Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Computer Is Infected, Malled, Hijacked, Popped, Etc.


  • Please log in to reply
3 replies to this topic

#1 sparton

sparton

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 29 September 2008 - 03:00 PM

My use of my computer on the internet is suffering with some sort of problem and I can not fix it by myself. My OS is Windows XP Pro, IE is ver. 6.0.29. I have all sorts of problems with IE but the rest of my system seems to be OK. Here are some specifics . . . .

Sometimes IE slows to a halt. Won't open a new window before timing out.

Sometimes IE operates strangely - sometimes "back" button will not work. Opens two versions of the same page back-to-back.

Sometimes IE opens new pages on its own . . .
www.jokeroo.com/funnyvideos
http://blogmilb.smacchat.com
http://media.fastclick.net/w/safepop
http://mp3cdt.com
etc
etc

Sometimes this Security Warning pops up . . . .
The current web page is trying to open a site in your trusted sites list. Do you want to allow this?
Current Site: 127.0.0.1
Trusted Site: c:\windows\system32\shdoclc.dll

Sometimes this popup pops up . . . .
If your anti-virus software is not up to date, you could be open to dangerous infection.

After this stuff started happening, I installed a ran McAfee. It said it found an quaranteed lots of stuff but was no help with my IE problem.

Please, can anyone help me?

Doug

BC AdBot (Login to Remove)

 


#2 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 29 September 2008 - 04:53 PM

:flowers:

Can you maybe try running a couple of scans to see what shows up? Instructions are here
superantispyware
http://www.bleepingcomputer.com/forums/ind...st&p=959604

malawarebytes
http://www.bleepingcomputer.com/forums/ind...st&p=959453 :thumbsup:

#3 sparton

sparton
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 30 September 2008 - 03:23 PM

Thanks, I ran the Malwarebytes Anti-Malware and here is the report . . .

Malwarebytes' Anti-Malware 1.28
Database version: 1222
Windows 5.1.2600 Service Pack 2

9/30/2008 3:18:52 PM
mbam-log-2008-09-30 (15-18-52).txt

Scan type: Quick Scan
Objects scanned: 62764
Time elapsed: 13 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 19
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 2
Files Infected: 40

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\pmnljIAQ.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\rwndcbta.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\kcwpgi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\mlJyxwuV.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1c871a2d-a612-4ea3-880c-bf6d3fc21379} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{1c871a2d-a612-4ea3-880c-bf6d3fc21379} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{362af63d-d681-4605-9a85-3f8e7074d0aa} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{362af63d-d681-4605-9a85-3f8e7074d0aa} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{47836122-9d2e-476c-9763-b1d366f704e1} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mljyxwuv (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{47836122-9d2e-476c-9763-b1d366f704e1} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\AppID\{9a1ef21c-b0d4-4eb0-894f-cbae2f4d0a82} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00c9396 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\mp3avi.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\9440063d (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{47836122-9d2e-476c-9763-b1d366f704e1} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm977335a1 (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\pmnljiaq -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\pmnljiaq -> Delete on reboot.

Folders Infected:
C:\WINDOWS\system32\wTR02 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\' (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\pmnljIAQ.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\QAIjlnmp.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\QAIjlnmp.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kcwpgi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\mlJyxwuV.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\kqogoves.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sevogoqk.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\porhfwji.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ijwfhrop.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rwndcbta.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\atbcdnwr.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\arpwdfuh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\crckqabf.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcCSmlm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mfjdgq.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\npyzds.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rttufmno.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\shfikuja.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ioajve.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akvlqf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvxfilkp.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ytymvycu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\znkbdn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lbyiwn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\atxvdhkv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\HFJ7D1GA\nd82m0[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\Y5LUBA9S\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dlqqythp.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cmd.com (Worm.Alcra) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netstat.com (Worm.Alcra) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ping.com (Worm.Alcra) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regedit.com (Worm.Alcra) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tasklist.com (Worm.Alcra) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tracert.com (Worm.Alcra) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM977335a1.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM977335a1.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

Now I'm off to run the SUPERAntiSpyware.

Doug

#4 sparton

sparton
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 01 October 2008 - 06:34 AM

Oh My, my system is working again!

Here is the report from the SUPERAntiSpyware rout . . . .

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/01/2008 at 06:03 AM

Application Version : 4.21.1004

Core Rules Database Version : 3582
Trace Rules Database Version: 1570

Scan type : Complete Scan
Total Scan Time : 14:08:59

Memory items scanned : 194
Memory threats detected : 0
Registry items scanned : 5883
Registry threats detected : 1
File items scanned : 117586
File threats detected : 300

BearShare File Sharing Client
[BearShare] C:\PROGRAM FILES\BEARSHARE\BEARSHARE.EXE
C:\PROGRAM FILES\BEARSHARE\BEARSHARE.EXE
C:\BACKUP\FULL COPY 111407\MY STUFF\MY DISKS\INSTALLED\BEARSHARE\BEARSHARE PRO V5.0.2.3 + CRACK\BEARSHARE PRO V5.0.2.3\CRACK\BEARSHARE.EXE
C:\WINDOWS\Prefetch\BEARSHARE.EXE-2A0C795D.pf

Adware.Tracking Cookie
C:\Documents and Settings\Doug\Cookies\doug@ad.zanox[1].txt
C:\Documents and Settings\Doug\Cookies\doug@tacoda[2].txt
C:\Documents and Settings\Doug\Cookies\doug@adrevolver[2].txt
C:\Documents and Settings\Doug\Cookies\doug@apmebf[1].txt
C:\Documents and Settings\Doug\Cookies\doug@adknowledge[1].txt
C:\Documents and Settings\Doug\Cookies\doug@26274360[2].txt
C:\Documents and Settings\Doug\Cookies\doug@overture[2].txt
C:\Documents and Settings\Doug\Cookies\doug@adserver.easyadult[2].txt
C:\Documents and Settings\Doug\Cookies\doug@b5media[1].txt
C:\Documents and Settings\Doug\Cookies\doug@statcounter[1].txt
C:\Documents and Settings\Doug\Cookies\doug@anad.tacoda[1].txt
C:\Documents and Settings\Doug\Cookies\doug@ig[1].txt
C:\Documents and Settings\Doug\Cookies\doug@scanner.ms-scan[2].txt
C:\Documents and Settings\Doug\Cookies\doug@ads.addynamix[2].txt
C:\Documents and Settings\Doug\Cookies\doug@collective-media[1].txt
C:\Documents and Settings\Doug\Cookies\doug@paypal.112.2o7[2].txt
C:\Documents and Settings\Doug\Cookies\doug@cpvfeed[1].txt
C:\Documents and Settings\Doug\Cookies\doug@advertising[1].txt
C:\Documents and Settings\Doug\Cookies\doug@rm.yieldmanager[2].txt
C:\Documents and Settings\Doug\Cookies\doug@track.dig4me[1].txt
C:\Documents and Settings\Doug\Cookies\doug@ppvd[2].txt
C:\Documents and Settings\Doug\Cookies\doug@mediaplex[1].txt
C:\Documents and Settings\Doug\Cookies\doug@insightexpressai[2].txt
C:\Documents and Settings\Doug\Cookies\doug@ehg-veohnetworksinc.hitbox[2].txt
C:\Documents and Settings\Doug\Cookies\doug@50549199[1].txt
C:\Documents and Settings\Doug\Cookies\doug@login.tracking101[2].txt
C:\Documents and Settings\Doug\Cookies\doug@ehg.hitbox[2].txt
C:\Documents and Settings\Doug\Cookies\doug@partner.finditquick[1].txt
C:\Documents and Settings\Doug\Cookies\doug@jamster[1].txt
C:\Documents and Settings\Doug\Cookies\doug@www.burstbeacon[2].txt
C:\Documents and Settings\Doug\Cookies\doug@ad.yieldmanager[1].txt
C:\Documents and Settings\Doug\Cookies\doug@247realmedia[2].txt
C:\Documents and Settings\Doug\Cookies\doug@adecn[2].txt
C:\Documents and Settings\Doug\Cookies\doug@anat.tacoda[1].txt
C:\Documents and Settings\Doug\Cookies\doug@da-tracking[1].txt
C:\Documents and Settings\Doug\Cookies\doug@track.dmipartners[2].txt
C:\Documents and Settings\Doug\Cookies\doug@cgi-bin[4].txt
C:\Documents and Settings\Doug\Cookies\doug@realmedia[1].txt
C:\Documents and Settings\Doug\Cookies\doug@e-2dj6wcmyqlajaeq.stats.esomniture[2].txt
C:\Documents and Settings\Doug\Cookies\doug@questionmarket[2].txt
C:\Documents and Settings\Doug\Cookies\doug@pro-market[2].txt
C:\Documents and Settings\Doug\Cookies\doug@sales.liveperson[1].txt
C:\Documents and Settings\Doug\Cookies\doug@toseeka[2].txt
C:\Documents and Settings\Doug\Cookies\doug@hotels.112.2o7[1].txt
C:\Documents and Settings\Doug\Cookies\doug@revsci[2].txt
C:\Documents and Settings\Doug\Cookies\doug@e-2dj6wjmygnc5saq.stats.esomniture[2].txt
C:\Documents and Settings\Doug\Cookies\doug@richmedia.yahoo[1].txt
C:\Documents and Settings\Doug\Cookies\doug@e-2dj6wfkield5ico.stats.esomniture[2].txt
C:\Documents and Settings\Doug\Cookies\doug@ads.gmodules[1].txt
C:\Documents and Settings\Doug\Cookies\doug@d3.zedo[2].txt
C:\Documents and Settings\Doug\Cookies\doug@ads.pointroll[3].txt
C:\Documents and Settings\Doug\Cookies\doug@adbrite[1].txt
C:\Documents and Settings\Doug\Cookies\doug@hitbox[2].txt
C:\Documents and Settings\Doug\Cookies\doug@atwola[2].txt
C:\Documents and Settings\Doug\Cookies\doug@2o7[1].txt
C:\Documents and Settings\Doug\Cookies\doug@ehg-comcast.hitbox[1].txt
C:\Documents and Settings\Doug\Cookies\doug@specificclick[1].txt
C:\Documents and Settings\Doug\Cookies\doug@serving-sys[1].txt
C:\Documents and Settings\Doug\Cookies\doug@adopt.specificclick[1].txt
C:\Documents and Settings\Doug\Cookies\doug@metacafe.122.2o7[1].txt
C:\Documents and Settings\Doug\Cookies\doug@northwestairlines.112.2o7[1].txt
C:\Documents and Settings\Doug\Cookies\doug@tagiq.clickforensics[1].txt
C:\Documents and Settings\Doug\Cookies\doug@ads.mediamayhemcorp[1].txt
C:\Documents and Settings\Doug\Cookies\doug@ads.glispa[2].txt
C:\Documents and Settings\Doug\Cookies\doug@atdmt[1].txt
C:\Documents and Settings\Doug\Cookies\doug@interclick[2].txt
C:\Documents and Settings\Doug\Cookies\doug@viacom.adbureau[1].txt
C:\Documents and Settings\Doug\Cookies\doug@incentaclick[2].txt
C:\Documents and Settings\Doug\Cookies\doug@doubleclick[2].txt
C:\Documents and Settings\Doug\Cookies\doug@bridge.admarketplace[1].txt
C:\Documents and Settings\Doug\Cookies\doug@tracking.dsmmadvantage[1].txt
C:\Documents and Settings\Doug\Cookies\doug@scanner.microantivirus2009[2].txt
C:\Documents and Settings\Doug\Cookies\doug@burstnet[1].txt
C:\Documents and Settings\Doug\Cookies\doug@bostoncommonpress.112.2o7[1].txt
C:\Documents and Settings\Doug\Cookies\doug@searchfeed[1].txt
C:\Documents and Settings\Doug\Cookies\doug@mediatraffic[1].txt
C:\Documents and Settings\Doug\Cookies\doug@specificmedia[1].txt
C:\Documents and Settings\Doug\Cookies\doug@media.adrevolver[2].txt
C:\Documents and Settings\Doug\Cookies\doug@eas.apm.emediate[1].txt
C:\Documents and Settings\Doug\Cookies\doug@clickchecker6[2].txt
C:\Documents and Settings\Doug\Cookies\doug@ad[1].txt
C:\Documents and Settings\Doug\Cookies\doug@adrevolver[3].txt
C:\Documents and Settings\Doug\Cookies\doug@14224851[2].txt
C:\Documents and Settings\Doug\Cookies\doug@www.kelbymediagroup[2].txt
C:\Documents and Settings\Doug\Cookies\doug@dcsn3k5o910000086aqymxzgy_6w7r[2].txt
C:\Documents and Settings\Doug\Cookies\doug@meetupcom.122.2o7[1].txt
C:\Documents and Settings\Doug\Cookies\doug@zedo[1].txt
C:\Documents and Settings\Doug\Cookies\doug@bs.serving-sys[2].txt
C:\Documents and Settings\Doug\Cookies\doug@dealtime[1].txt
C:\Documents and Settings\Doug\Cookies\doug@adtrafficdriver[2].txt
C:\Documents and Settings\Doug\Cookies\doug@www.toseeka[2].txt
C:\Documents and Settings\Doug\Cookies\doug@a.tribalfusion[1].txt
C:\Documents and Settings\Doug\Cookies\doug@casalemedia[1].txt
C:\Documents and Settings\Doug\Cookies\doug@adserver[2].txt
C:\Documents and Settings\Doug\Cookies\doug@fastclick[1].txt
C:\Documents and Settings\Doug\Cookies\doug@1043247661[1].txt
C:\Documents and Settings\Doug\Cookies\doug@clickbank[2].txt
C:\Documents and Settings\Doug\Cookies\doug@tribalfusion[2].txt
C:\Documents and Settings\Doug\Cookies\doug@www.incentaclick[2].txt
C:\Documents and Settings\Doug\Cookies\doug@lulu.112.2o7[1].txt
C:\Documents and Settings\Doug\Cookies\doug@valueclick[2].txt
C:\Documents and Settings\Doug\Cookies\doug@exoclick[1].txt
C:\Documents and Settings\Doug\Cookies\doug@stat.dealtime[1].txt
C:\Documents and Settings\Doug\Cookies\doug@e-2dj6wdk4qoajkgq.stats.esomniture[2].txt
C:\Documents and Settings\Doug\Cookies\doug@bluestreak[1].txt
C:\Documents and Settings\Doug\Cookies\doug@adinterax[3].txt
C:\Documents and Settings\Doug\Cookies\doug@media.vlzserver[1].txt
C:\Documents and Settings\Doug\Cookies\doug@tremor.adbureau[2].txt
C:\Documents and Settings\Doug\Cookies\doug@57386690[2].txt
C:\Documents and Settings\Doug\Cookies\doug@clickbooth[2].txt
C:\Documents and Settings\Doug\Cookies\doug@e-2dj6wjkyahd5skp.stats.esomniture[2].txt
C:\Documents and Settings\Doug\Cookies\doug@trafficmp[2].txt
C:\Documents and Settings\Doug\Cookies\doug@counter.surfcounters[1].txt
C:\Documents and Settings\Doug\Cookies\doug@s.clickability[1].txt
C:\Documents and Settings\Doug\Cookies\doug@ads.vidsense[1].txt
C:\Documents and Settings\Doug\Cookies\doug@azjmp[2].txt
C:\Documents and Settings\Doug\Cookies\doug@shopica[2].txt
C:\Documents and Settings\Doug\Cookies\doug@yieldmanager[2].txt
C:\Documents and Settings\Doug\Cookies\doug@bizrate[1].txt
C:\Documents and Settings\Doug\Cookies\doug@findlocalweather[1].txt
C:\Documents and Settings\Doug\Cookies\doug@ads.us.e-planning[1].txt
C:\Documents and Settings\Doug\Cookies\doug@dynamic.media.adrevolver[1].txt
C:\Documents and Settings\Doug\Cookies\doug@43836137[1].txt
C:\Documents and Settings\Doug\Cookies\doug@1071462051[1].txt
C:\Documents and Settings\Doug\Cookies\doug@e-2dj6wjliwndpwbp.stats.esomniture[1].txt
C:\Documents and Settings\Doug\Cookies\doug@41409448[2].txt
C:\Documents and Settings\Doug\Cookies\doug@geosign.112.2o7[1].txt
C:\Documents and Settings\Doug\Cookies\doug@roiservice[2].txt
C:\Documents and Settings\Doug\Cookies\doug@perf.overture[1].txt
C:\Documents and Settings\Doug\Cookies\doug@e-2dj6wjkyggdzobp.stats.esomniture[1].txt
C:\Documents and Settings\Doug\Cookies\doug@gadget[1].txt
C:\Documents and Settings\Doug\Cookies\doug@eyewonder[1].txt
C:\Documents and Settings\Doug\Cookies\doug@iacas.adbureau[1].txt
C:\Documents and Settings\Doug\Cookies\doug@fastcareerfinder[1].txt
C:\Documents and Settings\Doug\Cookies\doug@statse.webtrendslive[2].txt
C:\Documents and Settings\Doug\Cookies\doug@ads.bridgetrack[1].txt
C:\Documents and Settings\Doug\Cookies\doug@www.ticketsnow2[2].txt
C:\Documents and Settings\Doug\Cookies\doug@S150086[1].txt
C:\Documents and Settings\Doug\Cookies\doug@crossmediaservices[1].txt
C:\Documents and Settings\Doug\Cookies\doug@tradedoubler[2].txt
C:\Documents and Settings\Doug\Cookies\doug@nextag[1].txt
C:\Documents and Settings\Doug\Cookies\doug@server.iad.liveperson[1].txt
C:\Documents and Settings\Doug\Cookies\doug@adultfriendfinder[2].txt
C:\Documents and Settings\Doug\Cookies\doug@data.coremetrics[1].txt
C:\Documents and Settings\Doug\Cookies\doug@e-2dj6wjnyejajchp.stats.esomniture[2].txt
C:\Documents and Settings\Doug\Cookies\doug@dmtracker[1].txt
C:\Documents and Settings\Doug\Cookies\doug@a.websponsors[2].txt
C:\Documents and Settings\Doug\Cookies\doug@5574[2].txt
C:\Documents and Settings\Doug\Cookies\doug@chitika[2].txt
C:\Documents and Settings\Doug\Cookies\doug@e-2dj6wjk4skdpedp.stats.esomniture[1].txt
C:\Documents and Settings\Doug\Cookies\doug@ads.bleepingcomputer[2].txt
C:\Documents and Settings\Doug\Cookies\doug@ehg-zvents.hitbox[2].txt
C:\Documents and Settings\Doug\Cookies\doug@e-2dj6wfl4uhdpmfp.stats.esomniture[2].txt
C:\Documents and Settings\Doug\Cookies\doug@www.claxonmedia[1].txt
C:\Documents and Settings\Doug\Cookies\doug@1070299046[1].txt
C:\Documents and Settings\Doug\Cookies\doug@web4.realtracker[2].txt
C:\Documents and Settings\Doug\Cookies\doug@affiliates.millnicmedia[2].txt
C:\Documents and Settings\Doug\Cookies\doug@counter.inkfrog[1].txt
C:\Documents and Settings\Doug\Cookies\doug@adopt.euroclick[1].txt
C:\Documents and Settings\Doug\Cookies\doug@media6degrees[1].txt
C:\Documents and Settings\Doug\Cookies\doug@enhance[1].txt
C:\Documents and Settings\Doug\Cookies\doug@eb.adbureau[1].txt
C:\Documents and Settings\Doug\Cookies\doug@m.rmbclick[1].txt
C:\Documents and Settings\Doug\Cookies\doug@398103[1].txt
C:\Documents and Settings\Doug\Cookies\doug@atk-hairygirls[1].txt
C:\Documents and Settings\Doug\Cookies\doug@ordie.adbureau[2].txt
C:\Documents and Settings\Doug\Cookies\doug@qnsr[2].txt
C:\Documents and Settings\Doug\Cookies\doug@cgi-bin[1].txt
C:\Documents and Settings\Doug\Cookies\doug@www.findstuff[1].txt
C:\Documents and Settings\Doug\Cookies\doug@pcstats[2].txt
C:\Documents and Settings\Doug\Cookies\doug@e-2dj6whliqic5kdo.stats.esomniture[2].txt
C:\Documents and Settings\Doug\Cookies\doug@yadro[1].txt
C:\Documents and Settings\Doug\Cookies\doug@208.122.40[1].txt
C:\Documents and Settings\Doug\Cookies\doug@tracking.profitsource[1].txt
C:\Documents and Settings\Doug\Cookies\doug@adserver.exodusdev[2].txt
C:\Documents and Settings\Doug\Cookies\doug@cookscountry[1].txt
C:\Documents and Settings\Doug\Cookies\doug@adlegend[1].txt
C:\Documents and Settings\Doug\Cookies\doug@rotator.adjuggler[2].txt
C:\Documents and Settings\Doug\Cookies\doug@e-2dj6wjkosjajsgp.stats.esomniture[2].txt
C:\Documents and Settings\Doug\Cookies\doug@suncountry[2].txt
C:\Documents and Settings\Doug\Cookies\doug@74329095[2].txt
C:\Documents and Settings\Doug\Cookies\doug@countryinntwoharbors[1].txt
C:\Documents and Settings\Doug\Cookies\doug@ehg-traderpublishing.hitbox[2].txt
C:\Documents and Settings\Doug\Cookies\doug@e-2dj6whkoanajcgq.stats.esomniture[1].txt
C:\Documents and Settings\Doug\Cookies\doug@stats.paypal[1].txt
C:\Documents and Settings\Doug\Cookies\doug@partner2profit[1].txt
C:\Documents and Settings\Doug\Cookies\doug@ads.realtechnetwork[1].txt
C:\Documents and Settings\Doug\Cookies\doug@adserver.adtechus[1].txt
C:\Documents and Settings\Doug\Cookies\doug@74613876[1].txt
C:\Documents and Settings\Doug\Cookies\doug@55181593[2].txt
C:\Documents and Settings\Doug\Cookies\doug@servedby.onlinemediadiva[2].txt
C:\Documents and Settings\Doug\Cookies\doug@e-2dj6wjliakcjsbo.stats.esomniture[2].txt
C:\Documents and Settings\Doug\Cookies\doug@www.search4clicks[2].txt
C:\Documents and Settings\Doug\Cookies\doug@e-2dj6wjkoqkdzeaq.stats.esomniture[1].txt
C:\Documents and Settings\Doug\Cookies\doug@e-2dj6wjkoanc5odo.stats.esomniture[2].txt
C:\Documents and Settings\Doug\Cookies\doug@programs.wegcash[2].txt
C:\Documents and Settings\Doug\Cookies\doug@ehg-accuweather.hitbox[2].txt
C:\Documents and Settings\Doug\Cookies\doug@directtrack[2].txt
C:\Documents and Settings\Doug\Cookies\doug@scanner.ms-scanner[2].txt
C:\Documents and Settings\Doug\Cookies\doug@76226072[2].txt
C:\Documents and Settings\Doug\Cookies\doug@scanner.antivir-64[2].txt
C:\Documents and Settings\Doug\Cookies\doug@adnetserver[1].txt
C:\Documents and Settings\Doug\Cookies\doug@labels=0[1].txt
C:\Documents and Settings\Doug\Cookies\doug@kontera[1].txt
C:\Documents and Settings\Doug\Cookies\doug@www.ritetemp-thermostats[2].txt
C:\Documents and Settings\Doug\Cookies\doug@e-2dj6wjkosiajwcp.stats.esomniture[2].txt
C:\Documents and Settings\Doug\Cookies\doug@www.teentube4free[2].txt
C:\Documents and Settings\Doug\Cookies\doug@e-2dj6wjny-1mcpae.stats.esomniture[2].txt
C:\Documents and Settings\Doug\Cookies\doug@e-2dj6wjkychdpkap.stats.esomniture[2].txt
C:\Documents and Settings\Doug\Cookies\doug@www.burstnet[1].txt
C:\Documents and Settings\Doug\Cookies\doug@scanner.msscanner[2].txt
C:\Documents and Settings\Doug\Cookies\doug@e-2dj6wjkoeocpkfp.stats.esomniture[2].txt
C:\Documents and Settings\Doug\Cookies\doug@bravenet[2].txt
C:\Documents and Settings\Doug\Cookies\doug@track.bestbuy[2].txt
C:\Documents and Settings\Doug\Cookies\doug@5909150[2].txt
C:\Documents and Settings\Doug\Cookies\doug@e-2dj6wjk4cgcjedp.stats.esomniture[2].txt
C:\Documents and Settings\Doug\Cookies\doug@e-2dj6wbk4ggdjcgp.stats.esomniture[2].txt
C:\Documents and Settings\Doug\Cookies\doug@e-2dj6wjnyskd5ehq.stats.esomniture[2].txt
C:\Documents and Settings\Doug\Cookies\doug@hc2.humanclick[1].txt
C:\Documents and Settings\Doug\Cookies\doug@indextools[2].txt
C:\Documents and Settings\Doug\Cookies\doug@stats.crossmediaservices[1].txt
C:\Documents and Settings\Doug\Cookies\doug@free.wegcash[2].txt
C:\Documents and Settings\Doug\Cookies\doug@tracking.foundry42[1].txt
C:\Documents and Settings\Doug\Cookies\doug@ad.doubleclick[2].txt
C:\Documents and Settings\Doug\Cookies\doug@e-2dj6wjnyeicjslo.stats.esomniture[1].txt
C:\Documents and Settings\Doug\Cookies\doug@e-2dj6wjnyolcpchq.stats.esomniture[2].txt
C:\Documents and Settings\Doug\Cookies\doug@hypertracker[1].txt
C:\Documents and Settings\Doug\Cookies\doug@e-2dj6wjnyuncjieq.stats.esomniture[2].txt
C:\Documents and Settings\Doug\Cookies\doug@52580280[2].txt
C:\Documents and Settings\Doug\Cookies\doug@silo.thefind[2].txt
C:\Documents and Settings\Doug\Cookies\doug@e-2dj6wjnyemc5obo.stats.esomniture[2].txt
C:\Documents and Settings\Doug\Cookies\doug@antispywaremaster[2].txt
C:\Documents and Settings\Doug\Cookies\doug@stat.onestat[1].txt
C:\Documents and Settings\Doug\Cookies\doug@nielsen.112.2o7[1].txt
C:\Documents and Settings\Doug\Cookies\doug@publishers.clickbooth[1].txt
C:\Documents and Settings\Doug\Cookies\doug@ads.ovguide[2].txt
C:\Documents and Settings\Doug\Cookies\doug@12987554[2].txt
C:\Documents and Settings\Doug\Cookies\doug@www.clickmanage[2].txt
C:\Documents and Settings\Doug\Cookies\doug@clicktorrent[2].txt
C:\Documents and Settings\Doug\Cookies\doug@e-2dj6wmkyomcjklq.stats.esomniture[2].txt
C:\Documents and Settings\Doug\Cookies\doug@angleinteractive.directtrack[1].txt
C:\Documents and Settings\Doug\Cookies\doug@89901003[2].txt
C:\Documents and Settings\Doug\Cookies\doug@www.homeclick[2].txt
C:\Documents and Settings\Doug\Cookies\doug@64902991[2].txt
C:\Documents and Settings\Doug\Cookies\doug@wmvmedialease[1].txt
C:\Documents and Settings\Doug\Cookies\doug@cgm.adbureau[2].txt
C:\Documents and Settings\Doug\Cookies\doug@53176943[1].txt
C:\Documents and Settings\Doug\Cookies\doug@rotator[2].txt
C:\Documents and Settings\Doug\Cookies\doug@thefind[2].txt
C:\Documents and Settings\Doug\Cookies\doug@hornymatches[2].txt
C:\Documents and Settings\Doug\Cookies\doug@247realmedia[1].txt
C:\Documents and Settings\Doug\Cookies\doug@ad.musicmatch[1].txt
C:\Documents and Settings\Doug\Cookies\doug@adinterax[2].txt
C:\Documents and Settings\Doug\Cookies\doug@adopt.specificclick[2].txt
C:\Documents and Settings\Doug\Cookies\doug@ads.pointroll[2].txt
C:\Documents and Settings\Doug\Cookies\doug@e-2dj6wjk4wldpwcp.stats.esomniture[2].txt
C:\Documents and Settings\Doug\Cookies\doug@e-2dj6wjlispd5idq.stats.esomniture[2].txt
C:\Documents and Settings\Doug\Cookies\doug@indexstats[2].txt
C:\Documents and Settings\Doug\Cookies\doug@msnportal.112.2o7[1].txt
C:\Documents and Settings\Doug\Cookies\doug@paypal.112.2o7[1].txt
C:\Documents and Settings\Doug\Cookies\doug@richmedia.yahoo[2].txt
C:\Documents and Settings\Doug\Cookies\doug@snapfish.112.2o7[1].txt
C:\Documents and Settings\Doug\Cookies\doug@specificclick[2].txt
C:\Documents and Settings\Doug\Cookies\doug@windowsmedia[1].txt

Adware.Vundo Variant/OE
C:\WINDOWS\SYSTEM32\BHOTLBXE.DLL
C:\WINDOWS\SYSTEM32\GWBAKTGH.DLL
C:\WINDOWS\SYSTEM32\ICLSUMPP.DLL
C:\WINDOWS\SYSTEM32\LUDXVTAO.DLL
C:\WINDOWS\SYSTEM32\PGHXXTFF.DLL
C:\WINDOWS\SYSTEM32\QOMCCDTM.DLL
C:\WINDOWS\SYSTEM32\XRIUDTGE.DLL
C:\WINDOWS\SYSTEM32\YQENYUGQ.DLL

Trace.Known Threat Sources
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\JBHCHMU3\shopica_logo_bott[1].gif
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\2YKO45US\async_ads_rs[1].htm
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\JBHCHMU3\footer_dots[1].gif
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\J8COKQXS\shopica_logo_top[1].gif
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\2YKO45US\js[2].js
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\JBHCHMU3\style[3].css
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\Q9TMJ6P0\pop_under[1].htm
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\J8COKQXS\sp[1].gif
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\3RSGEB7X\releted_dot[1].gif
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\3RSGEB7X\l.s.bg1z[1].gif
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\J8COKQXS\l.s.bg2z[1].gif
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\JBHCHMU3\indexsg[1].htm
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\53VVPDGE\CAG5IJ8H.htm
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\FEOFJTWP\index[2].htm
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\FEOFJTWP\spacer[2].gif
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\53VVPDGE\alert[1].gif
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\53VVPDGE\CAIBWPMN.htm
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\O79V2EZL\managers[1].htm
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\53VVPDGE\closebutton[2].gif
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\O79V2EZL\ballon[1].gif
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\Q9TMJ6P0\crypt[2].htm
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\FEOFJTWP\ajax[1].htm
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\FEOFJTWP\rssearch[1].php
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\FEOFJTWP\rssearch[1].htm
C:\Documents and Settings\Doug\Local Settings\Temporary Internet Files\Content.IE5\O79V2EZL\async_ads_rs[1].htm

This is so terriffic! I am so greatfull.
Any final words of advice would be welcomed.

Thanks, Doug




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users