Thread: Holy WOW!! Nothing gets rid of this ad/spyware!
View Single Post
Old 10-01-2007, 05:51 PM   #1 (permalink)
ShatteredSoul
Registered User
 
Join Date: Oct 2007
Posts: 9
OS: Win Xp SP2


Holy WOW!! Nothing gets rid of this ad/spyware!
The problem is I have adware/hijacker that redirects every single search result on any search page I can find, replaces it with its much more pornagraphic (sometimes not) redirections.

To resolve the problem I have run the most current version of adaware (2007)... which crashed three times (it is far to buggy for me to use again for a while) before finally removing many things. I ran it again and it crashed again, I gave up. Problem was still there. I tried S&D... no fix there either, I tried SuperAntiSpyware which is actually the best I have found for free, still no fix.

I see nothing odd in hijackthisv2 logs (i'm sure you'll see I did do some "repairs") I have been trying to get this problem resolved for 16+ hours. It has taken me 3 hours to run the online scanner required (128 MB). AND I am told in step 5 those logs ARE NOT asked for on the DSS logs are... GRRR So here are the required logs, and yes this pisses me off...



Deckard's System Scanner v20070905.67
Run by BJ on 2007-10-01 19:12:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
90: 2007-10-01 23:13:08 UTC - RP372 - Deckard's System Scanner Restore Point
89: 2007-10-01 18:44:50 UTC - RP371 - Removed Ad-Aware 2007
88: 2007-10-01 15:44:35 UTC - RP370 - Installed SUPERAntiSpyware Free Edition
87: 2007-09-30 16:54:38 UTC - RP369 - Installed Ad-Aware 2007
86: 2007-09-29 22:23:45 UTC - RP368 - System Checkpoint


-- First Restore Point --
1: 2007-07-04 07:48:29 UTC - RP283 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 82% (more than 75%).
Total Physical Memory: 128 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-10-01 19:21:45
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\devldr32.exe
C:\Documents and Settings\BJ\Desktop\dss.exe
C:\WINDOWS\system32\svchost.exe

O4 - HKEY_LOCAL_MACHINE\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1149976959335
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - "C:\Program Files\iPod\bin\iPodService.exe"
O23 - Service: MySQL - Unknown owner - C:\mysql\bin\mysqld MySQL


-- HijackThis Fixed Entries (C:\Documents and Settings\BJ\Desktop\backups\) ----

backup-20071001-153728-448 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
backup-20071001-153728-668 O17 - HKLM\System\CCS\Services\Tcpip\..\{61C0A815-FF02-4A96-80D1-FB75ED215556}: NameServer = 85.255.116.67,85.255.112.149
backup-20071001-153728-718 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
backup-20071001-153728-813 O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys

S3 RT61 (Linksys Wireless-G PCI Adapter Driver(RT61)) - c:\windows\system32\drivers\rt61.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11 Wireless Adapters>
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S4 iPod Service - "c:\program files\ipod\bin\ipodservice.exe" (file missing)
S4 MySQL - c:\mysql\bin\mysqld mysql (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {00000000-0000-0000-0000-000000000000}
Description: Network Controller
Device ID: PCI\VEN_1814&DEV_0301&SUBSYS_00551737&REV_00\4&19FD8D60&0&50F0
Manufacturer:
Name: Network Controller
PNP Device ID: PCI\VEN_1814&DEV_0301&SUBSYS_00551737&REV_00\4&19FD8D60&0&50F0
Service:


-- Scheduled Tasks -------------------------------------------------------------

2007-10-01 11:15:00 264 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2007-08-02 11:11:19 386 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job


-- Files created between 2007-09-01 and 2007-10-01 -----------------------------

2007-10-01 18:30:16 0 d-------- C:\Program Files\Zoned Out
2007-10-01 18:28:45 0 d-------- C:\ie-spyad_zo
2007-10-01 18:17:33 0 d-------- C:\Program Files\SpywareBlaster
2007-10-01 16:43:55 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-10-01 11:45:51 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-01 11:44:43 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-10-01 11:44:42 0 d-------- C:\Documents and Settings\BJ\Application Data\SUPERAntiSpyware.com
2007-09-30 12:54:49 0 d-------- C:\Program Files\Lavasoft
2007-09-30 12:12:45 0 d-------- C:\Documents and Settings\BJ\Application Data\Lavasoft
2007-09-24 03:54:27 0 d-------- C:\Documents and Settings\BJ\Application Data\.BitZip
2007-09-24 03:52:52 0 d-------- C:\Program Files\BitZip
2007-09-23 12:07:09 112640 --a------ C:\WINDOWS\lsb_un20.exe
2007-09-23 12:07:07 0 d-------- C:\Program Files\EasyRename
2007-09-23 11:40:01 0 d-------- C:\Program Files\PipelineRenamer
2007-09-23 11:29:11 0 d-------- C:\Program Files\Picture Resize
2007-09-06 01:58:50 0 d-------- C:\Program Files\WS_FTP
2007-09-04 10:13:33 9728 --a------ C:\WINDOWS\system32\dotntlib.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-09-04 10:13:32 1348 --a------ C:\WINDOWS\system32\hglib.dll
2007-09-04 10:04:42 0 d-------- C:\Program Files\ArticleBot
2007-09-04 09:58:50 0 d-------- C:\Program Files\Microsoft.Net
2007-09-04 09:38:54 0 d-------- C:\mysql
2007-09-04 09:38:33 303616 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2007-09-04 09:38:31 0 d-------- C:\Documents and Settings\BJ\WINDOWS
2007-09-04 08:15:50 0 d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7
2007-09-04 02:18:47 0 d-------- C:\WINDOWS\system32\URTTemp
2007-09-04 02:16:40 0 d-------- C:\_abot


-- Find3M Report ---------------------------------------------------------------

2007-10-01 14:45:23 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-27 11:20:11 0 d-------- C:\Documents and Settings\BJ\Application Data\X-Chat 2
2007-09-05 20:50:22 0 d-------- C:\Program Files\Blaze Media Pro
2007-08-28 08:58:17 0 d-------- C:\Documents and Settings\BJ\Application Data\Adobe
2007-08-27 18:08:13 0 d-------- C:\Program Files\Speeditup Free
2007-08-21 09:37:54 0 d-------- C:\Program Files\GIMP-2.0
2007-08-18 23:25:06 0 d-------- C:\Program Files\OpenOffice.org 2.0
2007-08-18 23:17:17 0 d-------- C:\Documents and Settings\BJ\Application Data\GeoVid
2007-08-15 11:26:04 0 d-------- C:\Documents and Settings\BJ\Application Data\GetRightToGo
2007-08-15 11:22:35 0 dr------- C:\Program Files\Common Files
2007-08-04 12:02:31 0 d-------- C:\Documents and Settings\BJ\Application Data\Uniblue
2007-08-04 11:41:10 0 d-------- C:\Documents and Settings\BJ\Application Data\BitTorrent
2007-08-04 11:35:58 0 d-------- C:\Program Files\BitTorrent
2007-08-02 19:10:14 0 d-------- C:\Documents and Settings\BJ\Application Data\Winamp
2007-07-23 10:01:37 6513 --a------ C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [09/14/2007 08:13 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"="kdtts.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Documents and Settings\BJ\My Documents\Downloads\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\startemdoit]
C:\WINDOWS\eltonehour.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"




-- End of Deckard's System Scanner: finished at 2007-10-01 19:26:52 ------------
Attached Files
File Type: txt extra.txt (8.9 KB, 0 views)
ShatteredSoul is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here