Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

MALWARE! Popups! All ADS are redirected to PORN ads [RESOLVE


  • This topic is locked This topic is locked

#1
electra

electra

    New Member

  • Member
  • Pip
  • 2 posts
Running:
Windows XP Home 5.1
Intel Pentium 4CPU 3.00GHz (2CPUs)
Internet Exporer (newest version)

I stupidly downloaded 2 viruses (trojan horse downloader.generic6.ambn AND trojan horse downloader.generic6.alai)

AVG caught them and I quarantined them. There was also an extra file that popped up called reg(somethin).bat. I tried to delete it but I got a window that said "are you sure you want to delete windows". I said no, but the next time I turned the computer on, the file was no longer in my recycle bin. My windows is obviously still working.

Every time I open IE and type in a url, I get major pop ups to the point where I can't navigate through them either because of redirection or simply because by closing the pop up it completely shuts down IE.

It's changing all the advertisements on these forum pages and other sites to PORN now!

(I have never visited a porn site or gambling site and don't know why this is happening, but it's bothering me because I have to bolt the doors so my kids don't come in here while I'm on here trying to get help)

I've emptied my Temp files,
I've run AVG,
I've emptied my recycle bin,
I've run Spybot
I've run Ad-Aware
I've checked msconfig
I've also run ATF-Cleaner twice and SuperAntiSpyware twice. I have both logs saved for SUPERAntiSpyware.
I've run a Panda Scan

I'm still getting major major popups and my pages are opening very slow.


Any help would be appreciated.

I'm on my knees!!!





FIRST SUPERAntiSpyware LOG:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/09/2008 at 00:22 AM

Application Version : 4.0.1154

Core Rules Database Version : 3416
Trace Rules Database Version: 1404

Scan type : Complete Scan
Total Scan Time : 01:25:15

Memory items scanned : 441
Memory threats detected : 2
Registry items scanned : 7783
Registry threats detected : 11
File items scanned : 212895
File threats detected : 17

Trojan.Unclassifed/AffiliateBundle
C:\WINDOWS\SYSTEM32\NNNKIHI.DLL
C:\WINDOWS\SYSTEM32\NNNKIHI.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FBD29C3C-C642-4843-A627-6E54A947B511}
HKCR\CLSID\{FBD29C3C-C642-4843-A627-6E54A947B511}
HKCR\CLSID\{FBD29C3C-C642-4843-A627-6E54A947B511}\InprocServer32
HKCR\CLSID\{FBD29C3C-C642-4843-A627-6E54A947B511}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{ FBD29C3C-C642-4843-A627-6E54A947B511}
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\nnnkihi

Adware.Vundo Variant/Resident
C:\WINDOWS\SYSTEM32\VTSQO.DLL
C:\WINDOWS\SYSTEM32\VTSQO.DLL

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{944EFA5B-0B9B-4914-839F-4B03D384DB06}
HKCR\CLSID\{944EFA5B-0B9B-4914-839F-4B03D384DB06}
HKCR\CLSID\{944EFA5B-0B9B-4914-839F-4B03D384DB06}\InprocServer32
HKCR\CLSID\{944EFA5B-0B9B-4914-839F-4B03D384DB06}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{944EFA5B-0B9B-4914-839F-4B03D384DB06}

BearShare File Sharing Client
C:\PROGRAM FILES\BEARSHARE\BEARSHARE.EXE

Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\OQSTV.INI
C:\WINDOWS\SYSTEM32\OQSTV.INI2






SECOND LOG:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/09/2008 at 01:47 PM

Application Version : 4.0.1154

Core Rules Database Version : 3416
Trace Rules Database Version: 1404

Scan type : Complete Scan
Total Scan Time : 01:21:22

Memory items scanned : 412
Memory threats detected : 0
Registry items scanned : 7780
Registry threats detected : 0
File items scanned : 207734
File threats detected : 28

Adware.Tracking Cookie
C:\Documents and Settings\Tracey\Cookies\[email protected][1].txt
C:\Documents and Settings\Tracey\Cookies\[email protected][1].txt
C:\Documents and Settings\Tracey\Cookies\[email protected][1].txt
C:\Documents and Settings\Tracey\Cookies\[email protected][1].txt
C:\Documents and Settings\Tracey\Cookies\[email protected][2].txt
C:\Documents and Settings\Tracey\Cookies\[email protected][2].txt
C:\Documents and Settings\Tracey\Cookies\[email protected][1].txt
C:\Documents and Settings\Tracey\Cookies\[email protected][1].txt
C:\Documents and Settings\Tracey\Cookies\[email protected][1].txt
C:\Documents and Settings\Tracey\Cookies\[email protected][1].txt
C:\Documents and Settings\Tracey\Cookies\[email protected][2].txt
C:\Documents and Settings\Tracey\Cookies\[email protected][2].txt
C:\Documents and Settings\Tracey\Cookies\[email protected][1].txt
C:\Documents and Settings\Tracey\Cookies\[email protected][1].txt
C:\Documents and Settings\Tracey\Cookies\[email protected][1].txt
C:\Documents and Settings\Tracey\Cookies\[email protected][1].txt
C:\Documents and Settings\Tracey\Cookies\[email protected][1].txt
C:\Documents and Settings\Tracey\Cookies\[email protected][1].txt
C:\Documents and Settings\Tracey\Cookies\[email protected][2].txt
C:\Documents and Settings\Tracey\Cookies\[email protected][2].txt
C:\Documents and Settings\Tracey\Cookies\[email protected][2].txt
C:\Documents and Settings\Tracey\Cookies\[email protected][1].txt
C:\Documents and Settings\Tracey\Cookies\[email protected][1].txt
C:\Documents and Settings\Tracey\Cookies\[email protected][1].txt
C:\Documents and Settings\Tracey\Cookies\[email protected][2].txt
C:\Documents and Settings\Tracey\Cookies\[email protected][2].txt
C:\Documents and Settings\Tracey\Cookies\[email protected][2].txt

BearShare File Sharing Client
C:\PROGRAM FILES\BEARSHARE\BEARSHARE.EXE


Here's the Panda scan log:


Incident Status Location

Adware:adware/savenow Not disinfected Windows Registry
Adware:adware/powerscan Not disinfected Windows Registry
Hacktool:exploit/mhtredir.gen Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{527196A4-B1A3-4647-931D-37BA5AF23037}
Adware:adware/ist.sidefind Not disinfected Windows Registry
Adware:adware/ist.istbar Not disinfected Windows Registry
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Tracey\.jpi_cache\jar\1.0\count3.jar-7d2c9337-170b8ede.zip[Dummy.class]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Tracey\Application Data\Mozilla\Profiles\default\nmq87ya4.slt\cookies.txt[.247realmedia.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Tracey\Application Data\Mozilla\Profiles\default\nmq87ya4.slt\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Tracey\Application Data\Mozilla\Profiles\default\nmq87ya4.slt\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Tracey\Application Data\Mozilla\Profiles\default\nmq87ya4.slt\cookies.txt[.advertising.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Tracey\Application Data\Mozilla\Profiles\default\nmq87ya4.slt\cookies.txt[.atwola.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Tracey\Application Data\Mozilla\Profiles\default\nmq87ya4.slt\cookies.txt[.go.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Tracey\Application Data\Mozilla\Profiles\default\nmq87ya4.slt\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Tracey\Application Data\Mozilla\Profiles\default\nmq87ya4.slt\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Tracey\Application Data\Mozilla\Profiles\default\nmq87ya4.slt\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Tracey\Application Data\Mozilla\Profiles\default\nmq87ya4.slt\cookies.txt[.yadro.ru/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Tracey\Application Data\Mozilla\Profiles\default\nmq87ya4.slt\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Tracey\Cookies\[email protected][2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Tracey\Cookies\[email protected][2].txt
Spyware:Cookie/Revenue Not disinfected C:\Documents and Settings\Tracey\Cookies\[email protected][1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Tracey\Cookies\[email protected][2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Tracey\Cookies\[email protected][1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Tracey\Cookies\[email protected][2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Tracey\Cookies\[email protected][2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Tracey\Cookies\[email protected][2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Tracey\Cookies\[email protected][1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Tracey\Cookies\[email protected][1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Tracey\Cookies\[email protected][1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Tracey\Cookies\[email protected][1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Tracey\Cookies\[email protected][1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Tracey\Cookies\[email protected][1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Tracey\Cookies\[email protected][2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Tracey\Cookies\[email protected][1].txt
Virus:Generic Trojan Disinfected C:\Documents and Settings\Tracey\Desktop\multimedia stuff\Powerkaraoke.Plus.1.1.6.-.(Tool .kar .mid karaoke)\PowerKaraokePlus.exe
Virus:Generic Trojan Disinfected C:\Documents and Settings\Tracey\Desktop\multimedia stuff\Powerkaraoke.Plus.1.1.6.-.(Tool .kar .mid karaoke).zip[PowerKaraokePlus.exe]
Virus:Generic Trojan Disinfected C:\Documents and Settings\Tracey\My Documents\My Downloads\Ahead.Nero.Burning.Rom.6.6.0.3.Keygen-CiM.zip[Keygen.exe]
Virus:Trj/Sinowal.DW Disinfected C:\Program Files\123 Copy DVD\dvdscript.dll
Virus:Trj/Sinowal.DW Disinfected C:\Program Files\123 Copy DVD\update.exe[UPDATE_DVDSCRIPT.DLL]
Virus:Generic Malware Disinfected C:\Program Files\GameSpy Arcade\Services\_common\PortraitLoader.dll
Possible Virus. Not disinfected C:\Program Files\Yahoo! Games\Diner Dash Hometown Hero Gourmet\DinerDashHometownHero.exe
Adware:Adware/DelFinMedia Not disinfected C:\Secondary Drive\Documents and Settings\Brad Yaciuk\Application Data\Business Logic\UWC\Backup\J37647.8248219907.WCU[C:/WINDOWS/Temp/Adware/DelFinMediaViewer29j.exe]
Spyware:Cookie/Atlas DMT Not disinfected C:\Secondary Drive\Documents and Settings\Brad Yaciuk\Application Data\Mozilla\Profiles\default\xyre5449.slt\cookies.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Secondary Drive\Documents and Settings\Brad Yaciuk\Application Data\Mozilla\Profiles\default\xyre5449.slt\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atwola Not disinfected C:\Secondary Drive\Documents and Settings\Brad Yaciuk\Application Data\Mozilla\Profiles\default\xyre5449.slt\cookies.txt[.atwola.com/]
Spyware:Cookie/Go Not disinfected C:\Secondary Drive\Documents and Settings\Brad Yaciuk\Application Data\Mozilla\Profiles\default\xyre5449.slt\cookies.txt[.go.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Secondary Drive\Documents and Settings\Brad Yaciuk\Application Data\Mozilla\Profiles\default\xyre5449.slt\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Adserver Not disinfected C:\Secondary Drive\Documents and Settings\Brad Yaciuk\Application Data\Mozilla\Profiles\default\xyre5449.slt\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/Euniverseads Not disinfected C:\Secondary Drive\Documents and Settings\Brad Yaciuk\Application Data\Mozilla\Profiles\default\xyre5449.slt\cookies.txt[.euniverseads.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Secondary Drive\Documents and Settings\Brad Yaciuk\Application Data\Mozilla\Profiles\default\xyre5449.slt\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Euniverseads Not disinfected C:\Secondary Drive\Documents and Settings\Brad Yaciuk\Application Data\Mozilla\Profiles\default\xyre5449.slt\cookies.txt[.euniverseads.com/]
Spyware:Cookie/Advertising Not disinfected C:\Secondary Drive\Documents and Settings\Brad Yaciuk\Application Data\Mozilla\Profiles\default\xyre5449.slt\cookies.txt[.advertising.com/]
Spyware:Cookie/Adserver Not disinfected C:\Secondary Drive\Documents and Settings\Brad Yaciuk\Application Data\Mozilla\Profiles\default\xyre5449.slt\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Secondary Drive\Documents and Settings\Brad Yaciuk\Application Data\Mozilla\Profiles\default\xyre5449.slt\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Secondary Drive\Documents and Settings\Brad Yaciuk\Application Data\Mozilla\Profiles\default\xyre5449.slt\cookies.txt[.mediaplex.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Secondary Drive\Documents and Settings\Brad Yaciuk\Application Data\Mozilla\Profiles\default\xyre5449.slt\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/FastClick Not disinfected C:\Secondary Drive\Documents and Settings\Brad Yaciuk\Application Data\Mozilla\Profiles\default\xyre5449.slt\cookies.txt[.fastclick.net/]
Spyware:Cookie/Bfast Not disinfected C:\Secondary Drive\Documents and Settings\Brad Yaciuk\Application Data\Mozilla\Profiles\default\xyre5449.slt\cookies.txt[.bfast.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Secondary Drive\Documents and Settings\Brad Yaciuk\Application Data\Mozilla\Profiles\default\xyre5449.slt\cookies.txt[.casalemedia.com/]
Virus:Generic Malware Disinfected C:\Secondary Drive\Program Files\GameSpy Arcade\Aphex.exe
Virus:Generic Malware Disinfected C:\Secondary Drive\Program Files\GameSpy Arcade\Services\_common\PortraitLoader.dll
Adware:Adware/Medload Not disinfected C:\Secondary Drive\Program Files\MediaLoads\v1\ML.exe
Potentially unwanted tool:Application/PRScheduler Not disinfected C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup
Spyware:Cookie/Atwola Not disinfected E:\Copy of Application Data\Mozilla\Profiles\default\8ikj6oms.slt\cookies.txt[.atwola.com/]
Spyware:Cookie/Advertising Not disinfected E:\Copy of Application Data\Mozilla\Profiles\default\8ikj6oms.slt\cookies.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected E:\Copy of Application Data\Mozilla\Profiles\default\8ikj6oms.slt\cookies.txt[.servedby.advertising.com/]
Spyware:Cookie/Atlas DMT Not disinfected E:\Copy of Application Data\Mozilla\Profiles\default\8ikj6oms.slt\cookies.txt[.atdmt.com/]
Spyware:Cookie/Mediaplex Not disinfected E:\Copy of Application Data\Mozilla\Profiles\default\8ikj6oms.slt\cookies.txt[.mediaplex.com/]
Adware:Adware/DelFinMedia Not disinfected E:\Documents and Settings\Brad Yaciuk\Application Data\Business Logic\UWC\Backup\J37647.8248219907.WCU[C:/WINDOWS/Temp/Adware/DelFinMediaViewer29j.exe]
Spyware:Cookie/Atlas DMT Not disinfected E:\Documents and Settings\Brad Yaciuk\Application Data\Mozilla\Profiles\default\xyre5449.slt\cookies.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected E:\Documents and Settings\Brad Yaciuk\Application Data\Mozilla\Profiles\default\xyre5449.slt\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atwola Not disinfected E:\Documents and Settings\Brad Yaciuk\Application Data\Mozilla\Profiles\default\xyre5449.slt\cookies.txt[.atwola.com/]
Spyware:Cookie/Go Not disinfected E:\Documents and Settings\Brad Yaciuk\Application Data\Mozilla\Profiles\default\xyre5449.slt\cookies.txt[.go.com/]
Spyware:Cookie/Hitbox Not disinfected E:\Documents and Settings\Brad Yaciuk\Application Data\Mozilla\Profiles\default\xyre5449.slt\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Adserver Not disinfected E:\Documents and Settings\Brad Yaciuk\Application Data\Mozilla\Profiles\default\xyre5449.slt\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/Euniverseads Not disinfected E:\Documents and Settings\Brad Yaciuk\Application Data\Mozilla\Profiles\default\xyre5449.slt\cookies.txt[.euniverseads.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected E:\Documents and Settings\Brad Yaciuk\Application Data\Mozilla\Profiles\default\xyre5449.slt\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Euniverseads Not disinfected E:\Documents and Settings\Brad Yaciuk\Application Data\Mozilla\Profiles\default\xyre5449.slt\cookies.txt[.euniverseads.com/]
Spyware:Cookie/Advertising Not disinfected E:\Documents and Settings\Brad Yaciuk\Application Data\Mozilla\Profiles\default\xyre5449.slt\cookies.txt[.advertising.com/]
Spyware:Cookie/Adserver Not disinfected E:\Documents and Settings\Brad Yaciuk\Application Data\Mozilla\Profiles\default\xyre5449.slt\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/QuestionMarket Not disinfected E:\Documents and Settings\Brad Yaciuk\Application Data\Mozilla\Profiles\default\xyre5449.slt\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Mediaplex Not disinfected E:\Documents and Settings\Brad Yaciuk\Application Data\Mozilla\Profiles\default\xyre5449.slt\cookies.txt[.mediaplex.com/]
Spyware:Cookie/PointRoll Not disinfected E:\Documents and Settings\Brad Yaciuk\Application Data\Mozilla\Profiles\default\xyre5449.slt\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/FastClick Not disinfected E:\Documents and Settings\Brad Yaciuk\Application Data\Mozilla\Profiles\default\xyre5449.slt\cookies.txt[.fastclick.net/]
Spyware:Cookie/Bfast Not disinfected E:\Documents and Settings\Brad Yaciuk\Application Data\Mozilla\Profiles\default\xyre5449.slt\cookies.txt[.bfast.com/]
Spyware:Cookie/Casalemedia Not disinfected E:\Documents and Settings\Brad Yaciuk\Application Data\Mozilla\Profiles\default\xyre5449.slt\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Go Not disinfected E:\Documents and Settings\Brad Yaciuk\Cookies\brad [email protected][1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected E:\Documents and Settings\Brad Yaciuk\Cookies\brad [email protected][1].txt
Virus:W32/Parite.dam Renamed E:\[email protected]
Virus:Generic Malware Disinfected E:\Program Files\GameSpy Arcade\Aphex.exe
Virus:Generic Malware Disinfected E:\Program Files\GameSpy Arcade\Services\_common\PortraitLoader.dll
Possible Virus. Not disinfected E:\Program Files\Kazaa Lite K++\KazaaLite.kpp
Adware:Adware/Medload Not disinfected E:\Program Files\MediaLoads\v1\ML.exe


Here is the HJT LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:52:52 PM, on 3/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Updater.exe
C:\WINDOWS\SM1BG.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
E:\Adobe Photoshop elements 5.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\regedit.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.../7_2/home.html"); (C:\Documents and Settings\TRACEY\Application Data\Mozilla\Profiles\default\nmq87ya4.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\TRACEY\Application Data\Mozilla\Profiles\default\nmq87ya4.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BM5b226d92] Rundll32.exe "C:\WINDOWS\system32\fvcpykvt.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.mess.../Medialogic.CAB
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.../CA/install.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1116254570715
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemreq...m/sysreqlab.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - E:\Adobe Photoshop elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O24 - Desktop Component 0: (no name) - http://static.ak.fac...lay_overlay.png

--
End of file - 9763 bytes


I'm still getting major major popups and my pages are opening very slowly. As soon as a page opens, I hear lots of clicking while it changes all the ads on the site to either gambling or porn. It gives "error messages" at the bottom of every window with the "yield sign". When I look in my "forward/back" list, there are always strange addresses that I have to bypass in order to get to the page I want.



Please help me remove the malware. It's getting worse and worse.

--------------------------------------------------------------------------------
Last edited by Tracee : 09-Mar-2008 07:15 PM. Reason: updated HJT log and added SUPERAntiSpyware logs

Edited by electra, 11 March 2008 - 12:02 AM.

  • 0

Advertisements


#2
electra

electra

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
It's fixed.

Edited by electra, 11 March 2008 - 08:25 PM.

  • 0

#3
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP