Thread: Multiple pop ups and spyware problems
View Single Post
Old 08-19-2008, 05:26 PM   #9 (permalink)
TheBruce1
Moderator, Analyst, Security Team
 
TheBruce1's Avatar
 
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,093
OS: XP


Re: Multiple pop ups and spyware problems
Hello again


Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any)

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
O4 - HKCU\..\Run: [wblogon] C:\WINDOWS\system32\ubpr01.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O22 - SharedTaskScheduler: hypoch - {2f199d0e-f3e7-41a7-a060-816c24cceea0} - C:\WINDOWS\system32\zgyhw.dll

Please remember to close all other windows, including browsers then click Fix checked.

===========

Open notepad and copy/paste the text in the quotebox below into it:

Quote:
http://www.techsupportforum.com/security-center/hijackthis-log-help/279020-multiple-pop-ups-spyware-problems.html
Collect::
C:\WINDOWS\SYSTEM32\ubpr01.exe
C:\WINDOWS\system32\zgyhw.dll
Folder::
C:\WINDOWS\SYSTEM32\995937
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E1465F3-56CF-4FC4-8684-1BD6245AA30D}]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{2f199d0e-f3e7-41a7-a060-816c24cceea0}"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""
Save this as CFscript







Refering to the picture above, drag CFscript into ComboFix.exe

Follow the prompts, and post the resulting log, C:\ComboFix.txt

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


Warning:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis.

Ensure you are connected to the internet and click OK. A browser will open. Simply follow the instructions to copy/paste/send the requested file(s).

=============

I see no evidence of an AntiVirus program on your system. This must be resolved. Go Here and download/install and run a scan, post the log from that scan in your reply.

You can choose an antivirus of your own if you wish.

=========

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

=========
Logs Required
C;\Combofix.txt
Avira scan results(or another)
Hijackthis Log

An update on how your system is behaving.
__________________
Member of ASAP since 2007
Member of UNITE since 2008

**Notice to BT customers**
BT to dump Phorm, see Here for more information. No DPI

If we have helped you in anyway, please consider Donating
TheBruce1 is offline