Problems!~ Spyware Strike GDNUS2296.exe etc! help!

[vampcatt]

Hello... My hubby is having some major issues... he had obvious Spyware Strike issues.. we tried many programs to get rid of it.. finally he was going to erase his c drive and reformat.. well..he can't erase everything off the drive.. in these two folders :
C:\Ben\Local Settings\Temporary Internet Files\Content.IE5\NX72XSHI
C:\Ben\Local Settings\Temporary Internet Files\Content.IE5\ODQ3SD2F
there is a file called ads[1]. no extension.. no information about the file.. and you can't erase it...

He installed Windows xp onto his D drive I think it was.. and we have been working to get C emptied and get rid of this stupid virus thing.
Some of the errors he was running into while we were trying to find a program that would successfully remove the issues were:
GDNUS2296.EXE
VCodec
TrojanZlob
ncompat.tlb

ANYHOO... at this point.. he has WIndows XP resinstalled... and he can log into ICQ.. send receive messages.. even files.. BUT.. he can not load a web page for the life of him.. He uses Mozilla for 99.99% of his web browsing.. but.. anyhoo.. I had him send me his hijack this file since he can not access any pages. I will attach it to this post.. please someone help.. we dont know what to do!
'll wait for a post or something so I can get him back on the web again.. thanks !

Catt

 

[swker98]

fix
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD10612C-88E1-412B-8850-87DBC2E8A532}: NameServer = 215.150.100.1,215.150.100.2

O17 - HKLM\System\CS1\Services\Tcpip\..\{CD10612C-88E1-412B-8850-87DBC2E8A532}: NameServer = 215.150.100.1,215.150.100.2

O17 - HKLM\System\CS2\Services\Tcpip\..\{CD10612C-88E1-412B-8850-87DBC2E8A532}: NameServer = 215.150.100.1,215.150.100.2




UNLESS THEY ARE YOUR ISP

you are not runnig any anti virus i s****t you get AVG FREE

did you follow all the READ posts in the internet suctiy fourm

 

[vampcatt]

fix
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD10612C-88E1-412B-8850-87DBC2E8A532}: NameServer = 215.150.100.1,215.150.100.2

O17 - HKLM\System\CS1\Services\Tcpip\..\{CD10612C-88E1-412B-8850-87DBC2E8A532}: NameServer = 215.150.100.1,215.150.100.2

O17 - HKLM\System\CS2\Services\Tcpip\..\{CD10612C-88E1-412B-8850-87DBC2E8A532}: NameServer = 215.150.100.1,215.150.100.2




UNLESS THEY ARE YOUR ISP


you are not runnig any anti virus i s****t you get AVG FREE

did you follow all the READ posts in the internet suctiy fourm

( Those are our ISP)
He does have ANti- Virus SOftware. he just re-installed windows and everything.. and he hasnt re-installed NAV since he can not get on the web at the moment.

No.. I havent read them all I guess I better go do that.. since I'm not getting many answers in this post.
thanks

 

[howard_hopkinso]

I can see nothing in your HJT log, other than the 017 entries, which you say are from your isp.

However, I did notice that you are running a completely unpatched windows.

You should have at the very least Windows sp1, and preferably sp2 installed.

As far as your spyware strike problem. Go HERE and follow the instructions.

swker98 was absolutely correct in his diagnosis of your HJT log. He wouldn`t have been aware of the reason you had no antivirus installed, and was right to point it out.

finally he was going to erase his c drive and reformat..

Formatting the drive would automatically erase it.

Regards Howard

 

[vampcatt]

I can see nothing in your HJT log, other than the 017 entries, which you say are from your isp.

However, I did notice that you are running a completely unpatched windows.

You should have at the very least Windows sp1, and preferably sp2 installed.

As far as your spyware strike problem. Go HERE and follow the instructions.

swker98 was absolutely correct in his diagnosis of your HJT log. He wouldn`t have been aware of the reason you had no antivirus installed, and was right to point it out.



Formatting the drive would automatically erase it.

Regards Howard

Welp... we have issues with our XP .. it wont patch, says it is not a legit copy.. when i know for a fact it is.. but i have no paperwork to prove it. SO.. we're stuck with no updates.
As far as formatting.. it wont LET him format C: because of those files we can not remove. I haven't done anything with it today, I just got home.. so I'll go see if anything has changed ( I ran owida or whatever that was called.. I'll see if I can format C now.
OK.. just tried to format c: again.. it tells me that windows is unable to complete the format. Its still back to those two files above ..
the files are both called ads[1] and they are 0 kb no file associations.. doesnt open with any certain application, etc etc.. I cant delete them because windows cant "find" them to erase. Now what?

i figured out the no web page part. was a dns error. still stuck with the ads[1] problem.. will try a new floppy drive tomorrow morning... hopefully can erase the file by using a windows start up disk? thats my best idea at 3am.. so.. heh.. we'll see

 

[howard_hopkinso]

Download the Pocket killbox programme from HERE

It should allow you to delete those files.

Regards Howard