Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Pancolp? Pantomi? Nothing is Working. Help!


  • Please log in to reply

#1
Bkersey4211

Bkersey4211

    New Member

  • Member
  • Pip
  • 1 posts
I have tried everything to get these pop ups to stop. I have run Anti-Malware, Super Antispyware and HijackThis several times and nothing is stopping these pop-ups and my computer is getting slower everyday. I did it in safe-mode also. Any help would be greatly appreciated since I work out of the house and my work is suffering. All the logs are attached.

HiJackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:27 PM, on 12/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Common Files\AOL\1133031219\ee\AOLSoftware.exe
C:\WINDOWS\ALCMTR.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
L:\COMCAS~1\data\xtras\mssysmgr.exe
C:\Program Files\Upromise\Upromise.exe
C:\Program Files\Upromise\UpromiseUa.exe
C:\Program Files\Upromise\UpromiseTray.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Secunia\PSI\psi.exe
c:\program files\common files\aol\1133031219\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\AOL\1133031219\EE\aolsoftware.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\1133031219\EE\aolsoftware.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Common Files\AOL\1133031219\EE\aexplore.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\Common Files\AOL\1133031219\EE\aexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.n...lbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.n...lbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {dc7cd74e-cda8-4dfe-9d4a-ec795e950a8d} - C:\WINDOWS\system32\nonowoda.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ToolHelper - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files\Upromise\upromisetoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133031219\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r36590\E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB002" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [rizubezogu] Rundll32.exe "C:\WINDOWS\system32\zoyokuvu.dll",s
O4 - HKLM\..\Run: [841e18d3] rundll32.exe "C:\WINDOWS\system32\dineyata.dll",b
O4 - HKLM\..\Run: [CPM872d2b4f] Rundll32.exe "c:\windows\system32\puhikuga.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] L:\COMCAS~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [Upromise] C:\Program Files\Upromise\Upromise.exe
O4 - HKCU\..\Run: [Upromise Update] C:\Program Files\Upromise\UpromiseUa.exe
O4 - HKCU\..\Run: [Upromise Tray] C:\Program Files\Upromise\UpromiseTray.exe
O4 - HKUS\S-1-5-19\..\Run: [rizubezogu] Rundll32.exe "C:\WINDOWS\system32\zoyokuvu.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [rizubezogu] Rundll32.exe "C:\WINDOWS\system32\zoyokuvu.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll
O9 - Extra 'Tools' menuitem: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1133034951750
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ent/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...454/mcfscan.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcp.../pcpitstop2.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\yajumano.dll c:\windows\system32\puhikuga.dll c:\windows\system32\dagubawe.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

--
End of file - 14652 bytes


ANTI-MALWARE LOG


Malwarebytes' Anti-Malware 1.31
Database version: 1492
Windows 5.1.2600 Service Pack 3

12/15/2008 12:39:40 PM
mbam-log-2008-12-15 (12-39-40).txt

Scan type: Full Scan (C:\|D:\|L:\|)
Objects scanned: 212317
Time elapsed: 1 hour(s), 11 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 6
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\sunezihe.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\zomesasu.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dc7cd74e-cda8-4dfe-9d4a-ec795e950a8d} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{dc7cd74e-cda8-4dfe-9d4a-ec795e950a8d} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{62960d20-6d0d-1ab4-4bf1-95b0b5b8783a} (Adware.BHO) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\841e18d3 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rizubezogu (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm872d2b4f (Trojan.Vundo.H) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\zomesasu.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\zomesasu.dll -> Delete on reboot.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\sumonibe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ebinomus.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sunezihe.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ehizenus.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\zomesasu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP966\A0153970.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP966\A0153969.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP966\A0153971.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP966\A0153991.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP966\A0153992.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\juwefisi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yafuveyu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.


SUPERAntiSpyware LOG


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/14/2008 at 01:05 PM

Application Version : 4.23.1006

Core Rules Database Version : 3674
Trace Rules Database Version: 1653

Scan type : Complete Scan
Total Scan Time : 02:37:42

Memory items scanned : 556
Memory threats detected : 1
Registry items scanned : 7576
Registry threats detected : 24
File items scanned : 153322
File threats detected : 28

Adware.Vundo Variant/ESET
C:\WINDOWS\SYSTEM32\KONOWAHU.DLL
C:\WINDOWS\SYSTEM32\KONOWAHU.DLL
C:\WINDOWS\SYSTEM32\BERINEGE.DLL
C:\WINDOWS\SYSTEM32\WEPOZARA.DLL

Adware.CouponBar
HKLM\Software\Classes\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}
HKLM\Software\Classes\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\Implemented Categories
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\InprocServer32
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\ProgID
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\Programmable
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\TypeLib
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\VersionIndependentProgID
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\InprocServer32
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\ProgID
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\Programmable
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\TypeLib
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\VersionIndependentProgID

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}\InprocServer32

Adware.Tracking Cookie
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected]ck[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt

Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\contim
HKLM\SOFTWARE\Microsoft\contim#SysShell
HKLM\SOFTWARE\Microsoft\rdfa
HKLM\SOFTWARE\Microsoft\rdfa#F
HKLM\SOFTWARE\Microsoft\rdfa#N

Trojan.Fake-Alert/Trace
HKU\S-1-5-21-1961995224-2499110469-2212943590-1008\SOFTWARE\Microsoft\fias4013

Adware.Vundo/Variant-Trace
C:\WINDOWS\SYSTEM32\EGENIREB.INI
C:\WINDOWS\SYSTEM32\ISIFEWUJ.INI
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP