Viral machine

wolflock1010 · Jul 16, 2010

Hello everyone,

Let me start by saying im a computer service technician and this is a machine that has been giving me a headache.

I have turned off SR, Msconfiged, Scanned a million times with many different programs, removed tons of infections and facerolled the keyboard a few to many times.

So , now i have come here and went through your FAQ and here are the logs. Im hoping i got them all the the blood rolling out of my eyes is stopping me from finishing reading the logs.

Thank you all for your time and your help. Been a long day so please forgive anything blatent i may have missed.

Edit:
Original symptoms included:
Slow operation,
Slow browsing,
Freezing,
Coupon popups
Redirection(Hijacked)

TimW · Jul 17, 2010

It looks like the scans took care of any malware in your system. I would only suggest that you remove these items from your IE trusted zone:
O15 - Trusted Zone: *.ams-benefits.com
O15 - Trusted Zone: *.ams-services.com
O15 - Trusted Zone: *.ams-support.com
O15 - Trusted Zone: *.ams360.com
O15 - Trusted Zone: *.amsservices.com
O15 - Trusted Zone: http://www.cinfin.com
O15 - Trusted Zone: http://v11.www.msn.com
O15 - Trusted Zone: *.prevailnetwork.com
O15 - Trusted Zone: *.vertafore.com
O15 - Trusted Zone: *.webex.com
O15 - Trusted Zone: *.AMSRackley.com (HKLM)
O15 - Trusted Zone: *.AMSSetWrite.com (HKLM)
O15 - Trusted Zone: *.CLE-GATEWAY (HKLM)
O15 - Trusted Zone: *.setwrite.rnd (HKLM)
O15 - Trusted Zone: *.silverplume.com (HKLM)
as there is no need to have them there.

Also use windows explorer to find and delete:
c:\documents and settings\NetworkService\Local Settings\Application Data\megpesnih
c:\documents and settings\NetworkService\Local Settings\Application Data\cqopdyapo

Now tell me exactly what issues you are having.

Log in or Sign up

Viral machine

wolflock1010 Private E-2

Attached Files:

RRlog.txt

SASWlog.txt

hijackthis.log

MGlogs.zip

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member