pop-up and other weird problem

[zulanders]

it just happen AGAIN to me just recently where the ie browser keep popping up display advertisement about winantiviruspro...

in my previous encounter i manage to get rid off it but now its back..
spyguard say there a new file call mllml.dll and yayxvvt.dll in the problem which embedded in system32. the two program try to add a new BHO in the registry, i think.

i have done the preliminary removal and i have attach all the log below. two new problem occur,

1) ie browser still popup but did not show nothing
2) everytime i restart the pc a window warning masage tell me it can not read a rtxaguoa.dll file

by the way, avgrootkit found something but all in c:\recycler\nprotect\

 

[momok]

Hi,

Your system is horribly infected with several nasties.

I notice you have Symantec AND Avast installed. This is not recommended as it will cause conflicts and hog your system resources. Please uninstall one of them, preferably the norton crap.
(Nprotect is preventing items from being deleted and you have a lot of things there that ought to be deleted. Please delete those items permanently)

Another thing is, your AVG log displays 'No Action Taken' for all the files detected.

I suggest you run AVG again and quarantine the files. Pictorial instructions HERE.

Often times, an infection can occur again not due to the incompetence of programs, but because of user habits.
May I recommend that you read this article.

You may wish to copy and paste these instructions on notepad for easier reference later.

Download Vundofix from HERE.

Double click the Vundofix.exe to run it.
Right click in the vundofix window and click add files.

Enter the full file path/s to the files you want Vundofix to delete and click the add files button, followed by the close window button. Click the remove vundo button and let Vundofix do it`s stuff.

These are the following file path's you need to enter:
C:\WINDOWS\system32\cbxwwts.dll
C:\WINDOWS\system32\tuvwtsr.dll
C:\WINDOWS\system32\yayxvvt.dll.vir

Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.

Boot into safe mode under your normal user name. See how HERE

Next turn on "Show all files and folders, including hidden and system". See how HERE

Open your task manager by pressing holding ctrl, alt and pressing del. Alternatively, use ctrl + shift + esc. Go to the processes tab, and end the following processes, if found:

aswboot.exe
lmllm.bak2
lmllm.bak1
mllml.dll.vir
ghhkj.bak1
vtsqq.dll
jkhhg.dll
awvts.dll

After that, run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):
O2 - BHO: (no name) - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - (no file)
O3 - Toolbar: (no name) - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - (no file)

Close HJT.

Navigate in Windows Explorer and delete the following files and folders in bold.

C:\WINDOWS\system32\lmllm.bak2
C:\WINDOWS\system32\lmllm.bak1
C:\WINDOWS\system32\mllml.dll.vir
C:\WINDOWS\system32\ghhkj.bak1
C:\WINDOWS\system32\vtsqq.dll
C:\WINDOWS\system32\jkhhg.dll
C:\WINDOWS\system32\awvts.dll
C:\WINDOWS\system32\aswboot.exe

Reboot into normal mode and rehide your protected OS files.

Thereafter, please post a fresh HJT, ComboFix and AVG Antispyware log from normal mode as an attachment into this thread. I also need the C:\vundofix.txt file.

Also, do an indepth root kit scan again after you have dealt with norton and that nprotect folder, and let me know the results please. Thanks.

PS. I notice that you have been using cracks and key gens. This is against the principles and rules of this forum. Please remove them all. If not the next time you post and we see it, I shall inform the moderator to close your thread and no further replies for help entertained.


Regards,
Your friendly Momok =)

 

[zulanders]

recleaning

i will run all the task as you said again.

about the norton stuff, its anti-virus has already looooong gone. the only norton program left is the systemwork, i use its optimization program.
any thanks.

 

[zulanders]

Deep Trouble

I rerun the preliminary guide again because it seems that last time my pc didnt get rid the walmare. the problem is that during the smithfraud prog running,(in safe mode, to clean what it found) the pc hang and restart.

now i can not log into my pc because every times it rebooting a blue screen appear say:

stop:c000021[fatal system error]
the session manager initialization system process terminated unexpectedly with a status of 0xc0000022
(0x00000000 0x00000000)
the system has been shutdown.

if any one could help me recover from this problem is much appreciate.

 

[howard_hopkinso]

Can you boot into safe mode at all?

Regards Howard

 

[zulanders]

unfortunately no...

it will open the same blue screen

 

[howard_hopkinso]

Ok, try doing a Windows repair as per this thread HERE. See if that helps.

Regards Howard

 

[zulanders]

not working

i has done what you have instruct me to do but the error massage are still the same and rebooting...

what shall i do now?

 

[howard_hopkinso]

I think it probably time you backed up your important data and reformatted. If that still doesn`t help, then I must conclude you have some kind of hardware problem.

Regards Howard

 

[zulanders]

so this is not a virus or any malware problem...
there are also another guy experiencing same problem like me right now, i think the user name is jack72...
anyway thank for the help. i not like it but if it is the only way.... i really do appreciate the advise given. thanks.

guest what?

i have post to jack72 massage and he said the problem also came after using smithfraudfix....

will anyone shed some light into this? thanks.

 

[howard_hopkinso]

I`ve never heard of anyone having such problems due to Smitfraudfix. I`m not saying it isn`t possible, just that I`ve never heard of it.

Regards Howard