Jump to content

Archived

This topic is now archived and is closed to further replies.

thehoudi

adaware etc keeps reappearing

Recommended Posts

After years and years of no hassle with virii, malaware etc I find that im getting a hard time the last week with crap pop ups etc randomly appearing. Scanned the pc with superanti etc and cleaned up after the scan but as soon as I scan again the same culprits are back again. Ive included the log from the last scan if anyone can make any sense of this Id be grateful - even just nudge me in the right direction or tell me what else I need to to.

Im running zone alarm, avast anti virus and superantispyware on win xp

:?:

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 06/25/2007 at 12:33 PM

Application Version : 3.8.1002

Core Rules Database Version : 3260

Trace Rules Database Version: 1271

Scan type : Complete Scan

Total Scan Time : 02:49:24

Memory items scanned : 434

Memory threats detected : 3

Registry items scanned : 5218

Registry threats detected : 40

File items scanned : 159656

File threats detected : 17

Adware.Vundo Variant

C:\WINDOWS\SYSTEM32\PMKHG.DLL

C:\WINDOWS\SYSTEM32\PMKHG.DLL

HKLM\Software\Classes\CLSID\{A3962A72-57E7-4557-8E24-EC95BE12E0BB}

HKCR\CLSID\{A3962A72-57E7-4557-8E24-EC95BE12E0BB}

HKCR\CLSID\{A3962A72-57E7-4557-8E24-EC95BE12E0BB}\InprocServer32

HKCR\CLSID\{A3962A72-57E7-4557-8E24-EC95BE12E0BB}\InprocServer32#ThreadingModel

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3962A72-57E7-4557-8E24-EC95BE12E0BB}

Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\pmkhg

Adware.eZula

C:\WINDOWS\SYSTEM32\FKUQCEDS.EXE

C:\WINDOWS\SYSTEM32\FKUQCEDS.EXE

HKLM\System\ControlSet001\Services\DomainService

HKLM\System\ControlSet002\Services\DomainService

HKLM\System\CurrentControlSet\Services\DomainService

Trojan.Downloader-NewJuan/VM

C:\WINDOWS\SYSTEM32\HNSEGCMS.DLL

C:\WINDOWS\SYSTEM32\HNSEGCMS.DLL

Unclassified.Unknown Origin

HKLM\Software\Classes\CLSID\{5ADF3862-9E2E-4ad3-86F7-4510E6550CD0}

HKCR\CLSID\{5ADF3862-9E2E-4AD3-86F7-4510E6550CD0}

HKCR\CLSID\{5ADF3862-9E2E-4AD3-86F7-4510E6550CD0}\InprocServer32

HKCR\CLSID\{5ADF3862-9E2E-4AD3-86F7-4510E6550CD0}\InprocServer32#ThreadingModel

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5ADF3862-9E2E-4ad3-86F7-4510E6550CD0}

HKCR\CLSID\{5ADF3862-9E2E-4AD3-86F7-4510E6550CD0}

Unclassified.Oreans32

HKLM\System\ControlSet001\Services\oreans32

C:\WINDOWS\SYSTEM32\DRIVERS\OREANS32.SYS

HKLM\System\CurrentControlSet\Services\oreans32

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32#NextInstance

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Service

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Legacy

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ConfigFlags

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Class

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ClassGUID

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#DeviceDesc

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control#*NewlyCreated*

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control#ActiveService

HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Type

HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Start

HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ErrorControl

HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ImagePath

HKLM\SYSTEM\CurrentControlSet\Services\oreans32#DisplayName

HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security

HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security#Security

HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum

HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#0

HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#Count

HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#NextInstance

Adware.Tracking Cookie

C:\Documents and Settings\Al Donnelly\Cookies\al_donnelly@tradedoubler[1].txt

C:\Documents and Settings\Al Donnelly\Cookies\al_donnelly@cpvfeed[2].txt

C:\Documents and Settings\Al Donnelly\Cookies\al_donnelly@ad.yieldmanager[2].txt

C:\Documents and Settings\Al Donnelly\Cookies\al_donnelly@imrworldwide[2].txt

C:\Documents and Settings\Al Donnelly\Cookies\al_donnelly@ad.zanox[1].txt

C:\Documents and Settings\Al Donnelly\Cookies\al_donnelly@atdmt[2].txt

C:\Documents and Settings\Al Donnelly\Cookies\al_donnelly@doubleclick[1].txt

C:\Documents and Settings\Al Donnelly\Cookies\al_donnelly@ad.uk.tangozebra[1].txt

C:\Documents and Settings\Al Donnelly\Cookies\al_donnelly@adtech[2].txt

C:\Documents and Settings\Al Donnelly\Cookies\al_donnelly@zbox.zanox[1].txt

C:\Documents and Settings\Al Donnelly\Cookies\al_donnelly@videoegg.adbureau[1].txt

C:\Documents and Settings\Al Donnelly\Cookies\al_donnelly@questionmarket[1].txt

Trojan.Downloader-Gen/Blah

C:\WINDOWS\SYSTEM32\MLJGFDA.DLL

Share this post


Link to post
Share on other sites

I have pop-ups that have started to come up with the name "this ad is brought to you to web buying..." I purchased your program as I was told it would find and eliminate these issues. The program finds these problems and it appears that it eliminates but the same issue appears everytime I boot up and, frankly, nothing has been eliminated. Not sure if it's called tk58.exe or win 32/zquest or adware rac process but it's not being fixed. Please help.

Share this post


Link to post
Share on other sites
I have pop-ups that have started to come up with the name "this ad is brought to you to web buying..." I purchased your program as I was told it would find and eliminate these issues. The program finds these problems and it appears that it eliminates but the same issue appears everytime I boot up and, frankly, nothing has been eliminated. Not sure if it's called tk58.exe or win 32/zquest or adware rac process but it's not being fixed. Please help.

Please submit a support ticket here, and we will have you run a diagnostic:

https://www.superantispyware.com/support.html

Share this post


Link to post
Share on other sites

×
×
  • Create New...