Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

problem with popups

944 views 5 replies 2 participants last post by  MFDnNC 
#1 ·
Hi, my computer has been having popups coming out of nowhere recently. They come up on IE even if I'm not on the internet. I mainly use firefox so I don't know what the problem would be. Here's my HJT log
 

Attachments

#2 ·
Please post the logs in quick reply and not attach them

If you have vundofix, remove it and get the current version

Please download http://www.atribune.org/ccount/click.php?id=4 to C:\
Double-click VundoFix.exe to run it.
click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES.
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.

Please let Vundo finish its thing, sometimes it can take multiple passes
====================
Download Superantispyware (SAS)

http://www.superantispyware.com/superantispywarefreevspro.html

Install it and double-click the icon on your desktop to run it.
· It will ask if you want to update the program definitions, click Yes.
· Under Configuration and Preferences, click the Preferences button.
· Click the Scanning Control tab.
· Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
· On the main screen, under Scan for Harmful Software click Scan your computer.
· On the left check C:\Fixed Drive.
· On the right, under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan. Please be patient while it scans your computer.
· After the scan is complete a summary box will appear. Click OK.
· Make sure everything in the white box has a check next to it, then click Next.
· It will quarantine what it found and if it asks if you want to reboot, click Yes.
· To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
· Click close and close again to exit the program.
· Please paste that information here for me with a new HijackThis log.
 
#3 ·
ok here goes

HJT Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:34:00 PM, on 7/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\VirtuaWin\VirtuaWin.exe
C:\Program Files\VirtuaWin\modules\WinList.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Azureus\Azureus.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\FlashGet\flashget.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NNLL] C:\Program Files\Net Nanny\nnll.exe
O4 - HKLM\..\Run: [NNTray] C:\Program Files\Net Nanny\nnstart.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\gfmpambo.dll",forkonce
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Essentials Manager\V CAST Music Monitor.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: VirtuaWin.lnk = C:\Program Files\VirtuaWin\VirtuaWin.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178468840531
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NNSvc - Unknown owner - C:\Program Files\Net Nanny\nnsvc.exe (file missing)
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 9034 bytes

VundoFix Log
VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 5:44:38 PM 7/8/2007

Listing files found while scanning....

C:\windows\system32\bunirlpv.ini
C:\windows\system32\cbxvttq.dll
C:\windows\system32\cbxyawx.dll
C:\WINDOWS\system32\gfmpambo.dll
C:\windows\system32\khfdebc.dll
C:\WINDOWS\system32\kjjlm.bak1
C:\WINDOWS\system32\kjjlm.bak2
C:\WINDOWS\system32\kjjlm.ini
C:\WINDOWS\system32\kjjlm.ini2
C:\WINDOWS\system32\kjjlm.tmp
C:\WINDOWS\system32\mljjk.dll
C:\WINDOWS\system32\obmapmfg.ini
C:\windows\system32\ppyrgoir.dll
C:\windows\system32\riogrypp.ini
C:\windows\system32\tutghgqv.dll
C:\windows\system32\vplrinub.dll
[SASInprocServer32]

Beginning removal...

Attempting to delete C:\windows\system32\bunirlpv.ini
C:\windows\system32\bunirlpv.ini Has been deleted!

Attempting to delete C:\windows\system32\cbxvttq.dll
C:\windows\system32\cbxvttq.dll Has been deleted!

Attempting to delete C:\windows\system32\cbxyawx.dll
C:\windows\system32\cbxyawx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gfmpambo.dll
C:\WINDOWS\system32\gfmpambo.dll Has been deleted!

Attempting to delete C:\windows\system32\khfdebc.dll
C:\windows\system32\khfdebc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kjjlm.bak1
C:\WINDOWS\system32\kjjlm.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\kjjlm.bak2
C:\WINDOWS\system32\kjjlm.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\kjjlm.ini
C:\WINDOWS\system32\kjjlm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\kjjlm.ini2
C:\WINDOWS\system32\kjjlm.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\kjjlm.tmp
C:\WINDOWS\system32\kjjlm.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljjk.dll
C:\WINDOWS\system32\mljjk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\obmapmfg.ini
C:\WINDOWS\system32\obmapmfg.ini Has been deleted!

Attempting to delete C:\windows\system32\ppyrgoir.dll
C:\windows\system32\ppyrgoir.dll Has been deleted!

Attempting to delete C:\windows\system32\riogrypp.ini
C:\windows\system32\riogrypp.ini Has been deleted!

Attempting to delete C:\windows\system32\tutghgqv.dll
C:\windows\system32\tutghgqv.dll Has been deleted!

Attempting to delete C:\windows\system32\vplrinub.dll
C:\windows\system32\vplrinub.dll Has been deleted!

Performing Repairs to the registry.
Done!

SUPERAntiSpyware Scan Log
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/09/2007 at 02:59 AM

Application Version : 3.9.1008

Core Rules Database Version : 3266
Trace Rules Database Version: 1277

Scan type : Complete Scan
Total Scan Time : 08:27:17

Memory items scanned : 698
Memory threats detected : 1
Registry items scanned : 5872
Registry threats detected : 34
File items scanned : 151608
File threats detected : 181

Trojan.Mezzia/Resident
C:\WINDOWS\SYSTEM32\WINGHY32.DLL
C:\WINDOWS\SYSTEM32\WINGHY32.DLL

Adware.MyWebSearch
HKLM\Software\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\Programmable
C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\4.BIN\MWSSRCAS.DLL
HKLM\Software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\Programmable
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}
HKU\S-1-5-21-57989841-299502267-839522115-1004\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}
C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSOEMON.EXE
C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN\MWSOEMON.EXE

Trojan.WinFixer
HKLM\Software\Classes\CLSID\{4DFB406E-932D-43A2-AEAA-F98299822D72}
HKCR\CLSID\{4DFB406E-932D-43A2-AEAA-F98299822D72}
HKCR\CLSID\{4DFB406E-932D-43A2-AEAA-F98299822D72}\InprocServer32
HKCR\CLSID\{4DFB406E-932D-43A2-AEAA-F98299822D72}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\MLJJK.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4DFB406E-932D-43A2-AEAA-F98299822D72}

Trojan.Downloader-Win/GHY
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\winghy32

Adware.Tracking Cookie
C:\Documents and Settings\Elliott\Cookies\elliott@neuroticmedia[1].txt
C:\Documents and Settings\Elliott\Cookies\elliott@ads.addynamix[1].txt
C:\Documents and Settings\Elliott\Cookies\elliott@fastclick[2].txt
C:\Documents and Settings\Elliott\Cookies\elliott@statcounter[1].txt
C:\Documents and Settings\Elliott\Cookies\elliott@stats1.reliablestats[1].txt
C:\Documents and Settings\Elliott\Cookies\elliott@belnk[1].txt
C:\Documents and Settings\Elliott\Cookies\elliott@login.tracking101[2].txt
C:\Documents and Settings\Elliott\Cookies\elliott@casalemedia[2].txt
C:\Documents and Settings\Elliott\Cookies\elliott@f2.bestmanage[1].txt
C:\Documents and Settings\Elliott\Cookies\elliott@klik.klikadvertising[1].txt
C:\Documents and Settings\Elliott\Cookies\elliott@anad.tacoda[1].txt
C:\Documents and Settings\Elliott\Cookies\elliott@ad.firstadsolution[2].txt
C:\Documents and Settings\Elliott\Cookies\elliott@trafficmp[2].txt
C:\Documents and Settings\Elliott\Cookies\elliott@www.ppctracking[1].txt
C:\Documents and Settings\Elliott\Cookies\elliott@microsoftwlmessengermkt.112.2o7[1].txt
C:\Documents and Settings\Elliott\Cookies\elliott@fortunecity[1].txt
C:\Documents and Settings\Elliott\Cookies\elliott@bluestreak[1].txt
C:\Documents and Settings\Elliott\Cookies\elliott@67.15.239[3].txt
C:\Documents and Settings\Elliott\Cookies\elliott@drivecleaner[1].txt
C:\Documents and Settings\Elliott\Cookies\elliott@cookie.neuroticmedia[1].txt
C:\Documents and Settings\Elliott\Cookies\elliott@list[1].txt
C:\Documents and Settings\Elliott\Cookies\elliott@adopt.euroclick[1].txt
C:\Documents and Settings\Elliott\Cookies\elliott@dist.belnk[2].txt
C:\Documents and Settings\Elliott\Cookies\elliott@ads.pointroll[2].txt
C:\Documents and Settings\Elliott\Cookies\elliott@doubleclick[1].txt
C:\Documents and Settings\Elliott\Cookies\elliott@overture[1].txt
C:\Documents and Settings\Elliott\Cookies\elliott@adlegend[1].txt
C:\Documents and Settings\Elliott\Cookies\elliott@67.15.239[1].txt
C:\Documents and Settings\Elliott\Cookies\elliott@apmebf[1].txt
C:\Documents and Settings\Elliott\Cookies\elliott@adserver[1].txt
C:\Documents and Settings\Elliott\Cookies\elliott@2o7[1].txt
C:\Documents and Settings\Elliott\Cookies\elliott@edge.ru4[1].txt
C:\Documents and Settings\Elliott\Cookies\elliott@qnsr[1].txt
C:\Documents and Settings\Elliott\Cookies\elliott@advertising[2].txt
C:\Documents and Settings\Elliott\Cookies\elliott@mywebsearch[2].txt
C:\Documents and Settings\Elliott\Cookies\elliott@msnportal.112.2o7[1].txt
C:\Documents and Settings\Elliott\Cookies\elliott@license.nmp.neuroticmedia[1].txt
C:\Documents and Settings\Elliott\Cookies\elliott@[1].txt
C:\Documents and Settings\Elliott\Cookies\elliott@adrevolver[1].txt
C:\Documents and Settings\Elliott\Cookies\elliott@ad.yieldmanager[2].txt
C:\Documents and Settings\Elliott\Cookies\elliott@questionmarket[1].txt
C:\Documents and Settings\Elliott\Cookies\elliott@ads.realtechnetwork[1].txt
C:\Documents and Settings\Elliott\Cookies\elliott@adrevolver[2].txt
C:\Documents and Settings\Elliott\Cookies\elliott@findwhat[1].txt
C:\Documents and Settings\Elliott\Cookies\elliott@67.15.239[4].txt
C:\Documents and Settings\Elliott\Cookies\elliott@pch.122.2o7[1].txt
C:\Documents and Settings\Elliott\Cookies\elliott@f3.bestmanage[1].txt
C:\Documents and Settings\Elliott\Cookies\elliott@tribalfusion[1].txt
C:\Documents and Settings\Elliott\Cookies\elliott@atdmt[2].txt
C:\Documents and Settings\Elliott\Cookies\elliott@mediaplex[1].txt
C:\Documents and Settings\Elliott\Cookies\elliott@adopt.specificclick[1].txt
C:\Documents and Settings\Elliott\Cookies\elliott@realmedia[1].txt
C:\Documents and Settings\Elliott\Cookies\elliott@as-us.falkag[2].txt
C:\Documents and Settings\Elliott\Cookies\elliott@serving-sys[1].txt
C:\Documents and Settings\Elliott\Cookies\elliott@f1.bestmanage[1].txt
C:\Documents and Settings\Elliott\Cookies\elliott@bs.serving-sys[1].txt
C:\Documents and Settings\Elliott\Cookies\elliott@f5.bestmanage[2].txt
C:\Documents and Settings\Elliott\Cookies\elliott@acvs.mediaonenetwork[1].txt
C:\Documents and Settings\Elliott\Cookies\elliott@cpvfeed[2].txt
C:\Documents and Settings\Elliott\Cookies\elliott@linksynergy[2].txt
C:\Documents and Settings\Elliott\Cookies\elliott@winantivirus[1].txt
C:\Documents and Settings\Elliott\Cookies\elliott@http-mw.edge.ru4[1].txt
C:\Documents and Settings\Elliott\Cookies\elliott@reduxads.valuead[2].txt
C:\Documents and Settings\Elliott\Cookies\elliott@as-eu.falkag[2].txt
C:\Documents and Settings\Elliott\Cookies\elliott@zedo[2].txt
C:\Documents and Settings\Elliott\Cookies\elliott@stats.drivecleaner[1].txt
C:\Documents and Settings\Elliott\Cookies\elliott@ad2.adnetinteractive[2].txt
C:\Documents and Settings\Elliott\Cookies\elliott@mediaonenetwork[1].txt
C:\Documents and Settings\Mom\Cookies\mom@2o7[2].txt
C:\Documents and Settings\Mom\Cookies\mom@67.15.239[2].txt
C:\Documents and Settings\Mom\Cookies\mom@67.15.239[3].txt
C:\Documents and Settings\Mom\Cookies\mom@67.15.239[4].txt
C:\Documents and Settings\Mom\Cookies\mom@67.15.239[5].txt
C:\Documents and Settings\Mom\Cookies\mom@67.15.239[6].txt
C:\Documents and Settings\Mom\Cookies\mom@ad.yieldmanager[1].txt
C:\Documents and Settings\Mom\Cookies\mom@adecn[2].txt
C:\Documents and Settings\Mom\Cookies\mom@adopt.euroclick[1].txt
C:\Documents and Settings\Mom\Cookies\mom@adopt.specificclick[2].txt
C:\Documents and Settings\Mom\Cookies\mom@adrevolver[1].txt
C:\Documents and Settings\Mom\Cookies\mom@ads.addynamix[2].txt
C:\Documents and Settings\Mom\Cookies\mom@ads.pointroll[2].txt
C:\Documents and Settings\Mom\Cookies\mom@ads.realtechnetwork[1].txt
C:\Documents and Settings\Mom\Cookies\mom@advertising[1].txt
C:\Documents and Settings\Mom\Cookies\mom@atdmt[2].txt
C:\Documents and Settings\Mom\Cookies\mom@bluestreak[2].txt
C:\Documents and Settings\Mom\Cookies\mom@bs.serving-sys[1].txt
C:\Documents and Settings\Mom\Cookies\mom@doubleclick[1].txt
C:\Documents and Settings\Mom\Cookies\mom@e-2dj6wfkouhcjogq.stats.esomniture[2].txt
C:\Documents and Settings\Mom\Cookies\mom@edge.ru4[1].txt
C:\Documents and Settings\Mom\Cookies\mom@ehg-aig.hitbox[1].txt
C:\Documents and Settings\Mom\Cookies\mom@f1.bestmanage[1].txt
C:\Documents and Settings\Mom\Cookies\mom@f2.bestmanage[1].txt
C:\Documents and Settings\Mom\Cookies\mom@f3.bestmanage[2].txt
C:\Documents and Settings\Mom\Cookies\mom@f5.bestmanage[1].txt
C:\Documents and Settings\Mom\Cookies\mom@fastclick[1].txt
C:\Documents and Settings\Mom\Cookies\mom@findwhat[1].txt
C:\Documents and Settings\Mom\Cookies\mom@goclick[2].txt
C:\Documents and Settings\Mom\Cookies\mom@hitbox[1].txt
C:\Documents and Settings\Mom\Cookies\mom@klik.klikadvertising[2].txt
C:\Documents and Settings\Mom\Cookies\mom@maxserving[2].txt
C:\Documents and Settings\Mom\Cookies\mom@mediaplex[2].txt
C:\Documents and Settings\Mom\Cookies\mom@msnportal.112.2o7[1].txt
C:\Documents and Settings\Mom\Cookies\mom@mywebsearch[2].txt
C:\Documents and Settings\Mom\Cookies\mom@overture[1].txt
C:\Documents and Settings\Mom\Cookies\mom@partner2profit[1].txt
C:\Documents and Settings\Mom\Cookies\mom@philips.112.2o7[1].txt
C:\Documents and Settings\Mom\Cookies\mom@pro-market[1].txt
C:\Documents and Settings\Mom\Cookies\mom@questionmarket[2].txt
C:\Documents and Settings\Mom\Cookies\mom@server.iad.liveperson[2].txt
C:\Documents and Settings\Mom\Cookies\mom@serving-sys[1].txt
C:\Documents and Settings\Mom\Cookies\mom@specificclick[1].txt
C:\Documents and Settings\Mom\Cookies\mom@tacoda[2].txt
C:\Documents and Settings\Mom\Cookies\mom@toseeka[2].txt
C:\Documents and Settings\Mom\Cookies\mom@tribalfusion[1].txt
C:\Documents and Settings\Mom\Cookies\mom@www.harperteen[2].txt
C:\Documents and Settings\Mom\Cookies\mom@www.thirteen[1].txt
C:\Documents and Settings\Mom\Cookies\mom@zedo[2].txt
C:\Documents and Settings\Nicholas\Cookies\nicholas@2o7[2].txt
C:\Documents and Settings\Nicholas\Cookies\nicholas@ad.yieldmanager[2].txt
C:\Documents and Settings\Nicholas\Cookies\nicholas@adopt.euroclick[2].txt
C:\Documents and Settings\Nicholas\Cookies\nicholas@adrevolver[1].txt
C:\Documents and Settings\Nicholas\Cookies\nicholas@adrevolver[3].txt
C:\Documents and Settings\Nicholas\Cookies\nicholas@as-us.falkag[1].txt
C:\Documents and Settings\Nicholas\Cookies\nicholas@atdmt[2].txt
C:\Documents and Settings\Nicholas\Cookies\nicholas@linksynergy[2].txt
C:\Documents and Settings\Nicholas\Cookies\nicholas@maxserving[1].txt
C:\Documents and Settings\Nicholas\Cookies\nicholas@msnportal.112.2o7[1].txt
C:\Documents and Settings\Nicholas\Cookies\nicholas@mywebsearch[2].txt
C:\Documents and Settings\Nicholas\Cookies\nicholas@questionmarket[1].txt
C:\Documents and Settings\Nicholas\Cookies\nicholas@statcounter[2].txt
C:\Documents and Settings\Nicholas\Cookies\nicholas@statse.webtrendslive[1].txt
C:\Documents and Settings\Whitaker\Cookies\whitaker@ad.yieldmanager[2].txt
C:\Documents and Settings\Whitaker\Cookies\whitaker@adrevolver[1].txt
C:\Documents and Settings\Whitaker\Cookies\whitaker@adrevolver[3].txt
C:\Documents and Settings\Whitaker\Cookies\whitaker@atdmt[2].txt
C:\Documents and Settings\Whitaker\Cookies\whitaker@bs.serving-sys[1].txt
C:\Documents and Settings\Whitaker\Cookies\whitaker@casalemedia[2].txt
C:\Documents and Settings\Whitaker\Cookies\whitaker@doubleclick[2].txt
C:\Documents and Settings\Whitaker\Cookies\whitaker@fastclick[2].txt
C:\Documents and Settings\Whitaker\Cookies\whitaker@maxserving[1].txt
C:\Documents and Settings\Whitaker\Cookies\whitaker@microsoftwlsearchcrm.112.2o7[1].txt
C:\Documents and Settings\Whitaker\Cookies\whitaker@msnportal.112.2o7[1].txt
C:\Documents and Settings\Whitaker\Cookies\whitaker@mywebsearch[1].txt
C:\Documents and Settings\Whitaker\Cookies\whitaker@serving-sys[1].txt
C:\Documents and Settings\Whitaker\Cookies\whitaker@statcounter[1].txt
C:\Documents and Settings\Whitaker\Cookies\whitaker@trafficmp[2].txt
C:\Documents and Settings\Whitaker\Cookies\whitaker@tribalfusion[2].txt
C:\Documents and Settings\Whitaker\Cookies\whitaker@www.burstnet[2].txt

Trojan.Unknown Origin
HKLM\SOFTWARE\Microsoft\MSSMGR
HKLM\SOFTWARE\Microsoft\MSSMGR#Data
HKLM\SOFTWARE\Microsoft\MSSMGR#LSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#Brnd
HKLM\SOFTWARE\Microsoft\MSSMGR#MSLIST
HKLM\SOFTWARE\Microsoft\MSSMGR#PID
HKLM\SOFTWARE\Microsoft\MSSMGR#Rid
HKLM\SOFTWARE\Microsoft\MSSMGR#LID
HKLM\SOFTWARE\Microsoft\MSSMGR#SCLIST
HKLM\SOFTWARE\Microsoft\MSSMGR#SSLIST
HKLM\SOFTWARE\Microsoft\MSSMGR#BSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#SSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#BPTV
HKLM\SOFTWARE\Microsoft\MSSMGR#PSTV
C:\DOCUMENTS AND SETTINGS\ELLIOTT\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OL6JGX2N\XC60[1].EXE

Adware.Vundo/Traff-2
C:\DOCUMENTS AND SETTINGS\ELLIOTT\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\WJL7AAJL\KCEHC_EICOOC20070702[1]

Trojan.Downloader-Gen/HitItQuitIt
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C854E235-0AB0-428B-A1D9-57B576B595FF}\RP340\A0158301.DLL

Adware.Vundo Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C854E235-0AB0-428B-A1D9-57B576B595FF}\RP340\A0158302.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C854E235-0AB0-428B-A1D9-57B576B595FF}\RP340\A0158304.DLL
C:\VUNDOFIX BACKUPS\CBXYAWX.DLL.BAD
C:\VUNDOFIX BACKUPS\KHFDEBC.DLL.BAD

Adware.DollarRevenue
C:\Documents and Settings\Elliott\Local Settings\Temporary Internet Files\Content.IE5\Y3IRSRUT\RDFX4[2].exe

Trace.Known Threat Sources
C:\Documents and Settings\Elliott\Local Settings\Temporary Internet Files\Content.IE5\OBIN36AY\anti4[1].exe
C:\Documents and Settings\Elliott\Local Settings\Temporary Internet Files\Content.IE5\8XQF8XER\antzom[1].exe
C:\Documents and Settings\Elliott\Local Settings\Temporary Internet Files\Content.IE5\G0ACD6QM\text[1].dat
C:\Documents and Settings\Elliott\Local Settings\Temporary Internet Files\Content.IE5\M1E70J4V\ico1[1].gif
C:\Documents and Settings\Elliott\Local Settings\Temporary Internet Files\Content.IE5\OL6JGX2N\_affvm[1]
C:\Documents and Settings\Elliott\Local Settings\Temporary Internet Files\Content.IE5\OBIN36AY\top_pic2[1].gif
C:\Documents and Settings\Elliott\Local Settings\Temporary Internet Files\Content.IE5\OH2JKH6V\wav_banner[1].swf
C:\Documents and Settings\Elliott\Local Settings\Temporary Internet Files\Content.IE5\91K34N6G\test[1].gif
C:\Documents and Settings\Elliott\Local Settings\Temporary Internet Files\Content.IE5\HISTUM5F\checksoft[1].js
C:\Documents and Settings\Elliott\Local Settings\Temporary Internet Files\Content.IE5\Y3IRSRUT\button2[1].gif
C:\Documents and Settings\Elliott\Local Settings\Temporary Internet Files\Content.IE5\GTQZKD2V\top1[1].gif
C:\Documents and Settings\Elliott\Local Settings\Temporary Internet Files\Content.IE5\G1E3KPMV\text[1].dat
C:\Documents and Settings\Elliott\Local Settings\Temporary Internet Files\Content.IE5\G5AN81U7\_jnvm[1]
C:\Documents and Settings\Elliott\Local Settings\Temporary Internet Files\Content.IE5\8X27W9MV\CA9CKJX9.js
C:\Documents and Settings\Elliott\Local Settings\Temporary Internet Files\Content.IE5\Y3IRSRUT\CAPG4F5H.htm
C:\Documents and Settings\Elliott\Local Settings\Temporary Internet Files\Content.IE5\OBIN36AY\top1_menu[1].gif
C:\Documents and Settings\Elliott\Local Settings\Temporary Internet Files\Content.IE5\G1E3KPMV\logo[1].gif
C:\Documents and Settings\Elliott\Local Settings\Temporary Internet Files\Content.IE5\GTQZKD2V\CAYN054L.gif
C:\Documents and Settings\Elliott\Local Settings\Temporary Internet Files\Content.IE5\7YI2RMQC\ico2[1].gif
C:\Documents and Settings\Mom\Local Settings\Temporary Internet Files\Content.IE5\49E3OXAJ\functions.js[1].php

Is this everything that you needed? Also thanks in advance for helping!
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top