Thread: HJT log - Pop-ups
View Single Post
Old 10-22-2006, 06:33 PM   #4 (permalink)
Deckard
Mentor, Analyst - Security Team
 
Deckard's Avatar
 
Join Date: May 2006
Location: Oregon
Posts: 2,503
OS: MacOS X, Debian, OpenBSD, Windows


Looks like we got most of it, but there are still some left.

Download ComboFix
Download ComboFix to your Desktop from one of the following links:
  1. http://download.bleepingcomputer.com/sUBs/combofix.exe
  2. http://www.techsupportforum.com/sectools/combofix.exe
Highlight and copy the following:
"%userprofile%\desktop\combofix.exe" /v ddcyv winbjv32
Then go to Start > Run, paste it into the text field, and then click OK.
While ComboFix is running, please do not click or move the window, as this may cause the tool to stall. When the tool has finished, it will produce a log for you and save it as C:\ComboFix.txt. Post that log in your next reply.

Reboot
Reboot your system to Safe Mode by repeatedly tapping the F8 key until the menu appears and choosing Safe Mode from the list. On some systems, this may be the F5 key so try that if F8 doesn't work. Login on with your usual account. Make sure to close any open windows.


HijackThis Fixes
Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they still exist (make sure you do not miss any):
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\nfyqlnbg.dll (file missing)
O2 - BHO: (no name) - {208DC7E7-BAF9-5AD9-BC54-0BD2C798850B} - C:\WINDOWS\system32\crvdyu.dll (file missing)
O2 - BHO: (no name) - {34A5CC02-A1F3-4BD9-8033-596053114D57} - C:\WINDOWS\system32\ddcyv.dll (file missing)
O2 - BHO: RunBus Class - {4865F155-CE00-4E93-A414-147844D7C81A} - C:\WINDOWS\system32\tcbljdhf.dll
O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} - C:\WINDOWS\system32\nsuD.dll
O2 - BHO: AD Rotator - {EEC590D8-0A3C-4464-BB20-25A4747992F9} - C:\WINDOWS\system32\adrotate.dll (file missing)
O20 - Winlogon Notify: ddcyv - C:\WINDOWS\system32\ddcyv.dll (file missing)
O20 - Winlogon Notify: winbjv32 - winbjv32.dll (file missing)
Please remember to close all other windows, including browsers then click Fix checked. Close HijackThis.


Deletions
Delete the following Files indicated in RED if they still exist:
C:\!KillBox\YOINSI.exe
C:\!KillBox\ysbactivex.dll
C:\WINDOWS\system32\adrotate.dll
C:\WINDOWS\system32\crvdyu.dll
C:\WINDOWS\system32\ddcyv.dll
C:\WINDOWS\system32\nfyqlnbg.dll
C:\WINDOWS\system32\nsuD.dll
C:\WINDOWS\system32\tcbljdhf.dll
C:\WINDOWS\justin2a.exe
winbjv32.dll « Find using Start→Search

Reboot
Reboot your system to Normal Mode.


Online Scan
Please perform an BitDefender Online Scan using Internet Explorer. Once finished, click on the Details button to view the results. To the upper right of the results you will see an option saying "Click here to export the scan results". Please do so and save it to your desktop. Post the results of the scan with your next post.


With Your Next Post...
Please paste the following with your next reply (in this order please):
  1. The contents of C:\ComboFix.txt,
  2. BitDefender scan report, and
  3. a new HiJackThis log taken after BitDefender finishes.
Also let me know how your computer is behaving now.
__________________
The chance to begin again in a golden land of opportunity and adventure.

Need HijackThis help? Please read MicroBell's Five Step Process before posting.
Please donate and help keep this site free to all.


UNITE/ASAP: Proud member since 2006
Deckard is offline