Tech Support Forum - View Single Post - Pop-ups and recurring infections

sUBs · 08-12-2007, 06:37 AM

Do a HijackThis scan & place a check next to these items and select "Fix checked":

O2 - BHO: (no name) - {0CB65F89-932D-4F3E-A795-CC30C66F1D59} - C:\WINDOWS\system32\jkklm.dll
O2 - BHO: (no name) - {4DF984CA-140F-7CFE-7876-4AB60F3BF2C3} - C:\WINDOWS\system32\qgtorf.dll
O2 - BHO: (no name) - {E9BD0828-1FD9-410C-A50F-43EBE65D310F} - C:\WINDOWS\system32\byvspqq.dll
O4 - HKLM\..\Run: [tbidyvsA] C:\WINDOWS\tbidyvsA.exe
O4 - HKLM\..\Run: [i34yuc387] C:\WINDOWS\i34yuc387
O4 - HKLM\..\Run: [g4356cbvy63] C:\WINDOWS\g4356cbvy63
O4 - HKLM\..\Run: [WinCore32.exe] C:\WINDOWS\system32\WinCore32.exe
O4 - HKLM\..\Run: [irdmelt] dlltyxzc.exe
O4 - HKLM\..\Run: [jsispsl] C:\WINDOWS\system32\jdnems.exe
O4 - HKLM\..\Run: [certds] C:\WINDOWS\system32\cncersh.exe
O4 - HKLM\..\Run: [ismdoc] C:\WINDOWS\system32\atlupjhg.exe
O4 - HKLM\..\Run: [blwquest] C:\WINDOWS\system32\libevlkf.exe
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O20 - Winlogon Notify: byvspqq - C:\WINDOWS\SYSTEM32\byvspqq.dll
O20 - Winlogon Notify: jkklm - C:\WINDOWS\system32\jkklm.dll
O21 - SSODL: PJOJGre - {0DEA13F3-A740-B959-398E-4356508B0CCB} - C:\WINDOWS\system32\gjo.dll (file missing)

Ignore any prompts for a reboot

---------------

1. Download this file - http://download.bleepingcomputer.com...a/ComboFix.exe

* IMPORTANT !!! Place combofix.exe on your Desktop

2. Go to

→ Run → paste in the single line command & click OK

"%userprofile%\desktop\combofix.exe" /killall

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

08-12-2007, 06:37 AM	#2 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,326 OS: N/A	Re: Pop-ups and recurring infections - can't clean. Do a HijackThis scan & place a check next to these items and select "Fix checked": O2 - BHO: (no name) - {0CB65F89-932D-4F3E-A795-CC30C66F1D59} - C:\WINDOWS\system32\jkklm.dll O2 - BHO: (no name) - {4DF984CA-140F-7CFE-7876-4AB60F3BF2C3} - C:\WINDOWS\system32\qgtorf.dll O2 - BHO: (no name) - {E9BD0828-1FD9-410C-A50F-43EBE65D310F} - C:\WINDOWS\system32\byvspqq.dll O4 - HKLM\..\Run: [tbidyvsA] C:\WINDOWS\tbidyvsA.exe O4 - HKLM\..\Run: [i34yuc387] C:\WINDOWS\i34yuc387 O4 - HKLM\..\Run: [g4356cbvy63] C:\WINDOWS\g4356cbvy63 O4 - HKLM\..\Run: [WinCore32.exe] C:\WINDOWS\system32\WinCore32.exe O4 - HKLM\..\Run: [irdmelt] dlltyxzc.exe O4 - HKLM\..\Run: [jsispsl] C:\WINDOWS\system32\jdnems.exe O4 - HKLM\..\Run: [certds] C:\WINDOWS\system32\cncersh.exe O4 - HKLM\..\Run: [ismdoc] C:\WINDOWS\system32\atlupjhg.exe O4 - HKLM\..\Run: [blwquest] C:\WINDOWS\system32\libevlkf.exe O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user') O20 - Winlogon Notify: byvspqq - C:\WINDOWS\SYSTEM32\byvspqq.dll O20 - Winlogon Notify: jkklm - C:\WINDOWS\system32\jkklm.dll O21 - SSODL: PJOJGre - {0DEA13F3-A740-B959-398E-4356508B0CCB} - C:\WINDOWS\system32\gjo.dll (file missing) Ignore any prompts for a reboot --------------- 1. Download this file - http://download.bleepingcomputer.com...a/ComboFix.exe * IMPORTANT !!! Place combofix.exe on your Desktop 2. Go to → Run → paste in the single line command & click OK "%userprofile%\desktop\combofix.exe" /killall 3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall __________________ Question - what have you done for the community today?