Doginhispen skitodayplease etc, but ComboFix stopped/Malicious Script warning?

Remove all internet explorer add-ons and toolbars.

Download FindAWF and save the file to your Desktop
Double-click FindAWF.exe to start the tool.
Select Option 1 by pressing 1 and then Enter. The scan will start and a log will open (awf.txt)

• Post back with with the contents of awf.txt

 

Start FindAWF.exe
Select option 2 by pressing 2 and then Enter. A text file will open (files.txt).
In that files.txt, copy and paste the following list of files to be restored:

Close the files.txt and click Yes to save the changes.
FindAWF wil now terminate the bad processes if running, delete the bad files and restore/replace them with the good files.
Then it will open a log. Copy and paste the contents of that log in your next reply.

Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

* Double-click ATF-Cleaner.exe to run the program.
* Under Main choose: Select All
* Click the Empty Selected button.

If you use Firefox browser

* Click Firefox at the top and choose: Select All
* Click the Empty Selected button.
o NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

* Click Opera at the top and choose: Select All
* Click the Empty Selected button.
o NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.

 

Start FindAWF, select Option 3, by pressing 3 and then enter.
This will open the text file folders.txt
Copy and paste the following list in it:

Then close folders.txt and let it save the changes.
FindAWF will now remove the bak folders and open a log afterwards.
Post the log in your next reply.

Double-click the FindAWF icon once again

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 4 then Enter to reset domain zones

This removes all entries from the domain zones.
When the program returns to the main menu, use the following option:
Press E then Enter to EXIT

Please download DelDomains and unzip it to your desktop. Do not run it yet.

Find the files from deldomains.zip on your Desktop and RightClick on the deldomains.inf file and select Install.

(Please note if you have Spybot S&D installed you will need to "Immunize" again because deldomains will remove all of the sites Spybot adds.)

Yes...a combofix log would be appreciated.

 

Please run the DelDomains ....and if you haven't, re-run ATF Cleaner and delete your IE History and temps.

* Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
o If it is not on your Desktop, the below will not work.
* Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

Code:

File::
C:\Program Files\Common Files\Adobe\Updater5\bak
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\bak
C:\Program Files\Java\jre1.6.0_03\bin\bak
C:\Program Files\QuickTime\bak
C:\WINDOWS\system32\bak

* Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
* At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
* You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
* Now use your mouse to drag CFscript.txt on top of ComboFix.exe
* Follow the prompts.
* When it finishes, a log will be produced named c:\combofix.txt
* I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from ComboFix.

 

I forgot to ask you how things were running...are you still having problems?

 

c:\ program files\ common files\ roxio shared\ 9.0\ sharedcom\ roxwatchtray9.exe

From Sonic Solutions. It calls home so Norton thinks its bad.....it isn't.

Have you deleted the IE History in each user accounts? Are you getting re-directs?

 

No....nothing is showing up. Did you have Spybot re-immunize after doing the deldomains?

Also look in your internet explorer settings under trusted site...it should be empty.

I'd like you to do this: go to Bitscan link: agree to the license and then select Scan. DO NOT CHANGE THE OPTIONS TO SHOW ALL FILES SCANNED. That will make your logs huge and we don't need to see clean files. Once Bitdefender completes the scan:

Click-on the Detected Problems tab. Then select Click here to export the scan report

When the window comes up to save the report, change the Save as type: box to Text (Tab Delimited) (*.txt) and then in the File name box enter change to bdscan then click save. This will save a file named bdscan.txt in whatever folder you are currently in when you save the file (take notice of where you are at so you can find it later). This bdcan.txt file will actually contain HTML code that we can easily view later while reviewing your log. All we have to do is rename the file to bdscan.html.