Out of answers....

Hi,
I wondered if somebody might be able to help, I’m having some really frustrating problems.
I have a DELL Inspiron laptop with Windows XP. I’ve never had a problem with my internet but recently what appeared to be a totally legitimate prompt appeared on my screen for me to upgrade to Internet explorer version 8 (the new one). I did so and ever since my internet has been a disaster area. Relentless pop-ups, links getting diverted to search engines, the screen freezing and the whole application getting stuck all the time.
I’ve always had AVG on my system and never had any issues but no matter how many times I run scans and remove stuff the problems persist. I’ve also run the ATF cleaner.


I know this sounds like a stupid question but does this sound like a virus? And if so how the hell do I get on with getting rid??

Did you try going back to a restore point?

what does your running process list look like?

you might post a hijackThis log...

Yes, i tried but the only date it would give me was ten days ago whicgh was after the dreaded day and even when i try selecting it to restore to it won't let me for some reason.
Where would i find my running process list (you don't mean task manager?) and what's a hijack this log?

It very well may be an infection. You should start by going through the steps outlined here.

A month or so ago, I just worked on a machine where he had infections from also clicking on a "legitimate" IE8 download link. Going to a previous restore point may or may not solve the problem as depending on the point of restore, it may contain infections as well if the computer was infected at the point that restore point was created.

Hi,
I've carried out all of the checks instructed but one (the bit defender would not load on my laptop despite attempts).

Here are the logs. After the scans my internet still seems screwed.....

Hi,
I'm trying to attach my results but getting a message about URLs - what are these and how do i delete them from my script??
I've tried to delete any web addresses....

Change the URL's from http://www.domain.com to, for example, just domain.com

If that doesn't work, you can post URL's after the 5th post... so just respond once more to this thread and then post the logs...

Ok I'll try that thanks

Here are the logs:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/20/2009 at 05:27 PM

Application Version : 4.26.1004

Core Rules Database Version : 3949
Trace Rules Database Version: 1891

Scan type : Complete Scan
Total Scan Time : 00:47:37

Memory items scanned : 846
Memory threats detected : 1
Registry items scanned : 6664
Registry threats detected : 38
File items scanned : 28270
File threats detected : 29

Adware.Agent/Gen-Qoodl-A
C:\WINDOWS\SYSTEM32\JUQLVHEJIMCJE.DLL
C:\WINDOWS\SYSTEM32\JUQLVHEJIMCJE.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{63250E9D-DF53-063B-7AA5-F966010F6C20}
HKCR\CLSID\{63250E9D-DF53-063B-7AA5-F966010F6C20}
HKCR\CLSID\{63250E9D-DF53-063B-7AA5-F966010F6C20}
HKCR\CLSID\{63250E9D-DF53-063B-7AA5-F966010F6C20}\InProcServer32
HKCR\CLSID\{63250E9D-DF53-063B-7AA5-F966010F6C20}\InProcServer32#ThreadingModel
HKU\S-1-5-21-1267207272-2453597095-3249721273-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0AD7AE92-25DF-3D5D-48D5-87FB16B0E869}
HKCR\CLSID\{0AD7AE92-25DF-3D5D-48D5-87FB16B0E869}
HKCR\CLSID\{0AD7AE92-25DF-3D5D-48D5-87FB16B0E869}
HKCR\CLSID\{0AD7AE92-25DF-3D5D-48D5-87FB16B0E869}\Implemented Categories
HKCR\CLSID\{0AD7AE92-25DF-3D5D-48D5-87FB16B0E869}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{0AD7AE92-25DF-3D5D-48D5-87FB16B0E869}\InProcServer32
HKCR\CLSID\{0AD7AE92-25DF-3D5D-48D5-87FB16B0E869}\InProcServer32#ThreadingModel
HKCR\CLSID\{0AD7AE92-25DF-3D5D-48D5-87FB16B0E869}\Programmable
HKU\S-1-5-21-1267207272-2453597095-3249721273-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{63250E9D-DF53-063B-7AA5-F966010F6C20}
HKU\S-1-5-21-1267207272-2453597095-3249721273-1005\Software\Microsoft\Internet Explorer\Explorer Bars\{0AD7AE92-25DF-3D5D-48D5-87FB16B0E869}

Adware.HBHelper
HKLM\Software\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32#ThreadingModel
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\ProgID
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\TypeLib
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\VersionIndependentProgID
HKCR\URLSearchHook.ToolbarURLSearchHook.1
HKCR\URLSearchHook.ToolbarURLSearchHook.1\CLSID
HKCR\URLSearchHook.ToolbarURLSearchHook
HKCR\URLSearchHook.ToolbarURLSearchHook\CLSID
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\0
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\0\win32
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\FLAGS
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\HELPDIR
C:\PROGRAM FILES\IETOOLBAR\BULLSEYE TOOL BAR\TBHELPER.DLL

Adware.Tracking Cookie
C:\Documents and Settings\sean \Cookies\sean_@ad.yieldmanager[1].txt
C:\Documents and Settings\sean \Cookies\sean_ @perf.overture[1].txt
C:\Documents and Settings\sean brierley\Cookies\sean_@clicktorrent[2].txt
C:\Documents and Settings\sean \Cookies\sean_ @ero-advertising[2].txt
C:\Documents and Settings\sean \Cookies\sean_@www.virginmedia[2].txt
C:\Documents and Settings\sean \Cookies\sean_ @2o7[2].txt
C:\Documents and Settings\sean \Cookies\sean_ @serving-sys[2].txt
C:\Documents and Settings\sean \Cookies\sean_ @virginmedia[2].txt
C:\Documents and Settings\sean \Cookies\sean_ @statcounter[1].txt
C:\Documents and Settings\sean \Cookies\sean_ @apmebf[1].txt
C:\Documents and Settings\sean \Cookies\sean_ @at.atwola[2].txt
C:\Documents and Settings\sean \Cookies\sean_ @tacoda[1].txt
C:\Documents and Settings\sean \Cookies\sean_ @mediatraffic[1].txt
C:\Documents and Settings\sean \Cookies\sean_ @adtech[1].txt
C:\Documents and Settings\sean \Cookies\sean_ @bs.serving-sys[2].txt
C:\Documents and Settings\sigourney southpaw\Cookies\sigourney_southpaw@adviva[1].txt
C:\Documents and Settings\sigourney southpaw\Cookies\sigourney_southpaw@msnaccountservices.112.2o7[1].txt
C:\Documents and Settings\sigourney southpaw\Cookies\sigourney_southpaw@questionmarket[2].txt
C:\Documents and Settings\sigourney southpaw\Cookies\sigourney_southpaw@revsci[1].txt
C:\Documents and Settings\sigourney southpaw\Cookies\sigourney_southpaw@specificclick[1].txt
C:\Documents and Settings\sigourney southpaw\Cookies\sigourney_southpaw@tradedoubler[2].txt



Browser Hijacker.Deskbar
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version

Trojan.Agent/Gen-MSFake
C:\I386\MSVCRT.DLL
C:\WINDOWS\$NTSERVICEPACKUNINSTALL$\MSVCRT.DLL

Trojan.Agent/Gen-SDRA

Things got a little better but have now got quite worse.
I have been regularly running all those cleaning products referred to me above and although the pop ups seem to have relented, Google is still playing up. Whenever I click on a link in Google it takes me to junk search sites, it seems to happen on all links.
Worse still, last night as I was working on something the dreaded blue screen came up (it crashed) saying that a serious error had occurred and that Windows had to close to prevent damage. It read a message that said “Driver_IRQL_less_than_or_equal”.
I know from experience with previous laptop that this screen can spell doom so I know something is seriously wrong but I feel I’m doing all I can with anti-virus stuff etc?!?
I can’t restore either, it won’t let me.

Can anyone help?