Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Double click adware?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Double click adware?

Unread postby AndyGitane » January 6th, 2011, 11:48 pm

Just remembered something. I disconnected from the internet to run some of the suggested programs the other day. When I reconnected, I had to reenter my settings. For some reason, I can only connect with these specific settings. I believe they are older? Could this be part of the problem?
For my wireless network:
Network Authentication: WPA-PSK
Data Encryption: TKIP

Gary
AndyGitane
Regular Member
 
Posts: 23
Joined: November 14th, 2010, 2:24 pm
Advertisement
Register to Remove

Re: Double click adware?

Unread postby Elrond » January 7th, 2011, 8:51 am

Let's try this to see if there is a Rootkit on your computer it is a program similar to GMER but it sometimes runs when GMER chokes.
Rootkit UnHooker (RkU)
Please download Rootkit Unhooker ... Save it to your Desktop.
Note: The log can be very long, you may need to post it separately.
  1. Double-click on RKUnhookerLE.exe to execute it.
    Vista - W7 users: Right click RKUnhookerLE.exe, choose "Run As Administrator" to execute it. If UAC prompts, please allow it.
  2. Click the Report tab, then click Scan.
  3. Check Drivers, Stealth Code, Files and Code Hooks. Uncheck the rest. then Click OK. (See image below...)
    Image
    The scanning will toggle through the checked items "tabs" ... it will take a while, so please be patient.
  4. When the scanner is finished... click File, Save Report.
  5. Save the file "Report.txt" to your Desktop... Press Close... then press Yes
  6. Copy the entire contents of the Report.txt file and post it.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: Double click adware?

Unread postby Elrond » January 7th, 2011, 10:01 am

I will be off line for the next 27 hours so don't think that I forgot you.

The log I asked for could be very long and if it is too long to post it in one post please post it in two posts but check that they overlap.
Also if the the following message comes up just ignore it.
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: Double click adware?

Unread postby AndyGitane » January 7th, 2011, 12:53 pm

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189952 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2189952 bytes
0x804D7000 RAW 2189952 bytes
0x804D7000 WMIxWDM 2189952 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF6C40000 C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 1064960 bytes (Conexant Systems, Inc., HSF_DP driver)
0xBF080000 C:\WINDOWS\System32\ati3d1ag.dll 872448 bytes (ATI Technologies Inc. , ati3d1ag.dll)
0xF6E18000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 815104 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xF6BA5000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 634880 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xF739C000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF12D9000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF5502000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF142E000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xF065F000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xF13E6000 C:\WINDOWS\system32\DRIVERS\avgtdix.sys 294912 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0xF023A000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF1277000 C:\WINDOWS\system32\DRIVERS\avgldx86.sys 245760 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xF6DCB000 C:\WINDOWS\system32\drivers\ac97ali.sys 233472 bytes (Acer Laboratories Inc., ALi Audio Accelerator WDM Driver)
0xBF048000 C:\WINDOWS\System32\ati2cqag.dll 229376 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 221184 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xF5560000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF74FE000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF07F7000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF736F000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF6D44000 C:\WINDOWS\system32\DRIVERS\HSFHWALI.sys 180224 bytes (Conexant Systems, Inc., HSFHWALI WDM driver)
0xF00CC000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xF1371000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF06DF000 C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 163840 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)
0xF13BE000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF748A000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xF12B3000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF05EB000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF6DA7000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF6B2D000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF6D84000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF139C000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xF7452000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF74B0000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF74CF000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xF7355000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF7472000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF7429000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF6B16000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF0C47000 C:\WINDOWS\system32\DRIVERS\irda.sys 90112 bytes (Microsoft Corporation, IRDA Protocol Driver)
0xF09B2000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF6D70000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF6E04000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0x806EE000 ACPI_HAL 81152 bytes
0x806EE000 C:\WINDOWS\system32\hal.dll 81152 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF1487000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7440000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF74ED000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF6B05000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF778D000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF76BD000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF769D000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF755D000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF6EEF000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF766D000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF76CD000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF6963000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF5760000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF756D000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF75AD000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF767D000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF76DD000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF758D000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF6F2F000 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 49152 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xF76FD000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF6F0F000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF76AD000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF757D000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF76ED000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF6F4F000 C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 40960 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)
0xF772D000 C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 40960 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)
0xF754D000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF57A0000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF75ED000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF75BD000 AVGIDSEH.Sys 36864 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)
0xF759D000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF6331000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF765D000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF770D000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF6F1F000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF050B000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF6EFF000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7855000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF56B5000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF78A5000 C:\WINDOWS\system32\DRIVERS\strmdisp.sys 32768 bytes (Conexant Systems, Inc., Conexant Stream Dispatcher)
0xF7865000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF784D000 C:\WINDOWS\system32\DRIVERS\alifir.sys 28672 bytes (Acer Laboratories Inc., ALi Fast Infrared Device Driver)
0xF7845000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF5E5B000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF77CD000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7835000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF783D000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF785D000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF56C5000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF77DD000 avgrkx86.sys 20480 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)
0xF5E2B000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF56BD000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF77D5000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7955000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF786D000 C:\WINDOWS\system32\DRIVERS\rasirda.sys 20480 bytes (Microsoft Corporation, IrDA WAN Miniport Driver)
0xF7815000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF7875000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF5E3B000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF7965000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF732D000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xF7331000 C:\WINDOWS\system32\DRIVERS\FA312nd5.sys 16384 bytes (NETGEAR Corp., NETGEAR FA312 Fast Ethernet NDIS 5.0 Miniport Driver)
0xF5E01000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
0xF7A21000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF0CD1000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7969000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xF795D000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF7961000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xF1369000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7A31000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF7A41000 C:\WINDOWS\system32\DRIVERS\irenum.sys 12288 bytes (Microsoft Corporation, Infra-Red Bus Enumerator)
0xF0850000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF7329000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF731D000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF5DED000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7A51000 aliide.sys 8192 bytes (Acer Laboratories Inc., ALi mini IDE Driver)
0xF7AD1000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7A53000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7ACF000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7A4D000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7AD9000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7AFF000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7AD5000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7AD7000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7ACB000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7A4F000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7BDF000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7BF6000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7B18000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7B15000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
!-->[Hidden] C:\System Volume Information\_restore{B5C9BF17-B451-43EE-AA3E-F7B7F2ED40E4}\RP36\A0024517.gdb
==============================================
>Hooks
==============================================
ntoskrnl.exe+0x00004AA2, Type: Inline - RelativeJump 0x804DBAA2-->804DBAA9 [ntoskrnl.exe]
ntoskrnl.exe+0x0000BABC, Type: Inline - RelativeJump 0x804E2ABC-->804E2AB9 [ntoskrnl.exe]
ntoskrnl.exe+0x0000BB0C, Type: Inline - RelativeJump 0x804E2B0C-->804E2B0B [ntoskrnl.exe]
[1936]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[1936]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[1936]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[1936]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[1936]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[1936]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x771B1248-->00000000 [shimeng.dll]
[1936]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
AndyGitane
Regular Member
 
Posts: 23
Joined: November 14th, 2010, 2:24 pm

Re: Double click adware?

Unread postby Elrond » January 8th, 2011, 2:49 pm

Nothing that I can see yet.

Let's check the following:

MBRCheck

Please download MBRCheck.exe to your desktop.
  • Double-click on MBRCheck.exe to run it.
  • It will show a Black screen with some information.
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Please post the contents of that file in you're next reply.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: Double click adware?

Unread postby AndyGitane » January 8th, 2011, 7:57 pm

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000d

Kernel Drivers (total 135):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF7A4D000 \WINDOWS\system32\KDCOM.DLL
0xF795D000 \WINDOWS\system32\BOOTVID.dll
0xF74FE000 ACPI.sys
0xF7A4F000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF74ED000 pci.sys
0xF754D000 isapnp.sys
0xF755D000 ohci1394.sys
0xF756D000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7961000 compbatt.sys
0xF7965000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7A51000 aliide.sys
0xF77CD000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF74CF000 pcmcia.sys
0xF757D000 MountMgr.sys
0xF74B0000 ftdisk.sys
0xF7A53000 dmload.sys
0xF748A000 dmio.sys
0xF7969000 ACPIEC.sys
0xF7B15000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF77D5000 PartMgr.sys
0xF758D000 VolSnap.sys
0xF7472000 atapi.sys
0xF759D000 disk.sys
0xF75AD000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7452000 fltmgr.sys
0xF7440000 sr.sys
0xF7429000 KSecDD.sys
0xF739C000 Ntfs.sys
0xF736F000 NDIS.sys
0xF7355000 Mup.sys
0xF77DD000 avgrkx86.sys
0xF75BD000 AVGIDSEH.Sys
0xF76AD000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7110000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF70FC000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF70C3000 \SystemRoot\system32\drivers\ac97ali.sys
0xF709F000 \SystemRoot\system32\drivers\portcls.sys
0xF76BD000 \SystemRoot\system32\drivers\drmk.sys
0xF707C000 \SystemRoot\system32\drivers\ks.sys
0xF76CD000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7835000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF783D000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7845000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF7068000 \SystemRoot\system32\DRIVERS\parport.sys
0xF784D000 \SystemRoot\system32\DRIVERS\alifir.sys
0xF7331000 \SystemRoot\system32\DRIVERS\irenum.sys
0xF703C000 \SystemRoot\system32\DRIVERS\HSFHWALI.sys
0xF6F09000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF6E6E000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF7855000 \SystemRoot\System32\Drivers\Modem.SYS
0xF6E1A000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xF785D000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6DF6000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7865000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF76ED000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF76FD000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF770D000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF771D000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7321000 \SystemRoot\system32\DRIVERS\FA312nd5.sys
0xF731D000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF7B9B000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF786D000 \SystemRoot\system32\DRIVERS\rasirda.sys
0xF7875000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF775D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7315000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6DDF000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF776D000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF777D000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF6DCE000 \SystemRoot\system32\DRIVERS\psched.sys
0xF778D000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7825000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF78D5000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF5A4B000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF65ED000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7AE1000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF59ED000 \SystemRoot\system32\DRIVERS\update.sys
0xF7A2D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF762D000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF60DF000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF766D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7AC3000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF71F7000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xF660D000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0xF7AD1000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7B33000 \SystemRoot\System32\Drivers\Null.SYS
0xF7AD3000 \SystemRoot\System32\Drivers\Beep.SYS
0xF60C7000 \SystemRoot\System32\drivers\vga.sys
0xF7AD7000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7AD9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF60BF000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF60B7000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF71F3000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF0E66000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF0E0D000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF0DC5000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0xF0D9F000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF767D000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF661D000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF0D77000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF0D55000 \SystemRoot\System32\drivers\afd.sys
0xF65FD000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF0D2A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF0CBA000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF662D000 \SystemRoot\System32\Drivers\Fips.SYS
0xF0C7E000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0xF605D000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF75FD000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF7805000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF79F9000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF6D6E000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF0C6A000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7815000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C5B000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF048000 \SystemRoot\System32\ati2cqag.dll
0xBF080000 \SystemRoot\System32\ati3d1ag.dll
0xF0398000 \SystemRoot\system32\DRIVERS\irda.sys
0xF04BA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF012B000 \SystemRoot\system32\drivers\wdmaud.sys
0xF02A0000 \SystemRoot\system32\drivers\sysaudio.sys
0xF0091000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xEFF4C000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7A5B000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF0140000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
0xEFFA5000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xF5A83000 \SystemRoot\system32\DRIVERS\strmdisp.sys
0xF0041000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0xEFDDC000 \SystemRoot\system32\DRIVERS\srv.sys
0xEFD8C000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0xEF94E000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 33):
0 System Idle Process
4 System
760 C:\WINDOWS\system32\smss.exe
808 C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
1000 csrss.exe
1060 C:\WINDOWS\system32\winlogon.exe
1108 C:\WINDOWS\system32\services.exe
1120 C:\WINDOWS\system32\lsass.exe
1276 C:\WINDOWS\system32\svchost.exe
1376 svchost.exe
1436 C:\WINDOWS\system32\svchost.exe
1552 svchost.exe
1796 svchost.exe
1804 C:\WINDOWS\explorer.exe
476 C:\WINDOWS\system32\spoolsv.exe
652 C:\Program Files\AVG\AVG10\avgtray.exe
664 C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
672 C:\WINDOWS\system32\carpserv.exe
680 C:\Program Files\Common Files\Java\Java Update\jusched.exe
752 C:\Program Files\ArcSoft\TotalMedia Backup\uBBMonitor.exe
1864 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
316 svchost.exe
364 C:\Program Files\AVG\AVG10\avgwdsvc.exe
544 C:\Program Files\Java\jre6\bin\jqs.exe
644 C:\WINDOWS\system32\svchost.exe
1584 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
1988 C:\Program Files\AVG\AVG10\avgnsx.exe
744 C:\Program Files\AVG\AVG10\avgemcx.exe
2128 alg.exe
3088 C:\WINDOWS\system32\wuauclt.exe
1600 C:\PROGRA~1\AVG\AVG10\avgrsx.exe
2576 C:\Program Files\AVG\AVG10\avgcsrvx.exe
2536 C:\Documents and Settings\Gary\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: IC25N040ATCS04-0, Rev: CA4OA71A

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!
AndyGitane
Regular Member
 
Posts: 23
Joined: November 14th, 2010, 2:24 pm

Re: Double click adware?

Unread postby Elrond » January 10th, 2011, 3:32 am

Let's try the following:

Create a batch file
  1. Open Notepad.
  2. Copy/paste the following text into the empty Notepad window.
    Code: Select all
    @echo off
    Nslookup www.malwarebytes.org >> results.txt
    Nslookup www.google.com >> results.txt
    Nslookup www.google.co.uk  >> results.txt
    start notepad results.txt
    Del %0
    
  3. Save the file as xxx.bat on your desktop. Save it with the file type... all types *.*.
  4. Double click the file xxx.bat to execute.

results.txt should open in Notepad automatically when the script has complete, post the contents of this file in your next response.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: Double click adware?

Unread postby AndyGitane » January 10th, 2011, 1:23 pm

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.0.1

Name: malwarebytes.org
Address: 216.245.195.234
Aliases: www.malwarebytes.org

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.0.1

Name: www.l.google.com
Addresses: 72.14.204.147, 72.14.204.103, 72.14.204.99, 72.14.204.104
Aliases: www.google.com

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.0.1

Name: www.google.co.uk
Address: 67.210.15.3
AndyGitane
Regular Member
 
Posts: 23
Joined: November 14th, 2010, 2:24 pm

Re: Double click adware?

Unread postby Bob4 » January 11th, 2011, 8:14 am

Hello again Andy. Obviously I'm back. You were in the best of hands.

Change DNS servers
Print these instructions out or save them as a TXT document on your desktop. In the unlikely event something goes wrong or a number is input wrong. You may not be able to access the internet to see these instructions.


  • Click Start-Button and Open The Control Panel.
  • Locate and open Network Connections
  • Double-Click your default Network Connection from the available list (If your wireless choose that one.)
  • Click Properties
  • Highlight Internet Protocol (TCP/IP) and click on Properties again
  • Click on: “Use the following DNS server addresses”

Type these numbers into the preferred DNS block first
208.67.222.222

and these into the alternate DNS
208.67.220.220

Image

Click OK until all those windows are all closed
Now reboot your computer. Let me know if this helps.


If after this you can not get back on the internet re-follow these instructions and
Choose Obtain DNS server automatically .

Let me know if that helps.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Double click adware?

Unread postby AndyGitane » January 11th, 2011, 1:17 pm

So far, so good!!
Tried a couple of my common sites and haven't been redirected or any additional pop-ups.
I'll keep surfing and see what happens.
Thanks to both of you.
Gary (Andy is my cover)
AndyGitane
Regular Member
 
Posts: 23
Joined: November 14th, 2010, 2:24 pm

Re: Double click adware?

Unread postby Bob4 » January 11th, 2011, 3:40 pm

So far, so good!!
:cheers:

I have to do some reading on some more of this thing and will be back to you.
What you seem to have does indeed infect the router. You can tell others that are using Windows XP on the same router and having the same issues to follow those directions to the letter to use the openDNS.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Double click adware?

Unread postby Bob4 » January 11th, 2011, 8:52 pm

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the contents of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *apiqfw.dat*
    *avdrn.dat*
    
    

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Double click adware?

Unread postby AndyGitane » January 11th, 2011, 10:42 pm

Notepad is now my most popular program in the Start menu!
I use it a lot anyway. Results from SystemLook:

SystemLook 04.09.10 by jpshortstuff
Log created at 19:40 on 11/01/2011 by Gary
Administrator - Elevation successful

========== filefind ==========

Searching for "*apiqfw.dat*"
No files found.

Searching for "*avdrn.dat*"
No files found.

-= EOF =-
AndyGitane
Regular Member
 
Posts: 23
Joined: November 14th, 2010, 2:24 pm

Re: Double click adware?

Unread postby Bob4 » January 12th, 2011, 8:02 am

Internet still not being redirected ?


_______________________________________
Open OTL again
If by chance you deleted it , it can be found here
here 1
here 2

  • Click on it to open
  • I want you to place a check mark by the word none in all 6 boxes you see on the left.
  • Under Files created check NONE
  • Under files modified check NONE
  • Uncheck purity and LOP.
  • Copy the text below in the code box into the custon scan box on the bottom.
    ( DO NOT COPY THE WORD CODE)
Code: Select all

HKEY_CURRENT_USER\Software\Microsoft\adver_id
Now click on Run scan.
    When it's done 2 files will be on your desktop One will auto open.
  • * OTListIt.txt <-- Will be opened, maximized
  • * Extras.txt <-- Will be minimized on task bar. .
  • Copy the contents of that in your next reply.
Last edited by Bob4 on January 12th, 2011, 8:14 am, edited 1 time in total.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Double click adware?

Unread postby Bob4 » January 12th, 2011, 8:13 am

Andy,
How long would you say this problem has gone on ?
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 54 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware