Second PC hijacked by My123.com sigh

[guestolo]

Sorry again for the delay, Power outages and work have kept me off the forums lately
I'm curious as to how the other 2 logs from Combofix look
Can you post both the other logs please

C:\ComboFix2.txt
C:\ComboFix3.txt

Also, can you navigate to the following folders
C:\WINDOWS\system32\wsword
C:\WINDOWS\system32\mspalnt

NOTICE the spelling of each, are there any files in each folder?

[NuCK]

Please don't apologize... I'm already very grateful that you're taking the time to help me out http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'\' />

Here are the logs.

Combofix 2
user - 06-11-27 18:41:53.54    Service Pack 2
ComboFix 06.11.26W - Running from: "C:\Documents and Settings\user\desktop"
Command switches used :: /wow



Combofix3
user - 06-11-27 18:39:12.87    Service Pack 2
ComboFix 06.11.26W - Running from: "C:\Documents and Settings\user\desktop"
Command switches used :: /wow

These are probably generated when my PC stalled while running combofix from desktop earlier.


As for the 2 folders in system32... they appear to be empty.

[guestolo]

I've only seen those 2 folders in one other log, that coincidentally had the same infection you had
They should be safe to delete if empty

Can you do the following for cleanup
Create a .reg file
Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
IMPORTANT>>>Change the Save as Type to All Files.
Name the file as fix.reg

Save this file on the desktop
Ensure to copy from REGEDIT4 and down in the code box

 

Code: [Select]

REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_LSLLDR14]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_LSLLDR14000]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lslldr14]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_LSLLDR14]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_LSLLDR14000]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\lslldr14]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LSLLDR14]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LSLLDR14000]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lslldr14]

Double click on fix.reg and allow to add/merge to the registry at the prompt

Open SrEng.exe and click on "Boot Items" on the left hand side
Select Services tab
Select Drivers button

Highlight "dxdkqoq / dxdkqoqw"
From the list and then click the radio button to "Delete Service"
Click SET

Reboot the computer

Back in Windows

Can you run Regsearch.exe and use the find.txt again
Post back the contents

Also post one more fresh hijackthis log

[Yudi Santoso]

Hi !!!

I'm new here, I've got the same prob. of my123.com.
Anyone can help me out?
And what is it exactly? just adware or it does any malicious thing?

Thanks
Yudi

[guestolo]

The original poster has not returned, I am going to lock this topic
Yudi Santoso, can you please start your own topic in this forum, thanks