Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Infected With Adzgalore

  • Please log in to reply
1 reply to this topic

#1 fhgwd


  • Members
  • 2 posts
  • Local time:12:31 PM

Posted 06 July 2008 - 08:58 PM

We're receiving the adzgalore popups, sometimes cmpsky or whatever, too. Also, upon startup, we get the rundll error message looking for {c6ff8b60-aba6-dd23-eb6e-b9cf0cd5d003}.dll. Any practical ideas besides all this useless downloading and redirecting??

Attached Files

  • Attached File  main.txt   18.11KB   35 downloads

Edited by fhgwd, 06 July 2008 - 08:59 PM.

BC AdBot (Login to Remove)


#2 fenzodahl512


  • Members
  • 6,738 posts
  • Local time:12:31 AM

Posted 10 July 2008 - 12:28 PM

Hello, my name is fenzodahl512 and welcome to BC... Please don't attach the logs unless requested.. Please post the log as it is..

Please disable the following programs prior to our fix.. Please re-enable them back after performing all steps given..

1. Lavasoft Adaware
2. McAfee

Please visit HERE if you do not know how..


Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {68c9eb7e-76b4-6703-428b-d61bf9f7f929} - C:\WINDOWS\system32\nso168.dll
O2 - BHO: cpmsky browser optimizer - {f100dc79-df99-253c-e598-c05705404e5e} - C:\WINDOWS\system32\jvqkpjnbgd.dll
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{c6ff8b60-aba6-dd23-eb6e-b9cf0cd5d003}.dll" DllInit
O4 - HKLM\..\Run: [{df147d32-6be0-0b78-cf19-ee8808d4add4}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\jvqkpjnbgd.dll" DllStart
O8 - Extra context menu item: &Search - ?p=ZRxdm103YYUS
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O20 - Winlogon Notify: mllji - C:\WINDOWS\

Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.


Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please re-enable your security programs now.. Please post the following logs in your next reply...

1. OTMoveIt2
2. A fresh DSS log (after OTMoveIt2 log)


Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users