Malware warning from google (adnetserver.com)

[Blind Dragon]

Run CFScript

Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)

File::
C:\Users\emman\AppData\Local\Temp\byknkluo.dll
C:\Users\emman\AppData\Local\Temp\eyokaxxs.dll
C:\Users\emman\AppData\Local\Temp\ddcawTnK.dll

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BMbb30cd2d"=-
"cmds"=-

Save this as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.

 

[emmandgr81]

here are the logs

 

[Habylab]

Open up Hijackthis! and delete the folowing keys
O4 - HKCU\..\Run: [BMbb30cd2d] Rundll32.exe "C:\Users\emman\AppData\Local\Temp\eyokaxxs.dll",s
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\emman\AppData\Local\Temp\ddcawTnK.dll,c

 

[Blind Dragon]

Remove bad HijackThis entries

• Run HijackThis
• Click on the System Scan Only button
• Put a check beside all of the items listed below (if present):
  
  O4 - HKCU\..\Run: [BMbb30cd2d] Rundll32.exe "C:\Users\emman\AppData\Local\Temp\eyokaxxs.dll",s
  O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\emman\AppData\Local\Temp\ddcawTnK.dll,c
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

• Close all open windows and browsers/email, etc...
• Click on the "Fix Checked" button
• When completed, close the application.

OTMoveit2 by OldTimer

• Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  [b]C:\Users\emman\AppData\Local\Temp\ddcawTnK.dll
  C:\Users\emman\AppData\Local\Temp\eyokaxxs.dll
  C:\PROGRA~1\Java\JRE16~2.0_0[/b]

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


-----------------------------------------------------------------------

Then please run ATF cleaner again

------------------------------------------------------------------------

Attach back here - OTMoveit! log with a fresh hijackthis

 

[emmandgr81]

here are the logs

 

[Blind Dragon]

Update Malwarebytes Anti-malware, and run a full system scan with it. have it fix everything it finds then attach the log for me. If that doesn't remove these 2 then we have other options.

 

[emmandgr81]

here's the log...

 

[Habylab]

I think you are OK, Blind Dragon may see otherwise, but MBAM fixed the problems for you. Fresh Hijackthis! log please, otherwise I THINK you have the all clear!

 

[emmandgr81]

here's the hijack log

 

[Habylab]

Open up Hijackthis! and delete the following:
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O4 - HKCU\..\Run: [BMbb30cd2d] Rundll32.exe "C:\Users\emman\AppData\Local\Temp\eyokaxxs.dll",s
After that run another Hijackthis!, and post the log here, just to double check. Run CCleaner if you have it, may get rid off a virus .tmp file or .dll file or 2.

 

[emmandgr81]

here it is... i have no CCleaner

 

[emmandgr81]

is there still any problem with my computer? by the way, im still getting the script error from yahoo...