Redirection Problems

NaotoNekoCutie · Dec 10, 2010

The GooredFix keeps giving me an error report thing and closes.

This has happened from both download locations.

I have not scanned with ComboFix or Malwarebyte as of yet, because I am unsure if the GooredFix is necessary before the scans from the other two programs.

km2357 · Dec 11, 2010

NaotoNekoCutie said:
The GooredFix keeps giving me an error report thing and closes.

This has happened from both download locations.

What does the error report/message say?

NaotoNekoCutie · Dec 13, 2010

NaotoNekoCutie said:
The GooredFix keeps giving me an error report thing and closes.

This has happened from both download locations.

I have not scanned with ComboFix or Malwarebyte as of yet, because I am unsure if the GooredFix is necessary before the scans from the other two programs.

km2357 said:
What does the error report/message say?

Here are the windows I get when I run GooredFix:

km2357 · Dec 13, 2010

Thanks for the screenshot.

I need to ask the creator of GooredFix to see if he has any ideas, be back ASAP.

km2357 · Dec 13, 2010

Thanks to jpshortstuff for his help.

Check your Desktop and if GooredFix.txt is on the Desktop, post the contents of that file in your next post/reply.

Also, go to C:\GooredFix Backups folder and see if there are logs in that folder, if there are post those as well in your next post/reply.

NaotoNekoCutie · Dec 14, 2010

Here is what was in the GooredFix log that is on my desktop:

GooredFix by jpshortstuff (03.07.10.1)
Log created at 21:36 on 13/12/2010 (Tony)
Firefox version 3.6.13 (en-US)

========== GooredScan ==========

As for the GooredFix Backups folder, there is only a 0KB file named "reboot.txt".

There no text in the document.

km2357 · Dec 14, 2010

Ok, it looks like GooredFix didn't find anything.

We can move onto ComboFix and MalwareBytes'

Since ComboFix is frequently updated, delete ComboFix.exe and download the latest version from one of the two links below:

Link 1
Link 2

Be sure to save ComboFix.exe to your Desktop and make sure that both Avast and Spybot's Teatimer are both disabled before you run ComboFix.

Finally, I'd like for you to update MalwareBytes ( click the Update tab, next click Check for Updates to download any updates, if available. ) and run a Quick Scan. The MalwareBytes' database at the time of this writing is 5313.

Post both the ComboFix and MalwareBytes' Logs in your next post/reply.

NaotoNekoCutie · Dec 15, 2010

ComboFix Log

ComboFix 10-12-14.04 - Tony 15/12/2010 1:10.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.767.358 [GMT -6:00]
Running from: c:\documents and settings\Tony\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2010-11-15 to 2010-12-15 )))))))))))))))))))))))))))))))
.

2010-12-15 00:59 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 00:54 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-13 03:13 . 2010-12-13 03:13 -------- d-----w- c:\program files\Common Files\Skype
2010-12-09 23:26 . 2010-12-09 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-12-09 00:35 . 2010-12-09 00:35 -------- d-----w- c:\program files\ESET
2010-12-07 05:15 . 2010-12-07 05:15 -------- d-----w- c:\documents and settings\Tony\Application Data\Malwarebytes
2010-12-07 05:15 . 2010-11-29 23:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-07 05:15 . 2010-12-07 05:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-07 05:15 . 2010-12-07 05:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-07 05:15 . 2010-11-29 23:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-03 23:27 . 2010-12-03 23:27 83249512 ----a-w- c:\program files\Common Files\Windows Live\.cache\wlcB2.tmp
2010-12-02 06:06 . 2008-04-14 00:12 129536 ------w- c:\windows\system32\SETCC.tmp
2010-12-02 06:02 . 2010-08-27 21:59 636784 ----a-w- c:\windows\system32\LCCoin35.dll
2010-12-02 06:02 . 2010-08-27 21:59 514416 ----a-w- c:\windows\system32\LcProxy2.ax
2010-12-02 06:02 . 2010-12-02 06:02 -------- d-----w- c:\program files\Microsoft LifeCam
2010-11-29 23:38 . 2010-11-29 23:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38 . 2010-11-29 23:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-27 06:56 . 2010-11-27 06:56 -------- d-----w- c:\program files\ERUNT
2010-11-22 05:18 . 2008-04-13 18:39 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-11-22 05:18 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-11-18 18:12 . 2010-11-18 18:12 81920 -c----w- c:\windows\system32\dllcache\isign32.dll
2010-11-16 05:41 . 2010-11-16 05:53 -------- d-----w- C:\SMBX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:12 . 2010-01-27 03:45 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-04 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2004-08-04 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-09-18 23:42 . 2010-09-18 23:42 388096 ----a-r- c:\documents and settings\Tony\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-18 17:23 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-04 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-04 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-02-09 03:25 . 2010-02-09 03:24 18499623 ----a-w- c:\program files\vlc-1.0.5-win32.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-12-04_06.16.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-15 06:57 . 2010-12-15 06:57 16384 c:\windows\Temp\Perflib_Perfdata_d14.dat
+ 2010-12-15 06:55 . 2010-12-15 06:55 16384 c:\windows\Temp\Perflib_Perfdata_274.dat
+ 2010-01-27 05:37 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
- 2010-01-27 05:37 . 2010-06-21 14:46 46080 c:\windows\system32\tzchange.exe
- 2010-09-15 05:02 . 2010-02-22 14:23 17272 c:\windows\system32\spmsg.dll
+ 2010-09-15 05:02 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 66560 c:\windows\system32\mshtmled.dll
- 2004-08-04 12:00 . 2010-09-10 05:58 66560 c:\windows\system32\mshtmled.dll
- 2009-03-08 10:31 . 2010-09-10 05:58 55296 c:\windows\system32\msfeedsbs.dll
+ 2009-03-08 10:31 . 2010-11-06 00:26 55296 c:\windows\system32\msfeedsbs.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 25600 c:\windows\system32\jsproxy.dll
- 2004-08-04 12:00 . 2010-09-10 05:58 25600 c:\windows\system32\jsproxy.dll
- 2010-01-27 05:39 . 2010-09-10 05:58 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2010-01-27 05:39 . 2010-11-06 00:26 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 11776 c:\windows\system32\dllcache\regsvr32.exe
- 2004-08-04 12:00 . 2010-09-10 05:58 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2010-01-27 05:39 . 2010-09-10 05:58 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2010-01-27 05:39 . 2010-11-06 00:26 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2004-08-04 12:00 . 2010-09-10 05:58 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2004-08-04 12:00 . 2010-09-10 05:58 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2010-02-10 05:20 . 2010-12-15 06:19 35088 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-02-10 05:20 . 2010-11-10 16:58 35088 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-02-10 05:20 . 2010-12-15 06:19 18704 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
- 2010-02-10 05:20 . 2010-11-10 16:58 18704 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-02-10 05:20 . 2010-12-15 06:19 20240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-02-10 05:20 . 2010-11-10 16:58 20240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-12-15 06:17 . 2010-09-10 05:58 12800 c:\windows\ie8updates\KB2416400-IE8\xpshims.dll
+ 2010-12-15 06:16 . 2010-09-10 05:58 66560 c:\windows\ie8updates\KB2416400-IE8\mshtmled.dll
+ 2010-12-15 06:16 . 2010-09-10 05:58 55296 c:\windows\ie8updates\KB2416400-IE8\msfeedsbs.dll
+ 2010-12-15 06:16 . 2010-09-10 05:58 43520 c:\windows\ie8updates\KB2416400-IE8\licmgr10.dll
+ 2010-12-15 06:16 . 2010-09-10 05:58 25600 c:\windows\ie8updates\KB2416400-IE8\jsproxy.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 206848 c:\windows\system32\occache.dll
- 2004-08-04 12:00 . 2010-09-10 05:58 206848 c:\windows\system32\occache.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 611840 c:\windows\system32\mstime.dll
- 2004-08-04 12:00 . 2010-09-10 05:58 611840 c:\windows\system32\mstime.dll
+ 2009-03-08 10:32 . 2010-11-06 00:26 602112 c:\windows\system32\msfeeds.dll
- 2009-03-08 10:32 . 2010-09-10 05:58 602112 c:\windows\system32\msfeeds.dll
- 2010-11-07 22:23 . 2010-11-07 22:23 233936 c:\windows\system32\Macromed\Flash\FlashUtil10l_Plugin.exe
+ 2010-11-07 22:23 . 2010-12-09 22:59 233936 c:\windows\system32\Macromed\Flash\FlashUtil10l_Plugin.exe
- 2004-08-04 12:00 . 2010-09-10 05:58 184320 c:\windows\system32\iepeers.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 184320 c:\windows\system32\iepeers.dll
- 2004-08-04 12:00 . 2010-09-10 05:58 387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-04 12:00 . 2010-11-03 12:26 173568 c:\windows\system32\ie4uinit.exe
- 2004-08-04 12:00 . 2010-09-10 05:58 916480 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 916480 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 206848 c:\windows\system32\dllcache\occache.dll
- 2004-08-04 12:00 . 2010-09-10 05:58 206848 c:\windows\system32\dllcache\occache.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 611840 c:\windows\system32\dllcache\mstime.dll
- 2004-08-04 12:00 . 2010-09-10 05:58 611840 c:\windows\system32\dllcache\mstime.dll
+ 2010-01-27 05:39 . 2010-11-06 00:26 602112 c:\windows\system32\dllcache\msfeeds.dll
- 2010-01-27 05:39 . 2010-09-10 05:58 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2010-01-27 05:39 . 2010-11-06 00:26 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2010-01-27 05:39 . 2010-09-10 05:58 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2004-08-04 12:00 . 2010-09-10 05:58 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 184320 c:\windows\system32\dllcache\iepeers.dll
- 2010-06-09 23:37 . 2010-09-10 05:58 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2010-06-09 23:37 . 2010-11-06 00:26 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2004-08-04 12:00 . 2010-09-10 05:58 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2004-08-04 12:00 . 2010-11-03 12:26 173568 c:\windows\system32\dllcache\ie4uinit.exe
+ 2010-04-20 05:30 . 2010-10-28 13:13 290048 c:\windows\system32\dllcache\atmfd.dll
+ 2010-12-09 23:30 . 2010-12-09 23:30 811008 c:\windows\Installer\e36805e.msi
+ 2010-07-23 07:03 . 2010-07-23 07:03 338432 c:\windows\Installer\5c836e3.msp
+ 2010-12-13 03:16 . 2010-12-13 03:16 689152 c:\windows\Installer\29500.msi
+ 2010-12-13 03:13 . 2010-12-13 03:13 371272 c:\windows\Installer\{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}\SkypeIcon.exe
+ 2010-02-10 05:20 . 2010-12-15 06:19 888080 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
- 2010-02-10 05:20 . 2010-11-10 16:58 888080 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
- 2010-02-10 05:20 . 2010-11-10 16:58 272648 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
+ 2010-02-10 05:20 . 2010-12-15 06:19 272648 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
- 2010-02-10 05:20 . 2010-11-10 16:58 922384 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-02-10 05:20 . 2010-12-15 06:19 922384 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-02-10 05:20 . 2010-12-15 06:19 845584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
- 2010-02-10 05:20 . 2010-11-10 16:58 845584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
+ 2010-02-10 05:20 . 2010-12-15 06:19 217864 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
- 2010-02-10 05:20 . 2010-11-10 16:58 217864 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
+ 2008-11-04 10:13 . 2008-11-04 10:13 118128 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\MSCONV97.DLL
+ 2010-12-15 06:16 . 2010-09-10 05:58 916480 c:\windows\ie8updates\KB2416400-IE8\wininet.dll
+ 2010-12-15 06:17 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2416400-IE8\spuninst\updspapi.dll
+ 2010-12-15 06:17 . 2010-02-22 14:23 231288 c:\windows\ie8updates\KB2416400-IE8\spuninst\spuninst.exe
+ 2010-12-15 06:16 . 2010-09-10 05:58 206848 c:\windows\ie8updates\KB2416400-IE8\occache.dll
+ 2010-12-15 06:16 . 2010-09-10 05:58 611840 c:\windows\ie8updates\KB2416400-IE8\mstime.dll
+ 2010-12-15 06:16 . 2010-09-10 05:58 602112 c:\windows\ie8updates\KB2416400-IE8\msfeeds.dll
+ 2010-12-15 06:17 . 2010-09-10 05:58 247808 c:\windows\ie8updates\KB2416400-IE8\ieproxy.dll
+ 2010-12-15 06:16 . 2010-09-10 05:58 184320 c:\windows\ie8updates\KB2416400-IE8\iepeers.dll
+ 2010-12-15 06:17 . 2010-09-10 05:58 743424 c:\windows\ie8updates\KB2416400-IE8\iedvtool.dll
+ 2010-12-15 06:17 . 2010-09-10 05:58 387584 c:\windows\ie8updates\KB2416400-IE8\iedkcs32.dll
+ 2010-12-15 06:17 . 2010-08-26 12:22 173056 c:\windows\ie8updates\KB2416400-IE8\ie4uinit.exe
+ 2004-08-04 12:00 . 2010-11-06 00:26 1210880 c:\windows\system32\urlmon.dll
- 2004-08-04 12:00 . 2010-09-10 05:58 1210880 c:\windows\system32\urlmon.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 5959168 c:\windows\system32\mshtml.dll
+ 2010-01-27 01:07 . 2010-12-09 22:59 5971408 c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2010-01-27 01:07 . 2010-11-07 22:23 5971408 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-03-08 10:32 . 2010-11-06 00:26 1991680 c:\windows\system32\iertutil.dll
+ 2010-01-26 21:32 . 2010-12-15 06:55 1705960 c:\windows\system32\FNTCACHE.DAT
+ 2009-08-14 13:21 . 2010-10-26 13:25 1853312 c:\windows\system32\dllcache\win32k.sys
- 2004-08-04 12:00 . 2010-09-10 05:58 1210880 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 1210880 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 5959168 c:\windows\system32\dllcache\mshtml.dll
+ 2010-01-27 05:39 . 2010-11-06 00:26 1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2010-12-09 23:27 . 2010-12-09 23:27 9472000 c:\windows\Installer\e36804d.msi
+ 2010-10-22 00:10 . 2010-10-22 00:10 3995136 c:\windows\Installer\5c83707.msp
+ 2010-11-21 05:35 . 2010-11-21 05:35 3359744 c:\windows\Installer\5c836f5.msp
+ 2010-12-13 03:13 . 2010-12-13 03:13 1580544 c:\windows\Installer\294ea.msi
- 2010-02-10 05:20 . 2010-11-10 16:58 1172240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-02-10 05:20 . 2010-12-15 06:19 1172240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-02-10 05:20 . 2010-11-10 16:58 1165584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
+ 2010-02-10 05:20 . 2010-12-15 06:19 1165584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
+ 2010-12-15 06:16 . 2010-09-10 05:58 1210880 c:\windows\ie8updates\KB2416400-IE8\urlmon.dll
+ 2010-12-15 06:16 . 2010-09-10 05:58 5957120 c:\windows\ie8updates\KB2416400-IE8\mshtml.dll
+ 2010-12-15 06:16 . 2010-09-10 05:58 1986560 c:\windows\ie8updates\KB2416400-IE8\iertutil.dll
+ 2010-01-28 04:54 . 2010-12-15 06:03 37366216 c:\windows\system32\MRT.exe
+ 2009-03-08 10:39 . 2010-11-06 00:26 11080704 c:\windows\system32\ieframe.dll
+ 2010-01-27 05:39 . 2010-11-06 00:26 11080704 c:\windows\system32\dllcache\ieframe.dll
+ 2010-10-09 04:07 . 2010-10-09 04:07 11559424 c:\windows\Installer\5c836d0.msp
+ 2010-12-15 06:16 . 2010-09-10 05:58 11080192 c:\windows\ie8updates\KB2416400-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-09-20 455968]
"c:\documents and settings\Tony\Application Data\InstallMon.exe"="c:\documents and settings\Tony\Application Data\InstallMon.exe" [2010-06-26 24576]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Google Update"="c:\documents and settings\Tony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-06-16 136176]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"SpybotSnD"="c:\program files\Spybot - Search & Destroy\SpybotSD.exe" [2009-01-26 5365592]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-08-27 135536]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
D-Link AirPlus G Configuration Utility.lnk - c:\program files\D-Link AirPlus G\AirPlus.exe [2010-10-27 294912]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Documents and Settings\\Tony\\Desktop\\Stuff\\MM8BDM\\skulltag.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Documents and Settings\\Tony\\Local Settings\\Apps\\2.0\\KZ2AK88Q.Z49\\0EV35YJG.T65\\supe..tion_d68356b82e9cbcf5_0001.0000_4c2ff79a5feeae0e\\SupercadeClient.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27/01/2010 9:55 PM 722416]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/07/2010 7:23 AM 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/07/2010 7:23 AM 17744]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25/06/2010 11:07 AM 35088]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [23/05/2007 3:15 AM 547744]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [12/07/2010 4:24 PM 30576]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [21/03/2010 7:40 PM 136176]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [07/09/2010 11:28 PM 16512]
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [21/05/2008 5:42 AM 64000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-09-20 03:46 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-12-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-22 01:39]

2010-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-22 01:39]

2010-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-1123561945-682003330-1004Core.job
- c:\documents and settings\Tony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-29 20:45]

2010-12-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-1123561945-682003330-1004UA.job
- c:\documents and settings\Tony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-29 20:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://flashflashrevolution.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Tony\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: {93558906-EC3D-4513-8296-6F9C9B17FBB5} = 142.161.130.154 142.161.2.154
FF - ProfilePath - c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\8b7oiedi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.myfav.es/naotonekocutie
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Firesheep: firesheep@codebutler.com - %profile%\extensions\firesheep@codebutler.com
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: New Tab Homepage: {66E978CD-981F-47DF-AC42-E3CF417C1467} - %profile%\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: BlockSite: {dd3d7613-0246-469d-bc65-2a3cc1668adc} - %profile%\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\Google\Google Gears\Firefox
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-15 01:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3356)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-12-15 01:24:50
ComboFix-quarantined-files.txt 2010-12-15 07:24
ComboFix2.txt 2010-12-06 06:50
ComboFix3.txt 2010-12-04 06:20

Pre-Run: 22,659,436,544 bytes free
Post-Run: 22,803,525,632 bytes free

- - End Of File - - 396D98D8415146A2215F7C338D2FB423

MalwareBytes Log

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5317

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

15/12/2010 1:34:44 AM
mbam-log-2010-12-15 (01-34-44).txt

Scan type: Quick scan
Objects scanned: 136023
Time elapsed: 5 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

km2357 · Dec 15, 2010

Don't see anything in either the new ComboFix or MalwareBytes' Log.

Has there been any change or do you still get the popup on Facebook?

And does this popup only happen on one Facebook account or does it happen on every FaceBook account on your computer, assuming that you/your family has multiple FaceBook accounts?

NaotoNekoCutie · Dec 16, 2010

The pop-ups have seemed to stop, but the address bar thing that usually happened right before the pop-up were to show up is still happening.

It happens on any account, even when I log out of Facebook and happen to be on the front page.

It's a click war when whatever does this tries to select the address bar over and over.

Another thing I noticed about the behavior of whatever is selecting the address bar is that it copies what is in the address bar at the time. I happened to try to copy and paste after one of said click wars and was greeted by the URL of the page I was just on.

I'm still not completely sure if the pop-ups have stopped, but I will keep you posted.

km2357 · Dec 16, 2010

That's good news that the popups have stopped appearing.

Keep me updated if they come back.

Try doing the following to see if helps keep the popups away and fixes the problem with the address bar:

Step # 1 Download HostsXpert

Download HostsXpert and unzip it to your desktop.

Open HostsXpert that you earlier unzipped on your Desktop.

Click "Make Hosts Writable?" upper right corner (if available)
Click "Restore Microsoft's Original Hosts File" and then click OK
Close HostsXpert

Note; IF you used any custom Hosts (eg. MVPS Hosts), you will have put them back manually

Also, you can try uininstalling then reinstalling your browsers (IE, Firefox and Chrome) to see if that fixes the problem.

Finally, does your computer connect to the Internet through a router or directly through a modem?

NaotoNekoCutie · Dec 17, 2010

The address bar thing is still happening after I used the HostsXpert tool.

I have uninstalled my browsers in the past and it did not fix the problem, but I will try again sometime soon when I have more time.

As for Internet access, I am connected directly to a modem.

Also, should I have put my hosts file back to read only before exiting the program?

km2357 · Dec 17, 2010

Also, should I have put my hosts file back to read only before exiting the program?

Yes, you can set your hosts back to read-only.

As for Internet access, I am connected directly to a modem.

Try resetting your modem (Turn your computer off, unplug your modem, wait 30 seconds, plug it back in, wait till its fully powered up, then turn your computer back on) and see if that fixes the problem.

I have uninstalled my browsers in the past and it did not fix the problem, but I will try again sometime soon when I have more time.

Ok.

Let me know how it goes with uninstalling/reinstalling your browsers.

km2357 · Dec 21, 2010

NaotoNekoCutie? How are things coming along?

NaotoNekoCutie · Dec 23, 2010

km2357 said:
NaotoNekoCutie? How are things coming along?

Not very well, I've had the Stomach Flu for almost 3 days now, sorry if my responses are getting sparse.

km2357 · Dec 23, 2010

Sorry that you're not feeling well.

Once you're feeling better, go ahead and do the instructions from post #33 of the thread and let me know if there is any change.

NaotoNekoCutie · Dec 23, 2010

km2357 said:
Sorry that you're not feeling well.

Once you're feeling better, go ahead and do the instructions from post #33 of the thread and let me know if there is any change.

Okay I did all of this, and it seems that Google Chrome is usable now and Firefox doesn't seem to be getting the pop-ups anymore. Thank you =D

If the pop-ups come up again, I'll let you know ASAP.

km2357 · Dec 23, 2010

NaotoNekoCutie said:
Okay I did all of this, and it seems that Google Chrome is usable now and Firefox doesn't seem to be getting the pop-ups anymore. Thank you =D

If the pop-ups come up again, I'll let you know ASAP.

That's great news. :bigthumb::bigthumb:

Go ahead and use your computer like you normally would and if the popups don't come back by the 26th (in three days), we can finish up here.

If the popups come back before then, let me know that as well.

NaotoNekoCutie · Dec 23, 2010

km2357 said:
That's great news. :bigthumb::bigthumb:

Go ahead and use your computer like you normally would and if the popups don't come back by the 26th (in three days), we can finish up here.

If the popups come back before then, let me know that as well.

The Pop-ups came back T_T

km2357 · Dec 23, 2010

Ok.

Did they come back on Firefox or on Chrome? And is it the same popups as before or different ones?

Redirection Problems

New member

Security Expert -Emeritus

New member

Security Expert -Emeritus

Security Expert -Emeritus

New member

Security Expert -Emeritus

New member

Security Expert -Emeritus

New member

Security Expert -Emeritus

New member

Security Expert -Emeritus

Security Expert -Emeritus

New member

Security Expert -Emeritus

New member

Security Expert -Emeritus

New member

Security Expert -Emeritus