Unknown Adware Downloader On My Comp

Hi,

I recently stumbled upon this forum when searching for a way in which to remove the adware I got after visiting seriall.com. I've followed all of the steps in the "Read and Run Me FIRST..." thread, and everything seemed to be fine, until a few hours later, when my zonealarm antispyware found some more spyware trying to be downloaded on my comp. I was hoping that once I got rid of the spyware I could remove ZoneAlarm from my computer as it seems to hog up quite a bit of resources, but with the recent find I'm not sure if I should. Anyways, here's a list of things that my antispyware programs found/fixed when I ran them. The rest I attached as logs as noted by the "Read and Run ME FIRST..." thread. Thank you for any feedback you can give as to how to remove this spyware.

Microsoft Windows Malicious Software Removal Tool - found nothing

Spybot Search and Destroy - AstaKiller, Windows Security Center.FirewallDisableNotify, CnsMin, Smitfraud-C., SpyQuake2, SpywareQuake, VCodec, Windows Security Center.AntiVirusDisableNotify

Microsoft Windows Defender Full Scan - found nothing

Norton Antivirus found these while I was running Bitdefender - Adware.MaxSearch, Adware.SpySheriff

Recently found by Zonealarm - Atwola

 

And here's the getrunkey and shownew files.

 

Download
- Pocket Killbox

<< The installed version of Java on this compter is out-dated. Install Java Runtime Environment (JRE) 5.0 Update 8 available from http://java.sun.com/javase/downloads/index.jsp. Uninstall all older versions of Java on your computer, before installing the latest version of Java. >>

The installed version of Firefox on this compter is out-dated. Install the current version of FireFox from: Mozilla Firefox

Copy the contents of the below quote box to Notepad; Save As FixReg.reg to your Desktop. DO NOT run it as this time we will do that later in Safe Mode.

Close Notepad.

Run HijackThis. Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click Delete Selected Temp Files

Then after it deletes the files click the Exit (Save Settings) button.

NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue..

Select:

• Delete on Reboot
• then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Locate FixReg.reg on your Desktop. Double-click on it and answer 'Yes' when asked if you want to merge with the registry.

Open ExplorerXP navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Post a fresh Hijackthis log.

Be sure to tell me how your computer is running.

 

Hey Shadow_Puter_Dude,

Before anything, thanks for offering help, really appreciate it.

I followed your steps, and everything seems to be a little quicker then it was before the process, though still slower then how my computer was before the incident. Though, this could be because several things. I had two versions of Java on my computer (which is fixed now), and I also have the following new programs running in the background: Spyware Blaster, SpyBot S&D, ZoneAlarm, Windows Defender. Which leads me to the question of, is this a little overexcessive? Are there just a few keys ones I need to have installed for adequate protection?

Anyways, as for the actual process, I did not receive any PendingFileRenameOperations prompts. And attached is a new HiJackThis log.
Thanks Again!

 

Your HijackThis lgo is clean.

SpywareBlaster and Spybot are not memory resident protection tools. Teatimer is the only realtime protection function offered by Spybot; and we recommend that feature not be utilized.

You have Norton AV, ZoneAlarm and Windows Defender installed and providing "realtime" protection. This will cause a degradation in system performance especially the combination of Norton and ZA. Norton places a huge demand on sytem resources and you will see a performance slow down. Zone Alarm has been know to cause some system to experience slow downs. If your subscription is close to expiring on Norton, I urge you to consider replacing it with an AV application that isn't as demanding.

Lets flush all your restore points and create a new clean one for your system.

Disable And Enable System Restore
How to Protect yourself from malware!

Safe surfing.

 

Thanks for the help Shadow_Puter_Dude,

I'm actually on a college campus network, and they say it's required for all computers to have Norton. Do you know they'd lock me out of the network if I were to uninstall Norton, or is it not possible for them to detect if Norton is on your computer or not?

 

Normally they would that an AV application be installed. Norton although the top selling AV is not the best AV available. Malware writers write their malware to evade detection by the top selling AV programs. There is no way they can know what AV application you are running without physically examining your computer, or installing a trojan on your system to give them that information. In which case would be highly unethical and illegal.