many a trojans

i clicked a wrong link in a google search last night, and since then avast been going crazy. i ran all of the scans asked, and my eTrust PestPatrol. and the avast anitvirus all in safe mode. then did the bit defender. the CEDP stealer and the weatherbug i have already discarded since the scan.. but the amount of trojans it found is kinda scary lol.

there is no active scan panda log because my comp isnt letting it run right now, and if i am on a webpage to long is closing it.. along with pop-ups when im not in safe mode any help is appreciated..ty

 

Scan and have HJT Fix the following:

Download
- Pocket Killbox
- ExplorerXP

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click the RED X.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open ExplorerXP navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.
Download WinPFind

Extract it to the root folder of drive C ( C:\ ). This will create a folder called WinPFind in the C:\ folder. Inside C:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.

When it is done, it will show the results of the scan. Click on the Copy to Clipboard button and then paste the contents of the log in your clipboard. Then save it to a file using notepad and upload the text file here as an attachment.

Post the WinPFind log and a fresh HijackThis log from Normal Mode.

 

ok i ran throgh all those, and got the logs im attaching them now

 

Follow the directions for Running Ewido Security Suite.

Post the Ewido log along with a fresh WinPFind log.

 

ok i ran through those and got ewido.. and while i was in middle of the winpfind i realized that DOCUME~1\Terri\APPLIC~1\SHOWKN~1 was actaully documents and settings, applications and __ and show knob.. so i deleted the show knob folder. and heres the logs from ewido and winpfind

 

Disable Microsoft Antispyware and uninstall Ewido before doing the following step:

Follow the directions for Running Hoster to restore your hosts file to the default MS hosts file.

Open Windows Explorer; navigate to and delete the following:

Open REGEDIT; navigate to and delete the following registry keys:

Open Notepad, copy & paste the contemns of the below quote box into notepad; Save As FixReg.reg to your desktop.

Close Notepad, locate FixReg.reg and double-click on it; answer Yes when asked if you what to merge with the registry.

Download and install
- ExplorerXP

Run ExplorerXP; navigate to and delete the following:

Now Search for and delete the following:

Delete every occurance.

Rebbot to Normal Mode.

Post a fresh HijackThis log and a fresh WinPFind log.

How is your computer running?

 

woo hoo, i think i got this, most of the things you sent me could not be found and rpen only found FxRubberPen.class and i wasnt sure if i was supposed to get rid of that. i ran the 2 searches and will have the logs, and when i got to normal mode i opend a few IE's and went to a few trusted sites to see if i would get any pop-ups but none yet if anything else comes i will repost in here, tyvm for all the help. it is greatly appreciated.

 

I missed one entry in the registry.

Copy the below into notepad and save as FixReg2.reg to your Desktop:

close notepad; double-click FixReg2.reg, say Yes.

REBOOT

How is your computer running?

 

its doing graet, its going fast, but as i clicked to reply here i got a partypoker.net popup , but comp is running up back to normal speed.

 

Open REGEDIT, navigate to and delete the following registry keys:

REBOOT

Still getting popups?

 

yup still gettin pop-ups i surfed around this site for like 2-3 mins and got a reg defender ad or something like that pop-up

 

Run Ad-Aware SE and Spbot again.

 

adaware found 3 thisn it said, and only showed to, one was like MRU i think, i looked to see where it was, because it had like 13 poins.. and it jsut said this is not a major threat and didnt list anything, and spybot said my computer is completly clean, but im still gettin pop-ups

 

Try running Panda ActiveScan, I know it didn't work the last time; but try it again.

 

ok, first i tried it and it woudlent start, then i restarted it again, and all my explorers just shut down on me.. so i went uninstalled it tried again and actaully got some results there were 15 found and heres the log

 

REBOOT to Safe Mode.

Open Windows Explorer; navigate to and DELETE the following:

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

OK, run Panda ActiveScan again.

Post the Panda log and a fresh HijackThis log.

 

ok i ran the searches again, and deleted thsoe files and all, and panda came up with 1 count of spyware.. it was the secure32 adware it was in C:\WINDOWS i have it ready to delete. i will post the log for you anyways, and the HJT log. but so far i havent seen a pop-up yet tyvvvm for all the help and pateince with this puter.. i always was careful wtih non trusted sites and looking through pogo and now im gonna double check again LOL, dont want anything like this running thorugh my comp again. ty again, its all very appreciated

 

Are you removeing these lines, and deleting the directories?

O4 - HKLM\..\Run: [dumbfacecastdelete] C:\Documents and Settings\All Users\Application Data\DVD SUPPORT DUMB FACE\Face Cash.exe
O4 - HKCU\..\Run: [burn slow] C:\DOCUME~1\Terri\APPLIC~1\LISTFA~1\Memo Wait.exe

If so, they keep coming back.

 

i knew i deleted the files, when i went through, i re-ran HJT and deleted the entries that were in there, rebooted and they didnt come back. i will run it agian in a day or 2 and if i see them i again i will post it, if youd like i can post a fresh log for ya now? and again tyvm for the help

 

That's ok, just use teh computer for a while surf the net, reboot a couple of times and check to make sure they don't come back.