Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

media codec Popup When Signing on to AOL [RESOLVED]


  • This topic is locked This topic is locked

#16
bunsnpigs

bunsnpigs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
No.
  • 0

Advertisements


#17
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Then please disable them, then run Combofix again.

Regards,
RatHat
  • 0

#18
bunsnpigs

bunsnpigs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
I was on the step to drag the setup package onto Combofix.exe and drop it. It immediately started to run and I never had any prompts to accept the license agreement. I was still doing the installation of the recovery console. Sorry for the misunderstanding.

Edited by bunsnpigs, 29 May 2008 - 05:56 PM.

  • 0

#19
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
OK, please run Combofix without doing the installation of the recovery console.

Regards,
RatHat
  • 0

#20
bunsnpigs

bunsnpigs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Ok. All finished, and I turned my AV back on.

OTM:

C:\Program Files\iGive__Shopping__Window\ig.exe moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05292008_191420


Combofix:

ComboFix 08-05-29.1 - Judi 2008-05-29 20:06:19.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.135 [GMT -4:00]
Running from: C:\Documents and Settings\Judi\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Don\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML

.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-30 )))))))))))))))))))))))))))))))
.

2100-02-24 15:15 . 2001-04-02 17:30 821 --a--c--- C:\WINDOWS\Lexmark_ICM.ini
2100-02-16 17:09 . 2001-02-16 16:37 62 --a--c--- C:\WINDOWS\SYSTEM32\LXASUSCI.INI
2008-05-29 19:14 . 2008-05-29 19:14 <DIR> d-------- C:\_OTMoveIt
2008-05-28 18:30 . 2008-05-28 18:30 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2008-05-28 18:30 . 2008-05-28 18:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-27 20:35 . 2008-05-27 20:35 <DIR> d-------- C:\Deckard
2008-05-27 18:13 . 2008-05-29 19:11 2,560 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mchInjDrv.sys
2008-05-26 15:59 . 2008-05-26 15:59 403,785 --a------ C:\FixIEDef.exe
2008-05-26 10:42 . 2008-05-26 10:42 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-26 10:42 . 2008-05-26 10:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-26 10:41 . 2008-05-26 10:41 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-26 10:35 . 2008-05-26 10:40 <DIR> d-------- C:\Ad-Aware
2008-05-24 16:21 . 2008-05-24 17:50 6,412 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2008-05-24 16:20 . 2008-05-24 19:02 <DIR> d-------- C:\SmitfraudFix
2008-05-24 16:20 . 2008-05-24 16:20 1,391,204 --a------ C:\SmitfraudFix.exe
2008-05-23 20:17 . 2008-05-23 20:17 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\SYSTEM32\lsdelete.exe
2008-05-11 20:26 . 2005-05-31 05:33 98,360 --a------ C:\WINDOWS\dla.exe
2008-05-11 20:26 . 2005-04-22 03:22 88,352 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\drvmcdb.sys
2008-05-11 20:26 . 2005-05-31 05:33 61,500 --a------ C:\WINDOWS\SYSTEM32\tfswapi.dll
2008-05-11 20:26 . 2005-04-21 02:56 40,544 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys
2008-05-11 20:26 . 2005-05-13 10:37 23,545 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys
2008-05-11 20:26 . 2005-05-13 10:37 5,627 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys
2008-04-29 11:20 . 2008-04-29 11:20 15,648 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\NSDriver.sys
2008-04-29 11:19 . 2008-04-29 11:19 15,648 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Awrtrd.sys
2008-04-29 11:19 . 2008-04-29 11:19 12,960 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Awrtpd.sys
2008-04-07 09:59 . 2008-04-07 09:59 <DIR> d-------- C:\Documents and Settings\Eric.JUDIPC\Application Data\Viewpoint

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-30 00:12 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-30 00:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-05-29 23:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-29 23:14 --------- d-----w C:\Program Files\iGive__Shopping__Window
2008-05-28 22:49 --------- d-----w C:\Documents and Settings\Judi\Application Data\SiteAdvisor
2008-05-27 22:27 38,272 ----a-w C:\Documents and Settings\Judi\Application Data\wklnhst.dat
2008-05-24 19:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-24 19:35 --------- d-----w C:\Program Files\Viewpoint
2008-05-24 12:31 --------- d-----w C:\Program Files\NETGEAR
2008-05-23 21:55 --------- d-----w C:\Program Files\SiteAdvisor
2008-05-18 23:14 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-18 23:12 --------- d-----w C:\Documents and Settings\Judi\Application Data\AdobeUM
2008-05-12 00:26 --------- d-----w C:\Program Files\Sonic
2008-04-11 00:11 --------- d-----w C:\Documents and Settings\Judi\Application Data\Intuit
2008-04-07 13:59 --------- d-----w C:\Documents and Settings\Eric.JUDIPC\Application Data\Symantec
2008-04-07 13:58 --------- d-----w C:\Documents and Settings\Eric.JUDIPC\Application Data\AOL
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\SYSTEM32\msjint40.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys
2008-03-03 03:00 947,213 ----a-w C:\Program Files\Gd30.zip
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\SYSTEM32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\SYSTEM32\dnsrslvr.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsrslvr.dll
2008-02-20 05:32 148,992 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2008-02-19 23:09 368,777 ----a-w C:\WINDOWS\SYSTEM32\OBX Connection Screensaver.scr
2008-02-15 09:07 18,432 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe
2008-01-01 00:03 0 ----a-w C:\Documents and Settings\Don\Application Data\wklnhst.dat
2006-12-29 23:16 5,194 ----a-w C:\Documents and Settings\Jennifer\Application Data\wklnhst.dat
2005-12-21 20:38 1,098 ----a-w C:\Documents and Settings\Eric.JUDIPC\Application Data\wklnhst.dat
2005-04-17 12:22 64,816 ----a-w C:\Documents and Settings\Judi\Application Data\GDIPFONTCACHEV1.DAT
2001-11-30 16:09 49,152 ----a-r C:\Program Files\Common Files\HDvAvi.dll
2004-09-15 18:28 73,728 -csha-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 23:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-01-31 18:47 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-24 23:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 23:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 18:51 57344]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-22 00:18 68856]
"Google Update"="C:\Documents and Settings\Judi\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" [2008-03-15 22:07 51184]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"AOL Fast Start"="C:\Program Files\AOL 9.1\AOL.exe" [2007-10-27 13:44 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 14:52 339968]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-23 20:19 57344]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 12:43 57344]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 03:00 45056]
"CTHelper"="CTHELPER.EXE" [2004-03-11 11:50 28672 C:\WINDOWS\SYSTEM32\CtHelper.exe]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 03:00 90112]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 03:01 110592]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 10:50 53248]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"Lexmark X83 Button Monitor"="C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe" [2001-10-18 11:25 40960]
"Lexmark X83 Button Manager"="C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe" [2001-06-14 13:42 53248]
"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe" [2002-06-27 04:47 36864]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-12-06 00:08 50688]
"AS00_Gear311T"="C:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe" [2004-05-12 15:21 458752]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 18:50 40960]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2006-07-31 11:03 35416]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 08:50 71216]
"HostManager"="C:\Program Files\Common Files\AOL\1170732032\ee\AOLSoftware.exe" [2007-05-25 13:16 42032]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-16 21:40 1197648]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 13:16 185896]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 12:45 75304]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 14:15 51048]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-25 00:53 714608]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 05:33 122941]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-01-23 15:47 847872]
"igivm"="C:\Program Files\iGive__Shopping__Window\iGiveShoppingWindowv.exe" [2006-12-13 15:13 255552]

C:\Documents and Settings\Judi\Start Menu\Programs\Startup\
YouTube Uploader.lnk - C:\Documents and Settings\Judi\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe [2007-11-09 14:33:08 71152]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
CARD Monitor.lnk - C:\Program Files\Panasonic\Palmcorder\CARD LINK (for USB)\regcnt09.exe [2007-02-12 11:06:03 49152]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2004-12-09 12:43:17 24576]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 16:05:56 65588]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg21.dll
"VIDC.DVSD"= pdvcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Common Files\\AOL\\1170732032\\ee\\aolsoftware.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\AOL 9.1\\waol.exe"=

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 10:23]
R3 AWINDIS5;AWINDIS5 Protocol Driver;C:\WINDOWS\system32\AWINDIS5.SYS [2002-04-11 18:43]
R3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
R3 NETGEAR_WG311T_SERVICE;NETGEAR WG311T Wireless Adapter Service;C:\WINDOWS\system32\DRIVERS\wg311tn5.sys [2004-03-08 17:12]
S2 MKEMUSB;Panasonic Digital Palmcorder;C:\WINDOWS\system32\Drivers\MkemUsb.sys [2001-08-08 19:52]
S3 DCamUSBMke;USB Video Camera for Panasonic Digital Palmcorder;C:\WINDOWS\system32\Drivers\Mkeusbi.sys [2001-12-18 12:38]
S3 WLAN_USB;Wireless LAN USB Driver;C:\WINDOWS\system32\DRIVERS\MA111nd5.sys [2002-12-23 13:36]

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-05-27 00:00:17 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Judi.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-29 20:13:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
.
Completion time: 2008-05-29 20:16:23
ComboFix-quarantined-files.txt 2008-05-30 00:16:19

Pre-Run: 47,869,390,848 bytes free
Post-Run: 47,981,817,856 bytes free

204 --- E O F --- 2008-05-16 21:34:26
  • 0

#21
bunsnpigs

bunsnpigs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
What's this: *Newly Created Service* - CATCHME
  • 0

#22
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts

What's this: *Newly Created Service* - CATCHME


It is part of Combofix, a section that helps identify rootkits if they are present. In your log though, none are found :)

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-29 20:13:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


So how is the computer running now?

Regards,
RatHat
  • 0

#23
bunsnpigs

bunsnpigs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
I hate to say it..... I sign on to AOL 9.1 and get the popup. Its a Microsoft IE popup, by the way, if that means anything. Same wording.

In the background, the first thing that comes up before my Welcome screen is a web page to celebritiesvidz.com. Its a porn site. I guess its imbedded into AOL 9.1? Maybe I should uninstall it and reinstall it. I will have to get a download from AOL.

Edited by bunsnpigs, 30 May 2008 - 04:37 AM.

  • 0

#24
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
This is an odd one!

Now I see you have SmitfraudFix.exe and FixIEDef.exe on your system, have you run these? Lets take a really deep look into your system.

Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program.
  • Check the box that says Scan All User Accounts
  • Check the box that says Include MD5
  • Check the Radio buttons for Files/Folders Created Within 90 Days and Files/Folders Modified Within 90 Days
  • Check the Radio button under Drivers for Non Microsoft
  • Check the radio button under Rootkit Search for Yes
  • Under Additional Scans check the following:
    • Reg - ControlSets
    • Reg - Desktop Components
    • Reg - IE CmdMapping
    • Reg - IE Zones & Template Policies Details
    • Reg - NeverShowExt Settings
    • File - Lop Check
    • File - Purity Scan
    • Evnt - EventViewer Errors/Warnings (last 7 days)
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post
Regards,
RatHat
  • 0

#25
bunsnpigs

bunsnpigs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
The file won't upload. Its 2.5MB, and the max upload for attachments is 500K. I also don't feel comfortable uploading it onto this forum. Its got a lot of stuff on it. Can you delete it after I upload it?
  • 0

Advertisements


#26
bunsnpigs

bunsnpigs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Also, yes, in my search to get rid of this malware, I tried a lot of things including smitfraudfix and fixiedef. Nothing is working! This is starting to wear me down. I almost feel like clicking on the stupid button to download the media codec! Don't worry.. I won't do that. :)
  • 0

#27
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Could you zip the file, and then upload it for me please.
  • 0

#28
bunsnpigs

bunsnpigs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Attached File  OTScanIt.zip   142.82KB   119 downloads
  • 0

#29
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Judi,

IGive is known Adware, and though you feel it is legit, I would like to know if you would like to remove it.
  • 0

#30
bunsnpigs

bunsnpigs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
I signed up for it. I use it to donate to one of my favorite charities when I make purchases from one of the vendors on their list. I'd rather not delete it, but I will if you think its causing the problem. I've been using it since September of last year.

Do you see anything else in this monstrous list? I am still wondering if I should uninstall AOL and reinstall it. I wish I wasn't so tied to it but I am because I do animal rescue and I have a lot of files saved on it that web sites use.

Edited by bunsnpigs, 30 May 2008 - 06:50 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP