Thread: Need help~~~ pc really dying =(
View Single Post
Old 01-19-2008, 02:33 AM   #9 (permalink)
LonnyRJones
Expert Analyst, Moderator, Security Team
 
Join Date: Sep 2006
Posts: 1,646
OS: xp


Re: Need help~~~ pc really dying =(
In the windows control panel > addremove programs uninstall Messenger Plus!'s "sponser"
Messenger Plus! Live & Sponsor



Start Hijackthis Scan and place a check next to these items If there.
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O8 - Extra context menu item: Web Rebates. - file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll (file missing)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/62.../bridge-c6.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.drivecleaner.com/installd...eanerstart.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/alien.cab
====================================
Hit fix checked and close Hijackthis.

Launch Notepad (Important, not wordpad or other third party text editor), and copy and paste the contents
of the code box below into a new text file. (dont include the word code)
Save it as file name: cfscript.txt
Code:
file::
C:\WINDOWS\Tasks\AC2996A4918A12AC.job
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\system32\JD363RLT.exe
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
C:\WINDOWS\system32\urqqqqp.dll
C:\WINDOWS\imGiant.dll
C:\WINDOWS\system32\yayxuss.dll
C:\WINDOWS\system32\iiffded.dll
C:\WINDOWS\system32\xxyvspp.dll
C:\WINDOWS\system32\iifdddd.dll
C:\WINDOWS\system32\nnnljhh.dll
C:\WINDOWS\system32\ljjkhfc.dll
C:\WINDOWS\system32\iiffcca.dll
C:\WINDOWS\system32\qommnom.dll
C:\WINDOWS\system32\pmnonnn.dll
C:\WINDOWS\system32\khffcyw.dll
C:\WINDOWS\system32\ljjgfgg.dll
driver::
Service Manager
folder::
c:\docume~1\owner\applic~1\rdrfun~1
C:\Program Files\Power Scan
C:\Program Files\WebRebates4
registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcywxx]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqqqqp]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuspqr]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Win32 USB2 Driver"=-
"System"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Win32 USB2 Driver"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"=-
"Win32 USB2 Driver"=-
"Bias Barb"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000062-2E5F-4AF7-986E-5B64E0951A96}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power Scan"=-
"webrebates"=-
"Windows AdService"=-
"SYSTRAY"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ad support for imGiant]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Media-motor]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Media Access]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uninstall 180search Assistant]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebDP 2.07]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebSearch]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows AdService]
killall::
http://users.pandora.be/bluepatchy/m...s/CFScript.gif
As in the picture above drag and drop cfscript.txt onto combofix.exe
when it is finished a text will open, post it.
__________________


Our help is voluntary. But this site needs donations to operate.
Last edited by LonnyRJones; 01-19-2008 at 02:35 AM.
LonnyRJones is offline