1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Cookiegal, need your help; lots of pop ups (HJT included)

Discussion in 'Virus & Other Malware Removal' started by inglej, Sep 24, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. inglej

    inglej Thread Starter

    Joined:
    Jan 7, 2007
    Messages:
    164
    Pop ups coming up every 30 seconds to 1 minute. Here's the scan.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:39:59 PM, on 9/24/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\SAV\sav.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\DOCUME~1\Owner\LOCALS~1\Temp\a.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\DOCUME~1\Owner\LOCALS~1\Temp\c.exe
    C:\Documents and Settings\Owner\Desktop\Virus stuff\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [Antivirus] C:\Program Files\SAV\sav.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Somefox] C:\DOCUME~1\Owner\LOCALS~1\Temp\a.exe
    O4 - HKCU\..\Run: [Antivirus] C:\Program Files\SAV\sav.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Wireless Connection Manager.lnk = ?
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Jewel%20Quest%203/Images/stg_drm.ocx
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Jewel%20Quest%203/Images/armhelper.ocx
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    --
    End of file - 7027 bytes
     
  2. inglej

    inglej Thread Starter

    Joined:
    Jan 7, 2007
    Messages:
    164
    Still need help please
     
  3. inglej

    inglej Thread Starter

    Joined:
    Jan 7, 2007
    Messages:
    164
    Cookiegal,

    great help before. Help needed again on a different computer. Here's the scan:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:10:12 AM, on 9/27/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\SAV\sav.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\DOCUME~1\Owner\LOCALS~1\Temp\a.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\DOCUME~1\Owner\LOCALS~1\Temp\c.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Owner\Desktop\Virus stuff\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [Antivirus] C:\Program Files\SAV\sav.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Somefox] C:\DOCUME~1\Owner\LOCALS~1\Temp\a.exe
    O4 - HKCU\..\Run: [Antivirus] C:\Program Files\SAV\sav.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Wireless Connection Manager.lnk = ?
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Jewel%20Quest%203/Images/stg_drm.ocx
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Jewel%20Quest%203/Images/armhelper.ocx
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    --
    End of file - 7028 bytes
     
  4. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,908
    Please visit Combofix Guide & Instructions for instructions for installing the recovery console and downloading and running ComboFix.

    The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to Combo-Fix.exe please.

    Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

    Important notes regarding ComboFix:

    ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

    ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished.
     
  5. inglej

    inglej Thread Starter

    Joined:
    Jan 7, 2007
    Messages:
    164
    ComboFix 08-10-01.02 - Owner 2008-10-02 6:47:59.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.226 [GMT -7:00]
    Running from: C:\Documents and Settings\Owner\Desktop\Virus stuff\ComboFix.exe
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\SAV
    C:\Program Files\SoftwareOnline
    C:\Program Files\spamblockerutility
    C:\Redemption.ECF

    .
    ((((((((((((((((((((((((( Files Created from 2008-09-02 to 2008-10-02 )))))))))))))))))))))))))))))))
    .

    2008-09-19 14:35 . 2008-09-19 09:00 165,888 --a------ C:\WINDOWS\SYSTEM32\sav.cpl
    2008-09-19 14:35 . 2008-09-19 14:35 125,956 --a------ C:\WINDOWS\SYSTEM32\msxml71.dll
    2008-09-17 13:08 . 2008-09-17 13:33 <DIR> d-------- C:\WINDOWS\SYSTEM32\CatRoot_bak

