Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

pop ups installing search bars DONT KNOW WHAT HAPPENED!


  • Please log in to reply

#31
inkyspanky

inkyspanky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Hi there

worked this time... here is the log from that thing:


Log of AproposFix v1

************

Running from directory:
C:\HJT\aproposfix

************

Registry entries found:

[HKEY_LOCAL_MACHINE\Software\C0iVnAx9fjsm]
@="vtcu591NOONOOPOK6qpUR sNOONdQOxjoepxtOFLFG19UTO0E5I1EFOH02EG93EPFLF"
"Device"="\\\\.\\xjPO30ZR"
"DriverPath"="C:\\WINDOWS\\system32\\drivers\\udfrtmgr.sys"
"DriverName"="USBTime"
"HideUninstallerName"="C:\\Program Files\\Msn zone\\mmcbjsel.exe"
"HDll"="C:\\WINDOWS\\system32\\iedkbdit.dll"
"ServerAddress"="adchannel.contextplus.net"
"LegalNote"="http://adchannel.con...onbranded.html"
"PartnerId"="CP.SAV2"
"InstallationId"="{X1c1030b-2cca-3e9b-0f81-2ec1e2d800ec}"
"PageFiltering"=dword:00000001
"ClientName"="C:\\Program Files\\Msn zone\\httmsink.exe"
"AutoUpdater"="C:\\WINDOWS\\system32\\itibdlv1.exe"
"Version"="2.0.106"


************

Removing hidden service:
Service USBTime removed.

Removing hidden folder:

Deleting files:

Deletion of file C:\WINDOWS\system32\drivers\udfrtmgr.sys succeeded!
Deletion of file C:\WINDOWS\system32\itibdlv1.exe succeeded!
Deletion of file C:\WINDOWS\system32\iedkbdit.dll succeeded!

Backing up files:
Done!

Removing registry entries:

REGEDIT4

[-HKEY_CURRENT_USER\Software\C0iVnAx9fjsm]
[-HKEY_LOCAL_MACHINE\Software\C0iVnAx9fjsm]

Done!

Finished!





and here is the new hijack this log:



Logfile of HijackThis v1.99.1
Scan saved at 11:48:16 PM, on 11/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM95\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [SpyBlocker] C:\Program Files\SpyBlocker Software\spyblocker.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip....pGameLoader.dll
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.shockwave...bGameLoader.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave...mjolauncher.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangoc...bridge-c356.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...0/Installer.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave...aploader_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe


thanks so much

christine
  • 0

Advertisements


#32
inkyspanky

inkyspanky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
haha i noticed some things in my hijack this log from the games i play at addictinggames.com

is this bad? i dont download anything i just play online i always have and usually dont have any problems....but i will stop if absolutely necessary...

haha thanks again

-addicted
  • 0

#33
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
How is the computer running Now?
  • 0

#34
inkyspanky

inkyspanky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
IM SORRY! i have been so busy i was away and now finals.....

anyways, the computer (when i have been on it) has been alright. there are no more popups but things are still acting a bit fishy. certainly not as fast as it was and adaware finds lots of things each time i run it (as regularly as possible). I am very happy there are absolutely no popups now so you can stop helping me if you would like. I thank you for all your help.

-christine
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP