possible spyware question

Did you use updated versions of Ad-aware SE and SpyBot?
Do you have an virus scan application that is up to date?

Run these online scans (select Auto Clean as appropriate):
http://housecall.trendmicro.com/housecall/start_corp.asp
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
http://www.ravantivirus.com/scan/
http://www.bitdefender.com/scan/license.php
http://www.windowsecurity.com/trojanscan/

Tell me if they find anything and if you still have a problem. If you are still having a problem, go thru the rest of the items in the below thread that you have not yet run (make sure you check that you are using the correct versions, by clicking on the links to see what version is downloadable):
http://forums.majorgeeks.com/showthread.php?t=35407

 

Okay, let me know the results when you finish!

 

If you had virus/trojans/malware problems (which you did/do) you really need to disable system restore to avoid them coming back from an older restore point. This does remove all your restore points but those restore points most likely contain all your problems.

Post a HijackThis log as an attachment and I will look at it.

 

At the beginning of this thread you said you did all of this: http://forums.majorgeeks.com/showthread.php?t=35407

It does not look like it. I still see MS Java running. I believe if you had put in the Microsoft Critical Updates that would have been disabled. Did you go to MS update and check for updates and download all Critical Updates?

Also, do you still use GhostSurf?

 

Okay, then lets fix the GhostSurf stuff and a couple others first. Run HijackThis and put checks on the following but DO NOT click fix until you exit ALL browsers sessions:

O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - (no file)
O8 - Extra context menu item: Allow personal info to reach this site - file://C:\Program Files\GhostSurf\info.allow.html
O8 - Extra context menu item: Allow popups on this site - file://C:\Program Files\GhostSurf\popup.allow.html
O8 - Extra context menu item: Allow this advertisement - file://C:\Program Files\GhostSurf\menu.allowimg.html
O8 - Extra context menu item: Block personal info from this site - file://C:\Program Files\GhostSurf\info.block.html
O8 - Extra context menu item: Block popups on this site - file://C:\Program Files\GhostSurf\popup.block.html
O8 - Extra context menu item: Block this advertisement - file://C:\Program Files\GhostSurf\menu.blockimg.html
O9 - Extra button: GhostSurf Privacy Center - {578FC4E3-151E-456c-AF8E-B63061EFE228} - C:\Program Files\GhostSurf\LaunchPCC.exe (file missing)
O9 - Extra 'Tools' menuitem: GhostSurf Privacy Center - {578FC4E3-151E-456c-AF8E-B63061EFE228} - C:\Program Files\GhostSurf\LaunchPCC.exe (file missing)
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll
O18 - Filter: text/html - (no CLSID) - (no file)

Reboot and post a new HJT log.

By the way do you use a Proxy server or any special procedures from your ISP to connection to the internet. I'm wondering about this line:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:7212

 

Okay fix the R1 line too. That could be part of the key loggger.

 

Do you know what this is:
C:\Program Files\SB\sb.exe

Is it a game?

 

Or it could be this trojan:

http://www.kephyr.com/spywarescanner/library/flingstonebridge/index.phtml

 

Do you have viewing of hidden files and folders enabled? http://forums.majorgeeks.com/showthread.php?t=37650

And you are sure the following does not exist: C:\Program Files\SB\sb.exe

I would expect HJT to say file missing if it was not found.

 

Use Windows Explorer to look for it. Not FireFox or Internet Explorer. And do not type it into the address bar. Just navigate to it using your mouse. It would not be a good idea to put c:\Program Files\SB\sb.exe into the address bar when you do not know what it the application is for. You would wind up actually running the program which could be a virus or trojan.

I don't recall ever seeing "404 file not found" on Windows Explorer only Internet Explorer.

 

If that still comes up with nothing, have HijackThis fix that line too.

 

Two more things:

1) Do you know for a fact that you need this Broadjump stuff.
C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

I always have people uninstall it (from Add/Remove Programs). And if the cannot then just fix those lines in HJT and then delete the C:\Program Files\BroadJump folder after rebooting.

It has been know to cause problems with resource like you were having. See
this and scroll down to BJCFD.EXE and read:
http://www.answersthatwork.com/Tasklist_pages/tasklist_b.htm

2) Uninstall MS Java and install Sun Java. How to do that is in this
thread by Major Attitude:
http://forums.majorgeeks.com/showthread.php?t=25834

 

Well check for yourself but I did not think it was needed for proper operation. But I cannot answer that for sure. Only you can. I think they install but do not need it.

 

Wait a minute are Broadjump Foundation and Broadcom even related???

 

And it is considered spyware?

 

There ya go!! So if you have taken care of the MS Java removal. We should be done I assume?

 

Your welcome!