Results 1 to 4 of 4
  1. #1
    Member
    Join Date
    Oct 2012
    Posts
    2
    Points
    0

    Unhappy Nasty bu, need help!

    Got a really mean virus on my machine and I cant figure out how to get it... I have the Hijackthis log below, however, Malwarebytes, SuperAntiSpyware, Spybot, and avast have all turned out clean scans. I know its there because of the inordinate number of processes running (like the 13 instances of svchost.exe )... and the fact that when it first got onto my machine, it wiped out avast, malwarebytes, and my system restore... can someone help me kill this thing?

    Hijackthis log:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 1:52:39 PM, on 10/14/2012
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v7.00 (7.00.6002.18005)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
    C:\Users\IUFMarine\Downloads\HijackThis.exe
    C:\Users\IUFMarine\Downloads\ccsetup323.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - News, Sports, Weather, Entertainment, Stocks & Local
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = DAEMON-Search.com :: STARTPAGE
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - News, Sports, Weather, Entertainment, Stocks & Local
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = AOL.com - News, Sports, Weather, Entertainment, Stocks & Local
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
    O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
    O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
    O4 - HKLM\..\Run: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"
    O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
    O4 - HKLM\..\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Users\IUFMarine\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-2382934377-875918273-3568907082-1003\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN (User 'UpdatusUser')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O15 - Trusted Zone: Rhapsody :: Subscription Music Service: Listen All You Want: Millions of Songs
    O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} -
    O17 - HKLM\System\CCS\Services\Tcpip\..\{15ECB633-997B-47A5-8098-A4DF8D072B64}: NameServer = 184.106.242.193,67.23.7.56
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BF6E039F-8812-49D9-8155-4B5EDD4B4032}: NameServer = 184.106.242.193,67.23.7.56
    O17 - HKLM\System\CS1\Services\Tcpip\..\{15ECB633-997B-47A5-8098-A4DF8D072B64}: NameServer = 184.106.242.193,67.23.7.56
    O17 - HKLM\System\CS4\Services\Tcpip\..\{15ECB633-997B-47A5-8098-A4DF8D072B64}: NameServer = 184.106.242.193,67.23.7.56
    O17 - HKLM\System\CS5\Services\Tcpip\..\{15ECB633-997B-47A5-8098-A4DF8D072B64}: NameServer = 184.106.242.193,67.23.7.56
    O17 - HKLM\System\CS6\Services\Tcpip\..\{15ECB633-997B-47A5-8098-A4DF8D072B64}: NameServer = 184.106.242.193,67.23.7.56
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe (file missing)
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
    O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 13941 bytes




    In the 023 section there are a large number of unknown services running that only started after my machine became infected...

    Malwarebytes log:
    Malwarebytes Anti-Malware 1.65.0.1400
    Malwarebytes : Free anti-malware download

    Database version: v2012.10.14.01

    Windows Vista Service Pack 2 x64 NTFS
    Internet Explorer 7.0.6002.18005
    IUFMarine :: XAZIER [administrator]

    10/14/2012 2:05:19 PM
    mbam-log-2012-10-14 (14-05-19).txt

    Scan type: Full scan (C:\|D:\|J:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 546084
    Time elapsed: 2 hour(s), 40 minute(s), 37 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)




    dang thing swears that its clean...



    SuperAntiSpyware complete scan log and separate System32 scan as well

    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 10/14/2012 at 03:49 PM

    Application Version : 5.6.1010

    Core Rules Database Version : 9400
    Trace Rules Database Version: 7212

    Scan type : Complete Scan
    Total Scan Time : 01:38:07

    Operating System Information
    Windows Vista Home Premium 64-bit, Service Pack 2 (Build 6.00.6002)
    UAC Off - Administrator

    Memory items scanned : 576
    Memory threats detected : 0
    Registry items scanned : 81216
    Registry threats detected : 0
    File items scanned : 84626
    File threats detected : 47

    Adware.Tracking Cookie
    .kontera.com [ C:\USERS\IUFMARINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WXBGB0W2.DEFAULT\COOKIES.SQLITE ]
    .doubleclick.net [ C:\USERS\IUFMARINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WXBGB0W2.DEFAULT\COOKIES.SQLITE ]
    .mm.chitika.net [ C:\USERS\IUFMARINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WXBGB0W2.DEFAULT\COOKIES.SQLITE ]
    .doubleclick.net [ C:\USERS\IUFMARINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WXBGB0W2.DEFAULT\COOKIES.SQLITE ]
    .247realmedia.com [ C:\USERS\IUFMARINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WXBGB0W2.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\IUFMARINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WXBGB0W2.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\IUFMARINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WXBGB0W2.DEFAULT\COOKIES.SQLITE ]
    .at.atwola.com [ C:\USERS\IUFMARINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WXBGB0W2.DEFAULT\COOKIES.SQLITE ]
    track.prd1.netshelter.net [ C:\USERS\IUFMARINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WXBGB0W2.DEFAULT\COOKIES.SQLITE ]
    .serving-sys.com [ C:\USERS\IUFMARINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WXBGB0W2.DEFAULT\COOKIES.SQLITE ]
    .serving-sys.com [ C:\USERS\IUFMARINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WXBGB0W2.DEFAULT\COOKIES.SQLITE ]
    .serving-sys.com [ C:\USERS\IUFMARINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WXBGB0W2.DEFAULT\COOKIES.SQLITE ]
    .serving-sys.com [ C:\USERS\IUFMARINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WXBGB0W2.DEFAULT\COOKIES.SQLITE ]
    .tribalfusion.com [ C:\USERS\IUFMARINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WXBGB0W2.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\IUFMARINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WXBGB0W2.DEFAULT\COOKIES.SQLITE ]
    .interclick.com [ C:\USERS\IUFMARINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WXBGB0W2.DEFAULT\COOKIES.SQLITE ]
    .realmedia.com [ C:\USERS\IUFMARINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WXBGB0W2.DEFAULT\COOKIES.SQLITE ]
    .interclick.com [ C:\USERS\IUFMARINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WXBGB0W2.DEFAULT\COOKIES.SQLITE ]
    .interclick.com [ C:\USERS\IUFMARINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WXBGB0W2.DEFAULT\COOKIES.SQLITE ]
    .realmedia.com [ C:\USERS\IUFMARINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WXBGB0W2.DEFAULT\COOKIES.SQLITE ]
    network.realmedia.com [ C:\USERS\IUFMARINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WXBGB0W2.DEFAULT\COOKIES.SQLITE ]
    .liveperson.net [ C:\USERS\IUFMARINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WXBGB0W2.DEFAULT\COOKIES.SQLITE ]
    server.iad.liveperson.net [ C:\USERS\IUFMARINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WXBGB0W2.DEFAULT\COOKIES.SQLITE ]
    .liveperson.net [ C:\USERS\IUFMARINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WXBGB0W2.DEFAULT\COOKIES.SQLITE ]
    .ru4.com [ C:\USERS\IUFMARINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WXBGB0W2.DEFAULT\COOKIES.SQLITE ]
    .adserver.adtechus.com [ C:\USERS\IUFMARINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WXBGB0W2.DEFAULT\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\USERS\IUFMARINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WXBGB0W2.DEFAULT\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\USERS\IUFMARINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WXBGB0W2.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\IUFMARINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WXBGB0W2.DEFAULT\COOKIES.SQLITE ]
    .server.cpmstar.com [ C:\USERS\IUFMARINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WXBGB0W2.DEFAULT\COOKIES.SQLITE ]
    .apmebf.com [ C:\USERS\IUFMARINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WXBGB0W2.DEFAULT\COOKIES.SQLITE ]
    .apmebf.com [ C:\USERS\IUFMARINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WXBGB0W2.DEFAULT\COOKIES.SQLITE ]
    .fastclick.net [ C:\USERS\IUFMARINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WXBGB0W2.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\IUFMARINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WXBGB0W2.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\IUFMARINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WXBGB0W2.DEFAULT\COOKIES.SQLITE ]
    .atdmt.com [ C:\USERS\IUFMARINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WXBGB0W2.DEFAULT\COOKIES.SQLITE ]
    .atdmt.com [ C:\USERS\IUFMARINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WXBGB0W2.DEFAULT\COOKIES.SQLITE ]
    .server.cpmstar.com [ C:\USERS\IUFMARINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WXBGB0W2.DEFAULT\COOKIES.SQLITE ]
    .server.cpmstar.com [ C:\USERS\IUFMARINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WXBGB0W2.DEFAULT\COOKIES.SQLITE ]
    .fastclick.net [ C:\USERS\IUFMARINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WXBGB0W2.DEFAULT\COOKIES.SQLITE ]
    .server.cpmstar.com [ C:\USERS\IUFMARINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WXBGB0W2.DEFAULT\COOKIES.SQLITE ]
    .server.cpmstar.com [ C:\USERS\IUFMARINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WXBGB0W2.DEFAULT\COOKIES.SQLITE ]
    .server.cpmstar.com [ C:\USERS\IUFMARINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WXBGB0W2.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\IUFMARINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WXBGB0W2.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\IUFMARINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WXBGB0W2.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\IUFMARINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WXBGB0W2.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\IUFMARINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WXBGB0W2.DEFAULT\COOKIES.SQLITE ]




    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 10/14/2012 at 05:00 PM

    Application Version : 5.6.1010

    Core Rules Database Version : 9400
    Trace Rules Database Version: 7212

    Scan type : Complete Scan
    Total Scan Time : 00:11:37

    Operating System Information
    Windows Vista Home Premium 64-bit, Service Pack 2 (Build 6.00.6002)
    UAC Off - Administrator

    Memory items scanned : 0
    Memory threats detected : 0
    Registry items scanned : 0
    Registry threats detected : 0
    File items scanned : 21128
    File threats detected : 0

  2. #2
    Member
    Join Date
    Oct 2012
    Posts
    2
    Points
    0

    Default

    bah, sorry about the bad title as well... meant to say 'bug' but wasn't paying much attention.

  3. #3
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello and welcome to Help2Go

    We apologize for the delay in responding to your request for help. Here at Help2Go we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

    Please take note:

    1. If you have since resolved the original problem you were having, we would appreciate you letting us know.
    2. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
      • If you are unsure about any of these characteristics just post what you can and we will guide you.
    3. Please tell us if you have your original Windows CD/DVD available.
    4. If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
    5. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
    6. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
    7. If you have already posted a DDS log, please do so again, as your situation may have changed.
    8. Use the 'Add Reply' and add the new log to this thread.


    We need to see some information about what is happening in your machine. Please perform the following scan again:

    • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
    • Notepad will open with the results.
    • Follow the instructions that pop up for posting the results.
    • Close the program window, and delete the program from your desktop.
    Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

    Information on A/V control HERE


    We also need a new log from the GMER anti-rootkit Scanner.

    Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step. Then proceed to run aswMbr.exe as noted below.

    Please first disable any CD emulation programs using the steps found in this topic:

    Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:


    Note:
    If you are unable to run a Gmer scan due the fact you are running a 64bit machine please run the following tool and post its log.

    Please download aswMBR ( 511KB ) to your desktop.
    • Double click the aswMBR.exe icon to run it
    • Click the Scan button to start the scan
    • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



    Do you have a USB Flash Drive you can use?
    Thanks and again sorry for the delay.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  4. #4
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello.

    There had been no reply from the topic starter in 5 days. Due to inactivity, this topic is now closed.
    If you are the topic starter and need this topic reopened, send me a message.

    Everyone else, please begin a new topic.

    With Regards,
    fireman4it
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-