Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus And More Viruses


  • This topic is locked This topic is locked
17 replies to this topic

#1 Zhahn

Zhahn

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:35 PM

Posted 04 March 2008 - 10:46 PM

I have been trying to get rid of these viruses now for ages and they seem to be regenerating themselves. I have tried numerous virus removal programs, Mcaffee, Nortons, Tuneup 2008, Ad Aware, Kaspersky 7.0 which did not insall.

The Ad Aware has quarantined 27 files, but three for some reason are not letting me quarantine them. I found a post to this forum while searching for a file name nvcoi and nodns. I found your link to download combofix, but when I printed the guide it was for xp. I am currently running windows 2000 professional sp4. which day to day seems to be gliding along a razors edge.

Is there a combofix program for windows 2000.

Now for the listed infections that I am primarily concerned about;

Infections Found
Family Id Name Category TAI
799 Win32.Backdoor.Agent Virus 10
[100010402] File: c:\windows\system32\syscfg32.exe
[100010402] Process CSI: c:\windows\system32\syscfg32.exe
[300017021] Root: HKU Path: .DEFAULT\software\microsoft\windows\currentversion\explorer Value: {f710fa10-2031-3106-8872-93a2b5c5c620}
[300034522] Root: HKLM Path: software\microsoft\windows\currentversion\run Value: windows configure
[300034523] Root: HKLM Path: software\microsoft\windows\currentversion\runservices Value: windows configure
[400002448] Folder: C:\WINDOWS\system32\wsnpoem

6 404search Malware 5
[300000161] Root: HKLM Path: software\microsoft\windows\currentversion\explorer\browser helper objects\{53c330d6-a4ab-419b-b45d-fd4411c1fef4}

8 7FaSSt DataMiner 7
[300000181] Root: HKLM Path: software\microsoft\windows\currentversion\explorer\browser helper objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}

24 AdBreak DataMiner 7
[300000418] Root: HKLM Path: software\microsoft\windows\currentversion\explorer\browser helper objects\{00000012-890e-4aac-afd9-eff6954a34dd}
[700000145] File: C:\WINDOWS\wbecheck.exe
[700000147] File: C:\WINDOWS\kkcomp.dll
[700000148] File: C:\WINDOWS\kvnab$.exe
[700000148] File: C:\WINDOWS\kvnab.dll
[700000148] File: C:\WINDOWS\kvnab.exe
[700000150] File: C:\WINDOWS\liqad.dll
[700000151] File: C:\WINDOWS\liqui.dll
[700000153] File: C:\WINDOWS\pbsysie.dll
[700000155] File: C:\WINDOWS\xadbrk.dll

167 Adware.Z-Quest Adware 4
[300003674] Root: HKLM Path: software\microsoft\windows\currentversion\explorer\browser helper objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}

203 BargainBuddy Malware 8
[300004378] Root: HKLM Path: software\microsoft\windows\currentversion\explorer\browser helper objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}

254 CnsMin DataMiner 8
[300005827] Root: HKLM Path: software\microsoft\windows\currentversion\explorer\browser helper objects\{bb936323-19fa-4521-ba29-eca6a121bc78}
[400000414] Folder: C:\Program Files\3721

633 Toolbar.Softo DataMiner 9
[300013971] Root: HKLM Path: software\microsoft\windows\currentversion\explorer\browser helper objects\{12f02779-6d88-4958-8ad3-83c12d86adc7}
[400001174] Folder: C:\Program Files\inetget2

926 Win32.Spyware.Acoona Spyware 7
[300018731] Root: HKLM Path: software\microsoft\windows\currentversion\explorer\browser helper objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}
[400001511] Folder: C:\Program Files\accoona

1066 Win32.TrojanSpy.Peed Malware 10
[300023930] Root: HKU Path: .DEFAULT\software\microsoft\windows\currentversion\explorer Value: {f710fa10-2031-3106-8872-93a2b5c5c620}
[400001654] Folder: C:\WINDOWS\system32\wsnpoem

725 Tracking Cookie DataMiner 3
[600000187] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat advertising.com ACID /
[600000187] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat advertising.com BASE /
[600000187] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat advertising.com ROLL /
[600000187] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat advertising.com F1 /
[600000187] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat advertising.com C2 /
[600000212] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat 2o7.net s_vi_kefx7Dzkcgnf /
[600000212] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat 2o7.net s_vi_gijupe /
[600000460] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat ad.yieldmanager.com uid /
[600000460] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat ad.yieldmanager.com vuday1 /
[600000460] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat ad.yieldmanager.com ih /
[600000460] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat ad.yieldmanager.com liday1 /
[600000460] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat ad.yieldmanager.com fl_inst /
[600000460] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat ad.yieldmanager.com bh /
[600000409] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat server.iad.liveperson.net HumanClickID /
[600000409] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat server.iad.liveperson.net HumanClickACTIVE /
[600000409] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat server.iad.liveperson.net HumanClickID /hc/10599399
[600000138] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat fastclick.net pjw /
[600000138] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat fastclick.net pluto /
[600000138] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat fastclick.net adv_ic /
[600000138] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat fastclick.net vt /
[600000101] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat overture.com ConvData /
[600000101] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat overture.com UserData /
[600000101] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat overture.com CMUserData /
[600000083] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat realtor.com __utma /
[600000083] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat realtor.com __utmb /
[600000083] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat realtor.com __utmz /
[600000083] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat realtor.com HSID /
[600000212] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat homestore.122.2o7.net s_vi /
[600000263] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat mediaplex.com svid /
[600000179] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat atdmt.com AA002 /
[600000207] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat www.abcsearch.com UID2 /
[600000157] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat primeclickz.com naction /
[600000415] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat ads.revsci.net rsi_us_1000000 /adserver
[600000413] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat rotator.adjuggler.com optin /
[600000413] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat rotator.adjuggler.com ajess1_1811E5C14CC05866C487B364 /
[600000413] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat rotator.adjuggler.com ajcmp /
[600000415] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat revsci.net NETID01 /
[600000415] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat revsci.net NETSEGS_G07610 /
[600000415] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat revsci.net rsi_segs_1000000 /
[600000089] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat pro-market.net anProfile /
[600000089] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat pro-market.net anCSC /
[600000144] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat doubleclick.net id /
[600000126] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat hitbox.com CTG /
[600000126] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat hitbox.com WSS_GW /
[600000126] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat ehg-verizon.hitbox.com DM56050762VVV6 /
[600000126] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat ehg-verizon.hitbox.com DM550928B8DMV6 /
[600000126] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat ehg-verizon.hitbox.com DM5508092JCAV6 /
[600000083] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat realmedia.com RMID /
[600000083] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat realmedia.com RMFD /
[600000400] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat anad.tacoda.net /PC /
[600000000] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat zedo.com ZEDOIDX /
[600000000] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat zedo.com ZEDOIDA /
[600000000] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat zedo.com geo /
[600000000] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat zedo.com FFcat /
[600000000] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat zedo.com FFad /
[600000447] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat apmebf.com S /
[600000513] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat adbrite.com Apache /
[600000513] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat adbrite.com b /
[600000513] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat ads.adbrite.com ihc_443496 /
[600000050] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat tribalfusion.com ANON_ID /
[600000478] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat www.jackpotmadness.com JackpotFactory /
[600000201] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat media.adrevolver.com adrevid /
[600000201] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat media.adrevolver.com BIGipServerar-slave /
[600000201] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat adrevolver.com prefs /
[600000201] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat adrevolver.com prefs2 /
[600000201] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat media.adrevolver.com freq /adrevolver/
[600000201] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat media.adrevolver.com uid /adrevolver/
[600000488] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat indextools.com itvisitorid1000475639086 /
[600000488] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat indextools.com itsessionid1000475639086 /


Quarantined Objects
Family Id Name Category TAI
799 Win32.Backdoor.Agent Virus 10
[100010402] File: c:\windows\system32\syscfg32.exe
[300017021] Root: HKU Path: .DEFAULT\software\microsoft\windows\currentversion\explorer Value: {f710fa10-2031-3106-8872-93a2b5c5c620}
[300034522] Root: HKLM Path: software\microsoft\windows\currentversion\run Value: windows configure
[300034523] Root: HKLM Path: software\microsoft\windows\currentversion\runservices Value: windows configure
[400002448] Folder: C:\WINDOWS\system32\wsnpoem

6 404search Malware 5
[300000161] Root: HKLM Path: software\microsoft\windows\currentversion\explorer\browser helper objects\{53c330d6-a4ab-419b-b45d-fd4411c1fef4}

8 7FaSSt DataMiner 7
[300000181] Root: HKLM Path: software\microsoft\windows\currentversion\explorer\browser helper objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}

24 AdBreak DataMiner 7
[300000418] Root: HKLM Path: software\microsoft\windows\currentversion\explorer\browser helper objects\{00000012-890e-4aac-afd9-eff6954a34dd}
[700000145] File: C:\WINDOWS\wbecheck.exe
[700000147] File: C:\WINDOWS\kkcomp.dll
[700000148] File: C:\WINDOWS\kvnab$.exe
[700000148] File: C:\WINDOWS\kvnab.dll
[700000148] File: C:\WINDOWS\kvnab.exe
[700000150] File: C:\WINDOWS\liqad.dll
[700000151] File: C:\WINDOWS\liqui.dll
[700000153] File: C:\WINDOWS\pbsysie.dll
[700000155] File: C:\WINDOWS\xadbrk.dll

167 Adware.Z-Quest Adware 4
[300003674] Root: HKLM Path: software\microsoft\windows\currentversion\explorer\browser helper objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}

203 BargainBuddy Malware 8
[300004378] Root: HKLM Path: software\microsoft\windows\currentversion\explorer\browser helper objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}

254 CnsMin DataMiner 8
[300005827] Root: HKLM Path: software\microsoft\windows\currentversion\explorer\browser helper objects\{bb936323-19fa-4521-ba29-eca6a121bc78}
[400000414] Folder: C:\Program Files\3721

633 Toolbar.Softo DataMiner 9
[300013971] Root: HKLM Path: software\microsoft\windows\currentversion\explorer\browser helper objects\{12f02779-6d88-4958-8ad3-83c12d86adc7}
[400001174] Folder: C:\Program Files\inetget2

926 Win32.Spyware.Acoona Spyware 7
[300018731] Root: HKLM Path: software\microsoft\windows\currentversion\explorer\browser helper objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}
[400001511] Folder: C:\Program Files\accoona

1066 Win32.TrojanSpy.Peed Malware 10
[300023930] Root: HKU Path: .DEFAULT\software\microsoft\windows\currentversion\explorer Value: {f710fa10-2031-3106-8872-93a2b5c5c620}
[400001654] Folder: C:\WINDOWS\system32\wsnpoem


Removed Objects
Family Id Name Category TAI
799 Win32.Backdoor.Agent Virus 10
[100010402] Process CSI: c:\windows\system32\syscfg32.exe
[300017021] Root: HKU Path: .DEFAULT\software\microsoft\windows\currentversion\explorer Value: {f710fa10-2031-3106-8872-93a2b5c5c620}
[300034522] Root: HKLM Path: software\microsoft\windows\currentversion\run Value: windows configure
[300034523] Root: HKLM Path: software\microsoft\windows\currentversion\runservices Value: windows configure
[100010402] File: c:\windows\system32\syscfg32.exe

6 404search Malware 5
[300000161] Root: HKLM Path: software\microsoft\windows\currentversion\explorer\browser helper objects\{53c330d6-a4ab-419b-b45d-fd4411c1fef4}

8 7FaSSt DataMiner 7
[300000181] Root: HKLM Path: software\microsoft\windows\currentversion\explorer\browser helper objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}

24 AdBreak DataMiner 7
[300000418] Root: HKLM Path: software\microsoft\windows\currentversion\explorer\browser helper objects\{00000012-890e-4aac-afd9-eff6954a34dd}
[700000145] File: C:\WINDOWS\wbecheck.exe
[700000147] File: C:\WINDOWS\kkcomp.dll
[700000148] File: C:\WINDOWS\kvnab$.exe
[700000148] File: C:\WINDOWS\kvnab.dll
[700000148] File: C:\WINDOWS\kvnab.exe
[700000150] File: C:\WINDOWS\liqad.dll
[700000151] File: C:\WINDOWS\liqui.dll
[700000153] File: C:\WINDOWS\pbsysie.dll
[700000155] File: C:\WINDOWS\xadbrk.dll

167 Adware.Z-Quest Adware 4
[300003674] Root: HKLM Path: software\microsoft\windows\currentversion\explorer\browser helper objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}

203 BargainBuddy Malware 8
[300004378] Root: HKLM Path: software\microsoft\windows\currentversion\explorer\browser helper objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}

254 CnsMin DataMiner 8
[300005827] Root: HKLM Path: software\microsoft\windows\currentversion\explorer\browser helper objects\{bb936323-19fa-4521-ba29-eca6a121bc78}
[400000414] Folder: C:\Program Files\3721

633 Toolbar.Softo DataMiner 9
[300013971] Root: HKLM Path: software\microsoft\windows\currentversion\explorer\browser helper objects\{12f02779-6d88-4958-8ad3-83c12d86adc7}

926 Win32.Spyware.Acoona Spyware 7
[300018731] Root: HKLM Path: software\microsoft\windows\currentversion\explorer\browser helper objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}
[400001511] Folder: C:\Program Files\accoona

725 Tracking Cookie DataMiner 3
[600000187] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat advertising.com ACID /
[600000187] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat advertising.com BASE /
[600000187] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat advertising.com ROLL /
[600000187] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat advertising.com F1 /
[600000187] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat advertising.com C2 /
[600000212] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat 2o7.net s_vi_kefx7Dzkcgnf /
[600000212] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat 2o7.net s_vi_gijupe /
[600000460] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat ad.yieldmanager.com uid /
[600000460] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat ad.yieldmanager.com vuday1 /
[600000460] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat ad.yieldmanager.com ih /
[600000460] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat ad.yieldmanager.com liday1 /
[600000460] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat ad.yieldmanager.com fl_inst /
[600000460] Browser: Internet Explorer Cookie: C:\Documents and Settings\Ashley Franklin\Cookies\index.dat ad.yieldmanager.com bh /


Mod Edit: Topic moved to more appropriate forum~ TMacK

Edited by TMacK, 04 March 2008 - 11:10 PM.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,844 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:35 PM

Posted 05 March 2008 - 12:58 AM

Hello Zhahn and welcome to BC :flowers:

Is there a combofix program for windows 2000.


Even if there were, Combofix is not used outside of the HiJack This forums. Combofix is a powerful tool intended by its creator to be used under the direction of an expert. It is NOT for private use. You should NOT use Combofix unless a Malware Removal Expert has told you to. Improper use of this tool can seriously damage your operating system and may even prevent it from starting again. Please read Combofix's Disclaimer.

If it is determined that you need more assistance than we can provide in this forum, we will provide directions for producing an HJT log and posting in the HJT forums.

For now, I would like you to run a scan with SUPERAntiSpyware in Safe Mode. You will, of course, install it in Normal Mode. You may wish to print out these directions or copy them to notepad so you have them available when you are off-line.

Download and install SUPERAntiSpyware free found here: SUPERAntiSpyware

Be sure to click on the download button to the left, not on the free trial download on the right.

Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click Yes.
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:
  • Close browsers before scanning
  • Scan for tracking cookies
  • Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
Reboot into Safe Mode
On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next to it, then click Next.
It will quarantine what it found and if it asks if you want to reboot, click Yes.
Reboot into Normal Mode
To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
Click close and close again to exit the program.

Please post the log in your next reply.

Orange Blossom :thumbsup:

Edited by Orange Blossom, 05 March 2008 - 12:59 AM.
Fix BB tag

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 Zhahn

Zhahn
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:35 PM

Posted 05 March 2008 - 04:05 AM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/05/2008 at 00:52 AM

Application Version : 4.0.1154

Core Rules Database Version : 3414
Trace Rules Database Version: 1406

Scan type : Complete Scan
Total Scan Time : 00:56:13

Memory items scanned : 142
Memory threats detected : 3
Registry items scanned : 5185
Registry threats detected : 131
File items scanned : 61513
File threats detected : 312

Trojan.Unclassifed/AffiliateBundle
C:\WINDOWS\SYSTEM32\IIFEEFE.DLL
C:\WINDOWS\SYSTEM32\IIFEEFE.DLL
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\iifeefe
C:\WINDOWS\SYSTEM32\JKKKKLK.DLL
C:\WINDOWS\SYSTEM32\PMNNNMN.DLL
C:\WINDOWS\SYSTEM32\SSQONLJ.DLL
C:\WINDOWS\SYSTEM32\TUVVWWU.DLL
C:\WINDOWS\SYSTEM32\XXYWWVW.DLL

Adware.Vundo Variant/Resident
C:\WINDOWS\SYSTEM32\SSQPQ.DLL
C:\WINDOWS\SYSTEM32\SSQPQ.DLL

Rogue.Unclassified/Loader
C:\WINDOWS\SYSTEM32\MGMRWMRV.EXE
C:\WINDOWS\SYSTEM32\MGMRWMRV.EXE
C:\DOCUMENTS AND SETTINGS\ASHLEY FRANKLIN\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O1MFWPAV\IN[1]
C:\WINSSSX.EXE
C:\WINXMHV.EXE

Trojan.Net-Wintouch/V2
[WinTouch] C:\DOCUMENTS AND SETTINGS\ASHLEY FRANKLIN\APPLICATION DATA\WINTOUCH\WINTOUCH.EXE
C:\DOCUMENTS AND SETTINGS\ASHLEY FRANKLIN\APPLICATION DATA\WINTOUCH\WINTOUCH.EXE

Trojan.Unknown Origin
[wrkf] C:\PROGRA~1\COMMON~1\WRKF\WRKFM.EXE
C:\PROGRA~1\COMMON~1\WRKF\WRKFM.EXE
HKLM\Software\xpre
HKLM\Software\xpre#execount
C:\DOCUMENTS AND SETTINGS\ASHLEY FRANKLIN\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4RNJECD9\INSTALLER[1].EXE
C:\DOCUMENTS AND SETTINGS\ASHLEY FRANKLIN\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\UVQNYT63\EXE[1]
C:\PROGRAM FILES\COMMON FILES\WRKF\WRKFA.EXE
C:\PROGRAM FILES\COMMON FILES\WRKF\WRKFL.EXE
C:\PROGRAM FILES\COMMON FILES\WRKF\WRKFM.EXE
C:\SUZK.EXE
C:\WINDOWS\QXNOBGV5IEZYYW5RBGLU\KRHCV3PCKHTVSQCOV35R.VBS
C:\WINDOWS\UNINSTALL_NMON.VBS

Trojan.ZQuest
HKLM\Software\Classes\CLSID\{6147C928-B873-462B-4AAF-7E789A40CDCA}
HKCR\CLSID\{6147C928-B873-462B-4AAF-7E789A40CDCA}
HKCR\CLSID\{6147C928-B873-462B-4AAF-7E789A40CDCA}\InProcServer32
HKCR\CLSID\{6147C928-B873-462B-4AAF-7E789A40CDCA}\InProcServer32#ThreadingModel
C:\PROGRAM FILES\NETMEETING\QUJAXIR847.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6147C928-B873-462B-4AAF-7E789A40CDCA}
C:\PROGRAM FILES\NETMEETING\QUJAXIR.DLL

Neopets Toolbar
HKLM\Software\Classes\CLSID\{CD292324-974F-4224-D074-CACA427AA030}
HKCR\CLSID\{CD292324-974F-4224-D074-CACA427AA030}
HKCR\CLSID\{CD292324-974F-4224-D074-CACA427AA030}
HKCR\CLSID\{CD292324-974F-4224-D074-CACA427AA030}\InprocServer32
HKCR\CLSID\{CD292324-974F-4224-D074-CACA427AA030}\InprocServer32#ThreadingModel
HKCR\CLSID\{CD292324-974F-4224-D074-CACA427AA030}\ProgID
C:\PROGRA~1\NEOPETS\TOOLBAR\TOOLBAR.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CD292324-974F-4224-D074-CACA427AA030}
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{CD292324-974F-4224-D074-CACA427AA030}
HKCR\Toolbar.Neopets
HKCR\Toolbar.Neopets\Clsid
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser#{CD292324-974F-4224-D074-CACA427AA030}
HKU\S-1-5-21-790525478-1336601894-725345543-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser#{CD292324-974F-4224-D074-CACA427AA030}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{CD292324-974F-4224-D074-CACA427AA030}
HKU\S-1-5-21-790525478-1336601894-725345543-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{CD292324-974F-4224-D074-CACA427AA030}

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{D0B945FE-4B8A-4323-AC1B-8E1E6C2A2008}
HKCR\CLSID\{D0B945FE-4B8A-4323-AC1B-8E1E6C2A2008}
HKCR\CLSID\{D0B945FE-4B8A-4323-AC1B-8E1E6C2A2008}
HKCR\CLSID\{D0B945FE-4B8A-4323-AC1B-8E1E6C2A2008}\InProcServer32
HKCR\CLSID\{D0B945FE-4B8A-4323-AC1B-8E1E6C2A2008}\InProcServer32#ThreadingModel
C:\PROGRAM FILES\ACCESSORIES\NUXAGIR89104.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0B945FE-4B8A-4323-AC1B-8E1E6C2A2008}
HKLM\System\ControlSet001\Services\cmdService
C:\WINDOWS\QXNOBGV5IEZYYW5RBGLU\COMMAND.EXE
HKLM\System\ControlSet001\Enum\Root\LEGACY_cmdService
HKLM\System\ControlSet002\Services\cmdService
HKLM\System\ControlSet002\Enum\Root\LEGACY_cmdService
HKLM\System\CurrentControlSet\Services\cmdService
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_cmdService

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{ED120D76-BF31-412C-A99B-783C6676E128}
HKCR\CLSID\{ED120D76-BF31-412C-A99B-783C6676E128}
HKCR\CLSID\{ED120D76-BF31-412C-A99B-783C6676E128}\InprocServer32
HKCR\CLSID\{ED120D76-BF31-412C-A99B-783C6676E128}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ED120D76-BF31-412C-A99B-783C6676E128}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{ED120D76-BF31-412C-A99B-783C6676E128}
HKCR\CLSID\{ED120D76-BF31-412C-A99B-783C6676E128}

Adware.AdBreak
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}
C:\WINDOWS\FHFMM-UNINSTALLER.EXE
C:\WINDOWS\FHFMM.EXE
C:\WINDOWS\HCWPRN.EXE
C:\WINDOWS\KKCOMP.DLL
C:\WINDOWS\KKCOMP.EXE
C:\WINDOWS\KVNAB.DLL
C:\WINDOWS\KVNAB.EXE
C:\WINDOWS\LIQAD.DLL
C:\WINDOWS\LIQAD.EXE
C:\WINDOWS\LIQUI-UNINSTALLER.EXE
C:\WINDOWS\LIQUI.DLL
C:\WINDOWS\LIQUI.EXE
C:\WINDOWS\PBSYSIE.DLL
C:\WINDOWS\SETTN.DLL
C:\WINDOWS\WBECHECK.EXE
C:\WINDOWS\XADBRK.DLL
C:\WINDOWS\XADBRK.EXE
C:\WINDOWS\XADBRK_.EXE

Adware.Vundo-Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1076574C-B94D-42BF-8068-6D9B268AF8E6}
HKCR\CLSID\{1076574C-B94D-42BF-8068-6D9B268AF8E6}
HKCR\CLSID\{1076574C-B94D-42BF-8068-6D9B268AF8E6}\InprocServer32
HKCR\CLSID\{1076574C-B94D-42BF-8068-6D9B268AF8E6}\InprocServer32#ThreadingModel

411Ferret Toolbar
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{12F02779-6D88-4958-8AD3-83C12D86ADC7}

Adware.AdBlaster
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}

AdBars BHO
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}

Adware.404Search
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}

Adware.Accoona
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}

Trojan.Unclassified/COMCtl3
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{996AD947-AA4F-40D0-B28D-A7C993AB0FA8}
HKCR\CLSID\{996AD947-AA4F-40D0-B28D-A7C993AB0FA8}
HKCR\CLSID\{996AD947-AA4F-40D0-B28D-A7C993AB0FA8}\InprocServer32
HKCR\CLSID\{996AD947-AA4F-40D0-B28D-A7C993AB0FA8}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\COMCTL3.DLL

Trojan.PBar
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}

Adware.ClickSpring
HKLM\Software\ClickSpring
HKLM\Software\ClickSpring#UBWKR
C:\DOCUMENTS AND SETTINGS\ASHLEY FRANKLIN\LOCAL SETTINGS\TEMP\SDEXE.EXE

Trojan.NetMon/DNSChange
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#Type
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#Start
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#ObjectName
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Security
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#DeviceDesc
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#Contact
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#DisplayVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#NoModify
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#NoRemove
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#NoRepair
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#UninstallString
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Network Monitor

Trojan.cmdService
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#Type
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#Start
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#ObjectName
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Security
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum#NextInstance
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#Contact
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#DisplayVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#NoModify
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#NoRemove
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#NoRepair
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#UninstallString
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#DeviceDesc

Trojan.ZenoSearch
C:\WINDOWS\system32\msnav32.ax

Adware.TargetSavers
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSA
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSA#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSA#UninstallString

Adware.Adservs
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\QXNOBGV5IEZYYW5RBGLU\ASAPPSRV.DLL

Trojan.Downloader-Gen/RetAd
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#runner1 [ C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139 ]

Adware.WsnPoem
C:\WINDOWS\system32\wsnpoem\audio.dll
C:\WINDOWS\system32\wsnpoem\audio.dll.cla
C:\WINDOWS\system32\wsnpoem\video.dll
C:\WINDOWS\system32\wsnpoem

Malware.LocusSoftware Inc/AVSystemCare
C:\Documents and Settings\Ashley Franklin\Application Data\AVSystemCare\Logs\threats.log
C:\Documents and Settings\Ashley Franklin\Application Data\AVSystemCare\Logs\update.log
C:\Documents and Settings\Ashley Franklin\Application Data\AVSystemCare\Logs
C:\Documents and Settings\Ashley Franklin\Application Data\AVSystemCare\PGE.dat
C:\Documents and Settings\Ashley Franklin\Application Data\AVSystemCare
C:\AVSystemCare\AVQuar
C:\WINDOWS\..\AVSystemCare

Rogue.ErrorFighter
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#ptask [ C:\Program Files\AVSystemCare\ptask.exe ]

Rogue.SysCleaner
HKU\S-1-5-21-790525478-1336601894-725345543-1000\Software\WinTouch
HKU\S-1-5-21-790525478-1336601894-725345543-1000\Software\xInsiDERexe
HKU\S-1-5-21-790525478-1336601894-725345543-1000\Software\Microsoft\Windows\CurrentVersion\Run#WinTouch [ C:\Documents and Settings\Ashley Franklin\Application Data\WinTouch\WinTouch.exe ]

Adware.WinTouch/XInside
C:\Program Files\InetGet2
C:\Documents and Settings\Ashley Franklin\Application Data\WinTouch\wintouch.cfg
C:\Documents and Settings\Ashley Franklin\Application Data\WinTouch\WTUninstaller.exe
C:\Documents and Settings\Ashley Franklin\Application Data\WinTouch

Adware.JavaCore/NoDNS
C:\Program Files\JavaCore\JavaCore.exe
C:\Program Files\JavaCore\UnInstall.exe
C:\Program Files\JavaCore
C:\Program Files\NoDNS\NoDNS.exe
C:\Program Files\NoDNS\UnInstall.exe
C:\Program Files\NoDNS
HKU\S-1-5-21-790525478-1336601894-725345543-1000\Software\Microsoft\Windows\CurrentVersion\Run#JavaCore [ C:\Program Files\\JavaCore\\JavaCore.exe ]
HKU\S-1-5-21-790525478-1336601894-725345543-1000\Software\Microsoft\Windows\CurrentVersion\Run#NoDNS [ C:\Program Files\\NoDNS\\NoDNS.exe ]

Adware.Tracking Cookie
C:\Documents and Settings\Ashley Franklin\Cookies\ashley franklin@247realmedia[1].txt
C:\Documents and Settings\Ashley Franklin\Cookies\ashley franklin@ad.yieldmanager[1].txt
C:\Documents and Settings\Ashley Franklin\Cookies\ashley franklin@adrevolver[2].txt
C:\Documents and Settings\Ashley Franklin\Cookies\ashley franklin@adrevolver[3].txt
C:\Documents and Settings\Ashley Franklin\Cookies\ashley franklin@ads.domainsuite[1].txt
C:\Documents and Settings\Ashley Franklin\Cookies\ashley franklin@ads.k8l[1].txt
C:\Documents and Settings\Ashley Franklin\Cookies\ashley franklin@ads2.k8l[1].txt
C:\Documents and Settings\Ashley Franklin\Cookies\ashley franklin@ads2.k8l[2].txt
C:\Documents and Settings\Ashley Franklin\Cookies\ashley franklin@adsby.zwoops[1].txt
C:\Documents and Settings\Ashley Franklin\Cookies\ashley franklin@advertising[2].txt
C:\Documents and Settings\Ashley Franklin\Cookies\ashley franklin@advertising[3].txt
C:\Documents and Settings\Ashley Franklin\Cookies\ashley franklin@anad.tacoda[2].txt
C:\Documents and Settings\Ashley Franklin\Cookies\ashley franklin@anat.tacoda[1].txt
C:\Documents and Settings\Ashley Franklin\Cookies\ashley franklin@atdmt[1].txt
C:\Documents and Settings\Ashley Franklin\Cookies\ashley franklin@atlas.entrepreneur[2].txt
C:\Documents and Settings\Ashley Franklin\Cookies\ashley franklin@banner.royaldice[2].txt
C:\Documents and Settings\Ashley Franklin\Cookies\ashley franklin@buycom.122.2o7[1].txt
C:\Documents and Settings\Ashley Franklin\Cookies\ashley franklin@buycom.122.2o7[2].txt
C:\Documents and Settings\Ashley Franklin\Cookies\ashley franklin@casalemedia[2].txt
C:\Documents and Settings\Ashley Franklin\Cookies\ashley franklin@clicksfeed[2].txt
C:\Documents and Settings\Ashley Franklin\Cookies\ashley franklin@ehg-traderelectronicmedia.hitbox[2].txt
C:\Documents and Settings\Ashley Franklin\Cookies\ashley franklin@enhance[2].txt
C:\Documents and Settings\Ashley Franklin\Cookies\ashley franklin@fastclick[1].txt
C:\Documents and Settings\Ashley Franklin\Cookies\ashley franklin@fastclick[3].txt
C:\Documents and Settings\Ashley Franklin\Cookies\ashley franklin@findwhat[1].txt
C:\Documents and Settings\Ashley Franklin\Cookies\ashley franklin@hitbox[2].txt
C:\Documents and Settings\Ashley Franklin\Cookies\ashley franklin@homestore.122.2o7[1].txt
C:\Documents and Settings\Ashley Franklin\Cookies\ashley franklin@iad.liveperson[1].txt
C:\Documents and Settings\Ashley Franklin\Cookies\ashley franklin@indextools[2].txt
C:\Documents and Settings\Ashley Franklin\Cookies\ashley franklin@interclick[2].txt
C:\Documents and Settings\Ashley Franklin\Cookies\ashley franklin@media.adrevolver[2].txt
C:\Documents and Settings\Ashley Franklin\Cookies\ashley franklin@podshow.112.2o7[1].txt
C:\Documents and Settings\Ashley Franklin\Cookies\ashley franklin@pro-market[2].txt
C:\Documents and Settings\Ashley Franklin\Cookies\ashley franklin@questionmarket[2].txt
C:\Documents and Settings\Ashley Franklin\Cookies\ashley franklin@redirect.clickshield[1].txt
C:\Documents and Settings\Ashley Franklin\Cookies\ashley franklin@redorbit[2].txt
C:\Documents and Settings\Ashley Franklin\Cookies\ashley franklin@revenuesense[2].txt
C:\Documents and Settings\Ashley Franklin\Cookies\ashley franklin@revsci[1].txt
C:\Documents and Settings\Ashley Franklin\Cookies\ashley franklin@rotator.adjuggler[1].txt
C:\Documents and Settings\Ashley Franklin\Cookies\ashley franklin@rotator.adjuggler[3].txt
C:\Documents and Settings\Ashley Franklin\Cookies\ashley franklin@rotator.dex.adjuggler[2].txt
C:\Documents and Settings\Ashley Franklin\Cookies\ashley franklin@specificclick[1].txt
C:\Documents and Settings\Ashley Franklin\Cookies\ashley franklin@stats.adbrite[1].txt
C:\Documents and Settings\Ashley Franklin\Cookies\ashley franklin@tacoda[2].txt
C:\Documents and Settings\Ashley Franklin\Cookies\ashley franklin@tagiq.clickforensics[1].txt
C:\Documents and Settings\Ashley Franklin\Cookies\ashley franklin@toseeka[1].txt
C:\Documents and Settings\Ashley Franklin\Cookies\ashley franklin@traffic.buyservices[1].txt
C:\Documents and Settings\Ashley Franklin\Cookies\ashley franklin@tremor.adbureau[2].txt
C:\Documents and Settings\Ashley Franklin\Cookies\ashley franklin@tribalfusion[1].txt
C:\Documents and Settings\Ashley Franklin\Cookies\ashley franklin@webtraffic20[2].txt
C:\Documents and Settings\Ashley Franklin\Cookies\ashley franklin@webtraffic20[3].txt
C:\Documents and Settings\Ashley Franklin\Cookies\ashley franklin@zedo[1].txt
C:\Documents and Settings\Default User\Cookies\system@banners.searchingbooth[1].txt
C:\Documents and Settings\Default User\Cookies\system@enhance[2].txt
C:\Documents and Settings\Default User\Cookies\system@rotator.dex.adjuggler[1].txt
C:\Documents and Settings\Default User\Cookies\system@thunderbolt.adjuggler[1].txt

Trojan.Downloader-CommandDesktop
C:\DOCUMENTS AND SETTINGS\ASHLEY FRANKLIN\LOCAL SETTINGS\TEMP\CMDINST.EXE

Trojan.Downloader-Gen/SnapSNet
C:\DOCUMENTS AND SETTINGS\ASHLEY FRANKLIN\LOCAL SETTINGS\TEMP\SNAPSNET.EXE

TargetSaver, Inc. Process
C:\DOCUMENTS AND SETTINGS\ASHLEY FRANKLIN\LOCAL SETTINGS\TEMP\TSINSTALL_4_0_4_0_B4.EXE
C:\DOCUMENTS AND SETTINGS\ASHLEY FRANKLIN\LOCAL SETTINGS\TEMP\TSUPDATE_4_0_4_1_B3.EXE
C:\WINDOWS\SYSTEM32\TSUNINST.EXE

Trojan.Unclassified/WavVSNet
C:\DOCUMENTS AND SETTINGS\ASHLEY FRANKLIN\LOCAL SETTINGS\TEMP\WAVVSNET.EXE

Rogue.LocusSoftware-Installer
C:\DOCUMENTS AND SETTINGS\ASHLEY FRANKLIN\LOCAL SETTINGS\TEMP\WINVSNET.EXE

Adware.Yazzle-Installer
C:\DOCUMENTS AND SETTINGS\ASHLEY FRANKLIN\LOCAL SETTINGS\TEMP\YAZZSNET.EXE
C:\DOCUMENTS AND SETTINGS\ASHLEY FRANKLIN\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\8L27K9YB\YAZZSNET[1].EXE

Uncategorized.Unknown Origin
C:\DOCUMENTS AND SETTINGS\ASHLEY FRANKLIN\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\9PWRGCA8\P[1].EXE
C:\SYSEAPM.EXE

Trojan.ZQuest-Installer
C:\DOCUMENTS AND SETTINGS\ASHLEY FRANKLIN\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\9PWRGCA8\TK58[1].EXE
C:\WINDOWS\TK58.EXE

Trojan.Downloader-Gen/Suspicious
C:\DOCUMENTS AND SETTINGS\ASHLEY FRANKLIN\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O52VW1YF\FILE[1].EXE

Adware.Unknown Origin
C:\PROGRAM FILES\COMMON FILES\WRKF\WRKFD\CLASS-BARREL
C:\PROGRAM FILES\COMMON FILES\WRKF\WRKFD\VOCABULARY

Unclassified.Unknown Origin/System
C:\PROGRAM FILES\COMMON FILES\WRKF\WRKFD\WRKFC.DLL
C:\WINDOWS\SYSTEM32\ESHOPEE.EXE

Trojan.Downloader-Gen
C:\PROGRAM FILES\COMMON FILES\WRKF\WRKFP.EXE

Trojan.Unclassified/17PHolmes-A
C:\WINDOWS\17PHOLMES572.EXE

Trojan.FakeDrop-7Search
C:\WINDOWS\7SEARCH.DLL

Trojan.Downloader-Gen/Bundle Installer
C:\WINDOWS\B103.EXE
C:\WINDOWS\B116.EXE
C:\WINDOWS\B138.EXE
C:\WINDOWS\B152.EXE
C:\WINDOWS\B153.EXE
C:\WINDOWS\B154.EXE

Trojan.Downloader-Gen/Installer
C:\WINDOWS\B104.EXE

Trojan.Fakespy-B
C:\WINDOWS\SYSTEM32\MSOLE32.EXE

Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\QPQSS.INI
C:\WINDOWS\SYSTEM32\QPQSS.INI2

Trace.Known Threat Sources
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\7K5BAC22\install_en[1].exe
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\7K5BAC22\ctxad-576[1].0001
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\KTMROD27\ctxad-576[1].0000
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\8L27K9YB\ctxad-576[1].0005
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\CD834NOV\ctxad-576[1].sig
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\8X2VG1UB\top_bg[1].jpg
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\S0F19LEL\style[6].css
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\8X2VG1UB\rm[1]
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\8L27K9YB\stats[1].jpg
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\UNDDSX7Y\logo[1].gif
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\7K5BAC22\errorhandler[1].htm
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\M5GVKVK1\async_ads_rs[2].htm
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\W16J452R\ajax[1].htm
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\8X2VG1UB\send[1].gif
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\8L27K9YB\shopica_logo_bott[1].gif
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\WHQJ81AV\shopica_logo_top[1].gif
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\W16J452R\excalm[1].gif
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\8L27K9YB\style[6].css
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\WHQJ81AV\async_ads_rs[1].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\MT0JYLY5\rssearch[1].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\8X2VG1UB\sp[1].gif
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\4CG65312\js[2].js
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\SH41IVK9\footer_dots[1].gif
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\W16J452R\async_ads_rs[1].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\UNDDSX7Y\search[4].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\UVQNYT63\async_ads_rs[2].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\8X2VG1UB\releted_dot[1].gif
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\8L27K9YB\async_ads_rs[1].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\UVQNYT63\async_ads_rs[1].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\O52VW1YF\async_ads_rs[3].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\8X2VG1UB\async_ads_rs[1].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\CD834NOV\async_ads_rs[1].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\9PWRGCA8\rssearch[1].htm
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\7K5BAC22\async_ads_rs[1].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\WHQJ81AV\async_ads_rs[2].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\168MVH1S\pop_under[2].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\7K5BAC22\search[2].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\S0F19LEL\async_ads_rs[1].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\8L27K9YB\search[3].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\UVQNYT63\search[3].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\BJMGMFMT\search[2].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\7K5BAC22\search[3].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\SH41IVK9\async_ads_rs[1].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\UVQNYT63\search[4].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\GHT17YCP\async_ads_rs[3].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\MT0JYLY5\search[1].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\SGAO584T\search[3].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\UVQNYT63\search[7].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\MT0JYLY5\async_ads_rs[2].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\4CG65312\search[2].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\UNDDSX7Y\search[5].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\8L27K9YB\async_ads_rs[2].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\MT0JYLY5\async_ads_rs[1].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\UNDDSX7Y\search[6].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\SH41IVK9\search[3].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\4CG65312\search[4].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\WHQJ81AV\search[1].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\MT0JYLY5\rssearch[2].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\WHQJ81AV\async_ads_rs[4].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\AP25E7SX\async_ads_rs[2].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\UVQNYT63\rssearch[2].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\7K5BAC22\async_ads_rs[2].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\W16J452R\async_ads_rs[2].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\SGAO584T\sp[1].gif
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\7K5BAC22\search[5].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\AP25E7SX\search[2].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\4CG65312\async_ads_rs[1].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\BJMGMFMT\search[1].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\S0F19LEL\search[4].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\O52VW1YF\search[1].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\O52VW1YF\async_ads_rs[1].htm
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\UNDDSX7Y\async_ads_rs[2].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\AP25E7SX\search[1].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\WBIFMK4Q\async_ads_rs[1].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\O52VW1YF\async_ads_rs[1].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\WBIFMK4Q\search[1].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\WBIFMK4Q\async_ads_rs[2].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\WBIFMK4Q\search[2].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\AP25E7SX\async_ads_rs[3].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\BJMGMFMT\rssearch[1].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\O52VW1YF\async_ads_rs[2].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\AP25E7SX\async_ads_rs[4].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\O52VW1YF\search[4].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\BJMGMFMT\search[3].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\9PWRGCA8\search[1].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\9PWRGCA8\async_ads_rs[1].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\BJMGMFMT\async_ads_rs[2].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\BJMGMFMT\async_ads_rs[1].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\O52VW1YF\search[3].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\WHQJ81AV\search[2].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\GHT17YCP\async_ads_rs[2].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\SGAO584T\search[2].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\AP25E7SX\search[4].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\S5JS8GUW\async_ads_rs[1].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\SH41IVK9\search[4].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\SGAO584T\search[1].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\S5JS8GUW\rssearch[1].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\WBIFMK4Q\async_ads_rs[3].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\GHT17YCP\async_ads_rs[1].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\GHT17YCP\search[2].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\S5JS8GUW\async_ads_rs[3].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\WDQ3S5UF\minify[1].js
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\UNDDSX7Y\17PHolmes[1].cmt
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\M5GVKVK1\8154ff2675af1b6e0677560871425153[1].zip
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\M5GVKVK1\ack[2].htm
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\SH41IVK9\ctxad-576[1].0004
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\4RNJECD9\1f9df714e4b6e5f82eaa297034bbbe90[1].zip
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\O1MFWPAV\icon.arrow[1].gif
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\O1MFWPAV\ack[1].htm
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\S0F19LEL\ctxad-576[1].0002
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\O1MFWPAV\718f466754402ac597de014577627f96[1].zip
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\4RNJECD9\async_ads_rs[1].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\4RNJECD9\styler[1].css
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\O1MFWPAV\main.shadow.top[1].gif
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\168MVH1S\index3i1[1].htm
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\M5GVKVK1\solution.2[1].gif
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\M5GVKVK1\2735zsjiyhfw[1].exe
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\4RNJECD9\search[2].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\CP2FSLEN\minify[1].js
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\M5GVKVK1\async_ads_rs[1].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\168MVH1S\page.screenshot[1].gif
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\M5GVKVK1\26453da423d82a5fc6fae941d05f1151[1].zip
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\S1UR4DMJ\minify2[1].js
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\168MVH1S\affupdate2[1].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\O1MFWPAV\scan.txt[1].gif
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\168MVH1S\a537119c47192bc08952189ae8782f08[1].zip
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\M5GVKVK1\ack[3].htm
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\O1MFWPAV\tsupdate2[1].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\4RNJECD9\scan.bar[1].gif
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\M5GVKVK1\i701_brd-top-1[1].gif
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\O1MFWPAV\c1f5cc94a30f082054f3a00e6655462d[1].zip
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\O1MFWPAV\ack[2].htm
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\4RNJECD9\main.shadow.btm[1].gif
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\M5GVKVK1\scan.bg[1].gif
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\M5GVKVK1\CA6ZIXLN.php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\4RNJECD9\ack[1].htm
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\M5GVKVK1\2735huotlppp[1].htm
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\M5GVKVK1\privacy[1].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\M5GVKVK1\i701_bg2[1].gif
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\M5GVKVK1\async_ads_rs[2].php
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\168MVH1S\button.download[1].gif
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\168MVH1S\ack[1].htm
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\O1MFWPAV\checkin[1].htm
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\168MVH1S\i701_cor-left-1[1].gif
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\168MVH1S\i701_pc[1].jpg
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\O1MFWPAV\i701_BG[1].jpg
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\4RNJECD9\i701_bg1[1].gif
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\O1MFWPAV\i701_line1[1].jpg
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\4RNJECD9\i701_logo[1].gif
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\M5GVKVK1\i701_boton1[1].gif
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\O1MFWPAV\i701_line2[1].jpg
C:\Documents and Settings\Ashley Franklin\Local Settings\Temporary Internet Files\Content.IE5\168MVH1S\i701_cor-right-1[1].gif

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,844 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:35 PM

Posted 05 March 2008 - 06:36 PM

Hello zhahn,

Wow, that is quite a load of malware there. :thumbsup: At this point, I'm going to turn this thread over to someone with more experience than I. Note that it will take several steps to completely clean your system. Even when your computer is functioning properly again, that doesn't mean the infections are completely gone. Please be sure to stay with the topic until we declare you clean.

Orange Blossom :flowers:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,906 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:35 PM

Posted 06 March 2008 - 12:33 AM

How is the PC running now/ Are there popups or pages being redirected? How is it's speed?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Zhahn

Zhahn
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:35 PM

Posted 06 March 2008 - 12:52 AM

It is running ok, but the popups still come on. I can play diablo without major interuption, But I do get new popups. ASking me to clean my malware with a certain cleaner. My wife inadvertantly ran adaware again and she told me there were 9 viruses it reported, but did not tell me which ones.

As far as speed, it is running near what it did when I first built the computer. The start menu responds faster to float over. programs seem to be faster at going to load. the internet also seems to be going the speed at which my company, comcast I have an 8megabit connection, is reporting me to be.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,906 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:35 PM

Posted 06 March 2008 - 01:04 AM

Ok let's do this .
Please download SmitfraudFix

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 Zhahn

Zhahn
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:35 PM

Posted 06 March 2008 - 02:48 AM

SmitFraudFix v2.300

Scan done at 23:51:02.09, Wed 03/05/2008
Run from C:\Documents and Settings\Ashley Franklin\Desktop\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\lexbces.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\WINDOWS\system32\mcntmlwb.exe
C:\WINDOWS\system32\qttask.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\nvcoi\nvcoi.exe
C:\WINDOWS\system32\msiconf.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
c:\windows\system32\rwwnw64d.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\cmd.exe

hosts


C:\


C:\WINDOWS

C:\WINDOWS\764.exe FOUND !
C:\WINDOWS\absolute key logger.lnk FOUND !
C:\WINDOWS\aconti.exe FOUND !
C:\WINDOWS\aconti.ini FOUND !
C:\WINDOWS\aconti.log FOUND !
C:\WINDOWS\aconti.sdb FOUND !
C:\WINDOWS\acontidialer.txt FOUND !
C:\WINDOWS\adbar.dll FOUND !
C:\WINDOWS\cbinst$.exe FOUND !
C:\WINDOWS\daxtime.dll FOUND !
C:\WINDOWS\default.htm FOUND !
C:\WINDOWS\dp0.dll FOUND !
C:\WINDOWS\eventlowg.dll FOUND !
C:\WINDOWS\flt.dll FOUND !
C:\WINDOWS\hotporn.exe FOUND !
C:\WINDOWS\iexplorr23.dll FOUND !
C:\WINDOWS\ie_32.exe FOUND !
C:\WINDOWS\jd2002.dll FOUND !
C:\WINDOWS\kkcomp$.exe FOUND !
C:\WINDOWS\kvnab$.exe FOUND !
C:\WINDOWS\liqad$.exe FOUND !
C:\WINDOWS\ngd.dll FOUND !
C:\WINDOWS\pbar.dll FOUND !
C:\WINDOWS\spredirect.dll FOUND !
C:\WINDOWS\vxddsk.exe FOUND !
C:\WINDOWS\wbeInst$.exe FOUND !
C:\WINDOWS\wml.exe FOUND !
C:\WINDOWS\xxxvideo.exe FOUND !

C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32

C:\WINDOWS\system32\acespy\ FOUND !
C:\WINDOWS\system32\ace16win.dll FOUND !
C:\WINDOWS\system32\migicons.exe FOUND !
C:\WINDOWS\system32\vxddsk.exe FOUND !
C:\WINDOWS\system32\winfrun32.bin FOUND !
C:\WINDOWS\system32\wml.exe FOUND !

C:\WINDOWS\system32\LogFiles


C:\Documents and Settings\Ashley Franklin


C:\Documents and Settings\Ashley Franklin\Application Data


Start Menu


C:\DOCUME~1\ASHLEY~1\FAVORI~1


Desktop


C:\Program Files

C:\Program Files\3721\ FOUND !
C:\Program Files\Accoona\ FOUND !
C:\Program Files\akl\ FOUND !
C:\Program Files\amsys\ FOUND !
C:\Program Files\e-zshopper\ FOUND !
C:\Program Files\p2pnetworks\ FOUND !

Corrupted keys


Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


Rustock



DNS

Description: ARRIS
DNS Server Search Order: 68.87.69.146
DNS Server Search Order: 68.87.85.98

HKLM\SYSTEM\CCS\Services\Tcpip\..\{360F04FB-AAB3-4938-95BE-645B5EF9CFB3}: DhcpNameServer=68.87.69.146 68.87.85.98
HKLM\SYSTEM\CS1\Services\Tcpip\..\{360F04FB-AAB3-4938-95BE-645B5EF9CFB3}: DhcpNameServer=68.87.69.146 68.87.85.98
HKLM\SYSTEM\CS2\Services\Tcpip\..\{360F04FB-AAB3-4938-95BE-645B5EF9CFB3}: DhcpNameServer=68.87.69.146 68.87.85.98
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.69.146 68.87.85.98
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.87.69.146 68.87.85.98
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=68.87.69.146 68.87.85.98


Scanning for wininet.dll infection


End

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,906 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:35 PM

Posted 07 March 2008 - 09:39 PM

Hello sorry about the delay. You are infected so let's run the cleaner.
You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, double-click SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Zhahn

Zhahn
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:35 PM

Posted 07 March 2008 - 11:05 PM

I took the delay that you were verifying the next step, to make sure it was the correct one.

When I ran smitfraudfix it got to the registry cleaning then it gave me an error that told me, a subprogram, unsure which one, could not access the registry. Then it took me back to the menu of choices. It also ran disk clean up.

here is the report:

SmitFraudFix v2.300

Scan done at 19:35:22.17, Fri 03/07/2008
Run from C:\Documents and Settings\Ashley Franklin\Desktop\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Killing process


hosts


127.0.0.1 localhost

VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.
Generic Renos Fix

GenericRenosFix by S!Ri


Deleting infected files

C:\WINDOWS\764.exe Deleted
C:\WINDOWS\absolute key logger.lnk Deleted
C:\WINDOWS\aconti.exe Deleted
C:\WINDOWS\aconti.ini Deleted
C:\WINDOWS\aconti.log Deleted
C:\WINDOWS\aconti.sdb Deleted
C:\WINDOWS\acontidialer.txt Deleted
C:\WINDOWS\adbar.dll Deleted
C:\WINDOWS\cbinst$.exe Deleted
C:\WINDOWS\daxtime.dll Deleted
C:\WINDOWS\default.htm Deleted
C:\WINDOWS\dp0.dll Deleted
C:\WINDOWS\eventlowg.dll Deleted
C:\WINDOWS\flt.dll Deleted
C:\WINDOWS\hotporn.exe Deleted
C:\WINDOWS\iexplorr23.dll Deleted
C:\WINDOWS\ie_32.exe Deleted
C:\WINDOWS\jd2002.dll Deleted
C:\WINDOWS\kkcomp$.exe Deleted
C:\WINDOWS\kvnab$.exe Deleted
C:\WINDOWS\liqad$.exe Deleted
C:\WINDOWS\ngd.dll Deleted
C:\WINDOWS\pbar.dll Deleted
C:\WINDOWS\spredirect.dll Deleted
C:\WINDOWS\vxddsk.exe Deleted
C:\WINDOWS\wbeInst$.exe Deleted
C:\WINDOWS\wml.exe Deleted
C:\WINDOWS\xxxvideo.exe Deleted
C:\WINDOWS\system32\ace16win.dll Deleted
C:\WINDOWS\system32\migicons.exe Deleted
C:\WINDOWS\system32\vxddsk.exe Deleted
C:\WINDOWS\system32\winfrun32.bin Deleted
C:\WINDOWS\system32\wml.exe Deleted
C:\WINDOWS\system32\acespy\ Deleted
C:\Program Files\3721\ Deleted
C:\Program Files\Accoona\ Deleted
C:\Program Files\akl\ Deleted
C:\Program Files\amsys\ Deleted
C:\Program Files\e-zshopper\ Deleted
C:\Program Files\p2pnetworks\ Deleted

IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{360F04FB-AAB3-4938-95BE-645B5EF9CFB3}: DhcpNameServer=68.87.69.146 68.87.85.98
HKLM\SYSTEM\CS1\Services\Tcpip\..\{360F04FB-AAB3-4938-95BE-645B5EF9CFB3}: DhcpNameServer=68.87.69.146 68.87.85.98
HKLM\SYSTEM\CS2\Services\Tcpip\..\{360F04FB-AAB3-4938-95BE-645B5EF9CFB3}: DhcpNameServer=68.87.69.146 68.87.85.98
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.69.146 68.87.85.98
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.87.69.146 68.87.85.98
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=68.87.69.146 68.87.85.98


Deleting Temp Files


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


Registry Cleaning

Registry Cleaning done.

SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


End

Edited by Zhahn, 07 March 2008 - 11:08 PM.


#11 Zhahn

Zhahn
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:35 PM

Posted 07 March 2008 - 11:50 PM

The popups are now worse than before, as in, they come up more often.

(Wife, not Zhahn.)

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,906 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:35 PM

Posted 08 March 2008 - 11:02 AM

Down but not beaten. Looks like some tough Vondo infections among all those others.

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 Zhahn

Zhahn
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:35 PM

Posted 08 March 2008 - 02:19 PM

It said done searching, no infected files found

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,906 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:35 PM

Posted 08 March 2008 - 03:09 PM

Hopefully we'll get results from this...

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link
  • Double-click on Download_mbam-setup.exe to install the application. (If using Windows Vista, be sure to "Run As Administrator")
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • On the Scanner tab:
    • Make sure the "Perform Quick Acan" option is selected.
    • Then click on the Scan button.
  • The next screen will ask you to select the drives to scan. Leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process and, if asked to restart the computer, please do so immediately.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 Zhahn

Zhahn
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:35 PM

Posted 08 March 2008 - 08:15 PM

I have tried to get the program to peform the clean up on restart twice and it seems to hang and lock just before the computer should click off and restart by itself. I am forced to press the reset button and when I tried to run the program again it said I had 12 infected files 5 of which needed to be cleaned on reboot. did I want to reboot. I clicked yes, and again it locked on trying to conmplete the reboot process.

When I try to open the logs it says again the error message of the missing file.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users