Hello starmike and welcome to
Computer Hope Forum. My name is Superdave but you can just call me SD. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.
1. I will be working on your
Malware issues. This
may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please
DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
Open
HijackThis and select
Do a system scan onlyPlace a check mark next to the following entries: (if there)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] \"C:\Program Files\Java\jre6\bin\jusched.exe\"
O4 - Global Startup: Acrobat Assistant.lnk.disabled
O4 - Global Startup: j2 Tray Menu.lnk.disabled
O4 - Global Startup: Live Menu.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk.disabled
O4 - Global Startup: Monitor.lnk.disabled
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
017 - hklm\system\ccs\services\tcpip\parameters: domain = blissnet.pri (If you recognize these 3 entries, don't fix them.)
017 - hklm\system\cs3\services\tcpip\parameters: domain = blissnet.pri (see above)
017 - hklm\system\cs4\services\tcpip\parameters: domain = blissnet.pri (see above)
023 - service: snake sockproxy service (skserver) - unknown owner - c:\winnt\help\svchost.exe (file missing)Important: Close all open windows except for
HijackThis and then click
Fix checked.Once completed, exit
HijackThis.Download
ComboFix by sUBs from one of the below links. Be sure to save it to the
Desktop.link # 1Link # 2Close any open web browsers (Firefox, Internet Explorer, etc) before starting
ComboFix.Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click
this link to see a list of security programs that should be disabled and how to disable them.
Vista users Right-click
combofix.exe and select
Run as Administrator and follow the prompts.
Double-click
combofix.exe and follow the prompts.
When finished,
ComboFix will produce a log for you.
Post the
ComboFix log and a new
HijackThis log in your next reply.
NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.Remember to re-enable your
anti-virus and
anti-spyware protection when
ComboFix is complete.