Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93121 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Help! audio ads and popups

Started by r0x0r , Nov 29 2009 09:09 AM

  • This topic is locked This topic is locked
22 replies to this topic

#1 r0x0r

r0x0r

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 29 November 2009 - 09:09 AM

ComboFix 09-11-27.07 - r0x0r 11/28/2009 15:19.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1023.496 [GMT -3.5:30] Running from: C:\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2009-10-28 to 2009-11-28 ))))))))))))))))))))))))))))))) . 2009-11-28 18:56 . 2009-11-28 18:56 -------- d-----w- c:\users\Public\AppData\Local\temp 2009-11-28 18:56 . 2009-11-28 18:56 -------- d-----w- c:\users\Mcx1-R0X0R-PC\AppData\Local\temp 2009-11-28 18:56 . 2009-11-28 18:56 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-11-28 06:02 . 2009-11-28 18:46 3578697 ----a-r- C:\ComboFix.exe 2009-11-28 03:11 . 2009-11-28 03:11 117760 ----a-w- c:\users\r0x0r\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-11-28 03:10 . 2009-11-28 03:10 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2009-11-28 03:10 . 2009-11-28 17:45 4096 d-----w- c:\program files\SUPERAntiSpyware 2009-11-28 03:10 . 2009-11-28 03:10 -------- d-----w- c:\users\r0x0r\AppData\Roaming\SUPERAntiSpyware.com 2009-11-27 21:21 . 2009-11-27 21:21 -------- d-----w- c:\users\r0x0r\AppData\Roaming\Malwarebytes 2009-11-27 21:21 . 2009-11-28 17:45 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-27 21:21 . 2009-11-27 21:21 -------- d-----w- c:\programdata\Malwarebytes 2009-11-26 19:25 . 2009-11-27 18:20 4096 d-----w- c:\programdata\Spybot - Search & Destroy 2009-11-24 00:39 . 2009-11-24 00:40 -------- d-----w- c:\users\r0x0r\AppData\Roaming\U3 2009-11-23 21:42 . 2009-11-28 18:03 -------- d-----w- c:\programdata\NVIDIA 2009-11-23 21:30 . 2009-11-28 17:45 4096 d-----w- C:\Fraps 2009-11-18 17:49 . 2009-11-18 17:49 4096 dc----w- c:\users\r0x0r\AppData\Local\MigWiz 2009-11-11 16:26 . 2009-11-11 16:53 -------- d-----w- c:\users\r0x0r\PSP 2009-11-10 21:20 . 2009-11-17 21:38 4096 d-----w- c:\users\r0x0r\AppData\Roaming\vlc 2009-11-10 21:19 . 2009-11-10 21:19 -------- d-----w- c:\program files\VideoLAN 2009-11-10 16:24 . 2009-11-25 21:52 -------- d-----w- c:\users\r0x0r\AppData\Local\Apple Computer 2009-11-10 16:21 . 2009-11-10 16:21 -------- d-----w- c:\programdata\Apple 2009-11-09 18:54 . 2009-11-09 18:55 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE 2009-11-09 18:22 . 2009-11-09 18:22 -------- d-----w- c:\users\r0x0r\AppData\Local\Fallout3 2009-11-09 17:51 . 2007-04-04 22:23 81768 ----a-w- c:\windows\system32\xinput1_3.dll 2009-11-09 17:51 . 2007-03-15 20:27 443752 ----a-w- c:\windows\system32\d3dx10_33.dll 2009-11-09 17:51 . 2007-03-12 20:12 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll 2009-11-09 17:51 . 2007-03-12 20:12 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll 2009-11-09 17:51 . 2009-11-09 17:51 -------- d-----w- c:\windows\system32\xlive 2009-11-09 17:22 . 2009-11-09 17:22 4096 d-----w- c:\program files\PowerISO 2009-11-09 03:21 . 2009-11-09 03:21 59388 ----a-w- c:\windows\system32\drivers\scdemu.sys 2009-11-07 21:27 . 2009-11-14 18:21 10 ----a-w- c:\windows\popcinfo.dat 2009-11-07 21:22 . 2009-11-07 21:22 -------- d-----w- c:\program files\PopCap Games 2009-11-07 21:22 . 2009-11-07 21:23 4096 d-----w- c:\program files\Zuma Deluxe 2009-11-07 09:44 . 2009-11-07 09:44 546624 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2009-11-06 14:29 . 2009-11-06 14:29 15406728 ----a-w- c:\windows\system32\xlive.dll 2009-11-06 14:29 . 2009-11-06 14:29 13642888 ----a-w- c:\windows\system32\xlivefnt.dll 2009-11-05 17:32 . 2009-11-05 17:32 -------- d-----w- c:\users\r0x0r\AppData\Local\Blizzard Entertainment 2009-11-05 03:09 . 2009-11-05 03:09 -------- d-----w- c:\users\r0x0r\AppData\Local\Apps 2009-11-05 03:09 . 2009-11-26 17:50 -------- d-----w- c:\users\r0x0r\AppData\Local\Deployment 2009-11-02 22:37 . 2009-11-02 22:37 -------- d-----w- c:\program files\Microsoft Silverlight 2009-11-02 21:35 . 2009-11-02 21:35 167064 ----a-w- c:\windows\system32\xliveinstall.dll 2009-11-02 21:35 . 2009-11-02 21:35 71832 ----a-w- c:\windows\system32\xliveinstallhost.exe 2009-10-31 19:48 . 2009-10-31 19:48 -------- d-----w- c:\users\r0x0r\AppData\Local\BuildAGadget Content 2009-10-30 20:15 . 2009-10-30 20:15 -------- d-----w- c:\programdata\Hewlett-Packard . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-28 18:48 . 2009-10-24 23:06 49152 d-----w- c:\users\r0x0r\AppData\Roaming\uTorrent 2009-11-28 17:46 . 2009-07-13 23:11 21584 ----a-w- c:\windows\system32\drivers\atapi.sys 2009-11-28 17:45 . 2009-11-10 16:24 4096 d-----w- c:\program files\iTunes 2009-11-25 21:52 . 2009-11-10 16:24 4096 d-----w- c:\users\r0x0r\AppData\Roaming\Apple Computer 2009-11-10 16:24 . 2009-11-10 16:24 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-11-10 16:24 . 2009-11-10 16:24 -------- d-----w- c:\program files\iPod 2009-11-10 16:24 . 2009-11-10 16:23 -------- d-----w- c:\programdata\Apple Computer 2009-11-10 16:24 . 2009-11-10 16:21 -------- d-----w- c:\program files\Common Files\Apple 2009-11-10 16:23 . 2009-11-10 16:23 -------- d-----w- c:\program files\Bonjour 2009-11-10 16:23 . 2009-11-10 16:23 4096 d-----w- c:\program files\QuickTime 2009-11-10 16:22 . 2009-11-10 16:22 4096 d-----w- c:\program files\Apple Software Update 2009-11-09 19:12 . 2009-10-24 20:28 4096 d--h--w- c:\program files\InstallShield Installation Information 2009-11-09 17:52 . 2009-11-09 17:52 -------- d-----w- c:\program files\Bethesda Softworks 2009-11-09 17:50 . 2009-10-24 20:28 -------- d-----w- c:\program files\Common Files\InstallShield 2009-11-09 17:44 . 2009-10-24 17:44 58352 ----a-w- c:\users\r0x0r\AppData\Local\GDIPFONTCACHEV1.DAT 2009-11-03 00:12 . 2009-10-24 17:45 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-11-02 18:04 . 2009-10-24 23:19 921632 ----a-w- C:\PA7311.DAT 2009-10-29 07:22 . 2009-11-28 17:57 2048 ----a-w- c:\windows\system32\tzres.dll 2009-10-29 04:56 . 2009-10-29 04:56 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf 2009-10-29 00:28 . 2009-10-29 00:28 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe 2009-10-28 23:23 . 2009-10-28 23:23 -------- d-----w- c:\program files\Common Files\Adobe 2009-10-27 03:47 . 2009-10-24 18:47 -------- d-----w- c:\program files\ASRock Utility 2009-10-27 02:58 . 2009-10-27 02:58 -------- d-----w- c:\programdata\McAfee Security Scan 2009-10-26 18:40 . 2009-10-26 18:39 4096 d-----w- c:\program files\TVersity Codec Pack 2009-10-26 18:40 . 2009-10-25 04:37 8192 d-----w- c:\program files\ffdshow 2009-10-26 18:39 . 2009-10-26 18:39 -------- d-----w- c:\program files\TVersity 2009-10-25 05:01 . 2009-10-25 04:29 -------- d-----w- c:\users\r0x0r\AppData\Roaming\Media Control 2009-10-25 04:29 . 2009-10-25 04:29 8192 d-----w- c:\program files\Media Control 2009-10-25 01:08 . 2009-10-25 00:58 -------- d-----w- c:\programdata\Blizzard Entertainment 2009-10-25 00:33 . 2009-10-24 23:53 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment 2009-10-24 23:07 . 2009-10-24 23:07 -------- d-----w- c:\program files\uTorrent 2009-10-24 19:46 . 2009-10-24 19:46 -------- d-----w- c:\programdata\Blizzard 2009-10-24 19:31 . 2009-10-24 19:31 -------- d-----w- c:\program files\Microsoft 2009-10-24 19:31 . 2009-10-24 19:31 -------- d-----w- c:\program files\Windows Live 2009-10-24 19:31 . 2009-10-24 19:31 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-10-24 19:27 . 2009-10-24 19:27 -------- d-----w- c:\program files\Common Files\Windows Live 2009-10-24 18:52 . 2009-10-24 18:52 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll 2009-10-24 18:52 . 2009-10-24 18:52 3605256 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2009-10-24 18:51 . 2009-10-24 18:51 547632 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2009-10-02 04:06 . 2009-10-25 05:32 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2009-09-27 21:17 . 2009-09-27 21:17 2173544 ----a-w- c:\windows\system32\nvcplui.exe 2009-09-27 21:17 . 2009-09-27 21:17 92776 ----a-w- c:\windows\system32\nvmctray.dll 2009-09-27 21:17 . 2009-09-27 21:17 805480 ----a-w- c:\windows\system32\nvsvc.dll 2009-09-27 21:17 . 2009-09-27 21:17 4033128 ----a-w- c:\windows\system32\nvvitvs.dll 2009-09-27 21:17 . 2009-09-27 21:17 3553896 ----a-w- c:\windows\system32\nvgames.dll 2009-09-27 21:17 . 2009-09-27 21:17 3172968 ----a-w- c:\windows\system32\nvwss.dll 2009-09-27 21:17 . 2009-09-27 21:17 215656 ----a-w- c:\windows\system32\nvvsvc.exe 2009-09-27 21:17 . 2009-09-27 21:17 195176 ----a-w- c:\windows\system32\nvmccss.dll 2009-09-27 21:17 . 2009-09-27 21:17 150120 ----a-w- c:\windows\system32\nvshext.dll 2009-09-27 21:17 . 2009-09-27 21:17 1309288 ----a-w- c:\windows\system32\nvsvs.dll 2009-09-27 21:17 . 2009-09-27 21:17 1292904 ----a-w- c:\windows\system32\nvmobls.dll 2009-09-27 21:16 . 2009-09-27 21:16 4942440 ----a-w- c:\windows\system32\nvdisps.dll 2009-09-27 21:16 . 2009-09-27 21:16 13949544 ----a-w- c:\windows\system32\nvcpl.dll 2009-09-10 05:52 . 2009-10-26 05:31 257024 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 20:59 . 2009-11-28 17:59 453456 ----a-w- c:\windows\system32\d3dx10_42.dll 2009-09-04 20:59 . 2009-11-28 17:59 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll 2009-09-03 17:51 . 2009-09-03 17:51 3069502 ----a-w- c:\users\r0x0r\AppData\Roaming\David Guetta ft Akon - Sexy ######.zip 2009-09-03 07:04 . 2009-10-25 05:32 1320960 ----a-w- c:\windows\system32\CertEnroll.dll 2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat 2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-10-28 3883856] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-10-24 289072] "ASRockOCTuner"="" [BU] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-16 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-16 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-16 150552] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600] c:\users\r0x0r\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ CurseClientStartup.ccip [2009-11-4 0] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [7/13/2009 8:22 PM 48128] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\System32\drivers\Rt86win7.sys [3/1/2009 11:05 PM 139776] S3 PAC7311;Trust Webcam 14839;c:\windows\System32\drivers\PA707UCM.SYS [10/18/2005 5:48 PM 154752] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local FF - ProfilePath - c:\users\r0x0r\AppData\Roaming\Mozilla\Firefox\Profiles\lk3tag6p.default\ FF - prefs.js: browser.startup.homepage - googel.com FF - component: c:\users\r0x0r\AppData\Roaming\Mozilla\Firefox\Profiles\lk3tag6p.default\extensions\{ca8b7b3d-b6e6-438f-b935-601b3de48d66}\platform\WINNT_x86-msvc\components\FFThrottle.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); . . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2009-11-28 15:29 ComboFix-quarantined-files.txt 2009-11-28 18:59 ComboFix2.txt 2009-11-28 06:56 Pre-Run: 88,735,956,992 bytes free Post-Run: 88,672,542,720 bytes free - - End Of File - - 2B6508DF1A328887C9C46BDF26AE1F86

    Advertisements

Register to Remove

#2 r0x0r

r0x0r

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 29 November 2009 - 11:15 PM

I have been having some trouble with some type of spyware / virus I have no idea. When i open a link in a new tab randomly it will change to some random search alos today i herd about 4 or 5 audio ad's for like dawn detergents and wierd things like that. I have tried at least 8 removal tools I have no idea what to do HELP!!!!!!!!!!!!!!!!!!!!!!!

#3 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 02 December 2009 - 12:04 PM

Posted Image


DO NOT use any TOOLS such as Combofix, SmitfraudFix, MBAM, Vundofix, or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista users:
1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Uncheck "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Uncheck "Hide protected operating system files."
Click Apply, and then click OK.


Please do not delete anything unless instructed to.


Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Posted Image
Click the Empty Selected button.

(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
    Posted Image
  • When the scan is complete, click OK, then Show Results to view the results.
  • Posted Image
  • Then click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Also "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.


Please don't attach the scans / logs, use "copy/paste". .

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#4 r0x0r

r0x0r

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 02 December 2009 - 12:29 PM

Ok well whenever I go to open a link it just opens in some random search but the icon by the address is always a green globe. Someitmes random audio adds play with nothing opened at all. Pretty much any link from any search will open a random search engine. Link Removed comes up sometimes in a new windows along with about 5 other tabs open in that window and yesterday i tryed opening IE and it just opened about 1000 times and i had to hard reboot my computer becasue they would not stop opening at all. I hope you can help me out here thanks.




Malwarebytes' Anti-Malware 1.41
Database version: 3279
Windows 6.1.7600

12/2/2009 2:52:16 PM
mbam-log-2009-12-02 (14-52-16).txt

Scan type: Quick Scan
Objects scanned: 99371
Time elapsed: 5 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:55:04 PM, on 12/2/2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - Startup: CurseClientStartup.ccip
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\Windows\System32\PAStiSvc.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

--
End of file - 4633 bytes

Attached Images

  • popups.jpg

Edited by r0x0r, 02 December 2009 - 02:38 PM.

#5 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 02 December 2009 - 01:21 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:55:04 PM, on 12/2/2009
Platform: Unknown Windows (WinNT 6.01.3504)

What version of windows are you using?

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#6 r0x0r

r0x0r

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 02 December 2009 - 02:38 PM

Windows 7 Ultimate

#7 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 02 December 2009 - 05:44 PM

Download the diagnostic tool MGADiag and save it to your desktop.

  • Double-click on MGADiag.exe.
  • Click Run.
  • Click Continue, then Copy.
  • Paste the report in your next reply.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#8 r0x0r

r0x0r

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 02 December 2009 - 06:40 PM

Diagnostic Report (1.9.0011.0):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0

Cached Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-X92GV-V7DCV-P4K27
Windows Product Key Hash: aU2z1/fnhnLHmhBm699qYZT2E6s=
Windows Product ID: 00426-OEM-8992662-00400
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7600.2.00010100.2.0.001
ID: {F6911F17-36E4-48B9-892C-30B9F9753318}(1)
Is Admin: Yes
TestCab: 0x0
WGA Version: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista ™ Ultimate
Architecture: 0x00000000
Build lab: 7600.win7_rtm.090713-1255
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{F6911F17-36E4-48B9-892C-30B9F9753318}</UGUID><Version>1.9.0011.0</Version><OS>6.1.7600.2.00010100.2.0.001</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-P4K27</PKey><PID>00426-OEM-8992662-00400</PID><PIDType>2</PIDType><SID>S-1-5-21-2619092299-4198636357-1406502502</SID><SYSTEM><Manufacturer>To Be Filled By O.E.M.</Manufacturer><Model>To Be Filled By O.E.M.</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>P1.20</Version><SMBIOSVersion major="2" minor="5"/><Date>20090512000000.000000+000</Date></BIOS><HWID>56BB3607018400E8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Newfoundland Standard Time(GMT-03:30)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>QA09 </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7600.16385

Name: Windows® 7, Ultimate edition
Description: Windows Operating System - Windows® 7, OEM_SLP channel
Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00178-926-600400-02-1033-7600.0000-2972009
Installation ID: 004486248362845000747151942684331430600973197246070930
Processor Certificate URL: http://go.microsoft....k/?LinkID=88338
Machine Certificate URL: http://go.microsoft....k/?LinkID=88339
Use License URL: http://go.microsoft....k/?LinkID=88341
Product Key Certificate URL: http://go.microsoft....k/?LinkID=88340
Partial Product Key: P4K27
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 12/2/2009 9:09:57 PM

HWID Data-->
HWID Hash Current: NgAAAAEABgABAAEAAAABAAAAAgABAAEAnJ8mUf4t7Ngu9/Tj9HP6An4QrsJuwSISYCh4J0bK

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC A M I OEMAPIC
FACP A M I OEMFACP
HPET A M I OEMHPET
MCFG A M I OEMMCFG
OEMB A M I AMI_OEM
AAFT A M I OEMAAFT
GSCI A M I GMCHSCI
SLIC DELL QA09

#9 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 02 December 2009 - 07:01 PM

I'm not seeing anything that can be causing the issues you're having, but we'll keep looking.

http://www.eset.eu/online-scanner
Go here to run an online scannner from ESET.
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#10 r0x0r

r0x0r

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 03 December 2009 - 12:30 AM

also all my searches are being redirected to other random search engines like whne i click a link from google it will open a random search carp** C:\Windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe Win32/Olmarik.RF virus E:\Documents and Settings\Administrator.R0X0R-1337\Desktop\StartCraft Hax\wmode.bwl probably a variant of Win32/Agent trojan E:\Documents and Settings\Administrator.R0X0R-1337\Local Settings\Temp\4U_WMA_MP3_Converter_v5.6.0_WinALL_Keygen_Only_by_ViRiLiTY.zip probably a variant of Win32/Agent trojan E:\Documents and Settings\Administrator.R0X0R-1337\Local Settings\Temp\plugtmp-122\plugin-spl-2.php PDF/Exploit.Pidief.OJS.Gen trojan E:\Documents and Settings\Administrator.R0X0R-1337\Local Settings\Temp\plugtmp-122\plugin-spl.php PDF/Exploit.Gen trojan E:\Documents and Settings\Administrator.R0X0R-1337\Local Settings\Temp\plugtmp-123\plugin-spl-1.php PDF/Exploit.Gen trojan E:\Documents and Settings\Administrator.R0X0R-1337\Local Settings\Temp\plugtmp-123\plugin-spl.php PDF/Exploit.Pidief.OJS.Gen trojan E:\Program Files\MSN Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application E:\Program Files\Unlocker\eBay_shortcuts_1016.exe a variant of Win32/Adware.ADON application

Edited by r0x0r, 03 December 2009 - 02:41 PM.

    Advertisements

Register to Remove

#11 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 03 December 2009 - 04:12 PM

Run the online scan again and Make sure that the option Remove found threats is ticked to remove the infections it finds.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#12 r0x0r

r0x0r

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 03 December 2009 - 05:11 PM

ok will give that a try this was the first scanner that accualy found something I must have used like 8 and avg.

#13 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 03 December 2009 - 05:12 PM

ok will give that a try this was the first scanner that accualy found something I must have used like 8 and avg.

:thumbup:

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#14 r0x0r

r0x0r

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 03 December 2009 - 07:34 PM

it seems like the search redirecting has stoped but i just got another audio ad

#15 r0x0r

r0x0r

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 03 December 2009 - 10:32 PM

nope still redirecting and audio ads

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·