Tech Support Forum - View Single Post - pop ups/dissapearing desktop/spyware etc!

sUBs · 08-16-2007, 07:46 AM

Do a HijackThis scan & place a check next to these items and select "Fix checked":

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {B9D344FD-CF50-4A85-8387-6F925EC2E34c} - C:\WINDOWS\system32\oxfdmgge.dll
O20 - Winlogon Notify: ljjhhec - ljjhhec.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O20 - Winlogon Notify: xxywxyy - C:\WINDOWS\SYSTEM32\xxywxyy.dll

---------------

Open notepad and copy/paste the text in the quotebox below into it:

Code:

http://www.techsupportforum.com/security-center/hijackthis-log-help/173428-pop-ups-dissapearing-desktop-spyware-etc.html
Collect::
C:\WINDOWS\system32\xxywxyy.dll
C:\WINDOWS\system32\yiybquhh.dll
C:\WINDOWS\system32\jubvlleb.dll
C:\WINDOWS\system32\uvxkicwn.dll
C:\WINDOWS\system32\pnkrnphf.dll
C:\WINDOWS\system32\oxfdmgge.dll
C:\WINDOWS\system32\mwwxtbbc.dll
Suspect::
D:\mp3.exe
H:\Installer.exe
File::
C:\WINDOWS\system32\kqlfsjks.dll
C:\WINDOWS\system32\rpiqlfgy.dll
C:\WINDOWS\system32\armihnsj.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B9D344FD-CF50-4A85-8387-6F925EC2E34c}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjhhec]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxywxyy]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]

Save this as "CFScript"

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Additonally, ComboFix will generate a zipped file on your Desktop, called Submit [Date Time].zip
Please submit this file before proceeding to the next step.

---------------

Click here perform an online scan >> Online Scanner

---------------

In your next post, please include fresh logs from:

Fresh Hijackthis log taken just before replying

Online scan

ComboFix's log

Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

08-16-2007, 07:46 AM	#6 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,355 OS: N/A	Re: pop ups/dissapearing desktop/spyware etc! Do a HijackThis scan & place a check next to these items and select "Fix checked": R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: (no name) - {B9D344FD-CF50-4A85-8387-6F925EC2E34c} - C:\WINDOWS\system32\oxfdmgge.dll O20 - Winlogon Notify: ljjhhec - ljjhhec.dll (file missing) O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O20 - Winlogon Notify: xxywxyy - C:\WINDOWS\SYSTEM32\xxywxyy.dll --------------- Open notepad and copy/paste the text in the quotebox below into it: Code: http://www.techsupportforum.com/security-center/hijackthis-log-help/173428-pop-ups-dissapearing-desktop-spyware-etc.html Collect:: C:\WINDOWS\system32\xxywxyy.dll C:\WINDOWS\system32\yiybquhh.dll C:\WINDOWS\system32\jubvlleb.dll C:\WINDOWS\system32\uvxkicwn.dll C:\WINDOWS\system32\pnkrnphf.dll C:\WINDOWS\system32\oxfdmgge.dll C:\WINDOWS\system32\mwwxtbbc.dll Suspect:: D:\mp3.exe H:\Installer.exe File:: C:\WINDOWS\system32\kqlfsjks.dll C:\WINDOWS\system32\rpiqlfgy.dll C:\WINDOWS\system32\armihnsj.dll Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B9D344FD-CF50-4A85-8387-6F925EC2E34c}] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjhhec] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxywxyy] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] Save this as "CFScript" Refering to the picture above, drag CFScript.txt into ComboFix.exe When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply. Additonally, ComboFix will generate a zipped file on your Desktop, called Submit [Date Time].zip Please submit this file before proceeding to the next step. --------------- Click here perform an online scan >> Online Scanner --------------- In your next post, please include fresh logs from: Fresh Hijackthis log taken just before replying Online scan ComboFix's log Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now __________________ Question - what have you done for the community today?