Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Vimax "male" enlarger ads and some websites wont work

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Vimax "male" enlarger ads and some websites wont work

Unread postby Bode8692 » February 7th, 2009, 7:01 pm

On every webpage i got to there are Vimax Male Enhancement ads all over it. Also everytime i try to go on sites to fix Malware such as Malwarebytes.com i get sent to another website or a yahoo search. Here is my HijackThis Log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:44:21 PM, on 2/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\svcadmin.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Monsoon Multimedia\HAVA\Common\havasvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comodo.com/search/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\cssdll32.dll
O23 - Service: Anyplace Control Security - Unknown owner - C:\WINDOWS\svcadmin.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: HAVA Service (havasvc) - Monsoon Multimedia Inc. - C:\Program Files\Monsoon Multimedia\HAVA\Common\havasvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6531 bytes
Bode8692
Regular Member
 
Posts: 19
Joined: February 7th, 2009, 6:54 pm
Advertisement
Register to Remove

Re: Vimax "male" enlarger ads and some websites wont work

Unread postby tan_pang » February 11th, 2009, 2:02 am

Hello, and Welcome. :)
I am tan_pang and I will assisting you with your malware issues.
Please be patient as I need some time to review your Hijackthis log and i will post back recommendations for repairs.
As I am still on training, everything that I post to you, must be checked by an expert. Thus, there may be a tiny bit of a delay between posts, but it shouldn't be too long.
  • Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • Continue to respond to this thread until I give you the All Clean! If you have any question or you're stuck in there please reply it to me. I will try my best to help you!
  • Please Bookmark or Favourite this page. In case you need it as reference or etc.

------------------------------------------------------------------------------------------------------------------

Please open your HijackThis and select Open the Misc Tools section
  • Press Open Uninstall Manager...
  • Click on the Save List...
  • After save the list, the uninstall list will be shown
  • Copy the whole content and post it in here.
tan_pang
Regular Member
 
Posts: 959
Joined: August 12th, 2007, 8:04 am

Re: Vimax "male" enlarger ads and some websites wont work

Unread postby Bode8692 » February 13th, 2009, 6:51 pm

Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Reader 9
AIM 6
AIM Search
Apple Mobile Device Support
Apple Software Update
ATI Display Driver
AviSynth 2.5
Bonjour
CCleaner (remove only)
Command & Conquer Generals
Command and ConquerTM Generals Zero Hour
Creative MediaSource
Dell ResourceCD
GIMP 2.6.3
HAVA Software
HAVA Software
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
Intel(R) PRO Network Adapters and Drivers
iTunes
Java(TM) 6 Update 11
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Office Small Business Edition 2003
Microsoft Silverlight
Microsoft SOAP Toolkit 3.0
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
Mozilla Firefox (3.0.6)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB954459)
Next Video Converter 2.1.0
OpenOffice.org Installer 1.0
Pinnacle Systems USB Installation
QuickTime
Safari
Screenshot Utility version 1.0
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Sony Media Manager 2.2
Sony Vegas 7.0
Sound Blaster Live! 24-bit
Tournament Bracket Builder 1.2
Ulead Straight-to-Disc SDK
Update for Windows XP (KB925720)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
VideoLAN VLC media player 0.8.6d
Viewpoint Media Player
Windows Communication Foundation
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Presentation Foundation
Windows Workflow Foundation
WinPcap 4.0.2
Bode8692
Regular Member
 
Posts: 19
Joined: February 7th, 2009, 6:54 pm

Re: Vimax "male" enlarger ads and some websites wont work

Unread postby Bode8692 » February 13th, 2009, 6:52 pm

and here is my new hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:52:33 PM, on 2/13/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\svcadmin.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Monsoon Multimedia\HAVA\Common\havasvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comodo.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs:
O23 - Service: Anyplace Control Security - Unknown owner - C:\WINDOWS\svcadmin.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: HAVA Service (havasvc) - Monsoon Multimedia Inc. - C:\Program Files\Monsoon Multimedia\HAVA\Common\havasvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6065 bytes
Bode8692
Regular Member
 
Posts: 19
Joined: February 7th, 2009, 6:54 pm

Re: Vimax "male" enlarger ads and some websites wont work

Unread postby tan_pang » February 14th, 2009, 10:34 am

Hi, I saw that you have Viewpoint Media Player installed.

Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player’s components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto‑updating for the Viewpoint Manager ‑‑ the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.
To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.

Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". This may change, read Viewpoint to Plunge Into Adware.
I recommend that you remove the Viewpoint products; however, decide for yourself. To uninstall the the Viewpoint components (Viewpoint, Viewpoint Manager, Viewpoint Media Player):
  1. Click Start, point to Settings, and then click Control Panel.
  2. In Control Panel, double-click Add or Remove Programs.
  3. In Add or Remove Programs, highlight >>Viewpoint component<< , click Remove.
  4. Do the same for each Viewpoint component.

===========================================================================================================

  1. Please download OTMoveIt3.exe from Geeks to Go and save it to your desktop.
  2. Double click on OTMoveIt3.exe to run it.
  3. Please copy and paste the following in the Code box into OTMoveIt3 (1).

    Warning: Do not type it out to prevent any typo errors and damaging your machine.

    Code: Select all
    :Processes
    svcadmin.exe
    :Services
    "Anyplace Control Security"
    :Files
    C:\WINDOWS\svcadmin.exe
    :Commands
    [EmptyTemp]
    [Reboot]


    Please refer to this image to use OTMoveIt3.

    Image

  4. Click on MoveIt! (2)
  5. Your computer might need to reboot after that. Click Yes on the prompt.
  6. After reboot, you have to look for the OTMoveIt3 log file in C:\_OTMoveIt\MovedFiles, then open the text file that have some number on the name (which indicate the date and time) and post the content to here.

===========================================================================================================

In next post, please post the content of:
  • The OTMoveIt3 log.
  • Uninstall list.
  • HijackThis log.
  • Your computer condition now.
tan_pang
Regular Member
 
Posts: 959
Joined: August 12th, 2007, 8:04 am

Re: Vimax "male" enlarger ads and some websites wont work

Unread postby Bode8692 » February 14th, 2009, 9:11 pm

OTMOVEIT Log

========== PROCESSES ==========
Unable to kill process: svcadmin.exe
========== SERVICES/DRIVERS ==========
Unable to stop service "Anyplace Control Security" .
========== FILES ==========
C:\WINDOWS\svcadmin.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Anthony\LOCALS~1\Temp\etilqs_RFv1a5SUyZXOLV8iYq2a scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_1b8.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Anthony\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lq9s2di.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Anthony\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lq9s2di.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Anthony\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lq9s2di.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Anthony\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lq9s2di.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Anthony\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lq9s2di.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Anthony\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lq9s2di.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02142009_200740

Files moved on Reboot...
File C:\DOCUME~1\Anthony\LOCALS~1\Temp\etilqs_RFv1a5SUyZXOLV8iYq2a not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_1b8.dat not found!
C:\Documents and Settings\Anthony\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lq9s2di.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Anthony\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lq9s2di.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Anthony\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lq9s2di.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Anthony\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lq9s2di.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Anthony\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lq9s2di.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Anthony\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lq9s2di.default\XUL.mfl moved successfully.
Bode8692
Regular Member
 
Posts: 19
Joined: February 7th, 2009, 6:54 pm

Re: Vimax "male" enlarger ads and some websites wont work

Unread postby tan_pang » February 15th, 2009, 1:01 am

tan_pang wrote:In next post, please post the content of:
  • The OTMoveIt3 log.
  • Uninstall list.
  • HijackThis log.
  • Your computer condition now.

Refer to my post above, can you please post the other log file and also tell me your computer condition now??
tan_pang
Regular Member
 
Posts: 959
Joined: August 12th, 2007, 8:04 am

Re: Vimax "male" enlarger ads and some websites wont work

Unread postby Bode8692 » February 15th, 2009, 1:56 am

The Computer has been running better, i had ran ComboFix right after i requested help on this site, which removed a minor root kit which got rid of the vimax ads and the google redirects. But after you responded i wanted to make sure everything was A ok. Thank you for helping me by the way.

OjMoveit Log:

========== PROCESSES ==========
Unable to kill process: svcadmin.exe
========== SERVICES/DRIVERS ==========
Unable to stop service "Anyplace Control Security" .
========== FILES ==========
C:\WINDOWS\svcadmin.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Anthony\LOCALS~1\Temp\etilqs_RFv1a5SUyZXOLV8iYq2a scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_1b8.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Anthony\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lq9s2di.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Anthony\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lq9s2di.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Anthony\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lq9s2di.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Anthony\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lq9s2di.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Anthony\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lq9s2di.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Anthony\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lq9s2di.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02142009_200740

Files moved on Reboot...
File C:\DOCUME~1\Anthony\LOCALS~1\Temp\etilqs_RFv1a5SUyZXOLV8iYq2a not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_1b8.dat not found!
C:\Documents and Settings\Anthony\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lq9s2di.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Anthony\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lq9s2di.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Anthony\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lq9s2di.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Anthony\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lq9s2di.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Anthony\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lq9s2di.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Anthony\Local Settings\Application Data\Mozilla\Firefox\Profiles\4lq9s2di.default\XUL.mfl moved successfully.

Hijack This Log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:53:42 AM, on 2/15/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Monsoon Multimedia\HAVA\Common\havasvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comodo.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs:
O23 - Service: Anyplace Control Security - Unknown owner - C:\WINDOWS\svcadmin.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: HAVA Service (havasvc) - Monsoon Multimedia Inc. - C:\Program Files\Monsoon Multimedia\HAVA\Common\havasvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 5788 bytes

Uninstall List : Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Reader 9
AIM 6
AIM Search
Apple Mobile Device Support
Apple Software Update
ATI Display Driver
AviSynth 2.5
Bonjour
CCleaner (remove only)
Command & Conquer Generals
Command and ConquerTM Generals Zero Hour
Creative MediaSource
Dell ResourceCD
GIMP 2.6.3
HAVA Software
HAVA Software
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
Intel(R) PRO Network Adapters and Drivers
iTunes
Java(TM) 6 Update 11
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Office Small Business Edition 2003
Microsoft Silverlight
Microsoft SOAP Toolkit 3.0
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
Mozilla Firefox (3.0.6)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB954459)
Next Video Converter 2.1.0
OpenOffice.org Installer 1.0
Pinnacle Systems USB Installation
QuickTime
Safari
Screenshot Utility version 1.0
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Sony Media Manager 2.2
Sony Vegas 7.0
Sound Blaster Live! 24-bit
Tournament Bracket Builder 1.2
Ulead Straight-to-Disc SDK
Update for Windows XP (KB925720)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
VideoLAN VLC media player 0.8.6d
Windows Communication Foundation
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Presentation Foundation
Windows Workflow Foundation
WinPcap 4.0.2
Bode8692
Regular Member
 
Posts: 19
Joined: February 7th, 2009, 6:54 pm

Re: Vimax "male" enlarger ads and some websites wont work

Unread postby tan_pang » February 15th, 2009, 2:19 am

Since that you have also used ComboFix, please post the ComboFix log file also, thanks.
tan_pang
Regular Member
 
Posts: 959
Joined: August 12th, 2007, 8:04 am

Re: Vimax "male" enlarger ads and some websites wont work

Unread postby Bode8692 » February 15th, 2009, 7:35 pm

I dont know where the one is that delete the root kit, but here is log of the 2nd time i ran it ( i ran it twice to make sure everything that needed to be deleted was ) and here is the log from that day

ComboFix 09-02-12.03 - Anthony 2009-02-13 15:12:32.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1612 [GMT -5:00]
Running from: c:\documents and settings\Anthony\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-01-13 to 2009-02-13 )))))))))))))))))))))))))))))))
.

2009-02-07 17:44 . 2009-02-07 17:44 <DIR> d-------- c:\program files\Trend Micro
2009-02-02 15:30 . 2009-02-02 15:30 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-02 15:30 . 2009-02-02 15:30 <DIR> d-------- c:\documents and settings\Anthony\Application Data\Malwarebytes
2009-02-02 15:30 . 2009-02-02 15:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-02 15:30 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-02 15:30 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-01 23:14 . 2009-02-01 23:14 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Apple Computer
2009-02-01 23:13 . 2009-02-01 23:13 <DIR> d-------- c:\documents and settings\Administrator
2009-02-01 22:57 . 2009-02-01 22:57 120 --a------ c:\windows\CIS_Setup_3.5.57173.439_XP_Vista_x32.INI
2009-02-01 09:56 . 2009-02-02 15:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\_comodo_
2009-01-31 23:40 . 2009-01-31 23:40 <DIR> d-------- c:\program files\AskSearch
2009-01-31 23:40 . 2009-01-31 23:40 249,592 --a------ c:\windows\system32\cssdll32.dll
2009-01-31 23:38 . 2009-02-02 15:36 <DIR> d-------- c:\program files\COMODO
2009-01-31 17:43 . 2009-01-31 17:53 <DIR> d-------- c:\program files\POL
2009-01-31 17:40 . 2009-01-31 17:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\winsyscfg
2009-01-31 17:32 . 2009-01-31 17:32 <DIR> d-------- c:\program files\ExploreAnywhere
2009-01-31 17:32 . 2004-03-29 16:23 90,112 --a------ c:\windows\unvise32.exe
2009-01-31 15:47 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2009-01-31 15:47 . 2004-08-03 23:01 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2009-01-25 19:45 . 2009-01-25 19:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\NCH Swift Sound

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-12 04:13 --------- d-----w c:\documents and settings\Anthony\Application Data\LimeWire
2009-02-09 20:13 --------- d-----w c:\program files\Graboid
2009-02-09 04:28 --------- d-----w c:\documents and settings\Anthony\Application Data\gtk-2.0
2009-02-05 17:02 --------- d-----w c:\documents and settings\Anthony\Application Data\U3
2009-02-03 21:05 --------- d-----w c:\documents and settings\Anthony\Application Data\Move Networks
2009-01-31 22:38 30,336 -c--a-w c:\windows\system32\drivers\npf.sys
2009-01-31 22:32 57,344 -c--a-w c:\windows\system32\Packet.dll
2009-01-31 22:32 53,299 -c--a-w c:\windows\system32\pthreadVC.dll
2009-01-31 22:32 208,896 -c--a-w c:\windows\system32\wpcap.dll
2009-01-12 05:01 --------- d-----w c:\program files\Tournament Bracket Builder
2008-12-24 01:13 --------- d-----w c:\documents and settings\Anthony\Application Data\DivX
2008-12-23 04:30 --------- d-----w c:\program files\CCleaner
2008-12-20 22:49 12,400 -c--a-w c:\windows\system32\drivers\secdrv.sys
2008-12-19 18:32 --------- d-----w c:\program files\Cain
2008-12-19 03:58 --------- d-----w c:\documents and settings\Anthony\Application Data\Sony
2008-12-18 05:15 --------- d-----w c:\documents and settings\Anthony\Application Data\Media Player Classic
2008-12-15 19:36 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-15 19:36 --------- d-----w c:\program files\Common Files\Ulead Systems
2008-12-15 19:35 --------- d-----w c:\program files\Monsoon Multimedia
2008-12-15 19:35 --------- d-----w c:\program files\Common Files\Monsoon Multimedia
2008-12-15 19:26 --------- d-----w c:\program files\MSXML 4.0
2008-12-15 19:26 --------- d-----w c:\program files\MSSOAP
2008-12-13 03:25 --------- d-----w c:\program files\Microsoft SQL Server
2008-12-13 03:24 --------- d-----w c:\program files\VSTplugins
2008-12-13 03:24 --------- d-----w c:\documents and settings\All Users\Application Data\Sony
2008-12-13 03:23 --------- d-----w c:\program files\Sony Setup
2008-12-13 03:23 --------- d-----w c:\program files\Sony
2008-12-13 03:05 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-13 02:45 --------- d-----w c:\documents and settings\Anthony\Application Data\Publish Providers
2008-12-13 02:37 --------- d-----w c:\program files\MSBuild
2008-12-04 05:17 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-11-28 23:33 47,360 -c--a-w c:\documents and settings\Anthony\Application Data\pcouffin.sys
2008-11-22 21:33 737,280 -c--a-w c:\windows\iun6002.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-02-09_15.07.57.65 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\system32\MRT.exe
+ 2009-02-03 23:21:12 21,244,864 ----a-w c:\windows\system32\MRT.exe
- 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
+ 2008-07-09 07:38:24 17,272 ------w c:\windows\system32\spmsg.dll
+ 2009-02-13 19:20:31 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_1f8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-12 15360]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-08-06 50472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-12-04 406016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-04 136600]
"P17Helper"="P17.dll" [2004-06-10 c:\windows\system32\P17.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.PIXL"= pclepixl.dll
"VIDC.NTN1"= NUVision.ax

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\EA Games\\Command and Conquer Generals\\patchget.dat"=
"c:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\patchget.dat"=
"c:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\game.dat"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1778:UDP"= 1778:UDP:HAVA Service

R2 Anyplace Control Security;Anyplace Control Security;c:\windows\svcadmin.exe [2008-06-15 104960]
R2 havasvc;HAVA Service;c:\program files\Monsoon Multimedia\HAVA\Common\havasvc.exe [2008-12-15 145920]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-08-09 24652]
R3 havabus;HAVA Bus Enumerator;c:\windows\system32\drivers\havabus.sys [2008-09-12 37376]
R3 havanet;HAVA NDIS Protocol Driver;c:\windows\system32\drivers\havanet.sys [2008-09-12 20480]
R3 HAVATV;Hava Video Device;c:\windows\system32\drivers\HavaTV.sys [2008-10-03 324224]
R3 HavaTV_10;Hava Remote Video Device;c:\windows\system32\drivers\HavaTV_10.sys [2008-10-03 324224]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 30336]
S3 NUVision;Pinnacle DVC 80 Video;c:\windows\system32\drivers\nuvvid2.sys [2008-08-10 155264]
S3 o1394bul;o1394bul;\??\c:\docume~1\Anthony\LOCALS~1\Temp\o1394bul.sys --> c:\docume~1\Anthony\LOCALS~1\Temp\o1394bul.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-02-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comodo.com/search/
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\4lq9s2di.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
FF - component: c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\4lq9s2di.default\extensions\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}\components\FFAlert.dll
FF - component: c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\4lq9s2di.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll
FF - plugin: c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\4lq9s2di.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071102000005.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-13 15:13:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1454471165-1343024091-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9D60AD30-D345-A769-96BC-983C98668E34}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hapkcamnfoddcinc"=hex:66,61,6c,6f,67,69,6f,70,6f,68,70,63,00,00
"iaaklpnbpofifaeabf"=hex:6b,61,6d,6f,63,6c,6b,6c,64,63,66,62,67,65,6c,65,6c,6b,
6d,65,6e,6a,00,00
"hagkfoajljknjeig"=hex:6b,61,6d,6f,63,6c,6b,6c,64,63,66,62,67,65,6c,65,6c,6b,
6d,65,6e,6a,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-02-13 15:14:37
ComboFix-quarantined-files.txt 2009-02-13 20:14:23
ComboFix2.txt 2009-02-12 20:43:05
ComboFix3.txt 2009-02-09 20:09:15

Pre-Run: 141,479,038,976 bytes free
Post-Run: 141,464,027,136 bytes free

173 --- E O F --- 2009-02-11 04:01:50
Bode8692
Regular Member
 
Posts: 19
Joined: February 7th, 2009, 6:54 pm

Re: Vimax "male" enlarger ads and some websites wont work

Unread postby Bode8692 » February 15th, 2009, 7:40 pm

Here is the Log from combofix that i just ran today :

ComboFix 09-02-15.01 - Anthony 2009-02-15 18:37:49.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1631 [GMT -5:00]
Running from: c:\documents and settings\Anthony\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-01-15 to 2009-02-15 )))))))))))))))))))))))))))))))
.

2009-02-14 20:07 . 2009-02-14 20:07 <DIR> d-------- C:\_OTMoveIt
2009-02-07 17:44 . 2009-02-07 17:44 <DIR> d-------- c:\program files\Trend Micro
2009-02-02 15:30 . 2009-02-02 15:30 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-02 15:30 . 2009-02-02 15:30 <DIR> d-------- c:\documents and settings\Anthony\Application Data\Malwarebytes
2009-02-02 15:30 . 2009-02-02 15:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-02 15:30 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-02 15:30 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-01 23:14 . 2009-02-01 23:14 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Apple Computer
2009-02-01 23:13 . 2009-02-01 23:13 <DIR> d-------- c:\documents and settings\Administrator
2009-02-01 22:57 . 2009-02-01 22:57 120 --a------ c:\windows\CIS_Setup_3.5.57173.439_XP_Vista_x32.INI
2009-02-01 09:56 . 2009-02-02 15:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\_comodo_
2009-01-31 23:40 . 2009-01-31 23:40 <DIR> d-------- c:\program files\AskSearch
2009-01-31 23:40 . 2009-01-31 23:40 249,592 --a------ c:\windows\system32\cssdll32.dll
2009-01-31 23:38 . 2009-02-02 15:36 <DIR> d-------- c:\program files\COMODO
2009-01-31 17:43 . 2009-01-31 17:53 <DIR> d-------- c:\program files\POL
2009-01-31 17:40 . 2009-01-31 17:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\winsyscfg
2009-01-31 17:32 . 2009-01-31 17:32 <DIR> d-------- c:\program files\ExploreAnywhere
2009-01-31 17:32 . 2004-03-29 16:23 90,112 --a------ c:\windows\unvise32.exe
2009-01-31 15:47 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2009-01-31 15:47 . 2004-08-03 23:01 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2009-01-25 19:45 . 2009-01-25 19:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\NCH Swift Sound

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-15 01:05 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-02-12 04:13 --------- d-----w c:\documents and settings\Anthony\Application Data\LimeWire
2009-02-09 20:13 --------- d-----w c:\program files\Graboid
2009-02-09 04:28 --------- d-----w c:\documents and settings\Anthony\Application Data\gtk-2.0
2009-02-05 17:02 --------- d-----w c:\documents and settings\Anthony\Application Data\U3
2009-02-03 21:05 --------- d-----w c:\documents and settings\Anthony\Application Data\Move Networks
2009-01-31 22:38 30,336 -c--a-w c:\windows\system32\drivers\npf.sys
2009-01-31 22:32 57,344 -c--a-w c:\windows\system32\Packet.dll
2009-01-31 22:32 53,299 -c--a-w c:\windows\system32\pthreadVC.dll
2009-01-31 22:32 208,896 -c--a-w c:\windows\system32\wpcap.dll
2009-01-12 05:01 --------- d-----w c:\program files\Tournament Bracket Builder
2008-12-24 01:13 --------- d-----w c:\documents and settings\Anthony\Application Data\DivX
2008-12-23 04:30 --------- d-----w c:\program files\CCleaner
2008-12-20 22:49 12,400 -c--a-w c:\windows\system32\drivers\secdrv.sys
2008-12-19 18:32 --------- d-----w c:\program files\Cain
2008-12-19 03:58 --------- d-----w c:\documents and settings\Anthony\Application Data\Sony
2008-12-18 05:15 --------- d-----w c:\documents and settings\Anthony\Application Data\Media Player Classic
2008-12-15 19:36 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-15 19:36 --------- d-----w c:\program files\Common Files\Ulead Systems
2008-12-15 19:35 --------- d-----w c:\program files\Monsoon Multimedia
2008-12-15 19:35 --------- d-----w c:\program files\Common Files\Monsoon Multimedia
2008-12-15 19:26 --------- d-----w c:\program files\MSXML 4.0
2008-12-15 19:26 --------- d-----w c:\program files\MSSOAP
2008-12-04 05:17 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-11-28 23:33 47,360 -c--a-w c:\documents and settings\Anthony\Application Data\pcouffin.sys
2008-11-22 21:33 737,280 -c--a-w c:\windows\iun6002.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-02-09_15.07.57.65 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-24 19:07:24 247,904 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-02-15 16:51:13 247,904 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\system32\MRT.exe
+ 2009-02-03 23:21:12 21,244,864 ----a-w c:\windows\system32\MRT.exe
- 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
+ 2008-07-09 07:38:24 17,272 ------w c:\windows\system32\spmsg.dll
+ 2009-02-15 16:51:33 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_2a4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-12 15360]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-08-06 50472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-12-04 406016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-04 136600]
"P17Helper"="P17.dll" [2004-06-10 c:\windows\system32\P17.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.PIXL"= pclepixl.dll
"VIDC.NTN1"= NUVision.ax

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\EA Games\\Command and Conquer Generals\\patchget.dat"=
"c:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\patchget.dat"=
"c:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\game.dat"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1778:UDP"= 1778:UDP:HAVA Service

R2 havasvc;HAVA Service;c:\program files\Monsoon Multimedia\HAVA\Common\havasvc.exe [2008-12-15 145920]
R3 havabus;HAVA Bus Enumerator;c:\windows\system32\drivers\havabus.sys [2008-09-12 37376]
R3 havanet;HAVA NDIS Protocol Driver;c:\windows\system32\drivers\havanet.sys [2008-09-12 20480]
R3 HAVATV;Hava Video Device;c:\windows\system32\drivers\HavaTV.sys [2008-10-03 324224]
R3 HavaTV_10;Hava Remote Video Device;c:\windows\system32\drivers\HavaTV_10.sys [2008-10-03 324224]
S2 Anyplace Control Security;Anyplace Control Security;c:\windows\svcadmin.exe /service --> c:\windows\svcadmin.exe [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 30336]
S3 NUVision;Pinnacle DVC 80 Video;c:\windows\system32\drivers\nuvvid2.sys [2008-08-10 155264]
S3 o1394bul;o1394bul;\??\c:\docume~1\Anthony\LOCALS~1\Temp\o1394bul.sys --> c:\docume~1\Anthony\LOCALS~1\Temp\o1394bul.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-02-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comodo.com/search/
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\4lq9s2di.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
FF - component: c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\4lq9s2di.default\extensions\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}\components\FFAlert.dll
FF - component: c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\4lq9s2di.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll
FF - plugin: c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\4lq9s2di.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071102000005.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-15 18:38:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1454471165-1343024091-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9D60AD30-D345-A769-96BC-983C98668E34}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hapkcamnfoddcinc"=hex:66,61,6c,6f,67,69,6f,70,6f,68,70,63,00,00
"iaaklpnbpofifaeabf"=hex:6b,61,6d,6f,63,6c,6b,6c,64,63,66,62,67,65,6c,65,6c,6b,
6d,65,6e,6a,00,00
"hagkfoajljknjeig"=hex:6b,61,6d,6f,63,6c,6b,6c,64,63,66,62,67,65,6c,65,6c,6b,
6d,65,6e,6a,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-02-15 18:40:00
ComboFix-quarantined-files.txt 2009-02-15 23:39:46
ComboFix2.txt 2009-02-13 20:14:38
ComboFix3.txt 2009-02-12 20:43:05
ComboFix4.txt 2009-02-09 20:09:15

Pre-Run: 141,407,760,384 bytes free
Post-Run: 141,392,793,600 bytes free

166 --- E O F --- 2009-02-11 04:01:50
Bode8692
Regular Member
 
Posts: 19
Joined: February 7th, 2009, 6:54 pm

Re: Vimax "male" enlarger ads and some websites wont work

Unread postby tan_pang » February 16th, 2009, 2:16 am

Hi, can you please post the oldest ComboFix log file to here??

If you didn't use ComboFix again, the oldest log file will be ComboFix4.txt
tan_pang
Regular Member
 
Posts: 959
Joined: August 12th, 2007, 8:04 am

Re: Vimax "male" enlarger ads and some websites wont work

Unread postby Bode8692 » February 16th, 2009, 3:08 am

Like i said in my recent post, i cannot find the oldest combofix log that "fixed" the rootkit problem. The only log i have is the last one i ran which is posted above. I have clicked on cdrive and then combofix but nothing shows up
Bode8692
Regular Member
 
Posts: 19
Joined: February 7th, 2009, 6:54 pm

Re: Vimax "male" enlarger ads and some websites wont work

Unread postby tan_pang » February 16th, 2009, 7:50 pm

Never mind, lets do this now...
  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
REGLOCK::
[HKEY_USERS\S-1-5-21-1454471165-1343024091-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9D60AD30-D345-A769-96BC-983C98668E34}*]

REGISTRY::
[HKEY_USERS\S-1-5-21-1454471165-1343024091-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9D60AD30-D345-A769-96BC-983C98668E34}*]

Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe

Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

=========================================================================================================

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

=========================================================================================================

In your next post, please post the content of:
  • ComboFix log
  • Kaspersky scan log
tan_pang
Regular Member
 
Posts: 959
Joined: August 12th, 2007, 8:04 am

Re: Vimax "male" enlarger ads and some websites wont work

Unread postby Bode8692 » February 17th, 2009, 1:00 am

Thanks again for the help tan_pang

Here is the new combofix log:

ComboFix 09-02-15.01 - Anthony 2009-02-16 22:08:53.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1638 [GMT -5:00]
Running from: c:\documents and settings\Anthony\Desktop\ComboFix.exe
Command switches used :: c:\combofix\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-01-17 to 2009-02-17 )))))))))))))))))))))))))))))))
.

2009-02-14 20:07 . 2009-02-14 20:07 <DIR> d-------- C:\_OTMoveIt
2009-02-07 17:44 . 2009-02-07 17:44 <DIR> d-------- c:\program files\Trend Micro
2009-02-02 15:30 . 2009-02-02 15:30 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-02 15:30 . 2009-02-02 15:30 <DIR> d-------- c:\documents and settings\Anthony\Application Data\Malwarebytes
2009-02-02 15:30 . 2009-02-02 15:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-02 15:30 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-02 15:30 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-01 23:14 . 2009-02-01 23:14 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Apple Computer
2009-02-01 23:13 . 2009-02-01 23:13 <DIR> d-------- c:\documents and settings\Administrator
2009-02-01 22:57 . 2009-02-01 22:57 120 --a------ c:\windows\CIS_Setup_3.5.57173.439_XP_Vista_x32.INI
2009-02-01 09:56 . 2009-02-02 15:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\_comodo_
2009-01-31 23:40 . 2009-01-31 23:40 <DIR> d-------- c:\program files\AskSearch
2009-01-31 23:40 . 2009-01-31 23:40 249,592 --a------ c:\windows\system32\cssdll32.dll
2009-01-31 23:38 . 2009-02-02 15:36 <DIR> d-------- c:\program files\COMODO
2009-01-31 17:43 . 2009-01-31 17:53 <DIR> d-------- c:\program files\POL
2009-01-31 17:40 . 2009-01-31 17:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\winsyscfg
2009-01-31 17:32 . 2009-01-31 17:32 <DIR> d-------- c:\program files\ExploreAnywhere
2009-01-31 17:32 . 2004-03-29 16:23 90,112 --a------ c:\windows\unvise32.exe
2009-01-31 15:47 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2009-01-31 15:47 . 2004-08-03 23:01 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2009-01-25 19:45 . 2009-01-25 19:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\NCH Swift Sound

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-15 01:05 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-02-12 04:13 --------- d-----w c:\documents and settings\Anthony\Application Data\LimeWire
2009-02-09 20:13 --------- d-----w c:\program files\Graboid
2009-02-09 04:28 --------- d-----w c:\documents and settings\Anthony\Application Data\gtk-2.0
2009-02-05 17:02 --------- d-----w c:\documents and settings\Anthony\Application Data\U3
2009-02-03 21:05 --------- d-----w c:\documents and settings\Anthony\Application Data\Move Networks
2009-01-31 22:38 30,336 -c--a-w c:\windows\system32\drivers\npf.sys
2009-01-31 22:32 57,344 -c--a-w c:\windows\system32\Packet.dll
2009-01-31 22:32 53,299 -c--a-w c:\windows\system32\pthreadVC.dll
2009-01-31 22:32 208,896 -c--a-w c:\windows\system32\wpcap.dll
2009-01-12 05:01 --------- d-----w c:\program files\Tournament Bracket Builder
2008-12-24 01:13 --------- d-----w c:\documents and settings\Anthony\Application Data\DivX
2008-12-23 04:30 --------- d-----w c:\program files\CCleaner
2008-12-20 22:49 12,400 -c--a-w c:\windows\system32\drivers\secdrv.sys
2008-12-19 18:32 --------- d-----w c:\program files\Cain
2008-12-19 03:58 --------- d-----w c:\documents and settings\Anthony\Application Data\Sony
2008-12-18 05:15 --------- d-----w c:\documents and settings\Anthony\Application Data\Media Player Classic
2008-12-04 05:17 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-11-28 23:33 47,360 -c--a-w c:\documents and settings\Anthony\Application Data\pcouffin.sys
2008-11-22 21:33 737,280 -c--a-w c:\windows\iun6002.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-02-09_15.07.57.65 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-24 19:07:24 247,904 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-02-15 16:51:13 247,904 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\system32\MRT.exe
+ 2009-02-03 23:21:12 21,244,864 ----a-w c:\windows\system32\MRT.exe
- 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
+ 2008-07-09 07:38:24 17,272 ------w c:\windows\system32\spmsg.dll
+ 2009-02-17 01:17:36 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_188.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-12 15360]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-08-06 50472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-12-04 406016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-04 136600]
"P17Helper"="P17.dll" [2004-06-10 c:\windows\system32\P17.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.PIXL"= pclepixl.dll
"VIDC.NTN1"= NUVision.ax

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\EA Games\\Command and Conquer Generals\\patchget.dat"=
"c:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\patchget.dat"=
"c:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\game.dat"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1778:UDP"= 1778:UDP:HAVA Service

R2 havasvc;HAVA Service;c:\program files\Monsoon Multimedia\HAVA\Common\havasvc.exe [2008-12-15 145920]
R3 havabus;HAVA Bus Enumerator;c:\windows\system32\drivers\havabus.sys [2008-09-12 37376]
R3 havanet;HAVA NDIS Protocol Driver;c:\windows\system32\drivers\havanet.sys [2008-09-12 20480]
R3 HAVATV;Hava Video Device;c:\windows\system32\drivers\HavaTV.sys [2008-10-03 324224]
R3 HavaTV_10;Hava Remote Video Device;c:\windows\system32\drivers\HavaTV_10.sys [2008-10-03 324224]
S2 Anyplace Control Security;Anyplace Control Security;c:\windows\svcadmin.exe /service --> c:\windows\svcadmin.exe [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 30336]
S3 NUVision;Pinnacle DVC 80 Video;c:\windows\system32\drivers\nuvvid2.sys [2008-08-10 155264]
S3 o1394bul;o1394bul;\??\c:\docume~1\Anthony\LOCALS~1\Temp\o1394bul.sys --> c:\docume~1\Anthony\LOCALS~1\Temp\o1394bul.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-02-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comodo.com/search/
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\4lq9s2di.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
FF - component: c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\4lq9s2di.default\extensions\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}\components\FFAlert.dll
FF - component: c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\4lq9s2di.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll
FF - plugin: c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\4lq9s2di.default\extensions\justintvpublisher@justin.tv\platform\WINNT_x86-msvc\plugins\npjustintvpublish.dll
FF - plugin: c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\4lq9s2di.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071102000005.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-16 22:10:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1454471165-1343024091-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9D60AD30-D345-A769-96BC-983C98668E34}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hapkcamnfoddcinc"=hex:66,61,6c,6f,67,69,6f,70,6f,68,70,63,00,00
"iaaklpnbpofifaeabf"=hex:6b,61,6d,6f,63,6c,6b,6c,64,63,66,62,67,65,6c,65,6c,6b,
6d,65,6e,6a,00,00
"hagkfoajljknjeig"=hex:6b,61,6d,6f,63,6c,6b,6c,64,63,66,62,67,65,6c,65,6c,6b,
6d,65,6e,6a,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-02-16 22:11:37
ComboFix-quarantined-files.txt 2009-02-17 03:11:26
ComboFix2.txt 2009-02-15 23:40:02
ComboFix3.txt 2009-02-13 20:14:38
ComboFix4.txt 2009-02-12 20:43:05
ComboFix5.txt 2009-02-17 03:08:21

Pre-Run: 139,711,647,744 bytes free
Post-Run: 139,697,455,104 bytes free

163 --- E O F --- 2009-02-11 04:01:50


And here is the Kaspersky Scan log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, February 16, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, February 17, 2009 00:29:52
Records in database: 1805622
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 41818
Threat name: 6
Infected objects: 8
Suspicious objects: 0
Duration of the scan: 01:27:56


File name / Threat name / Threats count
C:\Documents and Settings\Anthony\My Documents\LimeWire\Saved\gives you hell acoustic all.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\Anthony\My Documents\LimeWire\Saved\if i justin timberlake feat ti.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\Anthony\My Documents\My Videos\LimeWire\Incomplete\T-5745425-whatever you like ti.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Program Files\ExploreAnywhere\SpyBuddy\sb32mon.exe Infected: not-a-virus:Monitor.Win32.SpyBuddy.31 1
C:\Program Files\POL\POL.006 Infected: not-a-virus:Monitor.Win32.Ardamax.jk 1
C:\Qoobox\Quarantine\C\RECYCLER\S-0-1-73-100001576-100008310-100002622-7443.com.vir Infected: Rootkit.Win32.TDSS.gxb 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\gaopdxvoinuxnb.dll.vir Infected: Rootkit.Win32.TDSS.gxu 1
C:\WINDOWS\sysicept.dll Infected: not-a-virus:Monitor.Win32.SpyBuddy.36 1

The selected area was scanned.
Bode8692
Regular Member
 
Posts: 19
Joined: February 7th, 2009, 6:54 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 43 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware