Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Infected With Smitfraud, Zedo, Tagasaurus, And Others

  • Please log in to reply
1 reply to this topic

#1 ohyeahmindy


  • Members
  • 1 posts
  • Local time:04:29 PM

Posted 28 December 2007 - 07:04 PM

ive had adware/spyware sooooo many times. i cant really download any big files like ad adware, etc because i have dial up and it takes foreverr. ive ran spybot a bunch of times, deleted internet files and cookies.etc. i'll get uncontrollable popups like crazy sometimes. as in url's like this:


and other ones. sometimes they'll freeze and then all my internet explorer windows will close.
help please? this stuff never goes away =[

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:55:46 AM, on 9/20/2001
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\Program Files\QuickTime\bak\qttask.exe
D:\Program Files\Common Files\{A845BA7D-0573-1033-0910-010105290001}\Update.exe
D:\Program Files\PeoplePC\ISP6300\Browser\Bartshel.exe
D:\Program Files\AbiSuite2\hory77798.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\AIM\aim.exe
D:\Program Files\Canon\CAL\CALMAIN.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
O2 - BHO: PeoplePC ScamGuard - {7E3659A6-4BC5-4d93-B3FD-8B5ACC2FEDED} - D:\Program Files\PeoplePC\Toolbar\ScamGrd.dll
O2 - BHO: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - D:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll
O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - D:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\bak\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{A845BA7D-0573-1033-0910-010105290001}] "D:\Program Files\Common Files\{A845BA7D-0573-1033-0910-010105290001}\Update.exe" te-110-12-0000213
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
O4 - HKLM\..\Run: [Bart Station] D:\Program Files\PeoplePC\ISP6300\BIN\PPCOLink.exe -STATION
O4 - HKLM\..\Run: [{A845BA7D-0574-1033-0910-010105290001}] "D:\Program Files\Common Files\{A845BA7D-0574-1033-0910-010105290001}\Update.exe" te-110-12-0000213
O4 - HKLM\..\Run: [gwugcrxA] D:\WINDOWS\gwugcrxA.exe
O4 - HKLM\..\Run: [i34yuc387] D:\WINDOWS\i34yuc387
O4 - HKLM\..\Run: [ExploreUpdSched] D:\WINDOWS\system32\qwinnmdq.exe D4M001
O4 - HKLM\..\Run: [TMT] D:\WINDOWS\Gwang.exe
O4 - HKLM\..\Run: [ms094-25600699] D:\WINDOWS\ms094-25600699.exe
O4 - HKLM\..\Run: [hory] D:\Program Files\AbiSuite2\hory77798.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "D:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [rfwo] D:\PROGRA~1\COMMON~1\rfwo\rfwom.exe
O4 - HKCU\..\Run: [Router] D:\Program Files\Router\Router.exe
O4 - Startup: Palfun.lnk = C:\Program Files\AIM\palfun.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = D:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1000112406262
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: d:\windows\system32\ldcore.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\Program Files\Ares\chatServer.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - D:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O24 - Desktop Component 0: (no name) - D:\Program Files\PeoplePC Accelerated\profsyxyvi.html
O24 - Desktop Component 1: (no name) - D:\Program Files\Canon\profsyxyvi.html

End of file - 5012 bytes

Edited by KoanYorel, 28 December 2007 - 07:13 PM.
To edit hot link URL above

BC AdBot (Login to Remove)


#2 Yourhighness


    The BSG Malware Fighter

  • Malware Response Team
  • 7,943 posts
  • Gender:Male
  • Location:Hamburg
  • Local time:10:29 PM

Posted 11 January 2008 - 12:45 AM

Hello ohyeahmindy and welcome to BleepingComputer!

Apollogies for the delay. The forum has been very busy lately. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:

Preparation Guide For Use Before Posting A Hijackthis Log.



"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users