Thread: Help with constant pop ups
View Single Post
Old 07-09-2008, 09:51 AM   #24 (permalink)
tetonbob
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,605
OS: 2000 Pro; XP Pro; XP Home


Re: Help with constant pop ups
Thanks for uploading the file. Please now delete [4]-Submit_2008-07-02@19.49.zip from your desktop.

Open HijackThis and click on 'Do a System Scan Only'. Place a check next to the following entries if they exist (make sure you do not miss any) and click Fix Checked


O4 - HKUS\S-1-5-21-1960408961-1220945662-682003330-1005\..\Run: [multibits] C:\DOCUME~1\Kody\APPLIC~1\PING01~1\4fast.exe (User '?')
O4 - S-1-5-21-1960408961-1220945662-682003330-1005 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User '?')
O4 - S-1-5-21-1960408961-1220945662-682003330-1013 Startup: LimeWire On Startup.lnk = H:\Program Files\LimeWire\LimeWire.exe (User '?')
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZCxdm793MFCA



Close HijackThis now.

---------------------------------------------------------------------------------------------

ComboFix is updated frequently. Please delete your current version, and get a new copy from one of the links below, and save it to your desktop.

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Open notepad and copy/paste the text in the quotebox below into it:

Quote:
Folder::
H:\Documents and Settings\Kody\Application Data\Ping 01 Settings
H:\Documents and Settings\Kyle-Family Computer\Application Data\Remote Spam Second
H:\Documents and Settings\Stacy\Application Data\Remote Spam Second
H:\Documents and Settings\Stacy\Application Data\Ping 01 Settings
H:\Documents and Settings\Kody.KYLE.001\Application Data\LimeWire
H:\Program Files\LimeWire
H:\Documents and Settings\Stacy\Application Data\LimeWire
H:\Documents and Settings\Kody\Application Data\LimeWire
H:\Documents and Settings\Kyle-Family Computer\Application Data\Limewire
H:\Documents and Settings\Tiara and Kody\Application Data\LimeWire

File::
H:\Documents and Settings\Tiara and Kody\Start Menu\Programs\Startup\LimeWire On Startup.lnk
H:\Documents and Settings\Kody.KYLE.000\Start Menu\Programs\Startup\LimeWire On Startup.lnk
H:\Documents and Settings\Kody.KYLE.001\Start Menu\Programs\Startup\LimeWire On Startup.lnk

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"H:\\Program Files\\LimeWire\\LimeWire.exe"=-
Save this as CFScript.txt




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline