Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

adultfriendfinder.com harasses

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

adultfriendfinder.com harasses

Unread postby ziddiguy » March 25th, 2008, 2:50 pm

Hi Guys..

I am a very new member and I am sick of these pop ups specially adultfriend finder.com, passion.com... please help me

I used hijackthis and please have a look of log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:36:09 PM, on 3/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINNT\System32\WLTRYSVC.EXE
C:\WINNT\System32\bcmwltry.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\IBM\SQLLIB\BIN\db2mgmtsvc.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\eScan\VISTA\avpmapp.exe
C:\PROGRA~1\eScan\TRAYSSER.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAgent.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe
C:\PROGRA~1\eScan\TRAYICOS.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINNT\system32\WLTRAY.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\IBM\SQLLIB\BIN\db2systray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\DAP\DAP.EXE
C:\PROGRA~1\eScan\MAILDISP.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\ESCAN\SPOOLER.EXE
C:\PROGRA~1\eScan\MAILSCAN.EXE
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\PROGRA~1\eScan\Vista\eScanMon.exe
C:\Program Files\Sify Broadband\BBClient.exe
C:\Program Files\Sify Broadband\BBImpSec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\My Documents\My Completed Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [TataIndicomStartUp] C:\Program Files\Tata Indicom Wireless Internet Service\TataIndicomStartUp.exe
O4 - HKLM\..\Run: [eScan Updater] C:\PROGRA~1\eScan\TRAYICOS.EXE /App
O4 - HKLM\..\Run: [MailScan Dispatcher] C:\PROGRA~1\eScan\LAUNCH.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINNT\system32\WLTRAY.exe
O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DB2COPY1 - db2systray.exe DB2] C:\PROGRA~1\IBM\SQLLIB\BIN\db2systray.exe DB2
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [Army browse cdrom vga] C:\Documents and Settings\All Users.WINNT\Application Data\Mfcd upload army browse\Option fast.exe
O4 - HKCU\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [okaycool] C:\DOCUME~1\ADMINI~1\APPLIC~1\ENCFOU~1\OwnsGreySecond.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-842925246-329068152-839522115-1007\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'db2admin')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\HiDownload\hidownload.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O23 - Service: DB2 - DB2COPY1 - DB2-0 (DB2-0) - International Business Machines Corporation - C:\PROGRA~1\IBM\SQLLIB\bin\db2syscs.exe
O23 - Service: DB2DAS - DB2DAS00 (DB2DAS00) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\\bin\db2dasrrm.exe
O23 - Service: DB2 Governor (DB2COPY1) (DB2GOVERNOR_DB2COPY1) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2govds.exe
O23 - Service: DB2 License Server (DB2COPY1) (DB2LICD_DB2COPY1) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2licd.exe
O23 - Service: DB2 Management Service (DB2COPY1) (DB2MGMTSVC_DB2COPY1) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2mgmtsvc.exe
O23 - Service: DB2 Security Server (DB2COPY1) (DB2NTSECSERVER_DB2COPY1) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe
O23 - Service: DB2 Remote Command Server (DB2COPY1) (DB2REMOTECMD_DB2COPY1) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2rcmd.exe
O23 - Service: eScan Monitor Service - MicroWorld Technologies Inc. - C:\PROGRA~1\eScan\VISTA\avpmapp.exe
O23 - Service: eScan Server-Updater (eScan-trayicos) - MicroWorld Technologies Inc. - C:\PROGRA~1\eScan\TRAYSSER.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
O23 - Service: Cricket 2007 Drivers Auto Removal (pr2agnqb) (pr2agnqb) - Codemasters - C:\WINNT\system32\pr2agnqb.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINNT\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\WINNT\system32\DRIVERS\xaudio.exe

--
End of file - 11278 bytes


Please let me know whats going wrong

Thanks all

God bless us


Ziddiguy
ziddiguy
Active Member
 
Posts: 3
Joined: March 25th, 2008, 2:35 pm
Advertisement
Register to Remove

Re: adultfriendfinder.com harasses

Unread postby markkhunt » March 26th, 2008, 7:12 am

Hi ziddiguy. Welcome to Malware Removal :)

You have a Lop infection.

Please download NoLop to your desktop from one of the links below...

Link 1
Link 2

  • First close any other programs you have running as this will require a reboot
  • Double click NoLop.exe to run it.
  • Now click the button labelled "Search and Destroy"
    <<your computer will now be scanned for infected files>>
  • When scanning is finished you will be prompted to reboot only if infected, Click OK
  • Now click the "REBOOT" Button.
  • A Message should popup from NoLop. If not, double click the program again and it will finish.


--If you receive an error, "mscomctl.ocx or one of its dependencies is not correctly registered," please download mscomctl.ocx to your System32 folder then rerun the program.

Run HijackThis and click on Open the Misc Tools section.
  • Click Open Uninstall Manager...
  • Click Save list... and save it to your Desktop.
  • Copy and paste the file uninstall_list.txt into your next reply.

Finally, please run HijackThis again and post a fresh log for me to review, along with the NoLop log and Uninstall list. NOTE: Please post the contents of the C:\NoLop.log even if NoLop says that no infected files were found.
User avatar
markkhunt
Admin/Teacher Emeritus
 
Posts: 7911
Joined: April 15th, 2005, 8:58 pm
Location: Newburgh, IN

Re: adultfriendfinder.com harasses

Unread postby ziddiguy » March 27th, 2008, 12:37 pm

Hi,

Appreciate your help but still i am getting that adultfrinds pop ups

I had done nolop test yesterday and had found one infected file, today again i did nolop test and hijackthis activity but didn't find any infection in nolop.. but i am getting that adultfinder pop ups continously

Please find below the logs of Hijackthis, and attached files for nolop.log,nolopold.log and uninstall_this

Thanks
uninstall_list.txt
NoLop.log
NoLopOLD.log



Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:59:54 PM, on 3/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINNT\System32\WLTRYSVC.EXE
C:\WINNT\System32\bcmwltry.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\IBM\SQLLIB\BIN\db2mgmtsvc.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\eScan\VISTA\avpmapp.exe
C:\PROGRA~1\eScan\TRAYSSER.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAgent.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe
C:\PROGRA~1\eScan\TRAYICOS.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINNT\system32\WLTRAY.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\IBM\SQLLIB\BIN\db2systray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\DAP\DAP.EXE
C:\PROGRA~1\eScan\MAILDISP.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\PROGRA~1\ESCAN\SPOOLER.EXE
C:\PROGRA~1\eScan\MAILSCAN.EXE
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\PROGRA~1\eScan\Vista\eScanMon.exe
C:\Program Files\Sify Broadband\BBClient.exe
C:\Program Files\Sify Broadband\BBImpSec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\My Documents\My Completed Downloads\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toggle.com/index.php?rvs=hompag
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [TataIndicomStartUp] C:\Program Files\Tata Indicom Wireless Internet Service\TataIndicomStartUp.exe
O4 - HKLM\..\Run: [eScan Updater] C:\PROGRA~1\eScan\TRAYICOS.EXE /App
O4 - HKLM\..\Run: [MailScan Dispatcher] C:\PROGRA~1\eScan\LAUNCH.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINNT\system32\WLTRAY.exe
O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DB2COPY1 - db2systray.exe DB2] C:\PROGRA~1\IBM\SQLLIB\BIN\db2systray.exe DB2
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [Army browse cdrom vga] C:\Documents and Settings\All Users.WINNT\Application Data\Mfcd upload army browse\Option fast.exe
O4 - HKCU\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [okaycool] C:\DOCUME~1\ADMINI~1\APPLIC~1\ENCFOU~1\OwnsGreySecond.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-842925246-329068152-839522115-1007\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'db2admin')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\HiDownload\hidownload.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll
O23 - Service: DB2 - DB2COPY1 - DB2-0 (DB2-0) - International Business Machines Corporation - C:\PROGRA~1\IBM\SQLLIB\bin\db2syscs.exe
O23 - Service: DB2DAS - DB2DAS00 (DB2DAS00) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\\bin\db2dasrrm.exe
O23 - Service: DB2 Governor (DB2COPY1) (DB2GOVERNOR_DB2COPY1) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2govds.exe
O23 - Service: DB2 License Server (DB2COPY1) (DB2LICD_DB2COPY1) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2licd.exe
O23 - Service: DB2 Management Service (DB2COPY1) (DB2MGMTSVC_DB2COPY1) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2mgmtsvc.exe
O23 - Service: DB2 Security Server (DB2COPY1) (DB2NTSECSERVER_DB2COPY1) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe
O23 - Service: DB2 Remote Command Server (DB2COPY1) (DB2REMOTECMD_DB2COPY1) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2rcmd.exe
O23 - Service: eScan Monitor Service - MicroWorld Technologies Inc. - C:\PROGRA~1\eScan\VISTA\avpmapp.exe
O23 - Service: eScan Server-Updater (eScan-trayicos) - MicroWorld Technologies Inc. - C:\PROGRA~1\eScan\TRAYSSER.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
O23 - Service: Cricket 2007 Drivers Auto Removal (pr2agnqb) (pr2agnqb) - Codemasters - C:\WINNT\system32\pr2agnqb.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINNT\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\WINNT\system32\DRIVERS\xaudio.exe

--
End of file - 11225 bytes



Uninstall List

4U Download YouTube Video (version 1.3.6)
Adobe Acrobat 6.0 Professional
Adobe Flash Player ActiveX
Adobe Reader 6.0
AIV DVD Cutter 1.2
Brian Lara International Cricket 2007
Broadcom 440x 10/100 Integrated Controller
Broadcom Management Programs
CCleaner (remove only)
Conexant HDA D110 MDC V.92 Modem
Cricket 2002
Cricket Captain 3
DB2 Enterprise Server Edition - DB2COPY1
DC++ 0.704
Dell Resource CD
Dell Wireless WLAN Card
Download Accelerator Plus (DAP)
eScan Internet Security for Windows
Google Talk (remove only)
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HiDownload
High Definition Audio Driver Package - KB835221
High Definition Audio Driver Package - KB888111
HijackThis 2.0.0
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
Java 2 Runtime Environment, SE v1.4.1_06
Java Web Start
Kaspersky Online Scanner
Learn To Speak English 8.0
LG USB Modem driver
mCore
mDriver
mDrWiFi
Megaupload Toolbar
mHlpDell
Microsoft Kernel-Mode Driver Framework 1.0
Microsoft Office Project Standard 2003
Microsoft Office XP Professional with FrontPage
Microsoft Visual C++ 2005 Redistributable
mIWA
Mixer
mLogView
mMHouse
Mozilla Firefox (2.0.0.12)
mPfMgr
mPfWiz
mProSafe
mSCfg
mSSO
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser
MultiTranse 4.7.1
mWlsSafe
mWMI
mZConfig
Naturpic Video Cutter 3.52
Nero OEM
OpenAL
Power Indiabulls
PowerDVD
QuickTime 3.0
RealPlayer
Sify Broadband 3.22
SigmaTel Audio
Sound Blaster ADVANCED MB Drivers
Sound Blaster Audigy ADVANCED MB Demo
SpywareBlaster 4.0
strt
Synaptics Pointing Device Driver
System Requirements Lab
TataIndicom
VideoLAN VLC media player 0.8.6c
Winamp (remove only)
WinRAR archiver
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Toolbar
Yahoo! Widgets


1st NoLop

NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\Administrator\My Documents\My Completed Downloads
[3/26/2008]
[11:32:41 PM]

---Infection Files Found/Removed---
C:\WINNT\tasks\A56748B69350F8DA.job

Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**

---Listing AppData sub directories---

C:\Documents and Settings\Administrator\Application Data\Adobe
C:\Documents and Settings\Administrator\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Administrator\Application Data\Broadband
C:\Documents and Settings\Administrator\Application Data\Cyberlink
C:\Documents and Settings\Administrator\Application Data\Dvdcss
C:\Documents and Settings\Administrator\Application Data\Encfoureq
C:\Documents and Settings\Administrator\Application Data\Google
C:\Documents and Settings\Administrator\Application Data\Gtek
C:\Documents and Settings\Administrator\Application Data\Ibm
C:\Documents and Settings\Administrator\Application Data\Identities
C:\Documents and Settings\Administrator\Application Data\Installshield
C:\Documents and Settings\Administrator\Application Data\Intel
C:\Documents and Settings\Administrator\Application Data\Macromedia
C:\Documents and Settings\Administrator\Application Data\Megauploadtoolbar
C:\Documents and Settings\Administrator\Application Data\Microsoft
C:\Documents and Settings\Administrator\Application Data\Mozilla
C:\Documents and Settings\Administrator\Application Data\Real
C:\Documents and Settings\Administrator\Application Data\Skype
C:\Documents and Settings\Administrator\Application Data\Talkback
C:\Documents and Settings\Administrator\Application Data\Utorrent
C:\Documents and Settings\Administrator\Application Data\Vlc
C:\Documents and Settings\Administrator\Application Data\Winrar -- EMPTY Directory
C:\Documents and Settings\Administrator\Application Data\Yahoo!
C:\Documents and Settings\All Users.windows\Application Data\Intel
C:\Documents and Settings\All Users.winnt\Application Data\Adobe
C:\Documents and Settings\All Users.winnt\Application Data\Cyberlink
C:\Documents and Settings\All Users.winnt\Application Data\Google
C:\Documents and Settings\All Users.winnt\Application Data\Ibm
C:\Documents and Settings\All Users.winnt\Application Data\Installshield
C:\Documents and Settings\All Users.winnt\Application Data\Intel
C:\Documents and Settings\All Users.winnt\Application Data\Kaspersky Lab
C:\Documents and Settings\All Users.winnt\Application Data\Mfcd Upload Army Browse
C:\Documents and Settings\All Users.winnt\Application Data\Microsoft
C:\Documents and Settings\All Users.winnt\Application Data\Temp -- EMPTY Directory
C:\Documents and Settings\All Users.winnt\Application Data\Yahoo!
C:\Documents and Settings\All Users.winnt\Application Data\Yahoo! Companion
C:\Documents and Settings\Db2admin.p\Application Data\Intel
C:\Documents and Settings\Db2admin.p\Application Data\Microsoft
C:\Documents and Settings\Default User.windows\Application Data\Intel
C:\Documents and Settings\Default User.winnt\Application Data\Intel
C:\Documents and Settings\Default User.winnt\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Intel
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Localservice.winnt\Application Data\Intel
C:\Documents and Settings\Networkservice\Application Data\Intel
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Pankaj.p\Application Data\Adobe
C:\Documents and Settings\Pankaj.p\Application Data\Broadband
C:\Documents and Settings\Pankaj.p\Application Data\Google
C:\Documents and Settings\Pankaj.p\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Pankaj.p\Application Data\Identities
C:\Documents and Settings\Pankaj.p\Application Data\Intel
C:\Documents and Settings\Pankaj.p\Application Data\Macromedia
C:\Documents and Settings\Pankaj.p\Application Data\Megauploadtoolbar
C:\Documents and Settings\Pankaj.p\Application Data\Microsoft
C:\Documents and Settings\Pankaj.p\Application Data\Real
C:\Documents and Settings\Pankaj.p\Application Data\Vlc
C:\Documents and Settings\Pankaj.p\Application Data\Yahoo!
C:\Documents and Settings\Public\Application Data\Intel
C:\Documents and Settings\Remoteservice.winnt\Application Data\Intel
C:\Documents and Settings\Sandeep\Application Data\Intel



2nd NoLop


NoLop! Log by Skate_Punk_21

Please Note: any existing old logs will have now been renamed to NoLop!OLD.log

Fix running from: C:\Documents and Settings\Administrator
[3/27/2008]
[9:45:04 PM]

---Infection Files Found/Removed---
NO INFECTION FILES FOUND - Cleaning Aborted.

---Listing AppData sub directories---

C:\Documents and Settings\Administrator\Application Data\Adobe
C:\Documents and Settings\Administrator\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Administrator\Application Data\Broadband
C:\Documents and Settings\Administrator\Application Data\Cyberlink
C:\Documents and Settings\Administrator\Application Data\Dvdcss
C:\Documents and Settings\Administrator\Application Data\Encfoureq
C:\Documents and Settings\Administrator\Application Data\Google
C:\Documents and Settings\Administrator\Application Data\Gtek
C:\Documents and Settings\Administrator\Application Data\Ibm
C:\Documents and Settings\Administrator\Application Data\Identities
C:\Documents and Settings\Administrator\Application Data\Installshield
C:\Documents and Settings\Administrator\Application Data\Intel
C:\Documents and Settings\Administrator\Application Data\Macromedia
C:\Documents and Settings\Administrator\Application Data\Megauploadtoolbar
C:\Documents and Settings\Administrator\Application Data\Microsoft
C:\Documents and Settings\Administrator\Application Data\Mozilla
C:\Documents and Settings\Administrator\Application Data\Real
C:\Documents and Settings\Administrator\Application Data\Skype
C:\Documents and Settings\Administrator\Application Data\Talkback
C:\Documents and Settings\Administrator\Application Data\Utorrent
C:\Documents and Settings\Administrator\Application Data\Vlc
C:\Documents and Settings\Administrator\Application Data\Winrar -- EMPTY Directory
C:\Documents and Settings\Administrator\Application Data\Yahoo!
C:\Documents and Settings\All Users.windows\Application Data\Intel
C:\Documents and Settings\All Users.winnt\Application Data\Adobe
C:\Documents and Settings\All Users.winnt\Application Data\Cyberlink
C:\Documents and Settings\All Users.winnt\Application Data\Google
C:\Documents and Settings\All Users.winnt\Application Data\Ibm
C:\Documents and Settings\All Users.winnt\Application Data\Installshield
C:\Documents and Settings\All Users.winnt\Application Data\Intel
C:\Documents and Settings\All Users.winnt\Application Data\Kaspersky Lab
C:\Documents and Settings\All Users.winnt\Application Data\Mfcd Upload Army Browse
C:\Documents and Settings\All Users.winnt\Application Data\Microsoft
C:\Documents and Settings\All Users.winnt\Application Data\Temp -- EMPTY Directory
C:\Documents and Settings\All Users.winnt\Application Data\Yahoo!
C:\Documents and Settings\All Users.winnt\Application Data\Yahoo! Companion
C:\Documents and Settings\Db2admin.p\Application Data\Intel
C:\Documents and Settings\Db2admin.p\Application Data\Microsoft
C:\Documents and Settings\Default User.windows\Application Data\Intel
C:\Documents and Settings\Default User.winnt\Application Data\Intel
C:\Documents and Settings\Default User.winnt\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Intel
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Localservice.winnt\Application Data\Intel
C:\Documents and Settings\Networkservice\Application Data\Intel
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Pankaj.p\Application Data\Adobe
C:\Documents and Settings\Pankaj.p\Application Data\Broadband
C:\Documents and Settings\Pankaj.p\Application Data\Google
C:\Documents and Settings\Pankaj.p\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Pankaj.p\Application Data\Identities
C:\Documents and Settings\Pankaj.p\Application Data\Intel
C:\Documents and Settings\Pankaj.p\Application Data\Macromedia
C:\Documents and Settings\Pankaj.p\Application Data\Megauploadtoolbar
C:\Documents and Settings\Pankaj.p\Application Data\Microsoft
C:\Documents and Settings\Pankaj.p\Application Data\Real
C:\Documents and Settings\Pankaj.p\Application Data\Vlc
C:\Documents and Settings\Pankaj.p\Application Data\Yahoo!
C:\Documents and Settings\Public\Application Data\Intel
C:\Documents and Settings\Remoteservice.winnt\Application Data\Intel
C:\Documents and Settings\Sandeep\Application Data\Intel
You do not have the required permissions to view the files attached to this post.
Last edited by markkhunt on March 28th, 2008, 9:15 am, edited 1 time in total.
Reason: Placed attachments within the thread
ziddiguy
Active Member
 
Posts: 3
Joined: March 25th, 2008, 2:35 pm

Re: adultfriendfinder.com harasses

Unread postby markkhunt » March 28th, 2008, 11:22 am

Hi, ziddiguy. Since this is a training forum, would you please post any logs directly into the thread and not make them as attachements. It makes them easier for everyone to follow. Thanks. :)

Is your version of Download Accelerator Plus (DAP) the freeware version or the paid version? If it is the freeware version, I recommend that you uninstall it because it is adware based and could be the cause of some of your popups. To remove Download Accelerator Plus (DAP):
  • Click Start
  • Control Panel
  • Add/Remove Programs
  • Select for Download Accelerator Plus (DAP)
  • Click Remove and follow any prompts.

I see that you have the Megaupload Toolbar installed. The malware experts have not come to a final conclusion as to how safe it is so I would recommend you also remove it through Add/Remove Programs. Before making your decision, you may get more information from CastleCops.

You are still using the beta version of HijackThis. I need you to uninstall the beta software through Add/Remove Programs and then click here to download HJTInstall.exe
  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis. You may select another location if you wish.
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan only button.

Now, please place a check in the boxes next to the following entries (if still present):

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [Army browse cdrom vga] C:\Documents and Settings\All Users.WINNT\Application Data\Mfcd upload army browse\Option fast.exe
O4 - HKCU\..\Run: [okaycool] C:\DOCUME~1\ADMINI~1\APPLIC~1\ENCFOU~1\OwnsGreySecond.exe


If you chose to remove Download Acelerator Plus (DAP), please check the box next to the following entries (if still present):

O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

If you chose to remove the Megaupload Toolbar, please check the boxes next to the followin entries (if still present):

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL


Now, please close all open browsers and windows, and then click Fix Checked.

We need to make your hidden and system files visible. Please do the following:

  • Click Start
  • My Computer
  • Select the Tools menu and click Folder Options
  • Select the View tab
  • Under the Hidden files and folders heading, select Show hidden files and folders.
  • uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm
  • Click OK

Now, please restart your computer in Safe Mode.

  • Shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advance Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Select the Safe Mode option.
  • Press Enter and the computer go into Safe Mode.

Using Windows Explorer, please delete the following folders (shown below in red) if still present:

C:\Documents and Settings\All Users.WINNT\Application Data\Mfcd upload army browse\
C:\Documents and Settings\Administrator\Application Data\Encfoureq\


If you chose to remove Download Accelerator Plus (DAP) then please delete the following folder (shown below in red) if still present:

C:\Program Files\DAP\

If you chose to remove Megaupload Toolbar then please delete the following folder (shown below in red) if still present:

C:\Program Files\Megaupload Toolbar\

Please restart your computer normally and post another HijackThis log for me to review.
User avatar
markkhunt
Admin/Teacher Emeritus
 
Posts: 7911
Joined: April 15th, 2005, 8:58 pm
Location: Newburgh, IN

Re: adultfriendfinder.com harasses

Unread postby ziddiguy » March 28th, 2008, 3:42 pm

Hi,

Appreciate your help, I have followed your reply completely and here is the latest hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:08:55 AM, on 3/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINNT\System32\WLTRYSVC.EXE
C:\WINNT\System32\bcmwltry.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\IBM\SQLLIB\BIN\db2mgmtsvc.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\eScan\VISTA\avpmapp.exe
C:\PROGRA~1\eScan\TRAYSSER.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAgent.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe
C:\PROGRA~1\eScan\TRAYICOS.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINNT\system32\WLTRAY.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\IBM\SQLLIB\BIN\db2systray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\eScan\MAILDISP.EXE
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\PROGRA~1\ESCAN\SPOOLER.EXE
C:\PROGRA~1\eScan\MAILSCAN.EXE
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\PROGRA~1\eScan\Vista\eScanMon.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Sify Broadband\BBClient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Sify Broadband\BBImpSec.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toggle.com/index.php?rvs=hompag
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [TataIndicomStartUp] C:\Program Files\Tata Indicom Wireless Internet Service\TataIndicomStartUp.exe
O4 - HKLM\..\Run: [eScan Updater] C:\PROGRA~1\eScan\TRAYICOS.EXE /App
O4 - HKLM\..\Run: [MailScan Dispatcher] C:\PROGRA~1\eScan\LAUNCH.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINNT\system32\WLTRAY.exe
O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DB2COPY1 - db2systray.exe DB2] C:\PROGRA~1\IBM\SQLLIB\BIN\db2systray.exe DB2
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-842925246-329068152-839522115-1007\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'db2admin')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\HiDownload\hidownload.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O23 - Service: DB2 - DB2COPY1 - DB2-0 (DB2-0) - International Business Machines Corporation - C:\PROGRA~1\IBM\SQLLIB\bin\db2syscs.exe
O23 - Service: DB2DAS - DB2DAS00 (DB2DAS00) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\\bin\db2dasrrm.exe
O23 - Service: DB2 Governor (DB2COPY1) (DB2GOVERNOR_DB2COPY1) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2govds.exe
O23 - Service: DB2 License Server (DB2COPY1) (DB2LICD_DB2COPY1) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2licd.exe
O23 - Service: DB2 Management Service (DB2COPY1) (DB2MGMTSVC_DB2COPY1) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2mgmtsvc.exe
O23 - Service: DB2 Security Server (DB2COPY1) (DB2NTSECSERVER_DB2COPY1) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe
O23 - Service: DB2 Remote Command Server (DB2COPY1) (DB2REMOTECMD_DB2COPY1) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2rcmd.exe
O23 - Service: eScan Monitor Service - MicroWorld Technologies Inc. - C:\PROGRA~1\eScan\VISTA\avpmapp.exe
O23 - Service: eScan Server-Updater (eScan-trayicos) - MicroWorld Technologies Inc. - C:\PROGRA~1\eScan\TRAYSSER.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
O23 - Service: Cricket 2007 Drivers Auto Removal (pr2agnqb) (pr2agnqb) - Codemasters - C:\WINNT\system32\pr2agnqb.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINNT\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\WINNT\system32\DRIVERS\xaudio.exe

--
End of file - 9876 bytes


Thanks
ziddiguy
Active Member
 
Posts: 3
Joined: March 25th, 2008, 2:35 pm

Re: adultfriendfinder.com harasses

Unread postby markkhunt » March 30th, 2008, 1:20 am

Hi, ziddiguy. Your last HijackThis log looks clean. How's your computer running now? Are you still getting the popups?
User avatar
markkhunt
Admin/Teacher Emeritus
 
Posts: 7911
Joined: April 15th, 2005, 8:58 pm
Location: Newburgh, IN

Re: adultfriendfinder.com harasses

Unread postby markkhunt » April 6th, 2008, 1:25 am

Due to Lack of Response this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
markkhunt
Admin/Teacher Emeritus
 
Posts: 7911
Joined: April 15th, 2005, 8:58 pm
Location: Newburgh, IN
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 22 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware