Mutiple problems... Help!!

system · January 9, 2009, 4:50pm

I couldn’t even type this post without typing it on my computer first and then copying and pasting… that’s how unstable my computer is, especially Internet Explorer. My problem originally started a few months back after I logged into Windows Vista one day. It stayed logged on for about 10 seconds and then prompted me with an error message stating, “Windows has encountered a critical error and will restart”, then it just kicks me off and continues to do this over and over again. The only way I could get back on my computer was to load windows from the last known good configuration. That worked for about a month, but now all kinds of weird things are going on. Internet explorer hardly works, I get multiple messages of things just ‘closing’, I have Spyware Doctor and it comes up with about 100 different infections, but when I clean them and restart the computer it brings me back to the original problem I first had. Can somebody help me to get my computer back up and running the way a normal computer is supposed to do?? I’m running Windows Vista, and I know it has a lot of bugs in it even w/o me picking up these viruses along the way. Any help would be greatly appreciated. Thanks.

system · January 9, 2009, 5:31pm

Have you tried a boot time scan with Avast ( do you have Avast ?) What infections did Spyware Doctor find ? Try to download Malwarebytes Antimalware and Superantispyware and do scans if posibble, also try anr run HijackThis and copy/paste the results of the ALL logs

http://www.digitalred.com/avast-boot-time.php

http://www.malwarebytes.org/mbam.php

http://www.superantispyware.com/

http://filehippo.com/download_hijackthis/

system · January 9, 2009, 5:46pm

Yea sorry, I guess my original post was a little vague. I’m new to this forum, and apparently I can’t post the entire log in one post b/c I exceed the max ammount of characters. Here is the first half of the HiJackThis log. I also am attempting to d/l avast now.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:38:20 PM, on 1/9/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\WINDOWS\SYSTEM32\wininit.exe
C:\Windows\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\WINDOWS\SYSTEM32\taskeng.exe
C:\Windows\System32\alg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\SYSTEM32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Eco Ads\ecoads.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
C:\WINDOWS\SYSTEM32\taskeng.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
…

system · January 9, 2009, 5:46pm

the other half…

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: TBSB05288 - {6714ADBD-C6C1-42A8-BD84-9C9339059421} - C:\Program Files\IEToolbar\ECO Bar\ecobar.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: adsoftinc browser enhancer - {B9C107C9-BAF1-D86E-DD4E-1507E3E1D4F9} - C:\Windows\system32\xcflmallohxz.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {e3d4f2ed-51a9-409c-bd76-4e478d40245d} - C:\Windows\system32\hupekepo.dll (file missing)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: sqvgnrpx - {1BFB720F-B45D-43FF-8AE1-54C86718DE99} - C:\Windows\sqvgnrpx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ECO Bar - {10000000-1000-1000-1000-100000000000} - C:\Program Files\IEToolbar\ECO Bar\ecobar.dll
O4 - HKLM..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM..\Run: [StartCCC] “C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe”
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [ISUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM..\Run: [bfiineakbg] C:\Windows\System32\regsvr32.exe /s “C:\Windows\system32\xcflmallohxz.dll”
O4 - HKLM..\Run: [denemepovi] Rundll32.exe “C:\Windows\system32\japawisi.dll”,s
O4 - HKLM..\Run: [ISTray] “C:\Program Files\Spyware Doctor\pctsTray.exe”
O4 - HKLM..\Run: [0c15c650] rundll32.exe “C:\Windows\system32\gubitahu.dll”,b
O4 - HKLM..\Run: [CPM0f26f5cc] Rundll32.exe “c:\windows\system32\yiyasafo.dll”,a
O4 - HKCU..\Run: [Aim6] “C:\Program Files\AIM6\aim6.exe” /d locale=en-US ee://aol/imApp
O4 - HKCU..\Run: [Yahoo! Pager] “C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe” -quiet
O4 - HKCU..\Run: [updateMgr] “C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe” AcRdB7_0_9 -reboot 1
O4 - HKCU..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe (User ‘SYSTEM’)
O4 - HKUS.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe (User ‘Default user’)
O4 - Startup: ecoads.lnk = C:\Program Files\Eco Ads\ecoads.exe
O4 - Startup: p2pmax.lnk = C:\Program Files\p2pmax\p2pmax.exe
O4 - Startup: ppcb_32.lnk = C:\Program Files\ppcbooster\ppcb_32.exe
O4 - Startup: runit_32.lnk = C:\Program Files\runit\runit_32.exe
O4 - Global Startup: NETGEAR WPN311 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
O8 - Extra context menu item: Download Link Using Mega Manager… - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
O20 - AppInit_DLLs: C:\Windows\system32\banoroya.dll c:\windows\system32\yiyasafo.dll
O21 - SSODL: fsrpknov - {8F9BFBB0-6639-4B8C-9B11-AF7D0C67B1CE} - C:\Windows\fsrpknov.dll
O21 - SSODL: fdxbameg - {AABF27C6-01E7-4DB3-BB32-02219DEEDD09} - C:\Windows\fdxbameg.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yiyasafo.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yiyasafo.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)

–
End of file - 11172 bytes

system · January 9, 2009, 6:50pm

Did you manage to download Avast ? Its important that you try and download ALL the programs mentioned.If you cannot download from you pc then use another.MBAM and SAS should be used, you can manually download updates if necessary.

At first glance these entries look bad

O3 - Toolbar: sqvgnrpx - {1BFB720F-B45D-43FF-8AE1-54C86718DE99} - C:\Windows\sqvgnrpx.dll

Unknown
C:\Program Files\Eco Ads\ecoads.exe

O4 - HKLM..\Run: [bfiineakbg] C:\Windows\System32\regsvr32.exe /s “C:\Windows\system32\xcflmallohxz.dll”

Unknown
O4 - HKLM..\Run: [denemepovi] Rundll32.exe “C:\Windows\system32\japawisi.dll”,s

O4 - HKLM\..\Run: [0c15c650] rundll32.exe "C:\Windows\system32\gubitahu.dll",b

Unknown
O4 - HKLM..\Run: [CPM0f26f5cc] Rundll32.exe “c:\windows\system32\yiyasafo.dll”,a

Unknown
O4 - Startup: ecoads.lnk = C:\Program Files\Eco Ads\ecoads.exe

O4 - Startup: p2pmax.lnk = C:\Program Files\p2pmax\p2pmax.exe

Unknown
O20 - AppInit_DLLs: C:\Windows\system32\banoroya.dll c:\windows\system32\yiyasafo.

Unknown
O21 - SSODL: fsrpknov - {8F9BFBB0-6639-4B8C-9B11-AF7D0C67B1CE} - C:\Windows\fsrpknov.dll

Unknown
O21 - SSODL: fdxbameg - {AABF27C6-01E7-4DB3-BB32-02219DEEDD09} - C:\Windows\fdxbameg.dll

Unknown
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yiyasafo.dll

O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yiyasafo.dll

unecessary

O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)

manual updates http://www.superantispyware.com/definitions.html

manual updates http://www.gt500.org/malwarebytes/database.jsp

Sorry I mentioned SDFix, it won’t work on Vista

system · January 9, 2009, 7:42pm

I downloaded all… avast just finished it’s boot scan and came up with a lot of viruses (mostly different type of Trojan’s in multiple files scattered throughout my win/sys32/ folder). I deleted the ones I knew for sure were safe to delete, which turned out to be all of them. I’m now running now and is currently up to 193 threats detected (most are just adware.tracking cookies) but I do have more than a few adware.vundo variants (17), Trojan.Fake-Alert trace (1), Rogue.Component/Trace (7), and something called unclassified.unknown-orgin (7). The scan is taking forever, but hopefully it’ll do the trick… we’ll see.

system · January 9, 2009, 7:55pm

From your HJT log :

These 2 most likely delivers ads and, in my opinion, should be fixed …

C:\Program Files\Eco Ads\ecoads.exe

O4 - Startup: ecoads.lnk = C:\Program Files\Eco Ads\ecoads.exe

This next one is not good and should be fixed …

O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)

http://www.systemlookup.com/CLSID/19536-ActiveToolBand_dll.html

The next one I could not find information about and is therefore suspicious to me …

O2 - BHO: adsoftinc browser enhancer - {B9C107C9-BAF1-D86E-DD4E-1507E3E1D4F9} - C:\Windows\system32\xcflmallohxz.dll

… although during research, the was mention of adsoftinc BHO used to deliver ads but the MDS was different.

This one below is not good and should be fixed …

O2 - BHO: (no name) - {e3d4f2ed-51a9-409c-bd76-4e478d40245d} - C:\Windows\system32\hupekepo.dll (file missing)

http://www.prevx.com/filenames/X523760292990640808-X1/HUPEKEPO2EDLL.html

The next one is not good …

O3 - Toolbar: sqvgnrpx - {1BFB720F-B45D-43FF-8AE1-54C86718DE99} - C:\Windows\sqvgnrpx.dll

http://www.superantispyware.com/definition/sqvgnrpx/

There was no information on this dll and is therefore suspect to me …

O4 - HKLM..\Run: [bfiineakbg] C:\Windows\System32\regsvr32.exe /s “C:\Windows\system32\xcflmallohxz.dll”

The next one is not good …

O4 - HKLM..\Run: [denemepovi] Rundll32.exe “C:\Windows\system32\japawisi.dll”,s

http://www.prevx.com/filenames/X68883101333858668-X1/JAPAWISI2EDLL.html

This next one is very bad …

O4 - HKLM..\Run: [0c15c650] rundll32.exe “C:\Windows\system32\gubitahu.dll”,b

http://www.fileresearchcenter.com/J/JTJLNL.DLL-8082.html

The next one is also bad …

O4 - HKLM..\Run: [CPM0f26f5cc] Rundll32.exe “c:\windows\system32\yiyasafo.dll”,a

http://www.prevx.com/filenames/2082060293365536636-X1/YIYASAFO2EDLL.html

All of these are bad …

O4 - Startup: p2pmax.lnk = C:\Program Files\p2pmax\p2pmax.exe

http://www.prevx.com/filenames/2349475314173619042-X1/P2PMAX2EEXE.html

O20 - AppInit_DLLs: C:\Windows\system32\banoroya.dll c:\windows\system32\yiyasafo.dll

http://www.prevx.com/filenames/2082060293365536636-X1/YIYASAFO2EDLL.html

O21 - SSODL: fsrpknov - {8F9BFBB0-6639-4B8C-9B11-AF7D0C67B1CE} - C:\Windows\fsrpknov.dll

http://www.superantispyware.com/definition/fsrpknov/

O21 - SSODL: fdxbameg - {AABF27C6-01E7-4DB3-BB32-02219DEEDD09} - C:\Windows\fdxbameg.dll

http://www.bleepingcomputer.com/startups/fdxbameg.dll-23470.html

O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yiyasafo.dll

and …

O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yiyasafo.dll

http://www.prevx.com/filenames/2082060293365536636-X1/YIYASAFO2EDLL.html

system · January 9, 2009, 8:01pm

Good news that you have managed to download ALL programs, make sure they are updated MBAM 1.32 database 1635. SAS 4.24.1004 Core 3703 trace 1679. MBAM is excellent with Vundo and can be run in safe mode. ( although not always necessary ) SAS can and could be run in safe mode. ( use f8 key when booting ) SAS has a safe boot option, but I have never used it.Please post logs of SAS and MBAM

system · January 9, 2009, 8:25pm

Here’s the 2nd HiJack Log… Didn’t get a chance to save the log from the scanners as my computer restarted after each scan to remove selected items (unless they automatically save somewhere??). Either way, I’ll run them both again, and if anything pops up I’ll be sure to send that log(s) as well. So far though, computer is working amazing compared to what it was, thanks for the help!

…

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:22:30 PM, on 1/9/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\WINDOWS\SYSTEM32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\WUDFHost.exe
C:\WINDOWS\SYSTEM32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\SYSTEM32\taskeng.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\System32\alg.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\WINDOWS\SYSTEM32\taskeng.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\WINDOWS\SYSTEM32\Taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

system · January 9, 2009, 8:26pm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM..\Run: [StartCCC] “C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe”
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [ISUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM..\Run: [ISTray] “C:\Program Files\Spyware Doctor\pctsTray.exe”
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU..\Run: [Aim6] “C:\Program Files\AIM6\aim6.exe” /d locale=en-US ee://aol/imApp
O4 - HKCU..\Run: [Yahoo! Pager] “C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe” -quiet
O4 - HKCU..\Run: [updateMgr] “C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe” AcRdB7_0_9 -reboot 1
O4 - HKCU..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-20..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe (User ‘SYSTEM’)
O4 - HKUS.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe (User ‘Default user’)
O4 - Global Startup: NETGEAR WPN311 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)

system · January 9, 2009, 8:43pm

The hjt log looks good, to find logs for SAS > preferences > statistics/logs > click on last log> view log. For MBAM .Open MBAM > logs >click on latest log >open.Are you having any other problems

system · January 9, 2009, 9:12pm

Here’s the first SAS log…

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/09/2009 at 02:49 PM

Application Version : 4.24.1004

Core Rules Database Version : 3688
Trace Rules Database Version: 1664

Scan type : Quick Scan
Total Scan Time : 00:19:12

Memory items scanned : 750
Memory threats detected : 2
Registry items scanned : 577
Registry threats detected : 27
File items scanned : 26411
File threats detected : 169

Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\WIHEDILU.DLL
C:\WINDOWS\SYSTEM32\WIHEDILU.DLL

Adware.Vundo/Variant
C:\WINDOWS\SYSTEM32\XCFLMALLOHXZ.DLL
C:\WINDOWS\SYSTEM32\XCFLMALLOHXZ.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{B9C107C9-BAF1-D86E-DD4E-1507E3E1D4F9}
HKCR\CLSID{B9C107C9-BAF1-D86E-DD4E-1507E3E1D4F9}
HKCR\CLSID{B9C107C9-BAF1-D86E-DD4E-1507E3E1D4F9}
HKCR\CLSID{B9C107C9-BAF1-D86E-DD4E-1507E3E1D4F9}\InProcServer32
HKCR\CLSID{B9C107C9-BAF1-D86E-DD4E-1507E3E1D4F9}\InProcServer32#ThreadingModel
HKU\S-1-5-21-2786847773-3535864445-686843180-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{B9C107C9-BAF1-D86E-DD4E-1507E3E1D4F9}
C:\WINDOWS\SYSTEM32_XCFLMALLOHXZ.DLL

Unclassified.Unknown Origin
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}
HKCR\CLSID{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}
HKCR\CLSID{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\InprocServer32
HKCR\CLSID{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\YIYASAFO.DLL
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#SSODL
HKCR\CLSID{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}

Adware.Tracking Cookie
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@convert.convert2media[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@professional-virus-scanner[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@ad.yieldmanager[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@apmebf[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@overture[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@specificmedia[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@data.coremetrics[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@content.yieldmanager.edgesuite[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@ads.admanage[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@acaiburn.directtrack[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@zedo[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@questionmarket[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@viacom.adbureau[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@advertising[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@enhance[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@ehg-groupernetworks.hitbox[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@rotator.adjuggler[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@mediaresponder[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@kontera[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@servedby.adxpower[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@www.stopzilla[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@hitbox[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@statcounter[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@crackle[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@chitika[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@tribalfusion[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@content.yieldmanager[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@becometrueclick[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@casalemedia[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@serving-sys[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@qksrv[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@imediablast[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@ad.turn[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@rotator.its.adjuggler[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@bs.serving-sys[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@247realmedia[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@directtrack[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@tracking.pulse360[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@doubleclick[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@stopzilla[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@media6degrees[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@adrevolver[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@revsci[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@atdmt[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@media.adrevolver[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@clickbooth[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@interclick[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@dynamic.media.adrevolver[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@adopt.specificclick[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@www.googleadservices[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@trafficmp[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@media.ntsserve[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@specificclick[2].txt
C:\Users\Guest.Nick-PC\AppData\Roaming\Microsoft\Windows\Cookies\guest@advertising[2].txt
C:\Users\Guest.Nick-PC\AppData\Roaming\Microsoft\Windows\Cookies\guest@apmebf[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\nick@apmebf[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@247realmedia[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@2o7[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@a.websponsors[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@accountnowvisa[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@affiliate.kitaramedia[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@affiliate.kitaramedia[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@affiliates.commissionaccount[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@apmebf[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@apmebf[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@atdmt[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@atdmt[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@atlas.entrepreneur[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@atlas.entrepreneur[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@azjmp[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@azjmp[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bgu.directtrack[2].txt

system · January 9, 2009, 9:13pm

2nd part…

C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bluestreak[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bootcampmedia[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bs.serving-sys[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@burstnet[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@burstnet[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@cache.trafficmp[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@cache.trafficmp[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@casalemedia[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@centralcoastnutra.directtrack[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@chitika[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@chitika[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clickbooth[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clickz.lonelycheatingwives[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@consumergain[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@data.coremetrics[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@date.ventivmedia[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@directtrack[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@eas.apm.emediate[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ehg-campaignsolutions.hitbox[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@enhance[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@entrepreneur.122.2o7[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@exitexchange[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@fastclick[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@fastclick[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@harrenmedianetwork[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@hitbox[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@hotbar[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@hypertracker[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@indextools[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@insightexpressai[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@insightexpressai[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@interclick[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@intermundomedia[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@leapfrogonline.112.2o7[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@login.revenueloop[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@login.tracking101[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@lynxtrack[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@marketlive.122.2o7[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@media-servers[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@media-servers[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@media.ntsserve[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@media.ntsserve[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@media6degrees[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@media6degrees[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediaplex[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediaplex[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mmcounter[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mpire.112.2o7[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@myroitracking[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@network.realmedia[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@onlinerewardcenter[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@optimize.indieclick[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@overture[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@overture[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@precisionclick[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@publishers.clickbooth[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@questionmarket[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@questionmarket[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@realmedia[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@realmedia[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@revsci[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@serv.clicksor[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@server.lon.liveperson[2].txt

system · January 9, 2009, 9:16pm

and the last part…

and finally the last part…

C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@serving-sys[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@specificclick[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@specificclick[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@specificmedia[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@specificmedia[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@statcounter[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@statcounter[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@trafficmp[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@trafficmp[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@trafficmp[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tribalfusion[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tribalfusion[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.burstbeacon[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.burstbeacon[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.burstnet[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.burstnet[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.hotbar[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.primetrafficsite[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.socialtrack[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@yieldmanager[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@yieldmanager[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@yx0banners[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zedo[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zedo[3].txt

Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\FCOVM
HKLM\SOFTWARE\Microsoft\RemoveRP
HKLM\SOFTWARE\Microsoft\contim
HKLM\SOFTWARE\Microsoft\contim#SysShell
HKLM\SOFTWARE\Microsoft\rdfa
HKLM\SOFTWARE\Microsoft\rdfa#F
HKLM\SOFTWARE\Microsoft\rdfa#N

Rogue.Component/Trace
HKLM\Software\Microsoft\0C15D4DE
HKLM\Software\Microsoft\0C15D4DE#0c15d4de
HKLM\Software\Microsoft\0C15D4DE#Version
HKLM\Software\Microsoft\0C15D4DE#red_srv
HKLM\Software\Microsoft\0C15D4DE#red_srv_bckp
HKLM\Software\Microsoft\0C15D4DE#0c15795e
HKLM\Software\Microsoft\0C15D4DE#0c1510bb

Trojan.Fake-Alert/Trace
HKU\S-1-5-21-2786847773-3535864445-686843180-1000\SOFTWARE\Microsoft\fias4013

Adware.Vundo Variant/ACE
C:\WINDOWS\SYSTEM32\PUPEPIBA.DLL
C:\WINDOWS\SYSTEM32\SUFOHUWE.DLL

Adware.Vundo Variant/HAL
C:\WINDOWS\SYSTEM32\WEMIPIPO.DLL
C:\WINDOWS\SYSTEM32\ZIBIBOZI.DLL

system · January 10, 2009, 12:39am

Thanks for the help… computer and internet is running better than it has in a long time. I’m still getting two viruses everytime i run Malware, but it doesn’t seem to be a problem. I appreciate the help

system · January 10, 2009, 8:31am

Please post the name of the viruses that MBAM cannot remove, ( the log ) make sure MBAM if fully updated,run a full scan ,in safe mode, if possible.Its possible they are in your system restore.Look forward to hearing from you.

Mutiple problems... Help!!

Announcements