Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help: Vimax ads everywhere; Google Link Redirects. Hijack log posted.


  • This topic is locked This topic is locked
12 replies to this topic

#1 KCJ

KCJ

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 20 May 2009 - 10:41 PM

Hi support team,
I am having major problems. Within the last week I've started seeing vimax ads on every page with ads. And when I do google searches, I'm often redirected to more ads when I click on one of the links. It doesn't even go to the link, just redirects me to an ad. It seems to go through counter.fastclick or something. I use firefox, not internet explorer. Please help me! I ran adaware, and my avg program, and nothing is helping. This is so frustrating. Here is my hijack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:40:21 PM, on 5/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} (ChartFX Internet Control) - http://www.schaeffersresearch.com/download/CfxIEAx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{01113CB4-4B0C-4204-B3DC-E8A2892B134E}: NameServer = 85.255.112.169,85.255.112.111
O17 - HKLM\System\CCS\Services\Tcpip\..\{E740D39B-74C8-4E46-8D81-44CFA01677B2}: NameServer = 85.255.112.169,85.255.112.111
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.169,85.255.112.111
O17 - HKLM\System\CS1\Services\Tcpip\..\{01113CB4-4B0C-4204-B3DC-E8A2892B134E}: NameServer = 85.255.112.169,85.255.112.111
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.169,85.255.112.111
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 6554 bytes

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:56 PM

Posted 21 May 2009 - 11:33 AM

Hello KCJ,

Posted Image

Please download Malwarebytes' Anti-Malware from one of these places:
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/mbam/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 KCJ

KCJ
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 21 May 2009 - 11:34 PM

Hi Tea,
Thanks so much for the help. So, here is my updated story:

1) Last night after posting my plea for help, I read about malwarebytes, downloaded it and tried to run it. I was able to install it, but it wouldn't run at all (wouldn't open). I did some more research, found that certain malware will block that program, so I tried renaming it and its extension. Still no go. I restarted in safe mode, still no go. So, when I restarted again in regular mode, it finally worked. I ran it, it found some problems, I deleted them, and thought I was good. The vimax ads were gone. However tonight, the click through problem started all over again.

2) I ran malwarebytes again, it found more problems. I deleted them and placed the log below. I don't think my definitions were updated last night so I updated them tonight before running the scan.

3) I ran hijack this again after malwarebytes tonight, and the log is below.

Let me know what you think is next. Thanks again! - KCJ

MALWAREBYTES LOG:

Malwarebytes' Anti-Malware 1.36
Database version: 2164
Windows 5.1.2600 Service Pack 3

5/21/2009 9:25:01 PM
mbam-log-2009-05-21 (21-25-01).txt

Scan type: Quick Scan
Objects scanned: 57446
Time elapsed: 2 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{331cf7ad-4ff8-47f8-bbfb-04eed85c4652} (Adware.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{51c0946f-938e-4909-a128-8a2f688df31a} (Adware.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f32d7d45-1750-48da-9cac-c6216972bb33} (Adware.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{497dddb6-6eee-4561-9621-b77dc82c1f84} (Adware.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4e980492-027b-47f1-a7ab-ab086dacbb9e} (Adware.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5ead8321-fcbb-4c3f-888c-ac373d366c3f} (Adware.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{31f3cf6e-a71a-4daa-852b-39ac230940b4} (Adware.Ascentive) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\ConTest.dll (Adware.Ascentive) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\SysRestore.dll (Adware.Ascentive) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\ConTest.dll (Adware.Ascentive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysRestore.dll (Adware.Ascentive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gxvxccounter (Trojan.DNSchanger) -> Quarantined and deleted successfully.



HIJACK THIS LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:28:08 PM, on 5/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} (ChartFX Internet Control) - http://www.schaeffersresearch.com/download/CfxIEAx.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 6052 bytes

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:56 PM

Posted 21 May 2009 - 11:37 PM

Hi there,

Thank you for the update. The more info the better. :thumbup2:

Please download GooredFix and save it to your Desktop. Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt). Note: Do not run Option #2 yet.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 KCJ

KCJ
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 21 May 2009 - 11:45 PM

Hi Tea,
I ran Goored and the log is below. Also, even after running malwarebytes, the search ad forward problem is still happening. I even tried Internet Explorer, and it did the same thing. It seems to always forward me through 64.111.208.122 as I can see this in the history when I click the back tab. One more thing, I've tried several times to download and install superspywarescanner, and it won't ever install. It always gives me the error that it has encountered a problem and needs to close. Thanks for taking the time to help me. ~KCJ