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-01 20:08 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
    2008-09-26 00:18 --------- d-----w C:\Documents and Settings\Owner\Application Data\MSN6
    2008-09-19 21:39 --------- d-----w C:\Program Files\LimeWire
    2008-08-19 04:27 --------- d-----w C:\Program Files\Microsoft.NET
    2008-08-19 04:27 --------- d-----w C:\Program Files\Microsoft ActiveSync
    2008-08-17 01:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-17 01:55 --------- d-----w C:\Program Files\D-Link
    2008-08-09 16:32 --------- d-----w C:\Program Files\Moraff's Maximum MahJongg
    2008-08-09 16:27 --------- d-----w C:\Program Files\AOL Games
    2008-08-09 16:26 --------- d-----w C:\Program Files\iWin.com Games
    2008-08-09 16:25 --------- d-----w C:\Program Files\HP
    2008-08-09 16:19 --------- d-----w C:\Program Files\MasqueGames
    2008-08-09 16:17 --------- d-----w C:\Program Files\eGames
    2008-08-09 16:12 --------- d-----w C:\Program Files\Yahoo!
    2008-08-09 16:12 --------- d-----w C:\Program Files\SuperslotsCasino
    2008-08-09 16:12 --------- d-----w C:\Program Files\NoAdware3
    2008-08-09 16:11 --------- d-----w C:\Program Files\Modem Helper
    2008-08-09 16:11 --------- d-----w C:\Program Files\Mahjong Towers Eternity
    2008-08-09 16:11 --------- d-----w C:\Program Files\GameSpy Arcade
    2008-08-09 16:11 --------- d-----w C:\Program Files\Common Files\AOL
    2008-08-09 16:10 --------- d-----w C:\Program Files\AOL Toolbar
    2008-08-09 16:08 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL
    2008-08-09 16:01 --------- d-----w C:\Documents and Settings\Owner\Application Data\AOL
    2008-08-09 16:01 --------- d-----w C:\Documents and Settings\Diana King\Application Data\AOL
    2008-08-09 15:55 --------- d-----w C:\Documents and Settings\Owner\Application Data\U3
    2007-02-13 22:13 3 ----a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\347hfs.dat
    2005-07-09 03:15 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2006-07-31 4617720]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-22 68856]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 114741]
    "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-10-02 155648]
    "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-10-02 118784]
    "mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2003-10-06 53248]
    "MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2003-10-06 118784]
    "type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2005-06-10 196608]
    "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-06-10 217088]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-08 98304]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-27 180269]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-02 29744]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 36975]
    "BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 C:\WINDOWS\BCMSMMSG.exe]

    C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2006-12-26 125624]
    Wireless Connection Manager.lnk - C:\Program Files\D-Link\D-Link Wireless N USB Adapter DWA-130\wirelesscm.exe [2008-08-16 14020608]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Dell Computer\\Dell Picture Studio v2.0\\launch.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=

    S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-02 29744]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f614f82-6da8-11dd-9355-001b1159d421}]
    \Shell\AutoRun\command - F:\setupSNK.exe
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-Sonic RecordNow! - (no file)
    HKLM-Run-Antivirus - C:\Program Files\SAV\sav.exe


    .
    ------- Supplementary Scan -------
    .
    R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
    R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
    O8 -: &AOL Toolbar search - C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 -: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 -: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 -: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 -: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

    O16 -: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Jewel%20Quest%203/Images/stg_drm.ocx
    C:\WINDOWS\Downloaded Program Files\stg_drm.ocx

    O16 -: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Jewel%20Quest%203/Images/armhelper.ocx
    C:\WINDOWS\Downloaded Program Files\armhelper.ocx
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-02 06:53:11
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\SYSTEM32\wscntfy.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
    C:\ComboFix\pv.cfexe
    .
    **************************************************************************
    .
    Completion time: 2008-10-02 6:58:14 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-10-02 13:58:10

    Pre-Run: 64,053,207,040 bytes free
    Post-Run: 64,465,625,088 bytes free

    129 --- E O F --- 2008-09-10 10:02:07
     
  6. inglej

    inglej Thread Starter

    Joined:
    Jan 7, 2007
    Messages:
    164
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:30:33 AM, on 10/2/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Owner\Desktop\Virus stuff\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Wireless Connection Manager.lnk = ?
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Jewel%20Quest%203/Images/stg_drm.ocx
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Jewel%20Quest%203/Images/armhelper.ocx
    O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    --
    End of file - 6244 bytes
     
  7. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,908
    Open Notepad and copy and paste the text in the code box below into it:

    Code:
    http://forums.techguy.org/malware-removal-hijackthis-logs/753879-cookiegal-need-your-help-lots.html#post6171511
    
    Collect::
    C:\WINDOWS\SYSTEM32\sav.cpl
    C:\WINDOWS\SYSTEM32\msxml71.dll
    
    Save the file to your desktop and name it CFScript.txt

    Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

    [​IMG]


    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.

    Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.



    Please do an online scan with Kaspersky WebScanner

    Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have Java then you will need to go to the following link and download the latest version (it's the fifith one down the list :

    Java Runtime Environment (JRE) 6 Update 7


    Instructions for Kaspersky scan:

    1. Read through the requirements and privacy statement and click on Accept button.
    2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    3. When the downloads have finished, click on Settings.
    4. Make sure the following is checked.
      • Spyware, Adware, Dialers, and other potentially dangerous programs
        Archives
        Mail databases
    5. Click on My Computer under Scan.
    6. Once the scan is complete, it will display the results. Click on View Scan Report.
    7. You will see a list of infected items there. Click on Save Report As....
    8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
    9. Please post this log in your next reply.
     
  8. inglej

    inglej Thread Starter

    Joined:
    Jan 7, 2007
    Messages:
    164
    ComboFix is too long. Here's the HJT. Also, I'm not able to save the Kaspersky scan as a .txt.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:56:18 PM, on 10/28/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Java\jre6\bin\java.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Owner\Desktop\Virus stuff\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Wireless Connection Manager.lnk = ?
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Jewel%20Quest%203/Images/stg_drm.ocx
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Jewel%20Quest%203/Images/armhelper.ocx
    O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

    --
    End of file - 6887 bytes
     
  9. inglej

    inglej Thread Starter

    Joined:
    Jan 7, 2007
    Messages:
    164
    Cookiegal, this thread is still good. Two different computers with different problems. Still working the issue on this thread.
     
  10. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,908
    Sorry, I don't know what happened.

    Please upload the ComboFix log as an attachment.

    What do you mean you can't save Kaspersky as a text file? It gives you that open at the end of the scan.
     
  11. inglej

    inglej Thread Starter

    Joined:
    Jan 7, 2007
    Messages:
    164
    Cookiegal, the ComboFix scan is attached.

    Regarding the Kasperky (sp?) Scan, when I conducted the scan, it didn't give me the option to save it as a .txt. The only option I had was to save it as an html. I'll run the scan again and see if I get a different result and keep you posted.
     

    Attached Files:

  12. inglej

    inglej Thread Starter

    Joined:
    Jan 7, 2007
    Messages:
    164
    Cookiegal,

    here's the Kaspersky Scan:

    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7 REPORT
    Wednesday, November 5, 2008
    Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
    Kaspersky Online Scanner 7 version: 7.0.25.0
    Program database last update: Tuesday, November 04, 2008 19:09:24
    Records in database: 1369646
    --------------------------------------------------------------------------------

    Scan settings:
    Scan using the following database: extended
    Scan archives: yes
    Scan mail databases: yes

    Scan area - My Computer:
    C:\
    D:\
    E:\

    Scan statistics:
    Files scanned: 102723
    Threat name: 44
    Infected objects: 104
    Suspicious objects: 0
    Duration of the scan: 02:18:07


    File name / Threat name / Threats count
    C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0FC00000.VBN Infected: Trojan.Win32.Small.cy 1
    C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0FC00001.VBN Infected: Trojan.Win32.Small.cy 1
    C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0FC00002.VBN Infected: Trojan.Win32.Agent.aezk 1
    C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0FC00002.VBN Infected: not-a-virus:FraudTool.Win32.UltimateAntivirus.cc 1
    C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0FC00003.VBN Infected: Trojan.Win32.Agent.aezk 1
    C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0FC00003.VBN Infected: not-a-virus:FraudTool.Win32.UltimateAntivirus.cc 1
    C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0FC00004.VBN Infected: not-a-virus:FraudTool.Win32.UltimateAntivirus.cc 1
    C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0FC00005.VBN Infected: not-a-virus:FraudTool.Win32.UltimateAntivirus.cc 1
    C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0FC00006.VBN Infected: Trojan.Win32.Small.cy 1
    C:\Documents and Settings\Owner\Application Data\BFGTOOLBAR\bfgtoolbarDLL.zip Infected: not-a-virus:AdWare.Win32.MegaSearch.u 1
    C:\Program Files\AOL Toolbar\AOLToolbarSetup.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1
    C:\Program Files\GameFiesta\Toolbar\gf-toolbar.dll Infected: not-a-virus:AdWare.Win32.Eztracks.a 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\00910266.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\01502A45.exe Infected: Packed.Win32.PolyCrypt.d 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\01B6204D.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\07B25461.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09751C1C.exe Infected: Trojan.Win32.Stervis.c 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0CE06644.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0D475C4B.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0ED2265D.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\11841631.exe Infected: not-a-virus:AdWare.Win32.Lop.l 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\16016E3D.exe Infected: not-a-virus:AdWare.Win32.Lop.l 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\18D7184A.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1D134A55.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\20EB6F8E.dll Infected: not-a-virus:AdWare.Win32.Sahat.w 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\20FC0A21.dll Infected: Trojan-Downloader.Win32.Dyfuca.gen 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\24331C51.exe Infected: Packed.Win32.PolyCrypt.d 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\24675449.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\28DC11BC.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2A2E79A5.dll Infected: not-a-virus:AdWare.Win32.Sahat.w 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2FF81047.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\305E064F.exe Infected: Packed.Win32.PolyCrypt.d 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\33C3499D.zip Infected: Exploit.Java.ByteVerify 2
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\33C3499D.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3B884C46.dll Infected: not-a-virus:AdWare.Win32.ClearSearch.z 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3B884C46.exe Infected: not-a-virus:AdWare.Win32.ClearSearch.ac 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3BEE424E.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\47180845.exe Infected: not-a-virus:AdWare.Win32.Lop.l 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\477E7E4C.exe Infected: Trojan-Downloader.Win32.Intexp.e 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4EEC22B0.DLL Infected: not-a-virus:AdWare.Win32.ClearSearch.ah 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4EEC22B0.exe Infected: Packed.Win32.PolyCrypt.d 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4EEF4CAD.exe Infected: Trojan-Downloader.Win32.Dyfuca.dp 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4EF276A9.DLL Infected: not-a-virus:AdWare.Win32.ClearSearch.ae 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4EF620A5.DLL Infected: not-a-virus:AdWare.Win32.ClearSearch.ah 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4EF620A5.exe Infected: Packed.Win32.PolyCrypt.d 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4EF94AA2.dll Infected: not-a-virus:AdWare.Win32.WinAD.be 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4EF94AA2.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.b 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4EFC749E.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.l 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4F107089.exe Infected: Trojan.Win32.Small.cy 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4F131A85.exe Infected: not-a-virus:AdWare.Win32.ImiBar.d 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4F164481.dll Infected: Trojan-Downloader.Win32.Dyfuca.dt 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4F3D7A1C.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.j 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4FA37023.exe Infected: not-a-virus:AdWare.Win32.BetterInternet 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\525B4581.exe Infected: not-a-virus:Downloader.Win32.Agent.c 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\52A94443.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\530F3A4B.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\553B2ECB.exe Infected: not-a-virus:AdWare.Win32.ClearSearch.aj 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\553F58C8.DLL Infected: not-a-virus:AdWare.Win32.ClearSearch.ah 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\553F58C8.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\554202C4.exe Infected: Packed.Win32.PolyCrypt.d 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\55452CC1.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\554856BD.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\554C00B9.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\554F2AB6.DLL Infected: not-a-virus:AdWare.Win32.ClearSearch.ae 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\554F2AB6.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\555254B2.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\55557EAF.DLL Infected: not-a-virus:AdWare.Win32.ClearSearch.y 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\55557EAF.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\55557EAF.tmp Infected: not-a-virus:AdWare.Win32.ClearSearch.y 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\555928AB.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\555C52A7.DLL Infected: not-a-virus:AdWare.Win32.ClearSearch.ah 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\555C52A7.exe Infected: Packed.Win32.PolyCrypt.d 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\555F7CA4.exe Infected: Packed.Win32.PolyCrypt.d 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\556226A0.exe Infected: Trojan-Downloader.Win32.Swizzor.fg 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5566509D.dll Infected: not-a-virus:AdWare.Win32.ClearSearch.y 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5566509D.exe Infected: not-a-virus:AdWare.Win32.ClearSearch.aa 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\55697A99.exe Infected: not-a-virus:AdWare.Win32.ClearSearch.aj 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\556C2495.exe Infected: Packed.Win32.PolyCrypt.d 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\55704E92.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5573788E.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\56754401.zip Infected: Exploit.Java.ByteVerify 2
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\56754401.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\577164EC.zip Infected: Exploit.Java.ByteVerify 2
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\577164EC.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5847730F.exe Infected: Trojan-Downloader.Win32.Swizzor.fg 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\658155CA.exe Infected: Trojan.Win32.Agent.ay 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6A2F3248.exe Infected: Packed.Win32.PolyCrypt.d 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\74C83AFE.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\75C06E47.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
    C:\Program Files\SBITPlugin\120108.exe Infected: Trojan-Downloader.Win32.Tibsem.b 1
    C:\Program Files\Zango Games\Wind Words\ZangoInstaller.exe Infected: not-a-virus:AdWare.Win32.180Solutions.k 1
    C:\System Volume Information\_restore{BB7D5D5B-4491-4596-8BA8-CFA10895B505}\RP669\A0070285.dll Infected: not-a-virus:AdWare.Win32.MegaSearch.u 1
    C:\System Volume Information\_restore{BB7D5D5B-4491-4596-8BA8-CFA10895B505}\RP674\A0071333.dll Infected: not-a-virus:AdWare.Win32.AdMedia.g 1
    C:\System Volume Information\_restore{BB7D5D5B-4491-4596-8BA8-CFA10895B505}\RP687\A0071948.exe Infected: not-a-virus:FraudTool.Win32.SystemAntivirus.a 1
    C:\System Volume Information\_restore{BB7D5D5B-4491-4596-8BA8-CFA10895B505}\RP687\A0071953.dll Infected: not-a-virus:AdWare.Win32.HotBar.an 1
    C:\System Volume Information\_restore{BB7D5D5B-4491-4596-8BA8-CFA10895B505}\RP687\A0071955.dll Infected: not-a-virus:AdWare.Win32.HotBar.ar 1
    C:\System Volume Information\_restore{BB7D5D5B-4491-4596-8BA8-CFA10895B505}\RP687\A0071956.dll Infected: not-a-virus:AdWare.Win32.HotBar.be 1
    C:\System Volume Information\_restore{BB7D5D5B-4491-4596-8BA8-CFA10895B505}\RP687\A0071959.exe Infected: not-a-virus:AdWare.Win32.Shopper.c 1
    C:\System Volume Information\_restore{BB7D5D5B-4491-4596-8BA8-CFA10895B505}\RP687\A0071960.exe Infected: not-a-virus:AdWare.Win32.HotBar.bg 1
    C:\System Volume Information\_restore{BB7D5D5B-4491-4596-8BA8-CFA10895B505}\RP687\A0071966.dll Infected: not-a-virus:AdWare.Win32.Hotbar.an 1
    C:\System Volume Information\_restore{BB7D5D5B-4491-4596-8BA8-CFA10895B505}\RP687\A0071969.exe Infected: not-a-virus:Downloader.Win32.ImLoader.b 1

    The selected area was scanned.
     
  13. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,908
    Open Notepad and copy and paste the text in the code box below into it:

    Code:
    File::
    C:\Documents and Settings\Owner\Application Data\BFGTOOLBAR\bfgtoolbarDLL.zip
    
    Folder::
    C:\Program Files\GameFiesta
    C:\Program Files\SBITPlugin
    C:\Program Files\Zango Games
    
    Save the file to your desktop and name it CFScript.txt

    Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

    [​IMG]


    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.

    Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.
     
  14. inglej

    inglej Thread Starter

    Joined:
    Jan 7, 2007
    Messages:
    164
    The ComboFix and HJT scans are attached
     

    Attached Files:

  15. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,908
    Open Notepad and copy and paste the text in the code box below into it:

    Code:
    File::
    c:\windows\VPC32.INI
    
    Folder::
    c:\documents and settings\Owner\Application Data\BFGTOOLBAR
    
    DirLook::
    c:\program files\Axxrpw
     
    Save the file to your desktop and name it CFScript.txt

    Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

    [​IMG]


    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.

    Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/753879

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice