1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Computer covered with adware/trojan/clickspring.. help!

Discussion in 'Virus & Other Malware Removal' started by itmeman, Jun 29, 2007.

Thread Status:
Not open for further replies.
  1. itmeman

    itmeman Thread Starter

    Joined:
    Jun 27, 2007
    Messages:
    91
    Any help would be greatly appreciated. The problem has just gotten worse since the 'clickspring again!' thread. After I rebooted I used system restore to go back to avoid any possible popups. IF you need a hijack this log, please let me know.
    please help!!

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 06/29/2007 at 08:46 AM

    Application Version : 3.9.1008

    Core Rules Database Version : 3262
    Trace Rules Database Version: 1273

    Scan type : Complete Scan
    Total Scan Time : 01:05:29

    Memory items scanned : 146
    Memory threats detected : 0
    Registry items scanned : 4743
    Registry threats detected : 45
    File items scanned : 43929
    File threats detected : 82

    Trojan.DCOM Server
    HKLM\Software\Classes\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304B25319}
    HKCR\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304B25319}
    HKCR\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304B25319}\InProcServer32
    HKCR\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304B25319}\InProcServer32#ThreadingModel
    C:\WINDOWS\SYSTEM32\KFAROX.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{2C1CD3D7-86AC-4068-93BC-A02304B25319}
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#DCOM Server 25319
    HKCR\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304B25319}

    Unclassified.Unknown Origin
    HKLM\Software\Classes\CLSID\{309C96FA-8C40-4bce-879C-989DC33DCD25}
    HKCR\CLSID\{309C96FA-8C40-4BCE-879C-989DC33DCD25}
    HKCR\CLSID\{309C96FA-8C40-4BCE-879C-989DC33DCD25}\InprocServer32
    HKCR\CLSID\{309C96FA-8C40-4BCE-879C-989DC33DCD25}\InprocServer32#ThreadingModel
    C:\WINDOWS\SYSTEM32\ADVVPI32.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{309C96FA-8C40-4bce-879C-989DC33DCD25}
    HKCR\CLSID\{309C96FA-8C40-4BCE-879C-989DC33DCD25}
    C:\DOCUMENTS AND SETTINGS\STEVEN.LARRY-VQXEVLQAX\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\U9SR0567\BOT[1].DLL

    Adware.ClickSpring/Resident
    HKLM\Software\Classes\CLSID\{3B683A8C-826B-D99C-1C63-8C8DBE52D7BD}
    HKCR\CLSID\{3B683A8C-826B-D99C-1C63-8C8DBE52D7BD}
    HKCR\CLSID\{3B683A8C-826B-D99C-1C63-8C8DBE52D7BD}\InprocServer32
    HKCR\CLSID\{3B683A8C-826B-D99C-1C63-8C8DBE52D7BD}\InprocServer32#ThreadingModel
    HKCR\CLSID\{3B683A8C-826B-D99C-1C63-8C8DBE52D7BD}\Programmable
    HKCR\CLSID\{3B683A8C-826B-D99C-1C63-8C8DBE52D7BD}\TypeLib
    C:\WINDOWS\SYSTEM32\EQAEP.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3B683A8C-826B-D99C-1C63-8C8DBE52D7BD}

    Adware.Vundo Variant
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C302CA2-5646-40E1-8739-14BE37B903AD}
    HKCR\CLSID\{7C302CA2-5646-40E1-8739-14BE37B903AD}
    HKCR\CLSID\{7C302CA2-5646-40E1-8739-14BE37B903AD}\InprocServer32
    HKCR\CLSID\{7C302CA2-5646-40E1-8739-14BE37B903AD}\InprocServer32#ThreadingModel
    C:\WINDOWS\SYSTEM32\SSQRR.DLL

    Rootkit.ShapeChanger
    HKLM\System\ControlSet001\Services\Adla46
    C:\WINDOWS\SYSTEM32\ADLA46.SYS
    HKLM\System\ControlSet002\Services\Adla46
    HKLM\System\CurrentControlSet\Services\Adla46

    Trojan.Net-K163
    HKLM\System\ControlSet001\Services\NDnet1
    C:\WINDOWS\SYSTEM32\KSYS.SYS
    HKLM\System\ControlSet002\Services\NDnet1
    HKLM\System\CurrentControlSet\Services\NDnet1

    Rootkit.RunTime2
    HKLM\System\ControlSet001\Services\runtime2
    C:\WINDOWS\SYSTEM32\DRIVERS\RUNTIME2.SYS
    HKLM\System\ControlSet002\Services\runtime2
    HKLM\System\CurrentControlSet\Services\runtime2
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\runtime2.sys
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\runtime2.sys

    Adware.Tracking Cookie
    C:\Documents and Settings\Steven.LARRY-VQXEVLQAX\Cookies\[email protected][1].txt
    C:\Documents and Settings\Steven.LARRY-VQXEVLQAX\Cookies\[email protected][2].txt
    C:\Documents and Settings\Steven.LARRY-VQXEVLQAX\Cookies\[email protected][1].txt
    C:\Documents and Settings\Steven.LARRY-VQXEVLQAX\Cookies\[email protected][1].txt
    C:\Documents and Settings\Steven.LARRY-VQXEVLQAX\Cookies\[email protected][1].txt
    C:\Documents and Settings\Steven.LARRY-VQXEVLQAX\Cookies\[email protected][1].txt
    C:\Documents and Settings\Steven.LARRY-VQXEVLQAX\Cookies\[email protected][1].txt
    C:\Documents and Settings\Steven.LARRY-VQXEVLQAX\Cookies\[email protected][2].txt
    C:\Documents and Settings\Steven.LARRY-VQXEVLQAX\Cookies\[email protected][2].txt
    C:\Documents and Settings\Steven.LARRY-VQXEVLQAX\Cookies\[email protected][1].txt
    C:\Documents and Settings\Steven.LARRY-VQXEVLQAX\Cookies\[email protected][2].txt
    C:\Documents and Settings\Steven.LARRY-VQXEVLQAX\Cookies\[email protected][1].txt
    C:\Documents and Settings\Steven.LARRY-VQXEVLQAX\Cookies\[email protected][1].txt
    C:\Documents and Settings\Steven.LARRY-VQXEVLQAX\Cookies\[email protected][1].txt
    C:\Documents and Settings\Steven.LARRY-VQXEVLQAX\Cookies\[email protected][1].txt
    C:\Documents and Settings\Steven.LARRY-VQXEVLQAX\Cookies\[email protected][1].txt
    C:\Documents and Settings\Steven.LARRY-VQXEVLQAX\Cookies\[email protected][1].txt
    C:\Documents and Settings\Steven.LARRY-VQXEVLQAX\Cookies\[email protected][1].txt
    C:\Documents and Settings\Steven.LARRY-VQXEVLQAX\Cookies\[email protected][2].txt
    C:\Documents and Settings\Steven.LARRY-VQXEVLQAX\Cookies\[email protected][2].txt
    C:\Documents and Settings\Steven.LARRY-VQXEVLQAX\Cookies\[email protected][2].txt
    C:\Documents and Settings\Steven.LARRY-VQXEVLQAX\Cookies\[email protected][2].txt
    C:\Documents and Settings\Steven.LARRY-VQXEVLQAX\Cookies\[email protected][1].txt
    C:\Documents and Settings\Steven.LARRY-VQXEVLQAX\Cookies\[email protected][2].txt

    Adware.ClickSpring/Outer Info Network
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#Publisher
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#UninstallString
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#HelpLink
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#InstallLocation
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#NoModify
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#NoRepair
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayVersion
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayIcon
    C:\Program Files\Outerinfo\Terms.rtf
    C:\Program Files\Outerinfo
    C:\Documents and Settings\Steven.LARRY-VQXEVLQAX\Start Menu\Programs\Outerinfo\Terms.lnk
    C:\Documents and Settings\Steven.LARRY-VQXEVLQAX\Start Menu\Programs\Outerinfo\Uninstall.lnk
    C:\Documents and Settings\Steven.LARRY-VQXEVLQAX\Start Menu\Programs\Outerinfo

    Trojan.Unknown Origin
    C:\DOCUMENTS AND SETTINGS\STEVEN.LARRY-VQXEVLQAX\LOCAL SETTINGS\TEMP\MSI8E50.TMP
    C:\DOCUMENTS AND SETTINGS\STEVEN.LARRY-VQXEVLQAX\LOCAL SETTINGS\TEMP\MSI9CD7.TMP
    C:\DOCUMENTS AND SETTINGS\STEVEN.LARRY-VQXEVLQAX\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\01C7Y1QN\EXE[1].PHP
    C:\DOCUMENTS AND SETTINGS\STEVEN.LARRY-VQXEVLQAX\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\47KHY1YV\LOADER[1]
    C:\DOCUMENTS AND SETTINGS\STEVEN.LARRY-VQXEVLQAX\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\8L2Z634H\EXE[1].PHP
    C:\DOCUMENTS AND SETTINGS\STEVEN.LARRY-VQXEVLQAX\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ER8FM983\26_1706[1]
    C:\WINDOWS\SYSTEM32\WNSINTICOMSV.EXE

    Trojan.Downloader-Gen/Doh
    C:\DOCUMENTS AND SETTINGS\STEVEN.LARRY-VQXEVLQAX\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\01C7Y1QN\DOHINST-103[1].0000

    Trojan.Downloader-Gen/FirBurg
    C:\DOCUMENTS AND SETTINGS\STEVEN.LARRY-VQXEVLQAX\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\01C7Y1QN\EAGLE[1]

    Adware.Yazzle/Outer Info-Installer
    C:\DOCUMENTS AND SETTINGS\STEVEN.LARRY-VQXEVLQAX\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\3RHTPLP6\SETAR-101[1].0000

    Trojan.Downloader-Gen/WinUpd-Fake
    C:\DOCUMENTS AND SETTINGS\STEVEN.LARRY-VQXEVLQAX\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\YQYHDPK2\LAUNCHER3584823413[1]
    C:\WINDOWS\SYSTEM32\KB12931930.EXE
    C:\WINDOWS\SYSTEM32\KB18561603.EXE
    C:\WINDOWS\SYSTEM32\KB21542167.EXE
    C:\WINDOWS\SYSTEM32\KB34040802.EXE
    C:\WINDOWS\SYSTEM32\KB76775265.EXE
    C:\WINDOWS\SYSTEM32\KB93427757.EXE
    C:\WINDOWS\SYSTEM32\KB93736873.EXE
    C:\WINDOWS\SYSTEM32\KB96926207.EXE
    C:\WINDOWS\Prefetch\KB12931930.EXE-117A757E.pf
    C:\WINDOWS\Prefetch\KB34040802.EXE-35C77439.pf
    C:\WINDOWS\Prefetch\KB76775265.EXE-01AE5ED8.pf
    C:\WINDOWS\Prefetch\KB93736873.EXE-280F99B1.pf
    C:\WINDOWS\Prefetch\KB96926207.EXE-2C271B4C.pf

    Adware.ClickSpring
    C:\Documents and Settings\Steven.LARRY-VQXEVLQAX\My Documents\SKS~1\WNWORD~1.EXE

    Adware.ClickSpring/Yazzle
    C:\PROGRAM FILES\COMMON FILES\YAZZLE1831OINADMIN.EXE
    C:\PROGRAM FILES\COMMON FILES\YAZZLE1831OINUNINSTALLER.EXE
    C:\WINDOWS\PREFETCH\YAZZLE1831OINADMIN.EXE-301EB4EA.PF

    Trojan.IP6FW/Rootkit
    C:\WINDOWS\SYSTEM32\DRIVERS\IP6FW.SYS

    Trojan.Downloader-Gen/BundleBase
    C:\WINDOWS\SYSTEM32\O08PREZ\O08PREZ1095.EXE

    Trace.Known Threat Sources
    C:\Documents and Settings\Steven.LARRY-VQXEVLQAX\Local Settings\Temporary Internet Files\Content.IE5\01C7Y1QN\ctxad-555[1].0005
    C:\Documents and Settings\Steven.LARRY-VQXEVLQAX\Local Settings\Temporary Internet Files\Content.IE5\6VA9QH09\campaigns7[1].txt
    C:\Documents and Settings\Steven.LARRY-VQXEVLQAX\Local Settings\Temporary Internet Files\Content.IE5\3RHTPLP6\exe[1].php
    C:\Documents and Settings\Steven.LARRY-VQXEVLQAX\Local Settings\Temporary Internet Files\Content.IE5\3RHTPLP6\ctxad-555[1].0004
    C:\Documents and Settings\Steven.LARRY-VQXEVLQAX\Local Settings\Temporary Internet Files\Content.IE5\YQYHDPK2\exe[2].php
    C:\Documents and Settings\Steven.LARRY-VQXEVLQAX\Local Settings\Temporary Internet Files\Content.IE5\47KHY1YV\client_settings_3[1].bin
    C:\Documents and Settings\Steven.LARRY-VQXEVLQAX\Local Settings\Temporary Internet Files\Content.IE5\ER8FM983\exe[2].php
    C:\Documents and Settings\Steven.LARRY-VQXEVLQAX\Local Settings\Temporary Internet Files\Content.IE5\3RHTPLP6\exe[2].php
    C:\Documents and Settings\Steven.LARRY-VQXEVLQAX\Local Settings\Temporary Internet Files\Content.IE5\47KHY1YV\exe[1].php
    C:\Documents and Settings\Steven.LARRY-VQXEVLQAX\Local Settings\Temporary Internet Files\Content.IE5\YQYHDPK2\ctxad-555[1].0003
    C:\Documents and Settings\Steven.LARRY-VQXEVLQAX\Local Settings\Temporary Internet Files\Content.IE5\6VA9QH09\ctxad-555[1].0006
    C:\Documents and Settings\Steven.LARRY-VQXEVLQAX\Local Settings\Temporary Internet Files\Content.IE5\U9SR0567\dohinst-103[1].sig
    C:\Documents and Settings\Steven.LARRY-VQXEVLQAX\Local Settings\Temporary Internet Files\Content.IE5\YQYHDPK2\setar-101[1].sig
    C:\Documents and Settings\Steven.LARRY-VQXEVLQAX\Local Settings\Temporary Internet Files\Content.IE5\ER8FM983\ctxad-555[1].0002
    C:\Documents and Settings\Steven.LARRY-VQXEVLQAX\Local Settings\Temporary Internet Files\Content.IE5\8L2Z634H\ctxad-555[1].0001
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/589915

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice