Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

ADSITE pop ups and FireFox unstable

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

ADSITE pop ups and FireFox unstable

Unread postby Malchoff » November 3rd, 2007, 12:42 pm

Hi and thanks for reading, I am getting ad site pop ups when doing a Google search and Firefox closes unsuspectingly.



Logfile of HijackThis v1.99.1
Scan saved at 12:42:21 PM, on 11/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1162833612\ee\AOLSoftware.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\BlazeVideo\BlazeDVD4 Professional\MediaDetector.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... bd=4061002
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... bd=4061002
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: rightonadz browser optimizer - {971C3384-F75E-4562-95B3-CBE7417529BC} - C:\WINDOWS\system32\gzmrotate.dll
O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nsd59.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1162833612\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [hid_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll" DllVerify
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [BlazeServoTool] "C:\Program Files\BlazeVideo\BlazeDVD4 Professional\MediaDetector.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
Malchoff
Active Member
 
Posts: 11
Joined: November 3rd, 2007, 12:38 pm
Advertisement
Register to Remove

Unread postby askey127 » November 4th, 2007, 8:25 am

Hi Malchoff,
You may want to print this out, or save it as a Notepad document on your Desktop, since you won't have Internet access in Safe Mode.
-----------------------------------------------------------
Remove log items with HighjackThis. Start HijackThis.
Click Do System Scan Only. When the Scan is complete, Check the following entries:
(Some of these lines may be missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: rightonadz browser optimizer - {971C3384-F75E-4562-95B3-CBE7417529BC} - C:\WINDOWS\system32\gzmrotate.dll
O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nsd59.dll
O4 - HKLM\..\Run: [hid_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll" DllVerify

Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked
Click the "X" in the upper right corner of the HiJackThis window to close it.
-----------------------------------------------------------
Start Your Computer in Safe Mode.
Reboot into Safe Mode by hitting the F8 key repeatedly as the machine boots, until a menu shows up. Choose Safe Mode from the list. In some systems, this may be the F5 key, so try that if F8 doesn't work. Additional Info is here: http://www.computerhope.com/issues/chsafe.htm
-----------------------------------------------------------
File Deletion
In Windows Explorer (My Computer), navigate to the files shown below, select View, Details, highlight each listed file only, one at a time, and press Delete. Be careful not to delete any file without double-checking the exact spelling of the filename.
C:\Windows\System32\gzmrotate.dll
C:\Windows\System32\nsd59.dll
If you have any problem deleting a file, right click the file and choose Properties to see if it's read-only. Uncheck the read-only box, click Apply and OK. Then retry Delete.
Please Note the name and location of any item you cannot delete, or any file not found.
------------------------------------------------------------
REBOOT your machine into Normal Mode
------------------------------------------------------------
Update your Java.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Java components.
  • Close any programs you may have running, ESPECIALLY your web browser
  • Click Start > Control Panel > Add/Remove Programs.
  • Check any item with Java Runtime Environment, JRE, J2SE, or Java Webstart in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove all installed versions of Java.
  • Reboot your computer
Then download the latest version of Java Runtime Environment(JRE), and install it to your computer. It is the 5th one down on the page, called Java Runtime Environment (JRE) 6 Update 3
Download it, choose save, and save it to your desktop.Then doubleclick it, and it will install the newest version of Java for you to use.
-----------------------------------------------------------
Post a New HiJackThis Log
Reboot your computer. Start HijackThis.
Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log (Ctrl-A), copy and paste the log contents in a reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby Malchoff » November 4th, 2007, 8:48 pm

Hi, thanks a lot,

Logfile of HijackThis v1.99.1
Scan saved at 7:45:42 PM, on 11/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1162833612\ee\AOLSoftware.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\mrofinu72.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\BlazeVideo\BlazeDVD4 Professional\MediaDetector.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\QdrModule\QdrModule9.exe
C:\Program Files\WinAble\winable.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... bd=4061002
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... bd=4061002
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: BndShell3 BHO Class - {875A1348-7674-42aa-ADAC-B4F36A004A2D} - C:\Program Files\QdrDrive\QdrDrive8.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1162833612\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [BlazeServoTool] "C:\Program Files\BlazeVideo\BlazeDVD4 Professional\MediaDetector.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [QdrModule9] "C:\Program Files\QdrModule\QdrModule9.exe"
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
Malchoff
Active Member
 
Posts: 11
Joined: November 3rd, 2007, 12:38 pm

Unread postby askey127 » November 5th, 2007, 9:37 am

Malchoff,
Have you intentionally installed two programs named WinAble and QdrModule ?
If so, what are they and where did you get them?
----------------------------------------------------------
Download and Install CCleaner
  • Download CCleaner from here
  • Double click on ccsetupXXX_slim.exe to start the installation of CCleaner. (XXX is the version number)
  • Click OK
  • Click Next
  • Click I agree
  • Click Next
  • Click Install
  • Once the installation has finished, click Finish
-----------------------------------------------------------
Set Options in CCleaner and run Cleaning Scan.
Open CCleaner if it's not already running.
( Do not use the Registry block to clean anything with this program. It is for experts only and it is risky).
  • Select Cleaner Settings.
    Check Internet Explorer, Windows Explorer, and System so that all items are checked. In the Advanced section, have a check only on Old PreFetch Data.
  • Click on the Options block on the left. Select Advanced.
    Uncheck Only delete files in Windows Temp folders older than 48 hours.
  • Set Cookie Retention.
    Click on the Options block on the left, then choose Cookies.
    Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane.
  • Run Cleaning Scan. Click on the Cleaner block on the left. Choose the Windows tab.
    Click the Run Cleaner button. This process could take a while. When CCleaner shows how much has been removed, cleaning is finished.
-----------------------------------------------------------
Retrieve the Installed Programs List from CCleaner
Open CCleaner if it's not already running.
In the Left Pane, click Tools
Verify that Uninstall is highlighted in color, or click on it.
In the lower Right, click Save to Text File.
Pull down the arrow at the top of the Save dialog and choose Desktop as the location.
You can leave the filename as install.txt
Click Save
Exit CCleaner by clicking on the X button in the upper right of the CCleaner window.
-----------------------------------------------------
Using Internet Explorer, Please Do an Online Scan with Kaspersky WebScanner.
Go here to run an online scanner from Kaspersky.
  • Click on "Kaspersky Online Scanner"
  • A new smaller window will pop up. Press on "Accept". After reading the contents.
  • Now Kaspersky will update the anti-virus database. Let it run.
  • Click on "Next">"Scan Settings", and make sure the database is set to "extended". And check both the scan options. Then click OK.
  • Then click on "My Computer", and the scan will start.
  • Once finished, save the log to your Desktop as filename KAV.txt

Please post the contents of CCleaner's install.txt file, the contents of KAV.TXT and the answer to the new programs question above.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: ADSITE pop ups and FireFox unstable

Unread postby Malchoff » November 16th, 2007, 8:58 pm

Hi and sorry for the delay, this is not my personal computer and haven't been in the area to do a follow up. I have completed the next set of guidelines and here are my results.

Have you intentionally installed two programs named WinAble and QdrModule ?
If so, what are they and where did you get them?

I have never heard of these programs and no i did not intentionally install them. I also have noticed outer info pop ups.

CCleaner

924PLC32
ABBYY FineReader 6.0 Sprint
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 8.1.0
Adobe Shockwave Player
Adobe Stock Photos 1.0
Adssite Advanced Toolbar
Adssite Games Collection
AIM 6
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
AutoUpdate
BlazeDVD 4.0 Professional
Browser Optimizer Adssite
Browser Optimizer Rightonadz
CCleaner (remove only)
Conexant D850 56K V.9x DFVc Modem
DAEMON Tools
Dell CinePlayer
Dell Driver Reset Tool
Dell Photo AIO Printer 924
Dell System Restore
DellSupport
Digital Content Portal
Digital Line Detect
DivX Codec
DivX Player
DivX Web Player
Documentation & Support Launcher
EducateU
ELIcon
ESPNMotion
Games, Music, & Photos Launcher
High Definition Audio Driver Package - KB835221
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB908673)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB921411)
Hotfix for Windows XP (KB926239)
Insider
Intel(R) Matrix Storage Manager
Intel(R) PRO Network Connections 11.0.45.17
Intel(R) PROSafe for Wired Connections
Intel(R) Quick Resume Technology Drivers
Intel® Viiv™ Software
Internet Service Offers Launcher
Internet Speed Monitor
iPod for Windows 2006-06-28
iTunes
Java DB 10.2.2.0
Java(TM) 6 Update 3
Java(TM) SE Development Kit 6 Update 3
LimeWire 4.12.6
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Basic Edition 2003
Microsoft Office Small Business Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
Modem Helper
Mozilla Firefox (2.0.0.9)
MSN
MSXML 4.0 SP2 (KB936181)
NetWaiting
NetZeroInstallers
NVIDIA Drivers
Outerinfo
QuickTime
RealPlayer Basic
Rhapsody Player Engine
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
SearchAssist
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
TMASOEDL
TMASOLDL
Trend Micro PC-cillin Internet Security 12
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Viewpoint Toolbar
WebCyberCoach 3.2 Dell
WebFldrs XP
WinAble
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890927
Windows XP Hotfix - KB891781
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766

KASPERSKY ONLINE SCANNER REPORT
Friday, November 16, 2007 7:48:34 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 17/11/2007
Kaspersky Anti-Virus database records: 460625
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects 57900
Number of viruses found 23
Number of infected objects 85
Number of suspicious objects 0
Duration of the scan process 00:50:09

Infected Object Name Virus Name Last Action
C:\2C.tmp Infected: Trojan-Downloader.Win32.Small.gll skipped
C:\42.tmp Infected: Trojan.Win32.Inject.ju skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Documents\Settings\abc32.dll Object is locked skipped
C:\Documents and Settings\Ashley\Application Data\acccore\nss\cert8.db Object is locked skipped
C:\Documents and Settings\Ashley\Application Data\acccore\nss\key3.db Object is locked skipped
C:\Documents and Settings\Ashley\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Ashley\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped
C:\Documents and Settings\Ashley\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped
C:\Documents and Settings\Ashley\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\006f2c3l.default\cert8.db Object is locked skipped
C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\006f2c3l.default\history.dat Object is locked skipped
C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\006f2c3l.default\key3.db Object is locked skipped
C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\006f2c3l.default\parent.lock Object is locked skipped
C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\006f2c3l.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\006f2c3l.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Ashley\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Ashley\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Ashley\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Ashley\Local Settings\Application Data\AOL OCP\AIM\Storage\data\ashgirl8586\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Ashley\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Ashley\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Ashley\Local Settings\Application Data\Mozilla\Firefox\Profiles\006f2c3l.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Ashley\Local Settings\Application Data\Mozilla\Firefox\Profiles\006f2c3l.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Ashley\Local Settings\Application Data\Mozilla\Firefox\Profiles\006f2c3l.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Ashley\Local Settings\Application Data\Mozilla\Firefox\Profiles\006f2c3l.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Ashley\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ashley\Local Settings\History\History.IE5\MSHist012007111620071117\index.dat Object is locked skipped
C:\Documents and Settings\Ashley\Local Settings\Temp\Perflib_Perfdata_50c.dat Object is locked skipped
C:\Documents and Settings\Ashley\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ashley\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Ashley\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Ashley\Shared\hughes-hallett multivariable bittorrent downloader.zip/BitDownload Setup.exe/data0007 Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\Ashley\Shared\hughes-hallett multivariable bittorrent downloader.zip/BitDownload Setup.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\Ashley\Shared\hughes-hallett multivariable bittorrent downloader.zip ZIP: infected - 2 skipped
C:\Documents and Settings\Ashley\Shared\maple 10 LimeWire Download Accelerator.zip/LimeWire Download Accelerator.exe/data0006 Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\Ashley\Shared\maple 10 LimeWire Download Accelerator.zip/LimeWire Download Accelerator.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\Ashley\Shared\maple 10 LimeWire Download Accelerator.zip ZIP: infected - 2 skipped
C:\Documents and Settings\Ashley\Shared\multivariable calculus answer new.zip/setup.exe/data0005/stream/data0004 Infected: not-a-virus:AdWare.Win32.TrafficSol.n skipped
C:\Documents and Settings\Ashley\Shared\multivariable calculus answer new.zip/setup.exe/data0005/stream Infected: not-a-virus:AdWare.Win32.TrafficSol.n skipped
C:\Documents and Settings\Ashley\Shared\multivariable calculus answer new.zip/setup.exe/data0005 Infected: not-a-virus:AdWare.Win32.TrafficSol.n skipped
C:\Documents and Settings\Ashley\Shared\multivariable calculus answer new.zip/setup.exe/data0006/stream/data0004 Infected: not-a-virus:AdWare.Win32.BHO.ha skipped
C:\Documents and Settings\Ashley\Shared\multivariable calculus answer new.zip/setup.exe/data0006/stream/data0005 Infected: not-a-virus:AdWare.Win32.BHO.lq skipped
C:\Documents and Settings\Ashley\Shared\multivariable calculus answer new.zip/setup.exe/data0006/stream Infected: not-a-virus:AdWare.Win32.BHO.lq skipped
C:\Documents and Settings\Ashley\Shared\multivariable calculus answer new.zip/setup.exe/data0006 Infected: not-a-virus:AdWare.Win32.BHO.lq skipped
C:\Documents and Settings\Ashley\Shared\multivariable calculus answer new.zip/setup.exe Infected: not-a-virus:AdWare.Win32.BHO.lq skipped
C:\Documents and Settings\Ashley\Shared\multivariable calculus answer new.zip ZIP: infected - 8 skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Hijackthis\backups\backup-20071104-192705-927.dll Infected: not-a-virus:AdWare.Win32.NewWeb.ar skipped
C:\Program Files\Outerinfo\FF\components\FF.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\13F.tmp Infected: Trojan-Downloader.Win32.Agent.epl skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\15A.tmp Infected: not-a-virus:AdWare.Win32.Rond.d skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\167.tmp Infected: Trojan-Downloader.Win32.Agent.epl skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\19.tmp Infected: Trojan-Downloader.Win32.Agent.erf skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\1A.tmp Infected: Trojan-Downloader.Win32.Agent.cbx skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\25.tmp Infected: Trojan-Downloader.Win32.Agent.erf skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\28.tmp Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\2B.tmp Infected: Trojan-Downloader.Win32.Agent.cbx skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\2E.tmp Infected: not-a-virus:AdWare.Win32.Rond.d skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3E.tmp/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3E.tmp NSIS: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3E.tmp CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\4DB3.tmp Infected: Trojan-Downloader.Win32.Agent.emo skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\54.tmp Infected: Trojan-Downloader.Win32.Agent.fak skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\57.tmp Infected: Trojan-Downloader.Win32.Agent.erf skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\5E.tmp Infected: Trojan-Downloader.Win32.Agent.cbx skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\62.tmp Infected: not-a-virus:AdWare.Win32.Rond.d skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\65.tmp Infected: Trojan-Downloader.Win32.Agent.epl skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\72.tmp/b138.exe Infected: Trojan-Downloader.Win32.Agent.cbx skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\72.tmp ZIP: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\72.tmp CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\73.tmp/b122.exe Infected: Trojan-Downloader.Win32.Agent.erf skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\73.tmp ZIP: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\73.tmp CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\74.tmp/b103.exe Infected: not-a-virus:AdWare.Win32.Rond.d skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\74.tmp ZIP: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\74.tmp CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\75.tmp/b143.exe Infected: Trojan-Downloader.Win32.Agent.epl skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\75.tmp ZIP: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\75.tmp CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\76.tmp/mrofinu.exe Infected: Trojan-Downloader.Win32.Agent.fak skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\76.tmp ZIP: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\76.tmp CryptFF.b: infected - 1 skipped
C:\Program Files\WinAble\winable.exe Infected: Trojan-Downloader.Win32.Adload.ni skipped
C:\Program Files\Words\Words.exe Infected: not-a-virus:AdWare.Win32.Agent.tj skipped
C:\RECYCLER\S-1-5-21-1197259622-3994700968-1473833999-500\Dc1.dll Infected: not-a-virus:AdWare.Win32.NewWeb.ar skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP346\A0022215.dll Infected: not-a-virus:AdWare.Win32.TrafficSol.n skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP347\A0022231.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP347\A0022291.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP348\A0022325.dll Infected: not-a-virus:AdWare.Win32.BHO.id skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP348\A0022328.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP349\A0022351.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP350\A0022356.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP350\A0022375.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP350\A0022376.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP350\A0022377.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP350\A0022391.dll Infected: not-a-virus:AdWare.Win32.TrafficSol.k skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP363\A0023419.exe Infected: Trojan-Downloader.Win32.Adload.ni skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP366\A0023786.dll Infected: not-a-virus:AdWare.Win32.PurityScan.gl skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP366\A0023792.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP369\A0023964.exe Infected: Trojan-Downloader.Win32.Agent.ezc skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP369\A0023965.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP369\A0023965.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP369\A0023965.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP369\A0023965.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP370\A0024026.exe Infected: Trojan-Downloader.Win32.Agent.ezc skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP370\A0024027.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP370\A0024027.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP370\A0024027.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP370\A0024027.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP370\change.log Object is locked skipped
C:\WINDOWS\b104.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\WINDOWS\b104.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\WINDOWS\b104.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\WINDOWS\b104.exe NSIS: infected - 3 skipped
C:\WINDOWS\b128.exe Infected: Trojan-Downloader.Win32.Agent.ezc skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{79A4DCA9-AC7B-4DF1-9CDC-99FF96103614}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\IntelDH.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\jrwgvbca.dll Infected: not-a-virus:AdWare.Win32.PurityScan.gl skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\abcA569.tmp Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Malchoff
Active Member
 
Posts: 11
Joined: November 3rd, 2007, 12:38 pm

Re: ADSITE pop ups and FireFox unstable

Unread postby askey127 » November 17th, 2007, 8:42 am

Malchoff,
This machine is seriously infected. We will do our best to rescue it. This is kind of long, but just do step by step. and try to do it all at once without interruption.
You should PRINT this out, or save it as a Notepad file on the desktop.
Please perform the steps in the sequence given, and refrain from running any extra scans, extra removals, or extra installations while we are working on your machine.
It is important that you DO NOT Turn OFF System Restore, your AntiVirus Program or your Firewall unless instructed to do so. If there is anything you can't do, or any instruction that you don't understand, then please let me know in a reply.
-----------------------------------------------------------
Peer to Peer File Sharing
Please note that as long as you're using any form of Peer-to-Peer networking (utorrent, Limewire, etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur.

When you use Peer-to-peer (P2P) programs, you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. It's hardly surprising that many of the available downloads are being used by malware purveyors as a delivery method for their infections. Further, if your P2P program is not configured correctly you may be sharing more files than you realize. See here : http://www.infoworld.com/article/07/09/06/Seattle-man-arrested-for-p-to-p-ID-theft_1.html

Even if you have one of the SAFE P2P programs, the practice of file-sharing is very UNSAFE for the health of your PC.
You may decide to continue P2P sharing, but keep in mind that this practice may be the source of major PC infections.
Better ask yourself if you and your system CD are REALLY ready to reformat your Hard Drive and Re-install Windows.

The risks of using P2P programs are described here Sourceforge webpage and in this Information Week article.
Some malware help forums are now refusing to help those who show up with infections from P2P usage.
I think you should stop using and Uninstall Limewire, but it's your decision.
-----------------------------------------------------------
Use Add/Remove Programs In Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

Adssite Advanced Toolbar
Adssite Games Collection
Browser Optimizer Adssite
LimeWire 4.12.6
QdrModule
SearchAssist
WinAble
Outerinfo

If OuterInfo does not show under Add/Remove Programs, or if it does not Uninstall, try this:
Use OUTER INFO Uninstaller
Run the OIN Uninstaller from here : http://www.outerinfo.com/OiUninstaller.exe
Even if you cannot uninstall OuterInfo, proceed as follows::
-----------------------------------------------------------
REBOOT THE COMPUTER
-----------------------------------------------------------
Use My Computer, doubleclick C:\, then doubleclick Program Files
Scroll down, highlight, and Delete any of the following folders present:.
QdrModule
Yazzle
YazzleActiveX
Purityscan
Snowballwars
Cowabanga
Yazzle by Oin
Purityscan by Oin
Snowballwars by Oin
==> any similar folder with "Oin" or "Outerinfo" in it.
Zolero
Tizzletalk
MediaTickets
Cowabanga
Winable
Words

You may have to first open the folder, choose View, Details, and delete all the underlying files and folders before an entire folder can be deleted.
If you need to delete underlying files in a folder and are unable to do so:
Right click the file set for deletion, and check Properties to see if it's read-only. Uncheck the read-only box, click Apply and OK. Then retry Delete.
If a message pops up saying "File in use", or something like that,, note the name of the file, hit Ctrl-Alt-Delete and look under the Processes tab. If the exact filename is in there, highlight it and click End Process, then retry Delete.
Please Note the name and location of any item you cannot delete, or any file not found.
-----------------------------------------------------------
File Deletion
In Windows Explorer (My Computer), navigate to the files shown below, select View, Details, highlight each listed file only, one at a time, and press Delete. Be careful not to delete any file without double-checking the exact spelling of the filename.
C:\2C.tmp
C:\42.tmp
C:\Windows\b104.exe
C:\Windows\b128.exe
C:\Windows\System32\jrwgvbca.dll
C:\Documents and Settings\Ashley\Shared\multivariable calculus answer new.zip
C:\Documents and Settings\Ashley\Shared\hughes-hallett multivariable bittorrent downloader.zip
C:\Documents and Settings\Ashley\Shared\maple 10 LimeWire Download Accelerator.zip
If you have any problem deleting a file, right click the file and choose Properties to see if it's read-only. Uncheck the read-only box, click Apply and OK. Then retry Delete.
If a message pops up saying "File in use", or something like that, hit Ctrl-Alt-Delete and look under the Processes tab. If the exact filename is in there, highlight it and click End Process, then retry Delete.
Please Note the name and location of any item you cannot delete, or any file not found.
-----------------------------------------------------------
Download and Run ComboFix-----------------------------------------------------------
Post a New HiJackThis Log
Reboot your computer. Start HijackThis .
Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log (Ctrl-A), copy and paste the log contents in a reply, along with the contents of C:\Combofix,txt

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: ADSITE pop ups and FireFox unstable

Unread postby Malchoff » November 17th, 2007, 4:40 pm

Hi and thanks again. One of the files not found was C:\Windows\System32\jrwgvbca.dll

Logfile of HijackThis v1.99.1
Scan saved at 3:25:47 PM, on 11/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1162833612\ee\AOLSoftware.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\BlazeVideo\BlazeDVD4 Professional\MediaDetector.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... bd=4061002
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: BndShell3 BHO Class - {875A1348-7674-42aa-ADAC-B4F36A004A2D} - C:\Program Files\QdrDrive\QdrDrive8.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1162833612\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [BlazeServoTool] "C:\Program Files\BlazeVideo\BlazeDVD4 Professional\MediaDetector.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [QdrModule9] "C:\Program Files\QdrModule\QdrModule9.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C82EA68-819B-4D62-B18C-F33D669B4E5B}: NameServer = 85.255.114.11,85.255.112.98
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F8465B8-F39B-4052-AE77-A5C76645AC4F}: NameServer = 85.255.114.11,85.255.112.98
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.11 85.255.112.98
O17 - HKLM\System\CS1\Services\Tcpip\..\{1C82EA68-819B-4D62-B18C-F33D669B4E5B}: NameServer = 85.255.114.11,85.255.112.98
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.11 85.255.112.98
O20 - Winlogon Notify: abc32reg - C:\Documents and Settings\All Users\Documents\Settings\abc32.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


ComboFix 07-11-08.1 - Ashley 2007-11-17 15:14:07.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.401 [GMT -5:00]
Running from: C:\Documents and Settings\Ashley\Desktop\ComboFix.exe
* Created a new restore point
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users.\documents\settings\abc32.dll
C:\Documents and Settings\All Users.\documents\settings\desktop.ini
C:\Documents and Settings\Ashley\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\Ashley\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\Ashley\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Program Files\Common Files\Yazzle1560OinAdmin.exe
C:\Program Files\Common Files\Yazzle1560OinUninstaller.exe
C:\Program Files\Common Files\ystem~1
C:\Program Files\dobe~1
C:\Program Files\inetget2
C:\Program Files\Insider
C:\Program Files\Insider\Insider.exe
C:\Program Files\Insider\UnInstall.exe
C:\Program Files\ISM
C:\Program Files\ISM\ism.exe
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\QdrPack
C:\Program Files\QdrPack\dicts.gz
C:\Program Files\QdrPack\QdrPack9.exe
C:\Program Files\QdrPack\trgts.gz
C:\Program Files\Temporary
C:\Program Files\ystem3~1
C:\WINDOWS\b111.exe
C:\WINDOWS\b147.exe
C:\WINDOWS\b148.exe
C:\WINDOWS\system32\kdbte.exe

.
((((((((((((((((((((((((( Files Created from 2007-10-17 to 2007-11-17 )))))))))))))))))))))))))))))))
.

2007-11-17 15:13 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-16 17:44 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-16 17:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-08 15:50 35,840 -ra------ C:\WINDOWS\mrofinu72.exe
2007-11-07 21:36 <DIR> d-------- C:\Program Files\CCleaner
2007-11-04 19:44 <DIR> d-------- C:\Program Files\Sun
2007-11-04 19:41 <DIR> d-------- C:\Program Files\Common Files\Java
2007-11-04 11:17 <DIR> d-------- C:\Program Files\QdrDrive
2007-11-03 11:22 73,728 --a------ C:\KillBox.exe
2007-11-02 20:57 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-02 20:27 <DIR> d-------- C:\bintheredunthat
2007-10-22 22:06 <DIR> d-------- C:\Documents and Settings\Ashley\Application Data\Adssite Advanced Toolbar
2007-10-22 22:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Long slow road itch
2007-10-19 10:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-14 14:21 --------- d-----w C:\Program Files\Dl_cats
2007-11-05 00:44 --------- d-----w C:\Program Files\Java
2007-11-04 17:47 --------- d-----w C:\Program Files\AIM6
2007-11-04 17:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-11-04 17:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-03 01:46 --------- d-----w C:\Program Files\LimeWire
2007-11-03 01:46 --------- d-----w C:\Program Files\DivX
2007-11-03 01:46 --------- d-----w C:\Program Files\Common Files\AOL
2007-10-23 13:39 --------- d-----w C:\Program Files\Real
2007-09-17 18:40 35,856 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
2007-09-17 18:40 202,768 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys
2007-09-17 18:31 1,126,072 ----a-w C:\WINDOWS\system32\drivers\VsapiNT.sys
2007-05-14 22:41 706 ----a-w C:\Documents and Settings\Ashley\Application Data\wklnhst.dat
2006-11-06 04:37 251 ----a-w C:\Program Files\wt3d.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{875A1348-7674-42aa-ADAC-B4F36A004A2D}]
2007-10-27 14:37 192512 --a------ C:\Program Files\QdrDrive\QdrDrive8.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 14:01]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-16 15:39]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 17:20 C:\WINDOWS\stsystra.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 07:15]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 03:12]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 16:36]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50]
"DLCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-09-14 00:50]
"dlccmon.exe"="C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-10-21 02:40]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 16:24]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-27 12:34]
"HostManager"="C:\Program Files\Common Files\AOL\1162833612\ee\AOLSoftware.exe" [2006-05-09 19:24]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 11:59]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 20:39]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 10:20]
"BlazeServoTool"="C:\Program Files\BlazeVideo\BlazeDVD4 Professional\MediaDetector.exe" [2005-09-16 19:30]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09]
"QdrModule9"="C:\Program Files\QdrModule\QdrModule9.exe" []
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 09:37]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-10-02 06:46:36]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\abc32reg]
C:\Documents and Settings\All Users\Documents\Settings\abc32.dll

S3 NAL;Nal Service ;\??\C:\WINDOWS\system32\Drivers\iqvw32.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-17 15:19:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\label.dll 106496 bytes executable
C:\WINDOWS\system32\migpwd.dll 34408 bytes
C:\WINDOWS\system32\p2psvc.cpl 850 bytes
C:\WINDOWS\system32\comp.dll 8173 bytes

scan completed successfully
hidden files: 4

**************************************************************************
.
Completion time: 2007-11-17 15:22:08 - machine was rebooted
.
--- E O F ---
Malchoff
Active Member
 
Posts: 11
Joined: November 3rd, 2007, 12:38 pm

Re: ADSITE pop ups and FireFox unstable

Unread postby askey127 » November 17th, 2007, 5:02 pm

Malchoff,
------------------------------------------------------------
Download, Run FixWareout
You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so.
Your system may take longer than usual to load; this is normal.
At the end of the fix, you may need to restart your computer again.

Finally, please post a fresh HijackThis log, along with the contents of the logfile C:\fixwareout\report.txt

Now lets check some settings on your system.
In the windows control panel. If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections. Then right click on your default connection, usually local area connection for Cable and DSL, and left click on properties. Click the Networking tab. Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says "Obtain DNS servers automatically"
Press OK twice to get out of the properties screen and reboot if it asks.
That option might not be available on some systems.
Next go Start, Run and type cmd and hit OK
now type:
ipconfig /flushdns
(note that a space between ipconfig and / is needed)
then hit Enter, type exit and hit Enter again.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: ADSITE pop ups and FireFox unstable

Unread postby Malchoff » November 17th, 2007, 8:48 pm

Logfile of HijackThis v1.99.1
Scan saved at 7:40:04 PM, on 11/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1162833612\ee\AOLSoftware.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\BlazeVideo\BlazeDVD4 Professional\MediaDetector.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TSC.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... bd=4061002
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: BndShell3 BHO Class - {875A1348-7674-42aa-ADAC-B4F36A004A2D} - C:\Program Files\QdrDrive\QdrDrive8.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1162833612\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [BlazeServoTool] "C:\Program Files\BlazeVideo\BlazeDVD4 Professional\MediaDetector.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [QdrModule9] "C:\Program Files\QdrModule\QdrModule9.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O20 - Winlogon Notify: abc32reg - C:\Documents and Settings\All Users\Documents\Settings\abc32.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Username "Ashley" - 11/17/2007 19:31:03 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.114.11 85.255.112.98" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{1C82EA68-819B-4D62-B18C-F33D669B4E5B}
"nameserver"="85.255.114.11,85.255.112.98" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{1F8465B8-F39B-4052-AE77-A5C76645AC4F}
"nameserver"="85.255.114.11,85.255.112.98" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{1F8465B8-F39B-4052-AE77-A5C76645AC4F}
"DhcpNameServer"="85.255.114.11,85.255.112.98" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{29B39846-0902-49E5-B96A-2F1FC54E9A72}
"DhcpNameServer"="85.255.114.11,85.255.112.98" <Value cleared.

Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"SigmatelSysTrayApp"="stsystra.exe"
"IAAnotif"="C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\Iaanotif.exe"
"DMXLauncher"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe"
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 12\\pccguide.exe\""
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"DLCCCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\DLCCtime.dll,_RunDLLEntry@16"
"dlccmon.exe"="\"C:\\Program Files\\Dell Photo AIO Printer 924\\dlccmon.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1162833612\\ee\\AOLSoftware.exe"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="\"C:\\Program Files\\Trend Micro\\Internet Security 12\\TMAS_OE\\TMAS_OEMon.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"
"BlazeServoTool"="\"C:\\Program Files\\BlazeVideo\\BlazeDVD4 Professional\\MediaDetector.exe\""
"DellSupport"="\"C:\\Program Files\\DellSupport\\DSAgnt.exe\" /startup"
"QdrModule9"="\"C:\\Program Files\\QdrModule\\QdrModule9.exe\""
"AdobeUpdater"="C:\\Program Files\\Common Files\\Adobe\\Updater5\\AdobeUpdater.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~
Malchoff
Active Member
 
Posts: 11
Joined: November 3rd, 2007, 12:38 pm

Re: ADSITE pop ups and FireFox unstable

Unread postby askey127 » November 18th, 2007, 8:30 am

Malchoff,
-----------------------------------------------------------
Set Your Computer to Show All Files
  1. Click Start.
  2. Click My Computer.
  3. Select the Tools menu and click Folder Options.
  4. Select the View Tab.
  5. Under the Hidden files and folders heading, select Show hidden files and folders.
  6. Uncheck Hide protected operating system files (recommended).
  7. Click Yes to confirm.
  8. Uncheck the Hide file extensions for known file types.
-----------------------------------------------------------
Remove log items with HighjackThis. Start HijackThis.
Click Do System Scan Only. When the Scan is complete, Check the following entries:

O20 - Winlogon Notify: abc32reg - C:\Documents and Settings\All Users\Documents\Settings\abc32.dll (file missing)

Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked
Click the "X" in the upper right corner of the HiJackThis window to close it.
-----------------------------------------------------------
Unregister dlls for removal.
Go to Start, Run OR Start, Programs, Accessories, Command Prompt. Enter the following line, followed by 'Enter'.

regsvr32 /u abc.dll

It's OK if not found, or 'errors' out.
Type "Exit" to leave the command-line box.
-----------------------------------------------------------
File Deletion
In Windows Explorer (My Computer), navigate to the file shown below, select View, Details, highlight the listed file only, and press Delete. Be careful not to delete any file without double-checking the exact spelling of the filename.

C:\Documents and Settings\All Users\Documents\Settings\abc32.dll

If you have any problem deleting a file, right click the file and choose Properties to see if it's read-only. Uncheck the read-only box, click Apply and OK. Then retry Delete.
-----------------------------------------------------------
Post a New HiJackThis Log
Reboot your computer. Start HijackThis .
Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log (Ctrl-A), copy and paste the log contents in a reply.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: ADSITE pop ups and FireFox unstable

Unread postby 'KotaGuy » December 14th, 2007, 9:58 am

This topic is now closed due to inactivity. If you wish it to be reopened, please send an email to 'admin at malwareremoval.com' with a link to your thread.

If it has been 10 days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, this topic will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 295 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware