Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Vimax "male" enlarger ads and some websites wont work

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Vimax "male" enlarger ads and some websites wont work

Unread postby tan_pang » February 17th, 2009, 11:25 am

Hi, do you recognise this folder and install this program?
C:\program files\POL

===================================================================================================

Seen like there are some leftover in your machine, lets clean it up first...

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
File::
C:\WINDOWS\sysicept.dll
c:\windows\unvise32.exe

Folder::
C:\Documents and Settings\Anthony\My Documents\LimeWire
C:\Program Files\ExploreAnywhere
c:\program files\AskSearch
c:\documents and settings\All Users\Application Data\Viewpoint

Firefox::
FF - ProfilePath - c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\4lq9s2di.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=

Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe

Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt.
Please tell me about the folder POL, post the content of the ComboFix.txt and also tell me how is the computer condition now in next post.
tan_pang
Regular Member
 
Posts: 959
Joined: August 12th, 2007, 8:04 am
Advertisement
Register to Remove

Re: Vimax "male" enlarger ads and some websites wont work

Unread postby Bode8692 » February 17th, 2009, 2:17 pm

Hello tan_pang , no i do not recognize C:\program files\POL and i never remember downloading it. My computer seems to be running much quicker, like it used to be. Here is the combofix log that you have requested following your steps :

ComboFix 09-02-15.01 - Anthony 2009-02-17 13:05:57.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1649 [GMT -5:00]
Running from: c:\documents and settings\Anthony\Desktop\ComboFix.exe
Command switches used :: c:\combofix\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-01-17 to 2009-02-17 )))))))))))))))))))))))))))))))
.

2009-02-14 20:07 . 2009-02-14 20:07 <DIR> d-------- C:\_OTMoveIt
2009-02-07 17:44 . 2009-02-07 17:44 <DIR> d-------- c:\program files\Trend Micro
2009-02-02 15:30 . 2009-02-02 15:30 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-02 15:30 . 2009-02-02 15:30 <DIR> d-------- c:\documents and settings\Anthony\Application Data\Malwarebytes
2009-02-02 15:30 . 2009-02-02 15:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-02 15:30 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-02 15:30 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-01 23:14 . 2009-02-01 23:14 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Apple Computer
2009-02-01 23:13 . 2009-02-01 23:13 <DIR> d-------- c:\documents and settings\Administrator
2009-02-01 22:57 . 2009-02-01 22:57 120 --a------ c:\windows\CIS_Setup_3.5.57173.439_XP_Vista_x32.INI
2009-02-01 09:56 . 2009-02-02 15:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\_comodo_
2009-01-31 23:40 . 2009-01-31 23:40 <DIR> d-------- c:\program files\AskSearch
2009-01-31 23:40 . 2009-01-31 23:40 249,592 --a------ c:\windows\system32\cssdll32.dll
2009-01-31 23:38 . 2009-02-02 15:36 <DIR> d-------- c:\program files\COMODO
2009-01-31 17:43 . 2009-01-31 17:53 <DIR> d-------- c:\program files\POL
2009-01-31 17:40 . 2009-01-31 17:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\winsyscfg
2009-01-31 17:32 . 2009-01-31 17:32 <DIR> d-------- c:\program files\ExploreAnywhere
2009-01-31 17:32 . 2004-03-29 16:23 90,112 --a------ c:\windows\unvise32.exe
2009-01-31 15:47 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2009-01-31 15:47 . 2004-08-03 23:01 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2009-01-25 19:45 . 2009-01-25 19:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\NCH Swift Sound

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-15 01:05 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-02-12 04:13 --------- d-----w c:\documents and settings\Anthony\Application Data\LimeWire
2009-02-09 20:13 --------- d-----w c:\program files\Graboid
2009-02-09 04:28 --------- d-----w c:\documents and settings\Anthony\Application Data\gtk-2.0
2009-02-05 17:02 --------- d-----w c:\documents and settings\Anthony\Application Data\U3
2009-02-03 21:05 --------- d-----w c:\documents and settings\Anthony\Application Data\Move Networks
2009-01-31 22:38 30,336 -c--a-w c:\windows\system32\drivers\npf.sys
2009-01-31 22:32 57,344 -c--a-w c:\windows\system32\Packet.dll
2009-01-31 22:32 53,299 -c--a-w c:\windows\system32\pthreadVC.dll
2009-01-31 22:32 208,896 -c--a-w c:\windows\system32\wpcap.dll
2009-01-12 05:01 --------- d-----w c:\program files\Tournament Bracket Builder
2008-12-24 01:13 --------- d-----w c:\documents and settings\Anthony\Application Data\DivX
2008-12-23 04:30 --------- d-----w c:\program files\CCleaner
2008-12-20 22:49 12,400 -c--a-w c:\windows\system32\drivers\secdrv.sys
2008-12-19 18:32 --------- d-----w c:\program files\Cain
2008-12-19 03:58 --------- d-----w c:\documents and settings\Anthony\Application Data\Sony
2008-12-18 05:15 --------- d-----w c:\documents and settings\Anthony\Application Data\Media Player Classic
2008-12-04 05:17 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-11-28 23:33 47,360 -c--a-w c:\documents and settings\Anthony\Application Data\pcouffin.sys
2008-11-22 21:33 737,280 -c--a-w c:\windows\iun6002.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-02-09_15.07.57.65 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-24 19:07:24 247,904 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-02-15 16:51:13 247,904 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\system32\MRT.exe
+ 2009-02-03 23:21:12 21,244,864 ----a-w c:\windows\system32\MRT.exe
- 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
+ 2008-07-09 07:38:24 17,272 ------w c:\windows\system32\spmsg.dll
+ 2009-02-17 18:01:14 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_1b4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-12 15360]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-08-06 50472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-12-04 406016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-04 136600]
"P17Helper"="P17.dll" [2004-06-10 c:\windows\system32\P17.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.PIXL"= pclepixl.dll
"VIDC.NTN1"= NUVision.ax

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\EA Games\\Command and Conquer Generals\\patchget.dat"=
"c:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\patchget.dat"=
"c:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\game.dat"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1778:UDP"= 1778:UDP:HAVA Service

R2 havasvc;HAVA Service;c:\program files\Monsoon Multimedia\HAVA\Common\havasvc.exe [2008-12-15 145920]
R3 havabus;HAVA Bus Enumerator;c:\windows\system32\drivers\havabus.sys [2008-09-12 37376]
R3 havanet;HAVA NDIS Protocol Driver;c:\windows\system32\drivers\havanet.sys [2008-09-12 20480]
R3 HAVATV;Hava Video Device;c:\windows\system32\drivers\HavaTV.sys [2008-10-03 324224]
R3 HavaTV_10;Hava Remote Video Device;c:\windows\system32\drivers\HavaTV_10.sys [2008-10-03 324224]
S2 Anyplace Control Security;Anyplace Control Security;c:\windows\svcadmin.exe /service --> c:\windows\svcadmin.exe [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 30336]
S3 NUVision;Pinnacle DVC 80 Video;c:\windows\system32\drivers\nuvvid2.sys [2008-08-10 155264]
S3 o1394bul;o1394bul;\??\c:\docume~1\Anthony\LOCALS~1\Temp\o1394bul.sys --> c:\docume~1\Anthony\LOCALS~1\Temp\o1394bul.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-02-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comodo.com/search/
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\4lq9s2di.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
FF - component: c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\4lq9s2di.default\extensions\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}\components\FFAlert.dll
FF - component: c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\4lq9s2di.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll
FF - plugin: c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\4lq9s2di.default\extensions\justintvpublisher@justin.tv\platform\WINNT_x86-msvc\plugins\npjustintvpublish.dll
FF - plugin: c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\4lq9s2di.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071102000005.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-17 13:07:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1454471165-1343024091-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9D60AD30-D345-A769-96BC-983C98668E34}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hapkcamnfoddcinc"=hex:66,61,6c,6f,67,69,6f,70,6f,68,70,63,00,00
"iaaklpnbpofifaeabf"=hex:6b,61,6d,6f,63,6c,6b,6c,64,63,66,62,67,65,6c,65,6c,6b,
6d,65,6e,6a,00,00
"hagkfoajljknjeig"=hex:6b,61,6d,6f,63,6c,6b,6c,64,63,66,62,67,65,6c,65,6c,6b,
6d,65,6e,6a,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-02-17 13:08:45
ComboFix-quarantined-files.txt 2009-02-17 18:08:33
ComboFix2.txt 2009-02-17 03:11:39
ComboFix3.txt 2009-02-15 23:40:02
ComboFix4.txt 2009-02-13 20:14:38
ComboFix5.txt 2009-02-17 18:05:35

Pre-Run: 140,816,105,472 bytes free
Post-Run: 140,861,108,224 bytes free

163 --- E O F --- 2009-02-11 04:01:50
Bode8692
Regular Member
 
Posts: 19
Joined: February 7th, 2009, 6:54 pm

Re: Vimax "male" enlarger ads and some websites wont work

Unread postby tan_pang » February 18th, 2009, 10:36 pm

Hi

When you create the CFScript, did you include these line?
    File::
    Folder::
    Firefox::
tan_pang
Regular Member
 
Posts: 959
Joined: August 12th, 2007, 8:04 am

Re: Vimax "male" enlarger ads and some websites wont work

Unread postby Bode8692 » February 19th, 2009, 1:58 am

Yes i believe i did, but i could be mistaken, my apologies if i made that mistake, here is a fresh combofix log, double checked all your steps :

ComboFix 09-02-17.02 - Anthony 2009-02-19 0:54:09.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1655 [GMT -5:00]
Running from: c:\documents and settings\Anthony\Desktop\ComboFix.exe
Command switches used :: c:\combofix\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-01-19 to 2009-02-19 )))))))))))))))))))))))))))))))
.

2009-02-18 15:25 . 2009-02-18 15:25 <DIR> d-------- c:\documents and settings\Anthony\Application Data\Viewpoint
2009-02-17 13:42 . 2009-02-17 13:42 <DIR> d-------- c:\documents and settings\Anthony\Application Data\acccore
2009-02-17 13:41 . 2009-02-17 13:41 <DIR> d-------- c:\program files\Viewpoint
2009-02-17 13:41 . 2009-02-17 13:42 <DIR> d-------- c:\program files\AIM6
2009-02-17 13:41 . 2009-02-17 13:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\acccore
2009-02-14 20:07 . 2009-02-14 20:07 <DIR> d-------- C:\_OTMoveIt
2009-02-07 17:44 . 2009-02-07 17:44 <DIR> d-------- c:\program files\Trend Micro
2009-02-02 15:30 . 2009-02-02 15:30 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-02 15:30 . 2009-02-02 15:30 <DIR> d-------- c:\documents and settings\Anthony\Application Data\Malwarebytes
2009-02-02 15:30 . 2009-02-02 15:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-02 15:30 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-02 15:30 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-01 23:14 . 2009-02-01 23:14 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Apple Computer
2009-02-01 23:13 . 2009-02-01 23:13 <DIR> d-------- c:\documents and settings\Administrator
2009-02-01 22:57 . 2009-02-01 22:57 120 --a------ c:\windows\CIS_Setup_3.5.57173.439_XP_Vista_x32.INI
2009-02-01 09:56 . 2009-02-02 15:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\_comodo_
2009-01-31 23:40 . 2009-01-31 23:40 <DIR> d-------- c:\program files\AskSearch
2009-01-31 23:40 . 2009-01-31 23:40 249,592 --a------ c:\windows\system32\cssdll32.dll
2009-01-31 23:38 . 2009-02-02 15:36 <DIR> d-------- c:\program files\COMODO
2009-01-31 17:43 . 2009-01-31 17:53 <DIR> d-------- c:\program files\POL
2009-01-31 17:40 . 2009-01-31 17:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\winsyscfg
2009-01-31 17:32 . 2009-01-31 17:32 <DIR> d-------- c:\program files\ExploreAnywhere
2009-01-31 17:32 . 2004-03-29 16:23 90,112 --a------ c:\windows\unvise32.exe
2009-01-31 15:47 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2009-01-31 15:47 . 2004-08-03 23:01 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2009-01-25 19:45 . 2009-01-25 19:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\NCH Swift Sound

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-18 20:43 --------- d-----w c:\program files\Yahoo!
2009-02-18 20:43 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-02-18 03:32 --------- d-----w c:\documents and settings\Anthony\Application Data\gtk-2.0
2009-02-17 18:41 --------- d-----w c:\program files\Common Files\AOL
2009-02-17 18:41 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-02-12 04:13 --------- d-----w c:\documents and settings\Anthony\Application Data\LimeWire
2009-02-09 20:13 --------- d-----w c:\program files\Graboid
2009-02-05 17:02 --------- d-----w c:\documents and settings\Anthony\Application Data\U3
2009-02-03 21:05 --------- d-----w c:\documents and settings\Anthony\Application Data\Move Networks
2009-01-31 22:38 30,336 -c--a-w c:\windows\system32\drivers\npf.sys
2009-01-31 22:32 57,344 -c--a-w c:\windows\system32\Packet.dll
2009-01-31 22:32 53,299 -c--a-w c:\windows\system32\pthreadVC.dll
2009-01-31 22:32 208,896 -c--a-w c:\windows\system32\wpcap.dll
2009-01-12 05:01 --------- d-----w c:\program files\Tournament Bracket Builder
2008-12-24 01:13 --------- d-----w c:\documents and settings\Anthony\Application Data\DivX
2008-12-23 04:30 --------- d-----w c:\program files\CCleaner
2008-12-20 22:49 12,400 -c--a-w c:\windows\system32\drivers\secdrv.sys
2008-12-19 18:32 --------- d-----w c:\program files\Cain
2008-12-19 03:58 --------- d-----w c:\documents and settings\Anthony\Application Data\Sony
2008-12-04 05:17 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-11-28 23:33 47,360 -c--a-w c:\documents and settings\Anthony\Application Data\pcouffin.sys
2008-11-22 21:33 737,280 -c--a-w c:\windows\iun6002.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-02-09_15.07.57.65 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-15 22:12:11 38,428 -c--a-w c:\windows\Downloaded Program Files\unagiuninst.exe
+ 2009-02-17 18:41:51 38,428 -c--a-w c:\windows\Downloaded Program Files\unagiuninst.exe
- 2008-12-24 19:07:24 247,904 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-02-15 16:51:13 247,904 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\system32\MRT.exe
+ 2009-02-03 23:21:12 21,244,864 ----a-w c:\windows\system32\MRT.exe
- 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
+ 2008-07-09 07:38:24 17,272 ------w c:\windows\system32\spmsg.dll
+ 2009-02-19 05:48:46 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_190.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-12 15360]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-04 4363504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-12-04 406016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-04 136600]
"P17Helper"="P17.dll" [2004-06-10 c:\windows\system32\P17.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.PIXL"= pclepixl.dll
"VIDC.NTN1"= NUVision.ax

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\EA Games\\Command and Conquer Generals\\patchget.dat"=
"c:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\patchget.dat"=
"c:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\game.dat"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1778:UDP"= 1778:UDP:HAVA Service

R2 havasvc;HAVA Service;c:\program files\Monsoon Multimedia\HAVA\Common\havasvc.exe [2008-12-15 145920]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2009-02-17 24652]
R3 havabus;HAVA Bus Enumerator;c:\windows\system32\drivers\havabus.sys [2008-09-12 37376]
R3 havanet;HAVA NDIS Protocol Driver;c:\windows\system32\drivers\havanet.sys [2008-09-12 20480]
R3 HAVATV;Hava Video Device;c:\windows\system32\drivers\HavaTV.sys [2008-10-03 324224]
R3 HavaTV_10;Hava Remote Video Device;c:\windows\system32\drivers\HavaTV_10.sys [2008-10-03 324224]
S2 Anyplace Control Security;Anyplace Control Security;c:\windows\svcadmin.exe /service --> c:\windows\svcadmin.exe [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 30336]
S3 NUVision;Pinnacle DVC 80 Video;c:\windows\system32\drivers\nuvvid2.sys [2008-08-10 155264]
S3 o1394bul;o1394bul;\??\c:\docume~1\Anthony\LOCALS~1\Temp\o1394bul.sys --> c:\docume~1\Anthony\LOCALS~1\Temp\o1394bul.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-02-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comodo.com/search/
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\4lq9s2di.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
FF - component: c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\4lq9s2di.default\extensions\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}\components\FFAlert.dll
FF - component: c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\4lq9s2di.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll
FF - plugin: c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\4lq9s2di.default\extensions\justintvpublisher@justin.tv\platform\WINNT_x86-msvc\plugins\npjustintvpublish.dll
FF - plugin: c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\4lq9s2di.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071102000005.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-19 00:55:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1454471165-1343024091-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9D60AD30-D345-A769-96BC-983C98668E34}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hapkcamnfoddcinc"=hex:66,61,6c,6f,67,69,6f,70,6f,68,70,63,00,00
"iaaklpnbpofifaeabf"=hex:6b,61,6d,6f,63,6c,6b,6c,64,63,66,62,67,65,6c,65,6c,6b,
6d,65,6e,6a,00,00
"hagkfoajljknjeig"=hex:6b,61,6d,6f,63,6c,6b,6c,64,63,66,62,67,65,6c,65,6c,6b,
6d,65,6e,6a,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-02-19 0:57:02
ComboFix-quarantined-files.txt 2009-02-19 05:56:54
ComboFix2.txt 2009-02-17 18:08:47
ComboFix3.txt 2009-02-17 03:11:39
ComboFix4.txt 2009-02-15 23:40:02
ComboFix5.txt 2009-02-19 05:53:39

Pre-Run: 141,999,644,672 bytes free
Post-Run: 142,003,228,672 bytes free

177 --- E O F --- 2009-02-11 04:01:50
Bode8692
Regular Member
 
Posts: 19
Joined: February 7th, 2009, 6:54 pm

Re: Vimax "male" enlarger ads and some websites wont work

Unread postby tan_pang » February 20th, 2009, 8:41 am

Hmm... those files and folders that should been removed by ComboFix is still in your computer... :?
Lets try another method now...

You might need to print out or save this set of instructions as you will not have internet access during the fix.

Please copy-paste everything in the quote box below in a notepad
Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe but do not drag CFScript into ComboFix.exe first
File::
C:\WINDOWS\sysicept.dll
c:\windows\unvise32.exe

Folder::
C:\Documents and Settings\Anthony\My Documents\My Videos\LimeWire
C:\Program Files\ExploreAnywhere
C:\Program Files\POL
c:\program files\AskSearch
c:\documents and settings\All Users\Application Data\Viewpoint
c:\documents and settings\Anthony\Application Data\LimeWire

Firefox::
FF - ProfilePath - c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\4lq9s2di.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=


Restart your computer into Safe Mode by following the instructions below:

  1. When you hear the computer beeps once, start pressing F8.
  2. A boot menu will appear shortly.
  3. Using the up down arrows, select Safe Mode and press the Enter key.
  4. Windows will now load.
  5. Log in to your usual account.

:!: Let me know if you can't boot into Safe Mode. Do not continue with the fixes.

After successfully get into Safe Mode, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt.

After have the new ComboFix log, please reboot to Normal Mode and post the content of C:\ComboFix.txt
tan_pang
Regular Member
 
Posts: 959
Joined: August 12th, 2007, 8:04 am

Re: Vimax "male" enlarger ads and some websites wont work

Unread postby Bode8692 » February 20th, 2009, 6:25 pm

Here is the new combofix log run in Safemode :

ComboFix 09-02-17.02 - Anthony 2009-02-20 17:17:49.8 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1809 [GMT -5:00]
Running from: c:\documents and settings\Anthony\Desktop\ComboFix.exe
Command switches used :: c:\combofix\CFScript.txt
.

((((((((((((((((((((((((( Files Created from 2009-01-20 to 2009-02-20 )))))))))))))))))))))))))))))))
.

2009-02-18 15:25 . 2009-02-18 15:25 <DIR> d-------- c:\documents and settings\Anthony\Application Data\Viewpoint
2009-02-17 13:42 . 2009-02-17 13:42 <DIR> d-------- c:\documents and settings\Anthony\Application Data\acccore
2009-02-17 13:41 . 2009-02-17 13:41 <DIR> d-------- c:\program files\Viewpoint
2009-02-17 13:41 . 2009-02-17 13:42 <DIR> d-------- c:\program files\AIM6
2009-02-17 13:41 . 2009-02-17 13:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\acccore
2009-02-14 20:07 . 2009-02-14 20:07 <DIR> d-------- C:\_OTMoveIt
2009-02-07 17:44 . 2009-02-07 17:44 <DIR> d-------- c:\program files\Trend Micro
2009-02-02 15:30 . 2009-02-02 15:30 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-02 15:30 . 2009-02-02 15:30 <DIR> d-------- c:\documents and settings\Anthony\Application Data\Malwarebytes
2009-02-02 15:30 . 2009-02-02 15:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-02 15:30 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-02 15:30 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-01 23:14 . 2009-02-01 23:14 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Apple Computer
2009-02-01 23:13 . 2009-02-01 23:13 <DIR> d-------- c:\documents and settings\Administrator
2009-02-01 22:57 . 2009-02-01 22:57 120 --a------ c:\windows\CIS_Setup_3.5.57173.439_XP_Vista_x32.INI
2009-02-01 09:56 . 2009-02-02 15:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\_comodo_
2009-01-31 23:40 . 2009-01-31 23:40 <DIR> d-------- c:\program files\AskSearch
2009-01-31 23:40 . 2009-01-31 23:40 249,592 --a------ c:\windows\system32\cssdll32.dll
2009-01-31 23:38 . 2009-02-02 15:36 <DIR> d-------- c:\program files\COMODO
2009-01-31 17:43 . 2009-01-31 17:53 <DIR> d-------- c:\program files\POL
2009-01-31 17:40 . 2009-01-31 17:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\winsyscfg
2009-01-31 17:32 . 2009-01-31 17:32 <DIR> d-------- c:\program files\ExploreAnywhere
2009-01-31 17:32 . 2004-03-29 16:23 90,112 --a------ c:\windows\unvise32.exe
2009-01-31 15:47 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2009-01-31 15:47 . 2004-08-03 23:01 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2009-01-25 19:45 . 2009-01-25 19:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\NCH Swift Sound

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-18 20:43 --------- d-----w c:\program files\Yahoo!
2009-02-18 20:43 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-02-18 03:32 --------- d-----w c:\documents and settings\Anthony\Application Data\gtk-2.0
2009-02-17 18:41 --------- d-----w c:\program files\Common Files\AOL
2009-02-17 18:41 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-02-12 04:13 --------- d-----w c:\documents and settings\Anthony\Application Data\LimeWire
2009-02-09 20:13 --------- d-----w c:\program files\Graboid
2009-02-05 17:02 --------- d-----w c:\documents and settings\Anthony\Application Data\U3
2009-02-03 21:05 --------- d-----w c:\documents and settings\Anthony\Application Data\Move Networks
2009-01-31 22:38 30,336 -c--a-w c:\windows\system32\drivers\npf.sys
2009-01-31 22:32 57,344 -c--a-w c:\windows\system32\Packet.dll
2009-01-31 22:32 53,299 -c--a-w c:\windows\system32\pthreadVC.dll
2009-01-31 22:32 208,896 -c--a-w c:\windows\system32\wpcap.dll
2009-01-12 05:01 --------- d-----w c:\program files\Tournament Bracket Builder
2008-12-24 01:13 --------- d-----w c:\documents and settings\Anthony\Application Data\DivX
2008-12-23 04:30 --------- d-----w c:\program files\CCleaner
2008-12-20 22:49 12,400 -c--a-w c:\windows\system32\drivers\secdrv.sys
2008-12-04 05:17 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-11-28 23:33 47,360 -c--a-w c:\documents and settings\Anthony\Application Data\pcouffin.sys
2008-11-22 21:33 737,280 -c--a-w c:\windows\iun6002.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-02-09_15.07.57.65 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-15 22:12:11 38,428 -c--a-w c:\windows\Downloaded Program Files\unagiuninst.exe
+ 2009-02-17 18:41:51 38,428 -c--a-w c:\windows\Downloaded Program Files\unagiuninst.exe
- 2008-12-24 19:07:24 247,904 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-02-15 16:51:13 247,904 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\system32\MRT.exe
+ 2009-02-03 23:21:12 21,244,864 ----a-w c:\windows\system32\MRT.exe
- 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
+ 2008-07-09 07:38:24 17,272 ------w c:\windows\system32\spmsg.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-12 15360]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-12-04 406016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-04 136600]
"P17Helper"="P17.dll" [2004-06-10 c:\windows\system32\P17.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.PIXL"= pclepixl.dll
"VIDC.NTN1"= NUVision.ax

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-10-21 12:09 50472 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
--a------ 2009-02-04 16:57 4363504 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\EA Games\\Command and Conquer Generals\\patchget.dat"=
"c:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\patchget.dat"=
"c:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\game.dat"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1778:UDP"= 1778:UDP:HAVA Service

R3 havabus;HAVA Bus Enumerator;c:\windows\system32\drivers\havabus.sys [2008-09-12 37376]
S2 Anyplace Control Security;Anyplace Control Security;c:\windows\svcadmin.exe /service --> c:\windows\svcadmin.exe [?]
S2 havasvc;HAVA Service;c:\program files\Monsoon Multimedia\HAVA\Common\havasvc.exe [2008-12-15 145920]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2009-02-17 24652]
S3 havanet;HAVA NDIS Protocol Driver;c:\windows\system32\drivers\havanet.sys [2008-09-12 20480]
S3 HAVATV;Hava Video Device;c:\windows\system32\drivers\HavaTV.sys [2008-10-03 324224]
S3 HavaTV_10;Hava Remote Video Device;c:\windows\system32\drivers\HavaTV_10.sys [2008-10-03 324224]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 30336]
S3 NUVision;Pinnacle DVC 80 Video;c:\windows\system32\drivers\nuvvid2.sys [2008-08-10 155264]
S3 o1394bul;o1394bul;\??\c:\docume~1\Anthony\LOCALS~1\Temp\o1394bul.sys --> c:\docume~1\Anthony\LOCALS~1\Temp\o1394bul.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-02-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comodo.com/search/
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\4lq9s2di.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
FF - component: c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\4lq9s2di.default\extensions\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}\components\FFAlert.dll
FF - component: c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\4lq9s2di.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll
FF - plugin: c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\4lq9s2di.default\extensions\justintvpublisher@justin.tv\platform\WINNT_x86-msvc\plugins\npjustintvpublish.dll
FF - plugin: c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\4lq9s2di.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071102000005.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-20 17:19:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1454471165-1343024091-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9D60AD30-D345-A769-96BC-983C98668E34}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hapkcamnfoddcinc"=hex:66,61,6c,6f,67,69,6f,70,6f,68,70,63,00,00
"iaaklpnbpofifaeabf"=hex:6b,61,6d,6f,63,6c,6b,6c,64,63,66,62,67,65,6c,65,6c,6b,
6d,65,6e,6a,00,00
"hagkfoajljknjeig"=hex:6b,61,6d,6f,63,6c,6b,6c,64,63,66,62,67,65,6c,65,6c,6b,
6d,65,6e,6a,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(228)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-02-20 17:21:40
ComboFix-quarantined-files.txt 2009-02-20 22:21:25
ComboFix2.txt 2009-02-19 05:57:04
ComboFix3.txt 2009-02-17 18:08:47
ComboFix4.txt 2009-02-17 03:11:39
ComboFix5.txt 2009-02-20 22:16:57

Pre-Run: 140,676,775,936 bytes free
Post-Run: 140,661,628,928 bytes free

177 --- E O F --- 2009-02-11 04:01:50




And here is also a fresh Hijack this Log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:26:16 PM, on 2/20/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Monsoon Multimedia\HAVA\Common\havasvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comodo.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs:
O23 - Service: Anyplace Control Security - Unknown owner - C:\WINDOWS\svcadmin.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: HAVA Service (havasvc) - Monsoon Multimedia Inc. - C:\Program Files\Monsoon Multimedia\HAVA\Common\havasvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 5893 bytes
Bode8692
Regular Member
 
Posts: 19
Joined: February 7th, 2009, 6:54 pm

Re: Vimax "male" enlarger ads and some websites wont work

Unread postby tan_pang » February 22nd, 2009, 1:55 am

Those files, folders and registry still in your machine... :?

Please download RegASSASSIN by malwarebytes.org from here
  • Double-click on RegASSASSIN.exe to start RegASSASSIN
  • Copy and paste the below into the white box
      [HKEY_USERS\S-1-5-21-1454471165-1343024091-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9D60AD30-D345-A769-96BC-983C98668E34}*]
  • Click Delete
  • Answer Yes to any prompts

====================================================================================================

After that, please do this:
  • Copy the contents of the Quote Box below to Notepad.
  • Name the file as fix.bat
  • Change the Save as Type to All Files
  • and Save it on the Desktop
@echo off
del /a /f "C:\WINDOWS\sysicept.dll"
del /a /f "c:\windows\unvise32.exe"

rd /s /q "C:\Documents and Settings\Anthony\My Documents\My Videos\LimeWire"
rd /s /q "C:\Program Files\ExploreAnywhere"
rd /s /q "C:\Program Files\POL"
rd /s /q "c:\program files\AskSearch"
rd /s /q "c:\documents and settings\All Users\Application Data\Viewpoint"
rd /s /q "c:\documents and settings\Anthony\Application Data\LimeWire"

for %%a in (
"C:\WINDOWS\sysicept.dll"
"c:\windows\unvise32.exe"
"C:\Documents and Settings\Anthony\My Documents\My Videos\LimeWire"
"C:\Program Files\ExploreAnywhere"
"C:\Program Files\POL"
"c:\program files\AskSearch"
"c:\documents and settings\All Users\Application Data\Viewpoint"
"c:\documents and settings\Anthony\Application Data\LimeWire"
) do (
dir /a %%a >> "%userprofile%\desktop\result.txt"
)


Double-click the fix.bat file, a Command Prompt windows will shown and closed very quickly, but this is normal.
a notepad file name as result.txt will be created on your desktop, open the result.txt and post the content on next post as well.

====================================================================================================

Open your Firefox, then type about:config in the Location Bar (the place you type url or website address).
After that, click on the I'll be careful, I promise! button.

Copy-paste -> browser.search.selectedEngine <- to the filter box, right click on the filtered field, and select Reset.

Image
After that, repeat the step above by type keyword.URL in the filter box.

If the value cannot be reset, please tell me.
tan_pang
Regular Member
 
Posts: 959
Joined: August 12th, 2007, 8:04 am

Re: Vimax "male" enlarger ads and some websites wont work

Unread postby Bode8692 » February 23rd, 2009, 1:18 am

Hello, i successfully delete what you told me to delete. I also successfully reset the 2 things you asked. Here is the fix.bat log :

Volume in drive C has no label.
Volume Serial Number is 6075-7D4D

Directory of C:\WINDOWS

Volume in drive C has no label.
Volume Serial Number is 6075-7D4D

Directory of c:\windows

Volume in drive C has no label.
Volume Serial Number is 6075-7D4D

Directory of C:\Documents and Settings\Anthony\My Documents\My Videos

Volume in drive C has no label.
Volume Serial Number is 6075-7D4D

Directory of C:\Program Files

Volume in drive C has no label.
Volume Serial Number is 6075-7D4D

Directory of C:\Program Files

Volume in drive C has no label.
Volume Serial Number is 6075-7D4D

Directory of c:\program files

Volume in drive C has no label.
Volume Serial Number is 6075-7D4D

Directory of c:\documents and settings\All Users\Application Data

Volume in drive C has no label.
Volume Serial Number is 6075-7D4D

Directory of c:\documents and settings\Anthony\Application Data
Bode8692
Regular Member
 
Posts: 19
Joined: February 7th, 2009, 6:54 pm

Re: Vimax "male" enlarger ads and some websites wont work

Unread postby tan_pang » February 23rd, 2009, 12:22 pm

Looks like those files and folders are removed. But to make sure that everything is OK, it is better to check your machine again with online scan.

tan_pang wrote:Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.
tan_pang
Regular Member
 
Posts: 959
Joined: August 12th, 2007, 8:04 am

Re: Vimax "male" enlarger ads and some websites wont work

Unread postby Bode8692 » February 23rd, 2009, 10:08 pm

Kaspersky Scan Log :

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, February 23, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, February 23, 2009 22:55:04
Records in database: 1836065
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 42241
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 01:56:10


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\RECYCLER\S-0-1-73-100001576-100008310-100002622-7443.com.vir Infected: Rootkit.Win32.TDSS.gxb 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\gaopdxvoinuxnb.dll.vir Infected: Rootkit.Win32.TDSS.gxu 1

The selected area was scanned.
Bode8692
Regular Member
 
Posts: 19
Joined: February 7th, 2009, 6:54 pm

Re: Vimax "male" enlarger ads and some websites wont work

Unread postby tan_pang » February 24th, 2009, 8:53 am

You can now remove that fix.bat in your Desktop and open the OTMoveIt3 and click the CleanUp! button.

Click OK again when it ask for reboot.

--------------------------------------------------------------------------------------------------------------------------------------

Now, your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:

  1. CLEAR & RESET SYSTEM RESTORE'S CACHE - (System Volume Information folder)
    • Right-click on the My Computer on Desktop, and choose Properties
    • Click on the System Restore tab, and check the box Turn off System Restore on all drives
    • Click Apply and reboot your computer.
    • After reboot, right-click My Computer on Desktop, choose Properties and go back to System Restore tab, turn the System Restore 'On' afterward by unticking the same checkbox & click OK
  2. ANTIVIRUS SOFTWARE
    It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  3. FIREWALL
    Without a firewall your computer is succeptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here → http://www.bleepingcomputer.com/forums/tutorial60.html
  4. Microsoft Windows Updatehttp://www.windowsupdate.com
    Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
    Alternatively, you can enable the automatic update by follow the instruction in here → http://www.microsoft.com/protect/comput ... es/mu.mspx
  5. SPYWAREBLASTER
    SpywareBlaster prevents the installation of malicious ActiveX, adware, browser hijackers, dialers, and other potentially unwanted software. Blocks spyware/tracking cookies & restricts the actions of potentially unwanted sites.

    Unlike other programs, SpywareBlaster does not have to remain running in the background. A tutorial on installing & using this product can be found here → http://www.bleepingcomputer.com/forums/tutorial49.html
  6. IE-SPYAD
    IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. A tutorial on installing this product can be found here http://www.spywarewarrior.com/uiuc/resource.htm
Update all these programs regularly. Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically. Here are some additional utilities that will further enhance your safety.
  • http://www.trillian.cc → Trillian or http://www.miranda-im.com → Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  • http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.
  • http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.
  • http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.

    ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.

    NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein - http://www.malwareremoval.com/forum/viewtopic.php?f=11&t=4959

After doing all these, your system will be optimised against future threats.

Have a safe & happy computing day. Image

Kindly respond to this thread once more so we can mark this thread as resolved.
tan_pang
Regular Member
 
Posts: 959
Joined: August 12th, 2007, 8:04 am

Re: Vimax "male" enlarger ads and some websites wont work

Unread postby Bode8692 » February 24th, 2009, 4:35 pm

Thank you very much tan_pang my computer is as fast as it used to be, thanks again man : ) Hope you have a good one also.
Bode8692
Regular Member
 
Posts: 19
Joined: February 7th, 2009, 6:54 pm

Re: Vimax "male" enlarger ads and some websites wont work

Unread postby NonSuch » March 1st, 2009, 5:55 am

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27302
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 30 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware