Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

i have alot of pop ups, and malware, please help.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

i have alot of pop ups, and malware, please help.

Unread postby tonydat1ger » November 8th, 2007, 12:15 pm

HERE IS MY HIJACKTHIS LOG


Logfile of HijackThis v1.99.1
Scan saved at 12:16:41 PM, on 11/6/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.exe
C:\WINNT\system32\proper.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\QuickTime\qttask.exe
C:\winnt\iexplore\iexplore.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\cmd.exe
C:\WINNT\svchost.exe
C:\WINNT\system32\wbem\csrss.exe
C:\Documents and Settings\Oscar\Desktop\Programs\Hijackthis\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe C:\WINNT\system32\proper.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1888D4BA-8C81-FD13-3C52-03DA8BFFC171} - C:\Program Files\Vojqhbxx\bcgvbeph.dll
O2 - BHO: Explorer Helper - {696A82AF-3AD8-5A16-A1CA-32A59A63A863} - C:\WINNT\system\bremct32.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: Flash Module - {C87FA4A3-2474-4a3f-B413-67D515905024} - rasmoesa.dll (file missing)
O2 - BHO: (no name) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - C:\WINNT\system32\bronto.dll
O2 - BHO: CBho Class - {F369DA09-FADE-44CB-987F-E2E0DEF51BCA} - C:\WINNT\system32\pgd.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Undefined] C:\WINNT\system32\winter.exe
O4 - Startup: infos.exe
O4 - Global Startup: autos.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O20 - AppInit_DLLs: C:\WINNT\system32\skuns.dat
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINNT\system32\Fkqgck32.dll (file missing)
O21 - SSODL: cyYGseGjvRl - {1CC95E99-B663-F433-3E92-CB8257FAB21E} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
tonydat1ger
Active Member
 
Posts: 14
Joined: August 16th, 2007, 4:40 pm
Advertisement
Register to Remove

Re: i have alot of pop ups, and malware, please help.

Unread postby random/random » November 11th, 2007, 2:23 pm

Download the latest version of ComboFix from Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
User avatar
random/random
Developer
Developer
 
Posts: 7731
Joined: December 18th, 2005, 3:30 pm

Re: i have alot of pop ups, and malware, please help.

Unread postby tonydat1ger » November 13th, 2007, 9:08 pm

THANK YOU HERE IS MY NEW HIJACKTHIS LOG

Logfile of HijackThis v1.99.1
Scan saved at 5:07:06 PM, on 11/13/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\userinit.exe
C:\WINNT\Explorer.EXE
C:\Documents and Settings\Oscar\Desktop\Programs\Hijackthis\HijackThis.exe

O2 - BHO: (no name) - {03E384D6-E1A7-792A-1851-0AC16EF38DE4} - C:\Program Files\Ekpsbfel\jzsvxyrm.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1888D4BA-8C81-FD13-3C52-03DA8BFFC171} - C:\Program Files\Vojqhbxx\bcgvbeph.dll (file missing)
O2 - BHO: Explorer Helper - {696A82AF-3AD8-5A16-A1CA-32A59A63A863} - C:\WINNT\system\bremct32.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: Flash Module - {C87FA4A3-2474-4a3f-B413-67D515905024} - rasmoesa.dll (file missing)
O2 - BHO: (no name) - {DABCE839-3831-3818-AF3A-3837BCD324D2} - C:\WINNT\system32\mskvtns.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINNT\system32\Fkqgck32.dll (file missing)
O21 - SSODL: cyYGseGjvRl - {1CC95E99-B663-F433-3E92-CB8257FAB21E} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe




THIS IS MY COMBOFIX LOG


ComboFix 07-11-08.1 - Oscar 2007-11-13 16:53:48.5 - NTFSx86 NETWORK
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.154 [GMT -8:00]
Running from: C:\Documents and Settings\Oscar\Desktop\Programs\Fix Computer\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Program Files\SecCenter

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_RUNTIME2




((((((((((((((((((((((((( Files Created from 2007-10-14 to 2007-11-14 )))))))))))))))))))))))))))))))
.

2007-11-13 16:53 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_1e0.dat
2007-11-13 16:49 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_3ec.dat
2007-11-13 16:41 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_3b8.dat
2007-11-13 16:15 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_420.dat
2007-11-13 14:01 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_368.dat
2007-11-13 10:07 <DIR> d-------- C:\WINNT\system32\uaiodtpw
2007-11-13 10:07 <DIR> d-------- C:\Program Files\Xwubfglr
2007-11-13 10:07 <DIR> d-------- C:\Program Files\Ekpsbfel
2007-11-13 08:57 51,200 --a------ C:\WINNT\NirCmd.exe
2007-11-12 08:14 156,336 --a------ C:\WINNT\dracee.exe
2007-11-12 08:13 55,808 --a------ C:\WINNT\system32\spoolv.exe
2007-11-12 08:13 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_75c.dat
2007-11-12 08:12 16,384 --a------ C:\WINNT\xlaherx.exe
2007-11-06 08:23 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_45c.dat
2007-11-06 07:54 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_4ac.dat
2007-11-02 15:05 54 --ah----- C:\aaw7boot.cmd
2007-11-02 14:05 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_268.dat
2007-11-02 13:53 4,212 ---h----- C:\WINNT\system32\zllictbl.dat
2007-11-02 13:27 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_40c.dat
2007-11-02 13:03 11,264 --a------ C:\WINNT\system32\SpOrder.dll
2007-11-02 13:01 <DIR> d-------- C:\WINNT\system32\ZoneLabs
2007-11-02 13:01 <DIR> d-a------ C:\WINNT\Internet Logs
2007-11-02 12:56 <DIR> d-------- C:\Program Files\Avira
2007-11-02 12:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-11-02 12:52 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-02 12:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-02 12:51 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-02 12:39 41,984 --a------ C:\WINNT\toozfd.exe
2007-11-02 12:35 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_814.dat
2007-11-02 12:30 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_454.dat
2007-11-02 12:23 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_14c.dat
2007-11-02 12:12 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_608.dat
2007-11-02 12:00 <DIR> d-------- C:\Program Files\devedoha
2007-11-02 11:37 <DIR> d-------- C:\WINNT\system32\msvcr61
2007-11-02 11:37 <DIR> d-------- C:\Program Files\Vojqhbxx
2007-11-02 11:37 <DIR> d-------- C:\Program Files\Ckzlenao
2007-11-02 11:37 32,256 --a------ C:\WINNT\system32\msvcr61.dll
2007-11-02 11:36 <DIR> d-------- C:\Program Files\rozqdwfm
2007-11-01 14:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-26 14:47 --------- d-----w C:\Program Files\MSN Messenger
2003-11-28 22:09 271 ---h--w C:\Program Files\desktop.ini
2003-11-28 22:09 21,952 ---h--w C:\Program Files\folder.htt
1999-12-07 12:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03E384D6-E1A7-792A-1851-0AC16EF38DE4}]
C:\Program Files\Ekpsbfel\jzsvxyrm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1888D4BA-8C81-FD13-3C52-03DA8BFFC171}]
C:\Program Files\Vojqhbxx\bcgvbeph.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{696A82AF-3AD8-5A16-A1CA-32A59A63A863}]
C:\WINNT\system\bremct32.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C87FA4A3-2474-4a3f-B413-67D515905024}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DABCE839-3831-3818-AF3A-3837BCD324D2}]
C:\WINNT\system32\mskvtns.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-19 12:05 C:\WINNT\system32\mobsync.exe]
"vptray"="C:\Program Files\NavNT\vptray.exe" [01-09-24 07:59 ]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [02-09-10 20:26 ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06-01-20 08:29 ]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [06-01-30 08:00 ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [07-09-04 15:40 ]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-08-03 11:10:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Internet Explorer"= {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINNT\system32\Fkqgck32.dll [ ]

R0 avgntmgr;avgntmgr;C:\WINNT\system32\DRIVERS\avgntmgr.sys
R1 avgntdd;avgntdd;C:\WINNT\system32\DRIVERS\avgntdd.sys
R3 usbhub20;USB 2.0 Root Hub Support;C:\WINNT\system32\DRIVERS\usbhub20.sys
S3 S3chipid;S3chipid;\??\C:\WINNT\TEMP\_ISTMP1.DIR\S3chipid.sys
S3 viafilter;VIA USB Filter;C:\WINNT\system32\Drivers\viausb.sys

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-13 16:55:08
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-13 16:55:43
.
--- E O F ---
tonydat1ger
Active Member
 
Posts: 14
Joined: August 16th, 2007, 4:40 pm

Re: i have alot of pop ups, and malware, please help.

Unread postby random/random » November 14th, 2007, 5:28 pm

  • Open a new notepad window (Start>All programs>accessories>notepad)
  • Highlight the contents of the below codebox and then press ctrl+c to copy it to the clipboard
    Code: Select all
    Folder::
    C:\WINNT\system32\uaiodtpw
    C:\Program Files\Xwubfglr
    C:\Program Files\Ekpsbfel
    C:\Program Files\devedoha
    C:\WINNT\system32\msvcr61
    C:\Program Files\Vojqhbxx
    C:\Program Files\Ckzlenao
    C:\Program Files\rozqdwfm
    File::
    C:\WINNT\dracee.exe
    C:\WINNT\system32\spoolv.exe
    C:\WINNT\xlaherx.exe
    C:\WINNT\toozfd.exe
    C:\WINNT\system32\msvcr61.dll
    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03E384D6-E1A7-792A-1851-0AC16EF38DE4}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1888D4BA-8C81-FD13-3C52-03DA8BFFC171}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{696A82AF-3AD8-5A16-A1CA-32A59A63A863}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C87FA4A3-2474-4a3f-B413-67D515905024}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DABCE839-3831-3818-AF3A-3837BCD324D2}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "Internet Explorer"=-
    [-HKEY_CLASSES_ROOT\CLSID{F28A40D7-AD0E-034A-C651-5F0ED76232E6}]
  • Paste the contents of the clipboard into the notepad window by pressing ctrl+v or edit>paste
  • Save it to the desktop as CFscript.txt
  • Now drag and drop CFscript.txt onto combofix.exe as in the picture below and follow the prompts:
    Image
  • When finished, it shall produce a log for you. Post that log and a HiJackThis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall
User avatar
random/random
Developer
Developer
 
Posts: 7731
Joined: December 18th, 2005, 3:30 pm

Re: i have alot of pop ups, and malware, please help.

Unread postby random/random » November 14th, 2007, 5:36 pm

Locked as duplicate of viewtopic.php?t=25061
User avatar
random/random
Developer
Developer
 
Posts: 7731
Joined: December 18th, 2005, 3:30 pm
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 48 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware