008-03-19 22:02 --------- d-----w C:\Program Files\Common Files\AOL
2008-03-15 20:22 --------- d-----w C:\Program Files\Image-Line
2008-03-15 20:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-15 20:20 --------- d-----w C:\Program Files\Ulead Systems
2008-03-12 03:47 --------- d-----w C:\Program Files\FrostWire
2008-03-12 01:30 --------- d-----w C:\Program Files\TuneUp Utilities 2006
2008-03-12 01:30 --------- d-----w C:\Documents and Settings\Don Corleone\Application Data\FrostWire
2008-03-10 08:47 --------- d-----w C:\Documents and Settings\Don Corleone\Application Data\AOL
2008-03-10 08:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-03-10 06:25 --------- d-----w C:\Program Files\Common Files\Kaspersky Lab
2008-03-10 05:46 --------- d-----w C:\Program Files\Open Adder
2008-03-09 22:09 --------- d-----w C:\Program Files\QuickTime
2008-03-09 22:05 --------- d-----w C:\Program Files\America Online 9.0a
2008-03-09 21:57 --------- d-----w C:\Program Files\AOL Toolbar
2008-03-07 05:55 --------- d-----w C:\Program Files\MySpacer
2008-03-04 23:34 --------- d-----w C:\Documents and Settings\Don Corleone\Application Data\AdobeUM
2008-03-01 17:38 --------- d-----w C:\Documents and Settings\Don Corleone\Application Data\LimeWire
2008-02-20 12:32 --------- d-----w C:\Program Files\Mp3
2008-02-18 15:14 --------- d-----w C:\Program Files\Yahoo!
2008-02-08 07:55 --------- d-----w C:\Documents and Settings\Don Corleone\Application Data\Propellerhead Software
2008-02-08 07:17 --------- d-----w C:\Program Files\Propellerhead
2007-12-14 19:29 17,781 ----a-w C:\Program Files\Patch.exe
2006-03-14 20:31 21,376 ----a-w C:\WINDOWS\inf\hopperp.sys
2003-05-09 22:03 88 --sha-w C:\WINDOWS\system32\D0140C9151.sys
2003-05-09 22:03 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2007-12-24 01:06 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b56a6985-3266-4cff-a114-0c65f27ee409}]
C:\WINDOWS\system32\lhqfpawq.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL" [2007-12-24 01:06 267592]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A8FB8EB3-183B-4598-924D-86F0E5E37085}"= C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll [2006-01-24 15:07 220672]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2007-12-24 01:06 267592]

[HKEY_CLASSES_ROOT\clsid\{a8fb8eb3-183b-4598-924d-86f0e5e37085}]
[HKEY_CLASSES_ROOT\PeoplePal Toolbar]
[HKEY_CLASSES_ROOT\TypeLib\{994D628D-4D22-4DB9-B6DB-F7D9F1635817}]
[HKEY_CLASSES_ROOT\PeoplePal Toolbar]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"System Mechanic Popup Blocker"="C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker.exe" [2006-12-20 17:47 752640]
"Aim6"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-10-20 06:40 34904]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-05-07 16:54 99480]
"SystemGuardAlerter"="SystemGuardAlerter.exe" []
"CmUsbSound"="cmcnfgu.cpl" []
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"9c2a6a35"="C:\WINDOWS\system32\baosudiu.dll" [ ]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2008-03-31 13:35 810576]
"BM9f1959a9"="C:\WINDOWS\system32\guloksuy.dll" [ ]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-03 21:25 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-18 17:47 8720384]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-03 21:25 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljjiji]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\PROGRA~1\OBJECT~1\WINDOW~1\fastload.dll 2001-12-20 21:34 24576 C:\PROGRA~1\OBJECT~1\WINDOW~1\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)
"IOLO_SRV"=2 (0x2)
"AOL ACS"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"WinDefend"=2 (0x2)
"TUWinStylerThemeSvc"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.321\\English\\setup.exe"=
"C:\\Program Files\\America Online 9.0a\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1205137941\\ee\\aolsoftware.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 mchInjDrv;madCodeHook DLL injection driver;C:\WINDOWS\system32\Drivers\mchInjDrv.sys [2008-03-31 09:51]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 13:38]
S3 cmudau32;C-Media USB UDA Sound Interface;C:\WINDOWS\system32\drivers\cmudaxu.sys [2006-09-04 03:54]
S3 gwiopm;gwiopm;C:\Program Files\My Drivers\gwiopm.sys []
S3 SNDO763;ViviCam 3350B;C:\WINDOWS\system32\DRIVERS\sndo763.sys [2004-05-12 10:45]
S3 WmaCDriverV32;WmaCDriverV32;C:\WINDOWS\system32\drivers\WmaCDriverV32.sys [2006-09-22 15:36]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f940cb4f-4e7a-11d7-a3cd-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-03-29 01:20:46 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2008-04-02 09:36:03 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-03 22:09:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\AOL\1205137941\ee\aolsoftware.exe
c:\program files\common files\aol\1205137941\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1205137941\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2008-04-03 22:20:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-04 06:20:28
Pre-Run: 2,386,329,600 bytes free
Post-Run: 5,894,778,880 bytes free
.
2008-04-04 06:11:43 --- E O F ---
  • 0

#5
kahdah
Posted 03 April 2008 - 08:31 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Can you please post the Hijackthis log.
  • 0

#6
sodmoneyboy
Posted 03 April 2008 - 08:35 PM

sodmoneyboy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:34:48 PM, on 4/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker.exe
C:\Program Files\Common Files\AOL\1205137941\ee\aolsoftware.exe
c:\program files\common files\aol\1205137941\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1205137941\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: {904ee72f-56c0-411a-ffc4-66235896a65b} - {b56a6985-3266-4cff-a114-0c65f27ee409} - C:\WINDOWS\system32\lhqfpawq.dll (file missing)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [SystemGuardAlerter] SystemGuardAlerter.exe
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [9c2a6a35] rundll32.exe "C:\WINDOWS\system32\baosudiu.dll",b
O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
O4 - HKLM\..\Run: [BM9f1959a9] Rundll32.exe "C:\WINDOWS\system32\guloksuy.dll",s
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [System Mechanic Popup Blocker] "C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: desktop(2).ini
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: desktop(2).ini
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Popup Blocker - Add to Black List - C:\Program Files\iolo\Common\Lib\AddToPSBlackList.htm
O8 - Extra context menu item: Popup Blocker - Add to White List - C:\Program Files\iolo\Common\Lib\AddToPSWhiteList.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc...oad/ppcwebi.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BEE9FF65-BD03-4602-A24C-8249F5B3D7CD}: NameServer = 205.188.146.145
O20 - Winlogon Notify: mljjiji - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6070 bytes
  • 0

#7
kahdah
Posted 03 April 2008 - 08:42 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Uninstall Viewpoint then do the following:
=============================
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\fnapdjxx.ini
C:\WINDOWS\system32\mludjxyr.tmp
C:\WINDOWS\system32\hugwyrya.ini
C:\WINDOWS\system32\henfabgd.ini
C:\Program Files\Patch.exe
C:\WINDOWS\system32\baosudiu.dll
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
===================
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
  • 0

#8
sodmoneyboy
Posted 04 April 2008 - 02:43 AM

sodmoneyboy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
C:\WINDOWS\system32\fnapdjxx.ini moved successfully.
C:\WINDOWS\system32\mludjxyr.tmp moved successfully.
C:\WINDOWS\system32\hugwyrya.ini moved successfully.
C:\WINDOWS\system32\henfabgd.ini moved successfully.
C:\Program Files\Patch.exe moved successfully.
File/Folder C:\WINDOWS\system32\baosudiu.dll not found.

OTMoveIt2 by OldTimer - Version 1.0.4.0 log created on 04032008_230527


AS FAR AS THE BAOSUDIU.DLL IT ALWAYS COMES UP IN A WINDOWS ERROR BOX SAYING IT CANT BE FOUND IN THE SYSTEM32 PROCESS.

I'm Running The Malware Scan Now.

Heres the results it took forever because i did a FULL SCAN

Malwarebytes' Anti-Malware 1.10
Database version: 589

Scan type: Full Scan (C:\|)
Objects scanned: 210586
Time elapsed: 5 hour(s), 9 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{10125c2d-6821-4070-b24e-2e992501ad55} (Adware.Iwon) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{10125c2f-6821-4070-b24e-2e992501ad55} (Adware.Iwon) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{277e1fe0-cf65-11d3-b377-0800460222f0} (Adware.Iwon) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6d54a7c0-c379-11d3-b377-0800460222f0} (Adware.Iwon) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{78429873-f771-11d3-ae1d-0050dac24e8f} (Adware.Iwon) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\AdvRemoteDbg (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Online Add-on (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM9f1959a9 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Jay Dolla\Application Data\urlredir.cfg (Adware.RightOnAds) -> Quarantined and deleted successfully.
C:\Documents and Settings\Don Corleone\Application Data\urlredir.cfg (Adware.RightOnAds) -> Quarantined and deleted successfully.
  • 0

#9
kahdah
Posted 04 April 2008 - 02:58 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please re-open Hijackthis and click on "Do a system scan only"
Then place a check mark next to these entries below:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: {904ee72f-56c0-411a-ffc4-66235896a65b} - {b56a6985-3266-4cff-a114-0c65f27ee409} - C:\WINDOWS\system32\lhqfpawq.dll (file missing)
O4 - HKLM\..\Run: [9c2a6a35] rundll32.exe "C:\WINDOWS\system32\baosudiu.dll",b
O4 - HKLM\..\Run: [BM9f1959a9] Rundll32.exe "C:\WINDOWS\system32\guloksuy.dll",s
O4 - Startup: desktop(2).ini
O4 - Global Startup: desktop(2).ini
O20 - Winlogon Notify: mljjiji - C:\WINDOWS\


Now click on Fix Checked and then close Hijackthis.
=======================================================
Next Please go to Start >Control Panel> Add\remove programs:
Then uninstall these 2 programs:
Ask toolbar
Viewpoint

Then close out of the Control Panel.

===========================
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
===================================================
Please do an online scan with Kaspersky WebScanner
(This scanner is for use with internet explorer only)
Click on "Accept"

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP