TheTechGuide Forum

General Category => Tech Clinic => Topic started by: m1tanker on June 25, 2006, 09:01:20 PM

Title: i need help..snowball wars and lots of popups
Post by: m1tanker on June 25, 2006, 09:01:20 PM

if someone could please help me i have acquired snowball wars from somewhere and im also getting a lot of popups. someone please help rid me of this infestation???

Title: i need help..snowball wars and lots of popups
Post by: guestolo on June 25, 2006, 11:21:36 PM

From my signature below, download and save too a permanent folder of it's own onto your harddrive
Hijackthis 1.99.1
Open Hijackthis.exe

Do a "SCAN and Save a Log file"
A log will open in Notepad
Copy and paste the WHOLE contents of the log  here
DO NOT try and fix anything or disable any startup entries with msconfig or a startup manager
I need too see the log in entirety

Title: i need help..snowball wars and lots of popups
Post by: m1tanker on June 26, 2006, 07:32:34 AM

heres my hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 7:31:09 AM, on 6/26/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\msiexec.exe
C:\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =  
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html (http://\"http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com (http://\"http://www.emachines.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com (http://\"http://searchbar.findthewebsiteyouneed.com\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com (http://\"http://searchbar.findthewebsiteyouneed.com\")
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com\")
R3 - URLSearchHook: (no name) - {FFB544D9-8F41-C1E4-65AF-815D43C54F9F} - C:\WINDOWS\System32\bxaubib.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O1 - Hosts: 204.228.229.111 streetchallenge.info
O1 - Hosts: 204.228.229.111 www.streetchallenge.info
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {18DDA3C5-7935-40FA-90B3-09BCED07B8DF} - C:\Program Files\Online Services\sane.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O2 - BHO: (no name) - {FFB544D9-8F41-C1E4-65AF-815D43C54F9F} - C:\WINDOWS\System32\bxaubib.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay  Reader\shwiconem.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [keyboard] C:\\kybrd_1.exe
O4 - HKLM\..\Run: [newname] C:\\nwnm_1.exe
O4 - HKLM\..\Run: [win320569469170] C:\WINDOWS\win320569469170.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Qsgygo] C:\WINDOWS\W?nSxS\?srss.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab (http://\"http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1151046199750 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151046199750\")
O20 - AppInit_DLLs:  C:\WINDOWS\System32\lsass.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\lqhvpjn.exe (file missing)

Title: i need help..snowball wars and lots of popups
Post by: m1tanker on June 26, 2006, 11:29:59 AM

should i just go ahead and do a complete wipe of my hard drive and start from scratch? cuz i have a lot of missing files, and all of my microsoft software doesnt work anymore because of so many missing files

Title: i need help..snowball wars and lots of popups
Post by: guestolo on June 26, 2006, 03:53:23 PM

I noticed you have a lot of missing files
Are you manually deleting files and programs?

If you would like to clean install, go ahead, as that's your option
If you would like to try and clear off the malware and repair the computer we can go that route too

Please let me know which way you are planning

If you decide to try and fix this, can you do the following

Download and unzip to your desktop InstalledPrograms.zip (http://\"http://www.billsway.com/vbspage/vbsfiles/InstalledPrograms.zip\")
Double click on InstalledPrograms.vbs

Click OK at the IP prompt and click YES to view the results now
A text file will open, can you copy and paste back here the whole contents

Title: i need help..snowball wars and lots of popups
Post by: m1tanker on June 26, 2006, 07:46:51 PM

im gonna go ahead and wipe the hard drive that way i can also get another 6 months of free antivirus from symantec theres not a lot on this computer other than what came on it

Title: i need help..snowball wars and lots of popups
Post by: guestolo on June 26, 2006, 08:09:06 PM

As I mentioned, that's your option
I don't like to give up a battle, but it's your choice

I do have recommedations:
After you clean install
Go get Service pack 2 for windows and keep up to date on windows high priority updates

*Install  SpywareBlaster 3.5.1 by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")  

*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer

After installation, Check for updates and then click the "Enable all protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"
                   
*Make sure your Anti-Virus software is always kept up to date and actively running in the background
If you would like to try a free AV instead of a 6 month trial from Norton's
Use this link:
[color=\"#000099\"]Click HERE[/color] (http://\"http://www.thetechguide.com/forum/index.php?showtopic=15894\")

you will find the free AV's at the top of the post
ONLY use one AV software, more than one can cause a conflict

*Make sure your Firewall is enabled and running
A Firewall is also very important
This provides a line of defense against someone who might try to access your computer without your permission
SP2 has an adequate firewall, but if you prefer a better one
Use the same link to AV to install a free software Firewall
Again, ONLY use one

Update and do scan's with your Anti-Spyware programs on a regular basis
You may have not had Ad-aware 1.06 or Spybot 1.4 installed
I would install both, keep them updated and run scans on a regular basis
In addition: In Spybot 1.4
Click the "Immunize" button on the left>>>OK at the prompt>>Immunzine at the top green cross
Immunize after every update

Stay safe  /smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

Title: i need help..snowball wars and lots of popups
Post by: m1tanker on June 27, 2006, 05:44:05 AM

ok well i cant find my recovery disk so i went ahead and tried the last thing you told me and it wont work. popped up an error that said windows script host disabled....what now?

Title: i need help..snowball wars and lots of popups
Post by: guestolo on June 27, 2006, 08:55:32 AM

I'm just on my way to work
In the meantime, can you do the following please

Open Ewido anti-spyware
Click on TOOLS tab
UNCHECK "Show only Recommended Settings" on the bottom left
Expand(+) Miscellaneous

UNCHECK both the following if checked
Disable Regedit/Regedit32 execution
Disable Windows Script Hosting

Apply the Settings then close Ewido

Try installedprograms.vbs again
If that wont work

Open Hijackthis>>Open Misc tools section>>Open Uninstall manager
Click the SAVE LIST.... button
Save this list too your desktop then copy>paste the whole contents back here please

Have you used Ewido to apply other settings?

Title: i need help..snowball wars and lots of popups
Post by: m1tanker on June 27, 2006, 08:33:14 PM

INSTALLED SOFTWARE (136) - ZERO - 6/27/2006 9:30:17 PM

3Dfx Interactive   
Adobe Reader 6.0   Ver: 6.0   Installed: 5/12/2004
Advanced Networking Pack for Windows XP   
AOL You've Got Pictures Screensaver   
CleanUp!   
Diskeeper Professional Edition   Ver: 8.0.459   Installed: 8/16/2005
eMachines Bay Reader   Ver: 1.07   Installed: 5/13/2004
eMachines Bay Reader   Ver: 1.07   Installed: 5/13/2004
EPSON EPIC C66   
EPSON Printer Software   
ewido anti-spyware 4.0   
Film Factory   
HighMAT Extension to Microsoft Windows XP CD Writing Wizard   Ver: 1.1.1905.1   Installed: 7/19/2005
HijackThis 1.99.1   Ver: 1.99.1
HyperLoad - NabiscoWorld MiniGolf   Ver: 2.0.0   Installed: 8/2/2005
Intel® Extreme Graphics Driver   
Internet Explorer Q903235   
J2SE Runtime Environment 5.0 Update 3   Ver: 1.5.0.30   Installed: 6/24/2006
J2SE Runtime Environment 5.0 Update 6   Ver: 1.5.0.60   Installed: 6/25/2006
Java 2 Runtime Environment, SE v1.4.2   Ver: 1.4.2   Installed: 5/12/2004
Learn2 Player (Uninstall Only)   
LimeWire 4.12.3   Ver: 4.12.3
Macromedia Flash Player 8   Ver: 8
Macromedia Shockwave Player   Ver: 10.1.0.11
MGI PhotoSuite 4 (Remove Only)   
Microsoft .NET Framework 1.1   
Microsoft .NET Framework 1.1   Ver: 1.1.4322   Installed: 6/24/2006
Microsoft .NET Framework 1.1 Hotfix (KB886903)   
Microsoft Data Access Components KB870669   
Microsoft Office Standard Edition 2003   Ver: 11.0.5614.0   Installed: 6/24/2006
Multimedia Keyboard Driver   
PowerDVD   
QuickTime   
RealPlayer Basic   
Realtek AC'97 Audio   
REALTEK Gigabit and Fast Ethernet NIC Driver   Ver: 1.10
Security Update for Windows Media Player (KB911564)      Installed: 6/24/2006
Security Update for Windows Media Player 10 (KB917734)      Installed: 6/24/2006
Security Update for Windows XP (KB890046)   Ver: 1   Installed: 7/19/2005
Security Update for Windows XP (KB893066)   Ver: 2   Installed: 7/19/2005
Security Update for Windows XP (KB893756)   Ver: 1   Installed: 6/24/2006
Security Update for Windows XP (KB896358)   Ver: 1   Installed: 7/19/2005
Security Update for Windows XP (KB896422)   Ver: 1   Installed: 7/19/2005
Security Update for Windows XP (KB896423)   Ver: 1   Installed: 6/24/2006
Security Update for Windows XP (KB896424)   Ver: 1   Installed: 6/24/2006
Security Update for Windows XP (KB896426)   Ver: 1   Installed: 7/19/2005
Security Update for Windows XP (KB896428)   Ver: 1   Installed: 7/19/2005
Security Update for Windows XP (KB899587)   Ver: 1   Installed: 6/24/2006
Security Update for Windows XP (KB899591)   Ver: 1   Installed: 6/24/2006
Security Update for Windows XP (KB900725)   Ver: 1   Installed: 6/24/2006
Security Update for Windows XP (KB901017)   Ver: 1   Installed: 6/24/2006
Security Update for Windows XP (KB901214)   Ver: 1   Installed: 7/19/2005
Security Update for Windows XP (KB902400)   Ver: 1   Installed: 6/24/2006
Security Update for Windows XP (KB904706)      Installed: 6/24/2006
Security Update for Windows XP (KB905414)   Ver: 1   Installed: 6/24/2006
Security Update for Windows XP (KB905495)   Ver: 1   Installed: 6/24/2006
Security Update for Windows XP (KB905749)   Ver: 1   Installed: 6/24/2006
Security Update for Windows XP (KB908519)   Ver: 1   Installed: 6/24/2006
Security Update for Windows XP (KB911562)   Ver: 1   Installed: 6/24/2006
Security Update for Windows XP (KB911927)   Ver: 1   Installed: 6/24/2006
Security Update for Windows XP (KB912919)   Ver: 1   Installed: 6/24/2006
Security Update for Windows XP (KB913580)   Ver: 1   Installed: 6/24/2006
Security Update for Windows XP (KB914389)   Ver: 1   Installed: 6/24/2006
Security Update for Windows XP (KB914798)   Ver: 2   Installed: 6/24/2006
Security Update for Windows XP (KB917344)   Ver: 1   Installed: 6/24/2006
Security Update for Windows XP (KB917953)   Ver: 1   Installed: 6/24/2006
Shockwave Director 10.1   
Snowball Wars by OIN   
Soft Data Fax Modem with SmartCP   
Starcraft Brood War (RAZOR 1911)   
Street Challenge - Free Drag Racing Game   Ver: 1.03.0001
Update for Windows XP (KB835409)   Ver: 1   Installed: 6/24/2006
Update for Windows XP (KB898461)   Ver: 1   Installed: 7/19/2005
Update for Windows XP (KB908531)   Ver: 2   Installed: 6/24/2006
Update for Windows XP (KB910437)   Ver: 1   Installed: 6/24/2006
Viewpoint Media Player   
ViviCam 10 and 20   
WebFldrs XP   Ver: 9.50.6513   Installed: 5/12/2004
Windows Backup Utility   Ver: 5.1   Installed: 5/12/2004
Windows Installer 3.1 (KB893803)   Ver: 3.1
Windows Media Format Runtime   
Windows Media Player 10   
Windows Media Player Hotfix [See Q828026 for more information]   
Windows Movie Maker 2.0   Ver: 2.0.0000   Installed: 5/12/2004
Windows Overlay Components   
Windows XP Hotfix (SP2) [See KB810243 for more information]   
Windows XP Hotfix (SP2) Q322011   Ver: 20021111.164241
Windows XP Hotfix (SP2) Q814995   Ver: 20030219.141525
Windows XP Hotfix - KB810217   Ver: 20030806.140405
Windows XP Hotfix - KB820291   Ver: 20030523.143400
Windows XP Hotfix - KB821253   Ver: 20030609.161053
Windows XP Hotfix - KB823182   Ver: 20030724.164017
Windows XP Hotfix - KB824105   Ver: 20030724.164839
Windows XP Hotfix - KB824141   Ver: 20030925.103600
Windows XP Hotfix - KB825119   Ver: 20030828.113916
Windows XP Hotfix - KB826939   Ver: 20030902.222348
Windows XP Hotfix - KB826942   Ver: 20031007.111255
Windows XP Hotfix - KB828028   Ver: 20030919.121052
Windows XP Hotfix - KB828035   Ver: 20031021.165228
Windows XP Hotfix - KB828741   Ver: 20040305.182309
Windows XP Hotfix - KB833407   Ver: 20040119.115651
Windows XP Hotfix - KB833987   Ver: 20040308.224628
Windows XP Hotfix - KB833998   Ver: 20040220.192556
Windows XP Hotfix - KB835732   Ver: 20040329.175541
Windows XP Hotfix - KB837001   Ver: 20040317.230926
Windows XP Hotfix - KB839645   Ver: 20040630.164542
Windows XP Hotfix - KB840315   Ver: 20040622.172631
Windows XP Hotfix - KB840374   Ver: 20040416.100205
Windows XP Hotfix - KB840987   Ver: 20040927.095912
Windows XP Hotfix - KB841356   Ver: 20040929.102221
Windows XP Hotfix - KB841533   Ver: 20040927.100142
Windows XP Hotfix - KB841873   Ver: 20040608.144346
Windows XP Hotfix - KB842773   Ver: 20040805.140010
Windows XP Hotfix - KB871250   Ver: 20041028.084225
Windows XP Hotfix - KB873333   Ver: 20050113.212926
Windows XP Hotfix - KB873339   Ver: 20041117.094106
Windows XP Hotfix - KB873376   Ver: 20040923.181029
Windows XP Hotfix - KB883939   Ver: 20050428.125228
Windows XP Hotfix - KB885250   Ver: 20050119.075718
Windows XP Hotfix - KB885626   Ver: 20040909.122822
Windows XP Hotfix - KB885835   Ver: 20041027.181751
Windows XP Hotfix - KB885836   Ver: 20041028.161024
Windows XP Hotfix - KB888113   Ver: 20041116.131259
Windows XP Hotfix - KB888302   Ver: 20041207.112156
Windows XP Hotfix - KB890175   Ver: 20041202.102816
Windows XP Hotfix - KB890859   Ver: 1   Installed: 7/19/2005
Windows XP Hotfix - KB891781   Ver: 20050110.171604
Windows XP Hotfix - KB893086   Ver: 1   Installed: 7/19/2005
Windows XP Hotfix - KB897715   Ver: 20050503.210336
Windows XP Hotfix - KB911567   Ver: 20060316.165634   Installed: 6/24/2006
Windows XP Hotfix - KB916281   Ver: 20060526.162249   Installed: 6/24/2006
Windows XP Hotfix - KB918439   Ver: 20060530.145346   Installed: 6/24/2006
WinRAR archiver   
Yahoo! Anti-Spy   
Yahoo! Toolbar   
Yahoo! Toolbar for Internet Explorer

