Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cid Popu Hell


  • This topic is locked This topic is locked
4 replies to this topic

#1 demonalcohol

demonalcohol

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 13 December 2007 - 05:34 PM

Im getting these popups and they're driving me nuts. please help me get rid of them. here's my log. Any help would be awesome.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:53:37 AM, on 12/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\B2BUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\AIM\AIM Pro\aimpro.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Audible\Bin\ADHelper.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pogo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
O1 - Hosts: 216.203.102.48 SC00102
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file)
O2 - BHO: (no name) - {465E08E7-F005-4389-980F-1D8764B3486C} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [B2B Updater] C:\WINDOWS\B2BUpdate.exe
O4 - HKLM\..\Run: [SeekmoToolbar] C:\Program Files\SeekmoToolbar\Bin\4.8.4.0\${HOOKOE_FILE}
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TXP] c:\program files\topthemesxp\txp.exe
O4 - HKLM\..\Run: [YCentral] C:\Program Files\Yahoo!\YCentral\YahooCentral.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [AIMPro] "C:\Program Files\AIM\AIM Pro\aimpro.exe"
O4 - HKLM\..\Run: [else tool title ping] C:\Documents and Settings\All Users\Application Data\Loud spam else tool\jugs file.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Open Glue] C:\DOCUME~1\RENTAC~1\APPLIC~1\FINDDE~1\window locks.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files\Audible\Bin\ADHelper.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\RENT A CENTER\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Billeo - {97ED3A9F-CD6F-473A-8FE1-7505C1B844C3} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - http://game1.pogo.com/cdl/launcher/PogoWeb...erInstaller.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10928 bytes

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:30 AM

Posted 13 December 2007 - 07:21 PM

Hello demonalcohol,

Welcome to Bleeping Computer :thumbsup:

Uninstall the following via Add/Remove Programs, if present :

CiD Help
Download Plugin for Internet Explorer
Zone Media
Netpumper


In case, during the uninstall, when asked for the uninstall Verification, please enter the numbers that will appear in the window.

Then reboot. Important!

* Download Deljob.exe and save it to your desktop.
Doubleclick Deljob.exe.

A log, (logit.txt) should open afterwards. This log will be present on your desktop
Post the contents of the logfile in your next reply together with a new HijackThis log.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 demonalcohol

demonalcohol
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 20 December 2007 - 12:45 AM

here's the log from deljob.exe tea.

No LOP jobs found
--------------------------------------------------------
Files remaining after cleaning

AppleSoftwareUpdate.job
ISP signup reminder 1.job
McDefragTask.job
McQcTask.job
PcbugDoctorRENT A CENTER.job
User_Feed_Synchronization-{DC35A91A-39C4-48E6-AB17-4B6D149F3890}.job
--------------------------------------------------------
App data folders

Volume in drive C has no label.
Volume Serial Number is 70FC-4862

Directory of C:\Documents and Settings\RENT A CENTER\Application Data

12/19/2007 11:31 PM <DIR> .
12/19/2007 11:31 PM <DIR> ..
03/21/2006 10:17 AM <DIR> 7Wonders
11/30/2005 05:47 PM <DIR> acccore
10/28/2006 01:07 AM <DIR> Adobe
02/27/2007 04:35 PM <DIR> AdobeUM
12/01/2007 04:19 PM <DIR> Aim
12/01/2007 04:19 PM <DIR> AIMPro
01/12/2007 05:27 AM <DIR> APPLEC~1 Apple Computer
05/04/2007 03:48 AM <DIR> Atari
08/07/2006 01:29 PM <DIR> Corel
11/23/2005 05:50 AM <DIR> CYBERL~1 CyberLink
01/26/2006 07:06 AM <DIR> EA
12/13/2006 02:00 PM <DIR> FUNKIT~1 funkitron
03/04/2007 12:58 PM <DIR> Google
04/17/2003 07:13 PM <DIR> IDENTI~1 Identities
01/08/2007 10:06 PM <DIR> IM
12/10/2007 09:16 AM <DIR> IMVU
03/05/2007 08:23 AM <DIR> iWin
06/26/2007 07:41 AM <DIR> Lavasoft
04/13/2007 12:27 PM <DIR> LEADER~1 Leadertech
09/02/2006 11:50 AM <DIR> MACROM~1 Macromedia
12/07/2005 02:59 PM <DIR> MAGICM~1 Magic Match
09/17/2007 12:33 AM <DIR> McAfee
10/26/2007 11:31 AM <DIR> MICROS~1 Microsoft
12/31/2006 08:50 AM <DIR> MICROS~2 Microsoft Games
04/26/2007 06:08 AM <DIR> Mozilla
01/29/2007 04:07 PM <DIR> MySpace
07/13/2006 08:49 AM <DIR> PACEAN~1 PACE Anti-Piracy
12/01/2007 04:39 PM <DIR> QQGAME~1 QQ Games Plugin
05/04/2007 03:50 AM <DIR> Real
11/20/2006 05:54 AM <DIR> Roxio
02/28/2007 12:42 AM <DIR> SEEKMO~1 SeekmoToolbar
03/11/2007 02:25 AM <DIR> SOUNDF~1 Soundflavor
06/17/2006 01:52 PM <DIR> Sun
04/17/2003 07:48 PM <DIR> Symantec
12/01/2007 04:26 PM <DIR> VIEWPO~1 Viewpoint
10/18/2007 07:03 AM <DIR> yahoo!
12/02/2005 10:06 PM <DIR> YAHOO!~1 Yahoo! Messenger
0 File(s) 0 bytes
39 Dir(s) 25,146,925,056 bytes free
Volume in drive C has no label.
Volume Serial Number is 70FC-4862

Directory of C:\Documents and Settings\All Users\Application Data

12/11/2007 08:20 PM <DIR> .
12/11/2007 08:20 PM <DIR> ..
12/17/2005 08:37 PM <DIR> Adobe
12/17/2007 01:53 AM <DIR> AOL
12/17/2007 01:49 AM <DIR> AOLDOW~1 AOL Downloads
03/30/2007 01:29 PM <DIR> AOLOCP~1 AOL OCP
11/20/2006 06:02 AM <DIR> APPLEC~1 Apple Computer
10/27/2006 07:35 AM <DIR> billeo
11/30/2005 05:39 PM <DIR> BVRPSO~1 BVRP Software
04/17/2003 07:50 PM <DIR> Dell
12/08/2007 09:06 AM <DIR> DRAGON~1 Dragon's Eye Productions
02/01/2006 06:36 PM <DIR> EA
12/02/2007 11:03 PM <DIR> Fugazo
06/10/2007 03:06 PM <DIR> Google
06/23/2006 05:00 AM <DIR> INSIGH~1 Insight Software Solutions
09/19/2006 07:00 AM <DIR> iWin
12/19/2007 11:30 PM <DIR> LOUDSP~1 Loud spam else tool
12/08/2007 09:21 AM <DIR> McAfee
12/08/2006 10:18 PM <DIR> McAfee.com
12/10/2007 01:30 PM <DIR> MICROS~1 Microsoft
12/31/2006 08:50 AM <DIR> MICROS~2 Microsoft Games
04/06/2007 06:37 AM <DIR> Napster
07/13/2006 08:49 AM <DIR> PACEAN~1 PACE Anti-Piracy
04/17/2003 07:42 PM <DIR> QUICKT~1 QuickTime
04/07/2006 05:36 AM <DIR> SANDLO~1 Sandlot Games
04/17/2003 07:38 PM <DIR> SBSI
09/17/2007 12:32 AM <DIR> SITEAD~1 SiteAdvisor
11/13/2007 07:43 AM <DIR> Skype
12/03/2005 01:00 AM <DIR> Symantec
12/19/2007 10:20 PM <DIR> TEMP
12/01/2005 12:18 AM <DIR> Trymedia
12/17/2007 01:48 AM <DIR> VIEWPO~1 Viewpoint
12/04/2005 04:23 AM <DIR> WINDOW~1 Windows Genuine Advantage
12/10/2007 01:23 PM <DIR> WLINST~1 WLInstaller
11/17/2007 07:04 PM <DIR> yahoo!
0 File(s) 0 bytes
35 Dir(s) 25,146,920,960 bytes free
--------------------------------------------------------


what now? btw thanks for your help.

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:30 AM

Posted 20 December 2007 - 01:08 PM

Hello,

Via Add/Remove Programs uninstall SeekmoToolbar, or it may be just Seekmo. Reboot afterwards.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file)
O2 - BHO: (no name) - {465E08E7-F005-4389-980F-1D8764B3486C} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [SeekmoToolbar] C:\Program Files\SeekmoToolbar\Bin\4.8.4.0\${HOOKOE_FILE}
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [else tool title ping] C:\Documents and Settings\All Users\Application Data\Loud spam else tool\jugs file.exe
O4 - HKCU\..\Run: [Open Glue] C:\DOCUME~1\RENTAC~1\APPLIC~1\FINDDE~1\window locks.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Delete the following files/folders, if present:

C:\Program Files\SeekmoToolbar <---this folder
C:\PROGRA~1\MYWEBS~1 <--this will be in Program Files, and will read MYWEBSEARCH
C:\Documents and Settings\All Users\Application Data\Loud spam else tool <---this folder
C:\DOCUME~1\RENTAC~1\APPLIC~1\FINDDE~1\window locks.exe <----I'm not sure about this. Do you have a folder for Rent a Center? The entry for the file is bad, but I don't want you to delete a legit folder. Please let me know.

Reboot your computer.

In your reply, please post a new HijackThis log and let me know how it's running now. :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:30 AM

Posted 12 January 2008 - 12:33 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users