Author Topic: confused and out of steam  (Read 196993 times)

0 Members and 1 Guest are viewing this topic.

Offline sasysusie

  • Avast Evangelist
  • Sr. Member
  • ***
  • Posts: 371
confused and out of steam
« on: November 02, 2007, 03:59:58 AM »
Help, I to have a visus i cannot get rid of.  I have ran Avast in safe mode and moved any torjan found to the chest and still have same problems when i reboot.  I am recieving out of control popups come just advertisement and some real eye opening pron ads. I recieve severl Avast found Trojan Virus several times a day, i move them to the chest when it lets me. I have also ran  steps 1,2,4 and 5 of Dmitfraudfix.exe and i ran a FixVundo.  With the Fix Vundo it claimed i was clean.  I know i am not as i am still getting pops galore and virus alerts and a very slowwww running computer. Here is a list of some the Virus's that have been detected but this is just a small sample as i ahve been trying to fix this for some time now.
c:\system volume information\_restore e{DDE3EB95-4B24-4D38-1F974B96C2FO}RP595\A0112546.exe is infected by Win32:small-AHY [trj],
another in the same file but ends with  RP609\A0118594.exe is infected by win32:downloader-ID [trj]
c:\windows\system 32\nwinpmdt.exe. Win32:downloader-1B [trj]
c:\windows\system 32\xroomfb.dll  malware name win32:Trojan-gen (other)
c:\docume~t\hp_owner\locals~1\temp\orikxrvx.exe malware name Win 32:Agent-Lap [trj}
I found  and tried to follow help you gave to others that had similar sounding problems as mine but i encountered a problem there too.. In step #2 it said to clean your temporary files by using windows advnaces care.  When i went to the site to download it in the upper left hand corner of my computer a very tiny window opens very briefly... the upper line says HTT and the lower line of box says unknown zone.  My feeling is that is the virus or trohan intercepting and somehow making the tools and programs i download to fix it not work for me.  this had happened many times as i try to down load fixes for this.  Is that possible for it to intercept the downloads and make itself  appear to be safe? Is this type of virus dangerous to my personal information on this computer? Please give me some ideas what i can do show of taking a torch to it! Thank you for your help and i hope i made some sense at all.
Thank you
Susie

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: confused and out of steam
« Reply #1 on: November 02, 2007, 05:28:31 AM »
Hi, welcome to the forum. Let's try and see what you have going on.

Download  superantispyware

First update SAS Then

Under Configuration and Preferences, click the Preferences button.
Then click the Scanning Control tab.

Under Scanner Options make sure the following are checked
- Close browsers before scanning
- Scan for tracking cookies
- Terminate memory threats before quaranine.

 leave the others unchecked.

Return to the main page by clicking close on that screen. On the main screen, under Scan for Harmful Software click Scan your computer. On the left check C:\Fixed Drive.(and other fixed drives)
Under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan.

When the scan is done, quaretine everthing found . Reboot if asked. You can post the log in your next reply if you wish.

Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
You may have to use multiple post for the hijackthis log.
« Last Edit: November 02, 2007, 05:45:27 AM by oldman »

Offline sasysusie

  • Avast Evangelist
  • Sr. Member
  • ***
  • Posts: 371
Re: confused and out of steam
« Reply #2 on: November 02, 2007, 01:42:19 PM »
Thank you for the reply Oldman, it gave me a place to start anyway, I ran the Superantispyware and have a long list of threats abiut 214 or so several being trojans..ugh! I will enclose that report on a seperate reply as it is long.   I was ready for the next step you gave me where it says "Click here" to download HTJsetup.exe i received this error message and ince i did not have a url on this site i am not sure where to from here hopefully you can advise me.

Error 404 File Not found
You were referred from http://forum.avast.com/index.php?topic=31261.0 Your IP is: 75.140.17.71
We are very sorry for any inconvenience
you will find some things have been moved

please start from the Index page and follow the links from there

Thanks for visiting and we are still here to help you with your spyware & Virus problems

http://www.thespykiller.co.uk/

You were looking for /files/HJTsetup.exe This was most likely a file that was moved.
if the url was http://www.thespykiller.co.uk/files/name of file Please change files to filesold in the link to get to it
Ill go to a new reply page and paste the log to you from the antidpyware check as well.. Thank you for taking your time to help me!
Susie

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: confused and out of steam
« Reply #3 on: November 02, 2007, 01:45:08 PM »

Offline sasysusie

  • Avast Evangelist
  • Sr. Member
  • ***
  • Posts: 371
Re: confused and out of steam
« Reply #4 on: November 02, 2007, 01:57:46 PM »
This is my Scan Log from the Superantispyware and i did quarantine all items and there were a bunch!!! Its so long this log i have to send it in 2 steps

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/02/2007 at 04:50 AM

Application Version : 3.9.1008

Core Rules Database Version : 3336
Trace Rules Database Version: 1337

Scan type       : Complete Scan
Total Scan Time : 06:04:14

Memory items scanned      : 592
Memory threats detected   : 4
Registry items scanned    : 6741
Registry threats detected : 50
File items scanned        : 102452
File threats detected     : 160

Adware.Vundo Variant
   C:\WINDOWS\SYSTEM32\SSQQOPO.DLL
   C:\WINDOWS\SYSTEM32\SSQQOPO.DLL
   HKLM\Software\Classes\CLSID\{232D2677-68EE-4FA1-B988-279EBC8969ED}
   HKCR\CLSID\{232D2677-68EE-4FA1-B988-279EBC8969ED}
   HKCR\CLSID\{232D2677-68EE-4FA1-B988-279EBC8969ED}\InprocServer32
   HKCR\CLSID\{232D2677-68EE-4FA1-B988-279EBC8969ED}\InprocServer32#ThreadingModel
   HKLM\Software\Classes\CLSID\{7953697B-BBF3-4277-8BD4-4EB843959415}
   HKCR\CLSID\{7953697B-BBF3-4277-8BD4-4EB843959415}
   HKCR\CLSID\{7953697B-BBF3-4277-8BD4-4EB843959415}\InprocServer32
   HKCR\CLSID\{7953697B-BBF3-4277-8BD4-4EB843959415}\InprocServer32#ThreadingModel
   HKLM\Software\Classes\CLSID\{89AD4D75-2429-462e-BD4E-443F233F6033}
   HKCR\CLSID\{89AD4D75-2429-462E-BD4E-443F233F6033}
   HKCR\CLSID\{89AD4D75-2429-462E-BD4E-443F233F6033}\InprocServer32
   HKCR\CLSID\{89AD4D75-2429-462E-BD4E-443F233F6033}\InprocServer32#ThreadingModel
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{232D2677-68EE-4FA1-B988-279EBC8969ED}
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7953697B-BBF3-4277-8BD4-4EB843959415}
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{89AD4D75-2429-462e-BD4E-443F233F6033}
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E236271-0D05-4800-94DF-E16F7E061612}
   HKCR\CLSID\{9E236271-0D05-4800-94DF-E16F7E061612}
   HKCR\CLSID\{9E236271-0D05-4800-94DF-E16F7E061612}\InprocServer32
   HKCR\CLSID\{9E236271-0D05-4800-94DF-E16F7E061612}\InprocServer32#ThreadingModel
   C:\WINDOWS\SYSTEM32\DDAYA.DLL
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{E9BD0828-1FD9-410C-A50F-43EBE65D310F}
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{232D2677-68EE-4FA1-B988-279EBC8969ED}
   Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\ssqqopo
   HKCR\CLSID\{232D2677-68EE-4FA1-B988-279EBC8969ED}
   HKCR\CLSID\{89AD4D75-2429-462E-BD4E-443F233F6033}

Unclassified.Unknown Origin/System
   C:\WINDOWS\SYSTEM32\MLJGF.DLL
   C:\WINDOWS\SYSTEM32\MLJGF.DLL

Trojan.Downloader-NewJuan/VM
   C:\WINDOWS\SYSTEM32\YYTMRDFH.DLL
   C:\WINDOWS\SYSTEM32\YYTMRDFH.DLL

Adware.ZenoSearch-NVON
   C:\WINDOWS\SYSTEM32\LODSRNGL.EXE
   C:\WINDOWS\SYSTEM32\LODSRNGL.EXE
   [{D8-86-6F-F2-ZN}] C:\WINDOWS\SYSTEM32\LODSRNGL.EXE
   C:\WINDOWS\Prefetch\LODSRNGL.EXE-2BD72C4F.pf

Trojan.ZenoSearch
   [ExploreUpdSched] C:\WINDOWS\SYSTEM32\NWINPMDQ.EXE
   C:\WINDOWS\SYSTEM32\NWINPMDQ.EXE
   C:\WINDOWS\system32\msnav32.ax
   C:\WINDOWS\SYSTEM32\NWINPMDS.EXE
   C:\WINDOWS\Prefetch\NWINPMDQ.EXE-09749224.pf

Adware.Tracking Cookie
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@cgi-bin[1].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@media.adrevolver[2].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@directtrack[2].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@enhance[1].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@mediaplex[2].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@3.adbrite[1].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@sexbuddies[2].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ehg-verizoncommunications.hitbox[3].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@statcounter[2].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@www.burstnet[1].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@azjmp[1].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@stats1.reliablestats[1].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ehg-wyndhamvacationownership.hitbox[4].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@casalemedia[8].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@eyewonder[1].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@atwola[1].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@fastclick[5].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@msnportal.112.2o7[1].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@xmlrevenue[2].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@angleinteractive.directtrack[2].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@specificclick[1].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@hitbox[1].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@tribalfusion[7].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@2o7[6].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@revsci[1].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adopt.specificclick[1].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@www.ppctracking[1].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@apmebf[1].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@serving-sys[1].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@www.burstbeacon[1].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@www.try2findclicks[1].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@tremor.adbureau[2].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adrevolver[1].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.addynamix[3].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@advertising[6].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@eztracks.aavalue[3].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@burstnet[1].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@edge.ru4[1].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.bridgetrack[2].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@secure.advancedcleaner[1].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@goclick[3].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.pointroll[1].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@link_41221d046eaa2d418d7b_e60b5155bb60972986da4ef873dbed86_http__[1].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@zedo[1].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@cgi-bin[3].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@revenue[1].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@hornymatches[1].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@interclick[1].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@bs.serving-sys[2].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@trafficmp[1].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@publishers.clickbooth[2].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adrevolver[2].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@search.ebay[1].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@tacoda[3].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@login.tracking101[3].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@toplist[1].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adbrite[1].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@67.15.239[1].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@advancedcleaner[2].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@qksrv[1].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.adbrite[2].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@doubleclick[2].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adserver[1].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@67.15.239[2].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@atdmt[2].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@heavycom.122.2o7[1].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adredired[1].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@anad.tacoda[

Offline sasysusie

  • Avast Evangelist
  • Sr. Member
  • ***
  • Posts: 371
Re: confused and out of steam
« Reply #5 on: November 02, 2007, 01:59:47 PM »
2].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ad.yieldmanager[13].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@winantivirus[3].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adopt.euroclick[1].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@2o7[1].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@2o7[2].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@2o7[3].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@2o7[4].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ad.yieldmanager[10].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ad.yieldmanager[11].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ad.yieldmanager[12].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ad.yieldmanager[1].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ad.yieldmanager[2].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ad.yieldmanager[3].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ad.yieldmanager[4].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ad.yieldmanager[5].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ad.yieldmanager[6].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ad.yieldmanager[7].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ad.yieldmanager[8].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ad.yieldmanager[9].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.adbrite[1].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.addynamix[1].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@advertising[1].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@advertising[2].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@advertising[3].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@advertising[4].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@advertising[5].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@advertising[7].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@affiliate.eadvtracker[1].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@apmebf[2].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@casalemedia[1].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@casalemedia[2].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@casalemedia[3].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@casalemedia[4].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@casalemedia[5].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@casalemedia[6].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@directtrack[1].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@edge.ru4[2].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ehg-verizoncommunications.hitbox[2].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ehg-wyndhamvacationownership.hitbox[1].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ehg-wyndhamvacationownership.hitbox[2].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@eztracks.aavalue[2].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@fastclick[1].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@fastclick[2].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@fastclick[3].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@fastclick[4].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@fastclick[6].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@goclick[2].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@linksynergy[2].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@login.tracking101[2].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@mediatraffic[2].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@pt.crossmediaservices[1].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@qksrv[2].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@revsci[2].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@tacoda[2].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@track[2].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@tribalfusion[1].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@tribalfusion[2].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@tribalfusion[3].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@tribalfusion[4].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@tribalfusion[5].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@tribalfusion[6].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@winantivirus[1].txt
   C:\Documents and Settings\HP_Owner\Cookies\hp_owner@zedo[2].txt
   C:\Documents and Settings\HP_Owner\Local Settings\Temp\Cookies\hp_owner@ad.firstadsolution[2].txt
   C:\Documents and Settings\HP_Owner\Local Settings\Temp\Cookies\hp_owner@ad.xplusone[2].txt
   C:\Documents and Settings\HP_Owner\Local Settings\Temp\Cookies\hp_owner@ads.k8l[1].txt
   C:\Documents and Settings\HP_Owner\Local Settings\Temp\Cookies\hp_owner@interclick[2].txt
   C:\Documents and Settings\HP_Owner\Local Settings\Temp\Cookies\hp_owner@ipoint.targetpoint[1].txt
   C:\Documents and Settings\HP_Owner\Local Settings\Temp\Cookies\hp_owner@login.tracking101[2].txt
   C:\Documents and Settings\HP_Owner\Local Settings\Temp\Cookies\hp_owner@mywebsearch[1].txt
   C:\Documents and Settings\HP_Owner\Local Settings\Temp\Cookies\hp_owner@track.bestbuy[2].txt
   C:\Documents and Settings\HP_Owner\Local Settings\Temp\Cookies\hp_owner@track.searchignite[1].txt
   C:\Documents and Settings\HP_Owner\Local Settings\Temp\Cookies\hp_owner@winantivirus[1].txt
   C:\WINDOWS\Temp\Cookies\hp_owner@2o7[2].txt

Trojan.WinAntiSpyware/WinAntiVirus 2006/2007
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF#NextInstance
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Service
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Legacy
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#ConfigFlags
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Class
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#ClassGUID
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#DeviceDesc
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Capabilities
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK#NextInstance
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Service
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Legacy
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#ConfigFlags
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Class
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#ClassGUID
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#DeviceDesc
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Capabilities
   C:\WINDOWS\system32\stera.job

Adware.Web Buying
   C:\Program Files\Web Buying\v1.8.1\wbuninst.exe
   C:\Program Files\Web Buying\v1.8.1
   C:\Program Files\Web Buying
   HKU\S-1-5-21-4204567712-2704041500-816587294-1009\Software\WebBuying
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebBuying
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebBuying#DisplayName
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebBuying#UninstallString

Adware.k8l
   C:\PROGRAM FILES\MSN\PROMY.HTML

Trojan.Downloader-Gen
   C:\WINDOWS\SYSTEM32\WINPFZ32.SYS

Trojan.Unknown Origin
   C:\WINDOWS\SYSTEM32\WNSTSICOMSV32.EXE

Trace.Known Threat Sources
   C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\72KJZXS9\rd-fakeout2-720x300[1].gif

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: confused and out of steam
« Reply #6 on: November 02, 2007, 05:13:05 PM »
Hi sasysusie

I'm not sure if you saw my post earlier regarding hijackthis,as I posted it while you where posting the SAS log. We've got a bit to do. After running SAS, have the popups slowed down?

Offline sasysusie

  • Avast Evangelist
  • Sr. Member
  • ***
  • Posts: 371
Re: confused and out of steam
« Reply #7 on: November 02, 2007, 06:52:01 PM »
Hi again... I just got home and yes i see the address for the HTJ.  Actally since running the SAS ive not had one pop up the computer is running faster than its run in days... I acutally was able to host a cribbage tournament online and it all rans faster than it has in ages... so i still need to run HTJ? Im figuring I am.. but so far sooo good!! Can't thank you enough for your time and helpful information!
thanks
Susie

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: confused and out of steam
« Reply #8 on: November 02, 2007, 07:01:39 PM »
Yes, there is probably more hidden away. So post the hjt log and we'll take it from there.

BTW

After you have installed HJT, use windows explorer to navigate to the HJT folder and rename hijackthis.exe to hijacksusie.exe. Double click hijacksusie to run the program.

I'm at work right now but will have a look asap.

Offline sasysusie

  • Avast Evangelist
  • Sr. Member
  • ***
  • Posts: 371
Re: confused and out of steam
« Reply #9 on: November 02, 2007, 10:01:58 PM »
Geesh and what a busy day.. im back home again.. I went to this site u gave me
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
once there it gave me three options.. none of which say they are HJTsetup.exe so i was not sure which i should use... i know I must seem very stupid about all this (and i am) but after all ive been through i do not want to make a mistake at this point... The three options it is give me are...
Download HijackThis Installer  which give me a run window of HJTInstall.exe or
download hijackThis zip with a window of highjackthis.zip (which im sure i do nt use) and
HijackThis Executable with the window of HijackThis.exe
When i did try the first option  i did not see where you were talking to me about the setup dialog boes with Select Addtion tasks and so forth it seemed to just want to take me to where i intall and then run it.. even if i saved it to the desk top.. so i was just  unclear and maybe i just didn't look far enough as i said after my encounter with these trojans ive gotten very leary on here! Since i was not sure i was at the right place i did remove it from my programs to check with you making sure im running the right thing.
Thank you yet again for your time and now your patience with me as well.
Susie

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: confused and out of steam
« Reply #10 on: November 02, 2007, 10:08:30 PM »
Hi sasysusie select the installer (top) and run that it will install Hijackthis ready to run

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: confused and out of steam
« Reply #11 on: November 02, 2007, 10:10:03 PM »
Well after all that typing....Thanks essexboy.   ;)

Quote
Thank you yet again for your time and now your patience with me as well

No problem  ;D

Offline sasysusie

  • Avast Evangelist
  • Sr. Member
  • ***
  • Posts: 371
Re: confused and out of steam
« Reply #12 on: November 02, 2007, 10:26:21 PM »
I hate myself sometimes.. im sooo unsure of myself!  Oldman how important is it to rename it? I  ready to run it but you did say rename it first... id love to if i could find it to rename it!  sorry and ty 2 essex as well now that they jumped in! :)

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: confused and out of steam
« Reply #13 on: November 02, 2007, 10:43:29 PM »
Just run it we will look at renaming if necessary later  ;)

Offline sasysusie

  • Avast Evangelist
  • Sr. Member
  • ***
  • Posts: 371
Re: confused and out of steam
« Reply #14 on: November 02, 2007, 10:44:06 PM »
yesss renamed it! ran the scan and copied to put here where you could look at the results.. see if you leave me alone long enough i figure it out  :D looks like its too long as well so i will send it in 2 parts

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:39:48 PM, on 11/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\keyexp\KEYEXP.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: {b07dc602-3717-03ca-a334-514623705b2b} - {b2b50732-6415-433a-ac30-7173206cd70b} - C:\WINDOWS\system32\eleapuna.dll
O2 - BHO: 0 - {CD4C273E-98E3-48FB-A3AF-606E909668BE} - C:\Program Files\MSN\ladu.dll (file missing)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1158686903\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ProfileWatcher] C:\Program Files\ProfileWatcher\profilewatcher.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [d43d865d] rundll32.exe "C:\WINDOWS\system32\angowvrm.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\HPQ\XPXWWPP5\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [Srro] "C:\PROGRA~1\PPPATC~1\csrss.exe" -vt yazb
O4 - HKCU\..\Run: [Pkzo] "C:\Program Files\?icrosoft\d?dplay.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: HP Organize.lnk = ?
O4 - Startup: Keyboard Express 2000.lnk = C:\Program Files\keyexp\KEYEXP.EXE
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\lodsrngl.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\nwinpmdq.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe