Search:

you are awsome.

I just emptied and deleted what you told me to and ran Spybot and my Anitvirus with no detections.

When I was infected i would get pop-ups from my AV saying detection in...

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, October 11, 2007 11:14:21 PM
Operating System: Microsoft Windows XP...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:54:03 PM, on 10/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
...

Dumb question,

Which program is Kaspersky?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:41:31 PM, on 10/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
...

----a-w 14,048 2005-02-25 04:35:06 C:\WINDOWS\$hf_mig$\KB901214\spmsg.dll
----a-w 209,632 2005-02-25 04:35:06 C:\WINDOWS\$hf_mig$\KB901214\spuninst.exe
----a-w ...

((((((((((((((((((((((((((((( snapshot@2007-10-06_23.44.17.76 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 14,048 2005-02-25 03:35:06 C:\WINDOWS\$hf_mig$\KB901214\spmsg.dll...

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-08-26 19:14 --------- d-----w C:\Program Files\MSTpscre
2007-08-23...

ComboFix 07-10-11.1 - Scot 2007-10-10 19:30:40.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.660 [GMT -7:00]
Running from: C:\Documents and...

Avenger Log


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\nykiyeal

*******************

Script file located...

HJT Log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:03:49 PM, on 10/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot...

ComboFix 07-10-06.5 - Scot 2007-10-09 20:08:46.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.473 [GMT -7:00]
Running from: C:\Documents and...

I have posted the files for you on spykiller.

thanks for the help with this nasty little bugger

Here are the results:

bwoncqcb.sys

A-Squared Found Trojan.Win32.BHO.gy
AntiVir Found TR/Rootkit.Gen
ArcaVir Found Trojan.Bho.Gy
Avast Found nothing
AVG Antivirus Found nothing ...

NEW HJT log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:47:56 PM, on 10/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)...

let it sit for a few hours and it finally ran.

Combo fix log file


ComboFix 07-10-06.5 - Scot 2007-10-06 23:35:44.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.663...

Here is the new HJT Log just in case it helps



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:58:24 PM, on 10/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet...

O.K.

When i run combofix it gives me this message and tries to run again & again & again & You get the point.

"The COMSPEC environment variable was found to be corrupt. Combofix has attempted...

Here is the log from Vundofix.


I work all day so I am going to post at night when I get home. Thanks for the help on this



VundoFix V6.5.9

Checking Java version...

I have already run Vundofix.exe and here is my HJT log with HTJ renamed scanner.exe.


Thanks


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:31:08 PM, on 10/1/2007
Platform:...