Title: i need help..snowball wars and lots of popups
Post by: guestolo on June 28, 2006, 12:12:00 AM

Let's try the following please

Access your add/remove programs and uninstall the following
Snowball Wars by OIN
Viewpoint Media Player
Windows Overlay Components

Additionally, remove the following related to Java as they are outdated
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2

Also, remove the following because it appears that Yahoo toolbar is corrupt
You can reinstall these later if you choose too, but do NOT reinstall them till we have you clean please
Yahoo! Anti-Spy
Yahoo! Toolbar
Yahoo! Toolbar for Internet Explorer

Afterwards, reboot your computer

Back in Windows
Come back here and do the following
Please download [color=\"red\"]Brute Force Uninstaller[/color] (http://\"http://www.merijn.org/files/bfu.zip\")[/b] to your desktop.

• Right click the BFU folder on your desktop, and choose Extract All
  
• Click "Next"
• In the box to choose where to extract the files to, click "Browse"
• Click on the + sign next to "My Computer"
• Click on "Local Disk (C:) or whatever your primary drive is
• Click "Make New Folder"
• Type in BFU
  
• Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
  

[color=\"red\"]RIGHT-CLICK HERE[/color] (http://\"http://metallica.geekstogo.com/alcanshorty.bfu\")[/b] and choose "Save As" (in IE it's "Save Target As") in order to download [color=\"red\"]Alcan worm remover[/color].
Save it in the same folder you made earlier (c:\BFU).

Open Ewido, check for updates to ensure you are right up to date
Exit Ewido, we will need it in a bit


Save the rest of these instructions to a text file saved to desktop or Print them out!

Reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.

 Once in Safe Mode

==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

    * Empty Recycle Bins
    * Delete Cookies
    * Delete Prefetch files
    * Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.
When it's done>>Click Close
DECLINE to Log off or Restart the computer

Go to Start > My Computer and navigate to the C:\BFU folder.

• Start the Brute Force Uninstaller by doubleclicking BFU.exe
  
• Next to the scriptline to execute field click the folder icon (http://metallica.geekstogo.com/foldericon.png) and select alcanshorty.bfu
  
• Press Execute and let it do it’s job. (You should see a progress bar if you did this correctly.)
  
• Wait for the complete script execution box to pop up and press OK.
  
• Press exit to terminate the BFU program.
  

Then run Ewido and click on the Scanner tab at the top and then click on Complete System Scan.  This scan can take quite a while to run, so be prepared.
Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As".  This will create a text file.  Make sure you know where to find this file again (like on the Desktop).

Do a "System scan only" with Hijackthis and put a check next to these entries:
Not all entries I request to check below may show, but tick what you see

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html (http://\"http://red.clientapps.yahoo.com/customize/.../search/ie.html\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/...//www.yahoo.com\")

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com (http://\"http://searchbar.findthewebsiteyouneed.com\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com (http://\"http://searchbar.findthewebsiteyouneed.com\")
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/...//www.yahoo.com\")
R3 - URLSearchHook: (no name) - {FFB544D9-8F41-C1E4-65AF-815D43C54F9F} - C:\WINDOWS\System32\bxaubib.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {18DDA3C5-7935-40FA-90B3-09BCED07B8DF} - C:\Program Files\Online Services\sane.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O2 - BHO: (no name) - {FFB544D9-8F41-C1E4-65AF-815D43C54F9F} - C:\WINDOWS\System32\bxaubib.dll (file missing)

O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [keyboard] C:\\kybrd_1.exe
O4 - HKLM\..\Run: [newname] C:\\nwnm_1.exe
O4 - HKLM\..\Run: [win320569469170] C:\WINDOWS\win320569469170.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [Qsgygo] C:\WINDOWS\W?nSxS\?srss.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O20 - AppInit_DLLs: C:\WINDOWS\System32\lsass.dll
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\lqhvpjn.exe (file missing)

After you have ticked the above entry, close All other open windows
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot back to Normal mode
Back in Windows

Access Internet Options via Control Panel
Under the Programs tab "Reset Web Settings"

Go to the following link
http://www.java.com/en/download/manual.jsp (http://\"http://www.java.com/en/download/manual.jsp\")
Download the latest Sun Java Windows OFFLINE installation to desktop
Double click to install and follow the prompts

Post back all the following please

1. Post a fresh hijackthis log
2. Post the Whole report you saved earlier from Ewidos

Title: i need help..snowball wars and lots of popups
Post by: m1tanker on June 28, 2006, 06:38:04 AM

ok i did some windows updating and used the windows malicious software remover and windows defender here is an updated hijackthis log and installed program log:

Logfile of HijackThis v1.99.1
Scan saved at 7:37:33 AM, on 6/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\msiexec.exe
C:\Documents and Settings\ME\Local Settings\Temporary Internet Files\Content.IE5\3YM84OTE\hijackthis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =  
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html (http://\"http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com (http://\"http://www.emachines.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com (http://\"http://searchbar.findthewebsiteyouneed.com\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com (http://\"http://searchbar.findthewebsiteyouneed.com\")
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com\")
R3 - URLSearchHook: (no name) - {FFB544D9-8F41-C1E4-65AF-815D43C54F9F} - C:\WINDOWS\System32\bxaubib.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O1 - Hosts: 204.228.229.111 streetchallenge.info
O1 - Hosts: 204.228.229.111 www.streetchallenge.info
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {18DDA3C5-7935-40FA-90B3-09BCED07B8DF} - C:\Program Files\Online Services\sane.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O2 - BHO: (no name) - {FFB544D9-8F41-C1E4-65AF-815D43C54F9F} - C:\WINDOWS\System32\bxaubib.dll (file missing)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay  Reader\shwiconem.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [keyboard] C:\\kybrd_1.exe
O4 - HKLM\..\Run: [newname] C:\\nwnm_1.exe
O4 - HKLM\..\Run: [win320569469170] C:\WINDOWS\win320569469170.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Qsgygo] C:\WINDOWS\W?nSxS\?srss.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab (http://\"http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1151046199750 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151046199750\")
O20 - AppInit_DLLs:  C:\WINDOWS\System32\lsass.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\lqhvpjn.exe (file missing)

here is the installed program log:

INSTALLED SOFTWARE (105) - ZERO - 6/28/2006 7:39:04 AM

3Dfx Interactive   
Adobe Reader 6.0   Ver: 6.0   Installed: 5/12/2004
AOL You've Got Pictures Screensaver   
CleanUp!   
Diskeeper Professional Edition   Ver: 8.0.478   Installed: 6/27/2006
eMachines Bay Reader   Ver: 1.07   Installed: 5/13/2004
eMachines Bay Reader   Ver: 1.07   Installed: 5/13/2004
EPSON EPIC C66   
EPSON Printer Software   
ewido anti-spyware 4.0   
Film Factory   
HighMAT Extension to Microsoft Windows XP CD Writing Wizard   Ver: 1.1.1905.1   Installed: 7/19/2005
HijackThis 1.99.1   Ver: 1.99.1
HyperLoad - NabiscoWorld MiniGolf   Ver: 2.0.0   Installed: 8/2/2005
Intel® Extreme Graphics Driver   
Internet Explorer Q903235   
J2SE Runtime Environment 5.0 Update 3   Ver: 1.5.0.30   Installed: 6/24/2006
J2SE Runtime Environment 5.0 Update 6   Ver: 1.5.0.60   Installed: 6/25/2006
Java 2 Runtime Environment, SE v1.4.2   Ver: 1.4.2   Installed: 5/12/2004
Learn2 Player (Uninstall Only)   
LimeWire 4.12.3   Ver: 4.12.3
Macromedia Flash Player 8   Ver: 8
Macromedia Shockwave Player   Ver: 10.1.0.11
MGI PhotoSuite 4 (Remove Only)   
Microsoft .NET Framework 1.1   
Microsoft .NET Framework 1.1   Ver: 1.1.4322   Installed: 6/24/2006
Microsoft .NET Framework 1.1 Hotfix (KB886903)   
Microsoft Data Access Components KB870669   
Microsoft Office Standard Edition 2003   Ver: 11.0.7969.0   Installed: 6/28/2006
Multimedia Keyboard Driver   
PowerDVD   
QuickTime   
RealPlayer Basic   
Realtek AC'97 Audio   
REALTEK Gigabit and Fast Ethernet NIC Driver   Ver: 1.10
Security Update for Windows Media Player (KB911564)      Installed: 6/24/2006
Security Update for Windows Media Player 10 (KB917734)      Installed: 6/24/2006
Security Update for Windows XP (KB890046)   Ver: 1   Installed: 7/19/2005
Security Update for Windows XP (KB893066)   Ver: 2   Installed: 7/19/2005
Security Update for Windows XP (KB893756)   Ver: 1   Installed: 6/24/2006
Security Update for Windows XP (KB896358)   Ver: 1   Installed: 7/19/2005
Security Update for Windows XP (KB896422)   Ver: 1   Installed: 7/19/2005
Security Update for Windows XP (KB896423)   Ver: 1   Installed: 6/24/2006
Security Update for Windows XP (KB896424)   Ver: 1   Installed: 6/24/2006
Security Update for Windows XP (KB896428)   Ver: 1   Installed: 7/19/2005
Security Update for Windows XP (KB899587)   Ver: 1   Installed: 6/24/2006
Security Update for Windows XP (KB899591)   Ver: 1   Installed: 6/24/2006
Security Update for Windows XP (KB900725)   Ver: 1   Installed: 6/24/2006
Security Update for Windows XP (KB901017)   Ver: 1   Installed: 6/24/2006
Security Update for Windows XP (KB901214)   Ver: 1   Installed: 7/19/2005
Security Update for Windows XP (KB902400)   Ver: 1   Installed: 6/24/2006
Security Update for Windows XP (KB904706)   Ver: 2   Installed: 6/28/2006
Security Update for Windows XP (KB905414)   Ver: 1   Installed: 6/24/2006
Security Update for Windows XP (KB905749)   Ver: 1   Installed: 6/24/2006
Security Update for Windows XP (KB908519)   Ver: 1   Installed: 6/28/2006
Security Update for Windows XP (KB911562)   Ver: 1   Installed: 6/28/2006
Security Update for Windows XP (KB911567)   Ver: 1   Installed: 6/28/2006
Security Update for Windows XP (KB911927)   Ver: 1   Installed: 6/28/2006
Security Update for Windows XP (KB912919)   Ver: 1   Installed: 6/28/2006
Security Update for Windows XP (KB913580)   Ver: 1   Installed: 6/28/2006
Security Update for Windows XP (KB914389)   Ver: 1   Installed: 6/28/2006
Security Update for Windows XP (KB916281)   Ver: 1   Installed: 6/28/2006
Security Update for Windows XP (KB917344)   Ver: 1   Installed: 6/28/2006
Security Update for Windows XP (KB917953)   Ver: 1   Installed: 6/28/2006
Shockwave Director 10.1   
Soft Data Fax Modem with SmartCP   
Starcraft Brood War (RAZOR 1911)   
Street Challenge - Free Drag Racing Game   Ver: 1.03.0001
Update for Windows XP (KB898461)   Ver: 1   Installed: 7/19/2005
Update for Windows XP (KB900485)   Ver: 2   Installed: 6/28/2006
Update for Windows XP (KB908531)   Ver: 2   Installed: 6/28/2006
Update for Windows XP (KB910437)   Ver: 1   Installed: 6/28/2006
Update for Windows XP (KB911280)   Ver: 2   Installed: 6/28/2006
Viewpoint Media Player   
ViviCam 10 and 20   
WebFldrs XP   Ver: 9.50.6513   Installed: 5/12/2004
Windows Backup Utility   Ver: 5.1   Installed: 5/12/2004
Windows Defender   Ver: 1.1.1347.6   Installed: 6/27/2006
Windows Defender Signatures   Ver: 1.20.0.0   Installed: 6/27/2006
Windows Genuine Advantage Validation Tool (KB892130)   Ver: 1.5.0530.0   Installed: 6/28/2006
Windows Installer 3.1 (KB893803)   Ver: 3.1
Windows Media Format Runtime   
Windows Media Player 10   
Windows Movie Maker 2.0   Ver: 2.0.0000   Installed: 5/12/2004
Windows Overlay Components   
Windows XP Hotfix - KB873333   Ver: 20050114.005213
Windows XP Hotfix - KB873339   Ver: 20041117.092459
Windows XP Hotfix - KB885250   Ver: 20050118.202711
Windows XP Hotfix - KB885626   Ver: 20040909.122822
Windows XP Hotfix - KB885835   Ver: 20041027.181713
Windows XP Hotfix - KB885836   Ver: 20041028.173203
Windows XP Hotfix - KB886185   Ver: 20041021.090540
Windows XP Hotfix - KB887472   Ver: 20041014.162858
Windows XP Hotfix - KB887742   Ver: 20041103.095002
Windows XP Hotfix - KB888113   Ver: 20041116.131036
Windows XP Hotfix - KB888302   Ver: 20041207.111426
Windows XP Hotfix - KB890175   Ver: 20041201.233338
Windows XP Hotfix - KB890859   Ver: 1   Installed: 7/19/2005
Windows XP Hotfix - KB891781   Ver: 20050110.165439
Windows XP Hotfix - KB893086   Ver: 1   Installed: 7/19/2005
Windows XP Service Pack 2   Ver: 20040803.231319
WinRAR archiver   
Yahoo! Anti-Spy   
Yahoo! Toolbar   
Yahoo! Toolbar for Internet Explorer

Title: i need help..snowball wars and lots of popups
Post by: guestolo on June 28, 2006, 08:51:43 AM

Follow all my previous instructions
Before you do, Windows Defender's realtime protections may interfere with any fixes
Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.
Keep these disabled till after we have you clean please

You may not find Snowballwars by OIN in add/remove anymore, but do Everything else I posted in my last reply to you

Title: i need help..snowball wars and lots of popups
Post by: m1tanker on June 28, 2006, 06:14:55 PM

ok heres the fresh hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 7:12:35 PM, on 6/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\zHotkey.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\msiexec.exe
C:\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com (http://\"http://www.emachines.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com (http://\"http://www.emachines.com\")
O1 - Hosts: 204.228.229.111 streetchallenge.info
O1 - Hosts: 204.228.229.111 www.streetchallenge.info
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay  Reader\shwiconem.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab (http://\"http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1151046199750 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151046199750\")
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

and here is the report from ewidos:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

 + Created at:   6:40:49 PM 6/28/2006

 + Scan result:   



   Nothing found.



::Report end

Title: i need help..snowball wars and lots of popups
Post by: guestolo on June 28, 2006, 09:54:02 PM

Things are looking better
We still have to make sure you have an updated virus scanner done on your computer

Please download and install ONLY one of the following free Anti-Virus software from below
You decide which one
AVG 7 by Grisoft (http://\"http://free.grisoft.com/doc/2/lng/us/tpl/v5\")

Avast Home Edition by ALWIL (http://\"http://www.avast.com/eng/down_home.html\")

Avira AntiVir Personal Edition Classic (http://\"http://www.free-av.com/antivirus/allinonen.html\")

Reminder, only install one of the above, more than one can cause operating system instabilies
After your new AV is installed, ensure it is updated and run a full system scan
Let it remove whatever it finds

Reboot the computer after the scan is done

Come back here and post one last hijackthis log and let me know how everything's running please

Title: i need help..snowball wars and lots of popups
Post by: m1tanker on June 29, 2006, 07:18:29 PM

well here is the latest hijackthis log....im still having one problem though. every time i open up any program whether it be internet explorer or a game of some kind windows installer pops up 3 times trying to fix microsoft office. other than that everything is good.

Logfile of HijackThis v1.99.1
Scan saved at 8:17:53 PM, on 6/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\zHotkey.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\msiexec.exe
C:\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com (http://\"http://www.emachines.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com (http://\"http://www.emachines.com\")
O1 - Hosts: 204.228.229.111 streetchallenge.info
O1 - Hosts: 204.228.229.111 www.streetchallenge.info
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay  Reader\shwiconem.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab (http://\"http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1151046199750 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151046199750\")
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

Title: i need help..snowball wars and lots of popups
Post by: guestolo on July 01, 2006, 11:31:42 PM

Sorry for the delay
Appears that Office is corrupt, do you have your Office CD
You may want to try uninstalling and reinstalling

If you have problems uninstalling because of error messages, let me know, we can try manual removal
in addition use Windows Install Cleanup Utility