GooredFix v1.92 by jpshortstuff
Log created at 21:41 on 21/05/2009 running Option #1 (user)
Firefox version 3.0.10 (en-US)

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\Program Files\Real\RealPlayer\browserrecord"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{1d5287d1-8a92-0001-1f31-1cec198018d8}"="C:\Program Files\AVG\AVG8\ToolbarFF"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG8\Firefox"

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:56 PM

Posted 21 May 2009 - 11:49 PM

Thanks....you can delete GooredFix. :)

You're most welcome for the help. :thumbup2:

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

If ComboFix will not run the first time, then rename ComboFix.exe to fluffybunny.exe and try it again. :)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 KCJ

KCJ
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 22 May 2009 - 12:34 AM

Hi Tea,
Wow you are up late if you're in Texas. I sure appreciate all the help. Can't wait to be done with this malware maggot. I hate this virus stuff. Why would people even spend the time creating this junk??? Combofix ran fine with no problems. It did make me restart because it found the two files listed in the log under the deleted files section at the top of the log. Also, I was able to run superantispyware after an internet search tipped me to change to properties to make the program compatible with windows 2000. Here is that log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/21/2009 at 10:26 PM

Application Version : 4.26.1002

Core Rules Database Version : 3906
Trace Rules Database Version: 1851

Scan type : Quick Scan
Total Scan Time : 00:11:29

Memory items scanned : 396
Memory threats detected : 0
Registry items scanned : 363
Registry threats detected : 0
File items scanned : 7276
File threats detected : 129

Adware.Tracking Cookie
C:\Documents and Settings\user\Cookies\user@statcounter[1].txt
C:\Documents and Settings\user\Cookies\user@server.iad.liveperson[3].txt
C:\Documents and Settings\user\Cookies\user@server.iad.liveperson[2].txt
C:\Documents and Settings\user\Cookies\user@adbrite[1].txt
C:\Documents and Settings\user\Cookies\user@admarketplace[1].txt
C:\Documents and Settings\user\Cookies\user@sales.liveperson[1].txt
C:\Documents and Settings\user\Cookies\user@www.burstnet[1].txt
C:\Documents and Settings\user\Cookies\user@apmebf[2].txt
C:\Documents and Settings\user\Cookies\user@sales.liveperson[3].txt
C:\Documents and Settings\user\Cookies\user@ad.yieldmanager[1].txt
C:\Documents and Settings\user\Cookies\user@burstnet[1].txt
C:\Documents and Settings\user\Cookies\user@atdmt[1].txt
C:\Documents and Settings\user\Cookies\user@realmedia[1].txt
C:\Documents and Settings\user\Cookies\user@schaeffers.112.2o7[1].txt
C:\Documents and Settings\user\Cookies\user@at.atwola[2].txt
C:\Documents and Settings\user\Cookies\user@zedo[1].txt
C:\Documents and Settings\user\Cookies\user@doubleclick[1].txt
C:\Documents and Settings\user\Cookies\user@bridge1.admarketplace[1].txt
C:\Documents and Settings\user\Cookies\user@specificclick[2].txt
C:\Documents and Settings\user\Cookies\user@advertising[2].txt
.ads.pointroll.com [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-13\8nv2lekd.slt\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-13\8nv2lekd.slt\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-13\8nv2lekd.slt\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-13\8nv2lekd.slt\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-13\8nv2lekd.slt\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-13\8nv2lekd.slt\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-13\8nv2lekd.slt\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-13\8nv2lekd.slt\cookies.txt ]
.specificmedia.com [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-13\8nv2lekd.slt\cookies.txt ]
.specificmedia.com [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-13\8nv2lekd.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-13\8nv2lekd.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-13\8nv2lekd.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-13\8nv2lekd.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-13\8nv2lekd.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-13\8nv2lekd.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-13\8nv2lekd.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-13\8nv2lekd.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-13\8nv2lekd.slt\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-13\8nv2lekd.slt\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-13\8nv2lekd.slt\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-13\8nv2lekd.slt\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-13\8nv2lekd.slt\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-13\8nv2lekd.slt\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-13\8nv2lekd.slt\cookies.txt ]
.specificmedia.com [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-11\9je6ddam.slt\cookies.txt ]
.specificmedia.com [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-11\9je6ddam.slt\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-11\9je6ddam.slt\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-11\9je6ddam.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-11\9je6ddam.slt\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-11\9je6ddam.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-11\9je6ddam.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-11\9je6ddam.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-11\9je6ddam.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-11\9je6ddam.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-11\9je6ddam.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-11\9je6ddam.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-11\9je6ddam.slt\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-11\9je6ddam.slt\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-11\9je6ddam.slt\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-11\9je6ddam.slt\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-11\9je6ddam.slt\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-11\9je6ddam.slt\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-11\9je6ddam.slt\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-11\9je6ddam.slt\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-11\9je6ddam.slt\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-11\9je6ddam.slt\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-11\9je6ddam.slt\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-11\9je6ddam.slt\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-11\9je6ddam.slt\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-11\9je6ddam.slt\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-11\9je6ddam.slt\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-11\9je6ddam.slt\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-11\9je6ddam.slt\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-15\a4knnjff.slt\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-15\a4knnjff.slt\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-15\a4knnjff.slt\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-15\a4knnjff.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-15\a4knnjff.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-15\a4knnjff.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-15\a4knnjff.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-15\a4knnjff.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-15\a4knnjff.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-15\a4knnjff.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-15\a4knnjff.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-15\a4knnjff.slt\cookies.txt ]
.specificmedia.com [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-15\a4knnjff.slt\cookies.txt ]
.specificmedia.com [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-15\a4knnjff.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-17\j6xsy5gn.slt\cookies.txt ]
.adlegend.com [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-17\j6xsy5gn.slt\cookies.txt ]
.adlegend.com [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-17\j6xsy5gn.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-17\j6xsy5gn.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-17\j6xsy5gn.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-17\j6xsy5gn.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-17\j6xsy5gn.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-17\j6xsy5gn.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-17\j6xsy5gn.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-17\j6xsy5gn.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-17\j6xsy5gn.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-17\j6xsy5gn.slt\cookies.txt ]
.interclick.com [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-17\j6xsy5gn.slt\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-17\j6xsy5gn.slt\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-17\j6xsy5gn.slt\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-17\j6xsy5gn.slt\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-17\j6xsy5gn.slt\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-17\j6xsy5gn.slt\cookies.txt ]
.specificmedia.com [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-17\j6xsy5gn.slt\cookies.txt ]
.specificmedia.com [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-17\j6xsy5gn.slt\cookies.txt ]
.a1.interclick.com [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-17\j6xsy5gn.slt\cookies.txt ]
.a1.interclick.com [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-17\j6xsy5gn.slt\cookies.txt ]
.a1.interclick.com [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-17\j6xsy5gn.slt\cookies.txt ]
.a1.interclick.com [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-17\j6xsy5gn.slt\cookies.txt ]
.a1.interclick.com [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-17\j6xsy5gn.slt\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-19\bc1ejt8c.slt\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-19\bc1ejt8c.slt\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-19\bc1ejt8c.slt\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-19\bc1ejt8c.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-19\bc1ejt8c.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-19\bc1ejt8c.slt\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-19\bc1ejt8c.slt\cookies.txt ]
.specificmedia.com [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-19\bc1ejt8c.slt\cookies.txt ]
.specificmedia.com [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-19\bc1ejt8c.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-19\bc1ejt8c.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-19\bc1ejt8c.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-19\bc1ejt8c.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-19\bc1ejt8c.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-19\bc1ejt8c.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-19\bc1ejt8c.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-19\bc1ejt8c.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\user\Application Data\MozillaControl\profiles\MozillaControl-19\bc1ejt8c.slt\cookies.txt ]


And here is the combofix log:

ComboFix 09-05-21.01 - user 05/21/2009 22:05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.684 [GMT -7:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\gxvxcxcvrptkeeknkatmirhnkjqridwjfltuo.sys
c:\windows\system32\gxvxcvuncuugphakowvmhewwcvlwluhaelknf.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS


((((((((((((((((((((((((( Files Created from 2009-04-22 to 2009-05-22 )))))))))))))))))))))))))))))))
.

2009-05-22 04:51 . 2009-05-22 04:51 117760 ----a-w c:\documents and settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-22 04:49 . 2009-05-22 04:49 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-22 04:48 . 2009-05-22 04:48 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-21 05:18 . 2009-05-21 05:18 -------- d-----w c:\documents and settings\user\Application Data\Malwarebytes
2009-05-21 05:14 . 2009-04-06 22:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-21 05:14 . 2009-04-06 22:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-21 05:14 . 2009-05-21 05:14 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-21 04:49 . 2009-05-21 05:15 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-21 02:39 . 2009-05-21 02:39 -------- d-----w c:\program files\Trend Micro
2009-05-20 02:03 . 2009-05-20 02:03 -------- d-----w c:\program files\Veetle
2009-05-20 01:08 . 2009-05-08 01:42 2051864 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-05-20 01:08 . 2009-05-08 01:41 424472 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwdwsc.dll
2009-05-20 01:08 . 2009-05-08 01:41 312088 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avglngx.dll
2009-05-20 01:08 . 2009-05-08 01:41 177432 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmail.dll
2009-05-20 01:08 . 2009-05-08 01:41 3288344 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-05-20 01:08 . 2009-05-08 01:42 486168 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsx.exe
2009-05-20 01:07 . 2009-05-08 01:35 1437464 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-05-20 01:07 . 2009-05-08 01:35 755992 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll
2009-05-17 04:55 . 2007-02-16 09:05 14464 ----a-w c:\windows\system32\drivers\fanio.sys
2009-05-17 04:54 . 2009-05-17 04:55 -------- d-----w c:\program files\I8kfanGUI
2009-05-16 05:26 . 2009-03-09 19:06 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-05-16 05:00 . 2009-03-09 19:06 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-05-16 05:00 . 2009-05-16 05:00 -------- dc-h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-16 05:00 . 2009-03-12 08:17 2902048 -c--a-w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-05-16 05:00 . 2009-05-16 05:00 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-16 05:00 . 2009-05-16 05:00 -------- d-----w c:\program files\Lavasoft
2009-05-14 05:56 . 2009-05-14 05:56 -------- d-----w c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-05-14 04:01 . 2009-05-08 01:42 2302232 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avguiadv.dll
2009-05-14 04:01 . 2009-05-08 01:41 3399960 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-05-05 04:02 . 2009-05-04 22:07 2298680 ----a-w c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\5t4mlv1e.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
2009-05-05 04:02 . 2007-05-17 20:58 143360 ----a-w c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\5t4mlv1e.default\extensions\firefox@tvunetworks.com\plugins\libexpatw.dll
2009-05-05 04:02 . 2006-10-19 00:32 499712 ----a-w c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\5t4mlv1e.default\extensions\firefox@tvunetworks.com\plugins\msvcp71.dll
2009-05-05 04:02 . 2006-10-17 01:44 196608 ----a-w c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\5t4mlv1e.default\extensions\firefox@tvunetworks.com\plugins\ssleay32.dll
2009-05-05 04:02 . 2006-10-17 01:44 1028096 ----a-w c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\5t4mlv1e.default\extensions\firefox@tvunetworks.com\plugins\libeay32.dll
2009-05-05 04:02 . 2008-03-05 01:52 286720 ----a-w c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\5t4mlv1e.default\extensions\firefox@tvunetworks.com\plugins\libcurl.dll
2009-05-05 04:02 . 2007-10-31 16:39 59904 ----a-w c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\5t4mlv1e.default\extensions\firefox@tvunetworks.com\plugins\zlib1.dll
2009-05-05 04:02 . 2006-10-19 00:32 348160 ----a-w c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\5t4mlv1e.default\extensions\firefox@tvunetworks.com\plugins\msvcr71.dll
2009-05-04 00:26 . 2008-04-13 23:11 21504 -c--a-w c:\windows\system32\dllcache\hidserv.dll
2009-05-04 00:26 . 2008-04-13 23:11 21504 ----a-w c:\windows\system32\hidserv.dll
2009-05-04 00:26 . 2008-04-13 17:45 10368 -c--a-w c:\windows\system32\dllcache\hidusb.sys
2009-05-04 00:26 . 2008-04-13 17:45 10368 ----a-w c:\windows\system32\drivers\hidusb.sys
2009-05-04 00:26 . 2008-04-13 17:45 60032 -c--a-w c:\windows\system32\dllcache\usbaudio.sys
2009-05-04 00:26 . 2008-04-13 17:45 60032 ----a-w c:\windows\system32\drivers\USBAUDIO.sys
2009-05-04 00:26 . 2008-04-13 17:45 32128 -c--a-w c:\windows\system32\dllcache\usbccgp.sys
2009-05-04 00:26 . 2008-04-13 17:45 32128 ----a-w c:\windows\system32\drivers\usbccgp.sys
2009-05-03 20:48 . 2009-05-03 20:48 -------- d-----w c:\documents and settings\user\Kaplan2009
2009-05-02 21:52 . 2009-05-02 21:59 -------- d-----w c:\documents and settings\user\Application Data\The Market Toolbox
2009-05-02 21:52 . 2009-05-02 21:56 -------- d-----w c:\program files\The Market Toolbox
2009-05-02 05:01 . 1998-10-29 23:45 306688 ----a-w c:\windows\IsUninst.exe
2009-05-02 04:17 . 2009-05-02 04:17 -------- d-----w c:\documents and settings\user\.thumbnails
2009-05-02 03:27 . 2009-05-02 03:28 -------- d-----w c:\documents and settings\user\.gegl-0.0
2009-05-02 03:27 . 2009-05-02 04:35 -------- d-----w c:\documents and settings\user\.gimp-2.6
2009-05-02 03:27 . 2009-05-02 03:27 -------- d-----w c:\documents and settings\user\Application Data\FlyGimp Pro
2009-05-02 03:27 . 2009-05-02 03:27 -------- d-----w c:\program files\FlyGimp Pro
2009-04-24 03:07 . 2009-04-24 03:11 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\Graboid
2009-04-22 21:06 . 2009-04-22 21:06 -------- d-----w c:\program files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-22 04:49 . 2008-12-07 03:50 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-22 03:36 . 2008-11-14 05:57 -------- d-----w c:\program files\Mozilla Thunderbird
2009-05-21 13:35 . 2008-12-17 07:17 -------- d-----w c:\program files\ThinkorSwim
2009-05-16 01:31 . 2008-11-13 07:29 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-05-14 12:56 . 2008-12-21 01:43 -------- d-----w c:\documents and settings\user\Application Data\uTorrent
2009-05-08 01:42 . 2008-11-13 07:30 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-08 01:42 . 2008-11-13 07:30 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-08 01:42 . 2008-11-13 07:30 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys
2009-05-08 01:42 . 2008-11-13 07:30 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-02 05:03 . 2008-11-14 04:33 -------- d-----w c:\program files\Common Files\Adobe
2009-05-02 04:38 . 2008-12-06 00:03 -------- d-----w c:\documents and settings\user\Application Data\LimeWire
2009-05-02 04:19 . 2008-12-21 06:33 -------- d-----w c:\documents and settings\user\Application Data\gtk-2.0
2009-04-26 23:30 . 2008-12-19 06:32 -------- d-----w c:\program files\Stock Assault 2.0 Diamond Edition
2009-04-24 02:53 . 2008-12-06 00:51 -------- d-----w c:\program files\Graboid
2009-04-17 06:16 . 2008-11-13 07:25 -------- d-----w c:\program files\Java
2009-04-17 06:14 . 2009-04-17 06:14 152576 ----a-w c:\documents and settings\user\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-01 03:18 . 2008-11-29 04:27 -------- d-----w c:\program files\SopCast
2009-03-21 19:50 . 2009-03-21 19:50 57344 ----a-w c:\documents and settings\user\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-7373f064-n\Decora-SSE.dll
2009-03-21 19:50 . 2009-03-21 19:50 24064 ----a-w c:\documents and settings\user\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-2a23f306-n\Decora-D3D.dll
2009-03-21 19:50 . 2009-03-21 19:50 499712 ----a-w c:\documents and settings\user\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-45c91e4b-n\msvcp71.dll
2009-03-21 19:50 . 2009-03-21 19:50 499712 ----a-w c:\documents and settings\user\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-45c91e4b-n\jmc.dll
2009-03-21 19:50 . 2009-03-21 19:50 348160 ----a-w c:\documents and settings\user\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-45c91e4b-n\msvcr71.dll
2009-03-21 19:50 . 2009-03-21 19:50 57344 ----a-w c:\documents and settings\user\Application Data\Sun\Java\Deployment\cache\6.0\37\3976f065-6636dff5-n\Decora-SSE.dll
2009-03-21 19:50 . 2009-03-21 19:50 24064 ----a-w c:\documents and settings\user\Application Data\Sun\Java\Deployment\cache\6.0\37\2c4a0065-3f6fcd9c-n\Decora-D3D.dll
2009-03-21 19:50 . 2009-03-21 19:50 315392 ----a-w c:\documents and settings\user\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-6085832e-n\jogl.dll
2009-03-21 19:50 . 2009-03-21 19:50 20480 ----a-w c:\documents and settings\user\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-6085832e-n\jogl_awt.dll
2009-03-21 19:50 . 2009-03-21 19:50 114688 ----a-w c:\documents and settings\user\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-6085832e-n\jogl_cg.dll
2009-03-21 19:49 . 2009-03-21 19:49 20480 ----a-w c:\documents and settings\user\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-565ab8fc-n\gluegen-rt.dll
2009-03-21 19:49 . 2009-03-21 19:49 503808 ----a-w c:\documents and settings\user\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-4fcc4d04-n\msvcp71.dll
2009-03-21 19:49 . 2009-03-21 19:49 499712 ----a-w c:\documents and settings\user\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-4fcc4d04-n\jmc.dll
2009-03-21 19:49 . 2009-03-21 19:49 348160 ----a-w c:\documents and settings\user\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-4fcc4d04-n\msvcr71.dll
2009-03-11 04:26 . 2009-03-11 04:26 152576 ----a-w c:\documents and settings\user\Application Data\Sun\Java\jre1.6.0_12\lzma.dll
2009-03-09 12:19 . 2008-11-13 07:26 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:22 . 2004-08-04 10:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2006-03-04 03:33 826368 ----a-w c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"i8kfangui"="c:\program files\I8kfanGUI\I8kfanGUI.exe" [2007-02-16 856064]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERSPY.com.exe" [2009-05-14 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-08 1947928]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-08-13 335872]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-16 185872]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]
"ATIModeChange"="Ati2mdxx.exe" - c:\windows\system32\Ati2mdxx.exe [2001-09-05 28672]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-5-1 113664]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 19:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-08 01:42 11952 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\user\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program Files\\ThinkorSwim\\thinkorswim.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/15/2009 10:00 PM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/13/2008 12:30 AM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/13/2008 12:30 AM 108552]
R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [5/16/2009 9:55 PM 14464]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/14/2009 2:22 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/14/2009 2:22 PM 72944]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [11/13/2008 12:29 AM 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [11/13/2008 12:29 AM 298776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 12:06 PM 951632]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [12/15/2008 2:40 PM 603904]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/14/2009 2:22 PM 7408]
.
Contents of the 'Scheduled Tasks' folder

2009-05-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\5t4mlv1e.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\5t4mlv1e.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-21 22:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1552)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-05-22 22:12
ComboFix-quarantined-files.txt 2009-05-22 05:12

Pre-Run: 25,081,090,048 bytes free
Post-Run: 25,326,956,544 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

222 --- E O F --- 2009-05-15 04:23

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:56 PM

Posted 22 May 2009 - 12:42 AM

Hello,

Yep, starting to yawn a bit here. :thumbup2: You're most welcome. :)

All SAS found was cookies, which everyone gets.....but ComboFix got rid of a nasty rootkit. Are you still being redirected?
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 KCJ

KCJ
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 22 May 2009 - 12:51 AM

Hey Tea,
As of now I'm not getting the click through problem. I'm hopeful that it's stopped, but I've also noticed in the past that it isn't constant. It comes in waves and spurts. Like how I thought it was over earlier tonight and then it started up again. So, I will let you know if I have more troubles. Again thanks for the time and assistance. Have a wonderful holiday weekend and hopefully you'll have lots of time for rest and play! ~KCJ

#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:56 PM

Posted 22 May 2009 - 12:57 AM

Hello,

Thanks for the nice thoughts. :)

Please delete ComboFix and its accompanying folder C:\Qoobox. Empty your Recycle bin and reboot your computer. I really think everything is all right now, but please do let me know how it is after some time has passed. :thumbup2:

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#11 KCJ

KCJ
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 22 May 2009 - 03:35 PM

Thanks again, Tea, for all the help! So far so good. ~KCJ

#12 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:56 PM

Posted 22 May 2009 - 09:03 PM

That's great to know, and you're most welcome. :thumbup2:

http://mvps.org/winhelp2002/unwanted.htm
Please also read Tony Klein's excellent article: How I got Infected in the First Place

Take care!
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#13 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:56 PM

Posted 24 May 2009 - 04:30 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users