thehoudi Posted June 25, 2007 After years and years of no hassle with virii, malaware etc I find that im getting a hard time the last week with crap pop ups etc randomly appearing. Scanned the pc with superanti etc and cleaned up after the scan but as soon as I scan again the same culprits are back again. Ive included the log from the last scan if anyone can make any sense of this Id be grateful - even just nudge me in the right direction or tell me what else I need to to. Im running zone alarm, avast anti virus and superantispyware on win xp SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 06/25/2007 at 12:33 PM Application Version : 3.8.1002 Core Rules Database Version : 3260 Trace Rules Database Version: 1271 Scan type : Complete Scan Total Scan Time : 02:49:24 Memory items scanned : 434 Memory threats detected : 3 Registry items scanned : 5218 Registry threats detected : 40 File items scanned : 159656 File threats detected : 17 Adware.Vundo Variant C:\WINDOWS\SYSTEM32\PMKHG.DLL C:\WINDOWS\SYSTEM32\PMKHG.DLL HKLM\Software\Classes\CLSID\{A3962A72-57E7-4557-8E24-EC95BE12E0BB} HKCR\CLSID\{A3962A72-57E7-4557-8E24-EC95BE12E0BB} HKCR\CLSID\{A3962A72-57E7-4557-8E24-EC95BE12E0BB}\InprocServer32 HKCR\CLSID\{A3962A72-57E7-4557-8E24-EC95BE12E0BB}\InprocServer32#ThreadingModel HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3962A72-57E7-4557-8E24-EC95BE12E0BB} Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\pmkhg Adware.eZula C:\WINDOWS\SYSTEM32\FKUQCEDS.EXE C:\WINDOWS\SYSTEM32\FKUQCEDS.EXE HKLM\System\ControlSet001\Services\DomainService HKLM\System\ControlSet002\Services\DomainService HKLM\System\CurrentControlSet\Services\DomainService Trojan.Downloader-NewJuan/VM C:\WINDOWS\SYSTEM32\HNSEGCMS.DLL C:\WINDOWS\SYSTEM32\HNSEGCMS.DLL Unclassified.Unknown Origin HKLM\Software\Classes\CLSID\{5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} HKCR\CLSID\{5ADF3862-9E2E-4AD3-86F7-4510E6550CD0} HKCR\CLSID\{5ADF3862-9E2E-4AD3-86F7-4510E6550CD0}\InprocServer32 HKCR\CLSID\{5ADF3862-9E2E-4AD3-86F7-4510E6550CD0}\InprocServer32#ThreadingModel HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} HKCR\CLSID\{5ADF3862-9E2E-4AD3-86F7-4510E6550CD0} Unclassified.Oreans32 HKLM\System\ControlSet001\Services\oreans32 C:\WINDOWS\SYSTEM32\DRIVERS\OREANS32.SYS HKLM\System\CurrentControlSet\Services\oreans32 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32#NextInstance HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Service HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Legacy HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ConfigFlags HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Class HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ClassGUID HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#DeviceDesc HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control#*NewlyCreated* HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control#ActiveService HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Type HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Start HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ErrorControl HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ImagePath HKLM\SYSTEM\CurrentControlSet\Services\oreans32#DisplayName HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security#Security HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#0 HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#Count HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#NextInstance Adware.Tracking Cookie C:\Documents and Settings\Al Donnelly\Cookies\al_donnelly@tradedoubler[1].txt C:\Documents and Settings\Al Donnelly\Cookies\al_donnelly@cpvfeed[2].txt C:\Documents and Settings\Al Donnelly\Cookies\al_donnelly@ad.yieldmanager[2].txt C:\Documents and Settings\Al Donnelly\Cookies\al_donnelly@imrworldwide[2].txt C:\Documents and Settings\Al Donnelly\Cookies\al_donnelly@ad.zanox[1].txt C:\Documents and Settings\Al Donnelly\Cookies\al_donnelly@atdmt[2].txt C:\Documents and Settings\Al Donnelly\Cookies\al_donnelly@doubleclick[1].txt C:\Documents and Settings\Al Donnelly\Cookies\al_donnelly@ad.uk.tangozebra[1].txt C:\Documents and Settings\Al Donnelly\Cookies\al_donnelly@adtech[2].txt C:\Documents and Settings\Al Donnelly\Cookies\al_donnelly@zbox.zanox[1].txt C:\Documents and Settings\Al Donnelly\Cookies\al_donnelly@videoegg.adbureau[1].txt C:\Documents and Settings\Al Donnelly\Cookies\al_donnelly@questionmarket[1].txt Trojan.Downloader-Gen/Blah C:\WINDOWS\SYSTEM32\MLJGFDA.DLL Share this post Link to post Share on other sites
SUPERAntiSpy Posted June 25, 2007 Please submit a support ticket here, and we will have you run a diagnostic: https://www.superantispyware.com/support.html Share this post Link to post Share on other sites
jman Posted August 13, 2007 I have pop-ups that have started to come up with the name "this ad is brought to you to web buying..." I purchased your program as I was told it would find and eliminate these issues. The program finds these problems and it appears that it eliminates but the same issue appears everytime I boot up and, frankly, nothing has been eliminated. Not sure if it's called tk58.exe or win 32/zquest or adware rac process but it's not being fixed. Please help. Share this post Link to post Share on other sites
SUPERAntiSpy Posted August 13, 2007 I have pop-ups that have started to come up with the name "this ad is brought to you to web buying..." I purchased your program as I was told it would find and eliminate these issues. The program finds these problems and it appears that it eliminates but the same issue appears everytime I boot up and, frankly, nothing has been eliminated. Not sure if it's called tk58.exe or win 32/zquest or adware rac process but it's not being fixed. Please help. Please submit a support ticket here, and we will have you run a diagnostic: https://www.superantispyware.com/support.html Share this post Link to post Share on other sites