Hello, need some help from the experts on this forum to remove some viruses from my pc. I am running Windows XP on a Dell Dimension pc.
I have followed closely the post of what to do first before posting a new thread. Specifically, AV is up to date, firewall is on, updated and ran CCleaner Slim, updated and ran SuperAntispyware, updated and ran Malwarebytes Anti-malware, updated my Java and finally ran Hijack This. The SuperAntispyware log is posted below. Will post the Malware bytes log and HiJack this in the next post.
Any help you can give me would very much be appreciated. I am still seeing odd behavior by my IE browser, so I am guessing my pc is still infected.
SuperAnti Spyware log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.comGenerated 09/03/2010 at 10:25 PM
Application Version : 4.41.1000
Core Rules Database Version : 5454
Trace Rules Database Version: 3266
Scan type : Complete Scan
Total Scan Time : 01:14:55
Memory items scanned : 379
Memory threats detected : 0
Registry items scanned : 5356
Registry threats detected : 25
File items scanned : 60593
File threats detected : 84
Adware.Tracking Cookie
C:\Documents and Settings\Mary Lewis\Cookies\
[email protected][1].txt
C:\Documents and Settings\Mary Lewis\Cookies\mary_lewis@realmedia[1].txt
C:\Documents and Settings\Mary Lewis\Cookies\
[email protected][1].txt
C:\Documents and Settings\Mary Lewis\Cookies\mary_lewis@overture[1].txt
C:\Documents and Settings\Mary Lewis\Cookies\
[email protected][1].txt
C:\Documents and Settings\Mary Lewis\Cookies\
[email protected][2].txt
C:\Documents and Settings\Mary Lewis\Cookies\
[email protected][2].txt
C:\Documents and Settings\Mary Lewis\Cookies\
[email protected][2].txt
C:\Documents and Settings\Mary Lewis\Cookies\mary_lewis@advertising[2].txt
C:\Documents and Settings\Mary Lewis\Cookies\mary_lewis@tribalfusion[1].txt
C:\Documents and Settings\Mary Lewis\Cookies\mary_lewis@mediaplex[1].txt
C:\Documents and Settings\Mary Lewis\Cookies\
[email protected][1].txt
C:\Documents and Settings\Mary Lewis\Cookies\mary_lewis@tacoda[2].txt
C:\Documents and Settings\Mary Lewis\Cookies\
[email protected][2].txt
C:\Documents and Settings\Mary Lewis\Cookies\mary_lewis@serving-sys[2].txt
cdn4.specificclick.net [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\P7GELVUX ]
media.scanscout.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\P7GELVUX ]
media1.break.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\P7GELVUX ]
s0.2mdn.net [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\P7GELVUX ]
secure-us.imrworldwide.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\P7GELVUX ]
C:\Documents and Settings\LocalService\Cookies\system@247realmedia[1].txt
C:\Documents and Settings\LocalService\Cookies\
[email protected][2].txt
C:\Documents and Settings\LocalService\Cookies\system@adbrite[2].txt
C:\Documents and Settings\LocalService\Cookies\system@adecn[1].txt
C:\Documents and Settings\LocalService\Cookies\
[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\system@advertise[1].txt
C:\Documents and Settings\LocalService\Cookies\system@advertising[2].txt
C:\Documents and Settings\LocalService\Cookies\system@apmebf[1].txt
C:\Documents and Settings\LocalService\Cookies\system@atdmt[1].txt
C:\Documents and Settings\LocalService\Cookies\
[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\
[email protected][2].txt
C:\Documents and Settings\LocalService\Cookies\system@burstbeacon[1].txt
C:\Documents and Settings\LocalService\Cookies\system@burstnet[2].txt
C:\Documents and Settings\LocalService\Cookies\system@casalemedia[2].txt
C:\Documents and Settings\LocalService\Cookies\system@collective-media[1].txt
C:\Documents and Settings\LocalService\Cookies\
[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\
[email protected][2].txt
C:\Documents and Settings\LocalService\Cookies\system@doubleclick[2].txt
C:\Documents and Settings\LocalService\Cookies\
[email protected][2].txt
C:\Documents and Settings\LocalService\Cookies\system@invitemedia[1].txt
C:\Documents and Settings\LocalService\Cookies\system@mediaplex[2].txt
C:\Documents and Settings\LocalService\Cookies\
[email protected][2].txt
C:\Documents and Settings\LocalService\Cookies\
[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\system@realmedia[2].txt
C:\Documents and Settings\LocalService\Cookies\system@revsci[1].txt
C:\Documents and Settings\LocalService\Cookies\system@ru4[2].txt
C:\Documents and Settings\LocalService\Cookies\system@serving-sys[1].txt
C:\Documents and Settings\LocalService\Cookies\system@serving-sys[2].txt
C:\Documents and Settings\LocalService\Cookies\system@statcounter[2].txt
C:\Documents and Settings\LocalService\Cookies\system@tribalfusion[2].txt
C:\Documents and Settings\LocalService\Cookies\
[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\
[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\system@yieldmanager[1].txt
C:\Documents and Settings\LocalService\Cookies\system@zedo[2].txt
cdn4.specificclick.net [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\XK5YWVLH ]
core.insightexpressai.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\XK5YWVLH ]
media.mtvnservices.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\XK5YWVLH ]
media.scanscout.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\XK5YWVLH ]
media1.break.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\XK5YWVLH ]
objects.tremormedia.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\XK5YWVLH ]
secure-us.imrworldwide.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\XK5YWVLH ]
C:\Documents and Settings\NetworkService\Cookies\
[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@adcloudmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\
[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\
[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@apmebf[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@burstnet[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@casalemedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\
[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@fastclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[2].txt
C:\Documents and Settings\NetworkService\Cookies\
[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ru4[2].txt
C:\Documents and Settings\NetworkService\Cookies\
[email protected][2].txt
Trojan.DNS-Changer (Hi-Jacked DNS)
HKLM\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS\INTERFACES\{B12C908C-7625-4A94-875B-A0552B209CBB}#NAMESERVER
HKLM\SYSTEM\CONTROLSET003\SERVICES\TCPIP\PARAMETERS\INTERFACES\{B12C908C-7625-4A94-875B-A0552B209CBB}#NAMESERVER
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{B12C908C-7625-4A94-875B-A0552B209CBB}#NAMESERVER
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS#NAMESERVER
HKLM\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS#NAMESERVER
HKLM\SYSTEM\CONTROLSET003\SERVICES\TCPIP\PARAMETERS#NAMESERVER
Malware.Trace
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
HKU\.DEFAULT\SOFTWARE\XML
HKU\S-1-5-18\SOFTWARE\XML
Adware.AdRotator
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF1011$
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF1011$#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF1011$#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF1011$#NoModify
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF1011$#NoRepair
HKLM\SOFTWARE\Classes\AppID\{38061EDC-40BB-4618-A8DA-E56353347E6D}
HKLM\SOFTWARE\Classes\AppID\{38061EDC-40BB-4618-A8DA-E56353347E6D}\instl
HKLM\SOFTWARE\Classes\AppID\{38061EDC-40BB-4618-A8DA-E56353347E6D}\instl\data
HKLM\SOFTWARE\Classes\AppID\{38061EDC-40BB-4618-A8DA-E56353347E6D}\instl\data#afltId
HKLM\SOFTWARE\Classes\AppID\{7B6A2552-E65B-4a9e-ADD4-C45577FFD8FD}
HKLM\SOFTWARE\Classes\AppID\{7B6A2552-E65B-4a9e-ADD4-C45577FFD8FD}\instl
HKLM\SOFTWARE\Classes\AppID\{7B6A2552-E65B-4a9e-ADD4-C45577FFD8FD}\instl\data
HKLM\SOFTWARE\Classes\AppID\{7B6A2552-E65B-4a9e-ADD4-C45577FFD8FD}\instl\data#afltId
HKLM\SOFTWARE\Classes\AppID\{84C3C236-F588-4c93-84F4-147B2ABBE67B}
HKLM\SOFTWARE\Classes\AppID\{84C3C236-F588-4c93-84F4-147B2ABBE67B}\apps
HKLM\SOFTWARE\Classes\AppID\{84C3C236-F588-4c93-84F4-147B2ABBE67B}\apps\{38061EDC-40BB-4618-A8DA-E56353347E6D}
HKLM\SOFTWARE\Classes\AppID\{84C3C236-F588-4c93-84F4-147B2ABBE67B}\apps\{7B6A2552-E65B-4a9e-ADD4-C45577FFD8FD}
C:\WINDOWS\$NTUNINSTALLMTF1011$\zrpt.xml
C:\WINDOWS\$NTUNINSTALLMTF1011$
Trojan.Agent/Gen-Exploit
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\UPDATE\SEUPD.EXE
Mal