can't change background picture [CLOSED]

Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Want to ask a question, reply to a topic, or remove all advertising? It's easy, fast and free. Join today!
Spyware, virus, trojan, fake security or privacy alerts? Please start with our malware cleaning guide.

> Geeks to Go! » Security » Malware Removal - HijackThis� Logs Go Here

can't change background picture [CLOSED], who knows what else is locked

Options

orbiter7 View Member Profile	Jun 5 2008, 04:15 PM Post #1
New Member Posts: 7 OS: Windows XP SP2	Hello, I have a Dell Dimension 2400 running Windows XP SP3. (sp3 was installed after infection). I ran Malwarebytes, Superantispyware, Panda Activescan, and then updated the PC at windowsupdate.com. I also ran the Vundofix from the Removal Guides forum, which turned up nothing. The scans/updates erased most of the apparent damage, in fact the only thing I know for sure is wrong is the desktop background. I can change the color, but not the picture--I can't even scroll through choices of pictures. I will post the hijackthis log first followed by malware bytes, superantispyware, and panda. each log will be seperated with three lines of "===========" Thank You for your hard work Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:12:28 PM, on 6/5/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Verizon\McciTrayApp.exe C:\Program Files\Verizon\VSP\VerizonServicepoint.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\COMMON~1\AOL\110216~1\EE\AOLHOS~1.EXE C:\PROGRA~1\COMMON~1\AOL\110216~1\EE\AOLServiceHost.exe C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\SYSTEM32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080 O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll O2 - BHO: (no name) - {4649E15B-4B76-4807-8472-B78B2E8C8048} - C:\WINDOWS\system32\mlJywvVm.dll (file missing) O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [{93-33-3F-FB-ZN}] c:\windows\system32\dwdsrngt.exe CHD001 O4 - HKLM\..\Run: [{93-33-3F-FB-DW}] C:\windows\system32\rwwnw64d.exe DWramFF O4 - HKLM\..\Run: [winshow] "C:\WINDOWS\winshow.exe" O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN O4 - HKLM\..\Run: [troy44] C:\WINDOWS\troy44.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102161752\EE\AOLHostManager.exe O4 - HKLM\..\Run: [ELNKProxy] C:\WINDOWS\surfmonkey\smproxy.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [rifm] C:\PROGRA~1\COMMON~1\rifm\rifmm.exe O4 - HKCU\..\Run: [Qnwv] "C:\Documents and Settings\Glenn Taylor\My Documents\?racle\w?auclt.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - HKCU\..\Run: [Kxf] C:\WINDOWS\T?sks\s?anregw.exe O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [Aida] "C:\WINDOWS\WNSXS~1\fast.exe" -vt ndrv O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?c7b412020e6249c1b9631ea41fc7011a O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?c7b412020e6249c1b9631ea41fc7011a O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...81/mcinsctl.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: wvUkIcYQ - wvUkIcYQ.dll (file missing) O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe O23 - Service: Radialpoint Unicorn Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Verizon\PC Security Checkup\rpsupdaterR.exe -- End of file - 9841 bytes ============================================================================= ============================================================================= ============================================================================= Malwarebytes' Anti-Malware 1.14 Database version: 826 7:34:29 AM 6/5/2008 mbam-log-6-5-2008 (07-34-29).txt Scan type: Quick Scan Objects scanned: 37024 Time elapsed: 5 minute(s), 55 second(s) Memory Processes Infected: 2 Memory Modules Infected: 0 Registry Keys Infected: 36 Registry Values Infected: 16 Registry Data Items Infected: 1 Folders Infected: 18 Files Infected: 107 Memory Processes Infected: C:\Program Files\Vcsron\Vcsron.exe (Adware.Agent) -> Unloaded process successfully. C:\WINDOWS\SYSTEM32\ctfmona.exe (Trojan.Downloader) -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\AppID\{ff46f4ab-a85f-487e-b399-3f191ac0fe23} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\testcpv6.bho (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\testcpv6.bho.1 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\dbreg.dbar (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\dbreg.dbar.1 (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9b7d013b-b2b2-4b95-91ff-b17ab22290bb} (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\dbreg.dbarbho (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\dbreg.dbarbho.1 (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{cc11617c-259e-429c-9063-7d70b8355ebd} (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc11617c-259e-429c-9063-7d70b8355ebd} (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\dbreg.dbarenabler (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\dbreg.dbarenabler.1 (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e2554085-b0bd-4f11-b252-32145d0a9257} (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{80985322-3f89-4873-9bce-9297d217ccad} (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{b7f66d09-d1e6-4a79-9743-f3579ad82ed5} (Adware.Spruce) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{4811603f-8f2d-43f9-8f2f-3fdcaa8a1b7b} (Adware.Spruce) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{ee92f989-cb72-469b-82e6-99ca303a6059} (Adware.Spruce) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{f9df827a-8fa7-48a3-b268-ca4db563ea40} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f9df827a-8fa7-48a3-b268-ca4db563ea40} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\testCPV6.DLL (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\BO1jiZmwnF2zhi (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deewoo Network Manager (Adware.Radio) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winvi (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\winvi (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\DBReg (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Spruce (Adware.Spruce) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\WinAble (Trojan.Adloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\core (Rootkit.Agent) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Vcsron (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.PurityScan) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{f9df827a-8fa7-48a3-b268-ca4db563ea40} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\WinUpdater (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\WebSUpdater (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\Wallpaper (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\OriginalWallpaper (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\ConvertedWallpaper (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\SCRNSAVE.EXE (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dbar_starter (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\24093354 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM273a00c8 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ExploreUpdSched (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\JavaCore (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ctfmona (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\.starsdoor.com (Backdoor.Bot) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: C:\WINDOWS\SYSTEM32\b1 (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Program Files\WinAble (Trojan.Adloader) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Rabio\Search Enhancer (Adware.SearchEnhancer) -> Quarantined and deleted successfully. C:\Program Files\Helper (Adware.BHO) -> Quarantined and deleted successfully. C:\Program Files\dbar (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\dbar\Cache (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\winvi (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\winvi\icons (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\winvi\temp (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Rabio (Adware.Rabio) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\polX (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\GUI2 (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\binR (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\3036a (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully. C:\Documents and Settings\Glenn Taylor\Application Data\Deskbar_{C74F9078-24F0-416f-A9BD-35B08ABED4FF} (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Documents and Settings\Glenn Taylor\Application Data\Deskbar_{C74F9078-24F0-416f-A9BD-35B08ABED4FF}\Cache (Adware.SoftMate) -> Quarantined and deleted successfully. Files Infected: C:\Program Files\Vcsron\Vcsron.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\components\srff.dll (Adware.SurfAccuracy) -> Quarantined and deleted successfully. C:\Program Files\folder.js (Adware.TTC) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\0.7062189.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\blackster.scr (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\ctfmonb.bmp (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\b152.exe (Trojan.Insider) -> Quarantined and deleted successfully. C:\WINDOWS\b155.exe (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\b156.exe (Adware.Insider) -> Quarantined and deleted successfully. C:\WINDOWS\b157.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\b999.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\mrofinu572.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Glenn Taylor\Local Settings\Temp\.tt11.tmp (Rogue.AdvancedXPDefender) -> Delete on reboot. C:\Documents and Settings\Glenn Taylor\Local Settings\Temporary Internet Files\Content.IE5\CD69EDWP\kb713501[1] (Trojan.LowZones) -> Quarantined and deleted successfully. C:\Program Files\dbar\basis.xml (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\dbar\channel.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\dbar\content.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\dbar\date.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\dbar\dbaruninst.exe (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\dbar\deskbar.crc (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\dbar\deskbar.inf (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\dbar\edit_rss.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\dbar\local.xml (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\dbar\nav1.bmp (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\dbar\nav2.bmp (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\dbar\new_alert.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\dbar\version.ini (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\dbar\version.txt (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\winvi\Uninst.exe (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\winvi\version.ini (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\winvi\icons\bufferthis.ico (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\winvi\icons\flashfunpages.ico (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\winvi\icons\funnies.ico (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\winvi\icons\funnyfunpages.ico (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\winvi\icons\goodcleanvideos.ico (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\winvi\icons\newfunpages.ico (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\winvi\icons\positivethoughts.ico (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\winvi\icons\removespyware.ico (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\winvi\icons\thissiterocks.ico (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\winvi\temp\version.ini (Adware.SoftMate) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\polX\roEbdll2.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\GUI2\FI-dt4x.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully. C:\Documents and Settings\Glenn Taylor\Application Data\Deskbar_{C74F9078-24F0-416f-A9BD-35B08ABED4FF}\local.xml (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Documents and Settings\Glenn Taylor\Application Data\Deskbar_{C74F9078-24F0-416f-A9BD-35B08ABED4FF}\log.txt (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Documents and Settings\Glenn Taylor\Application Data\Deskbar_{C74F9078-24F0-416f-A9BD-35B08ABED4FF}\version.ini (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Documents and Settings\Glenn Taylor\Application Data\Deskbar_{C74F9078-24F0-416f-A9BD-35B08ABED4FF}\Cache\d6e9bb027c32ce9950910af1fce37bb9.xml (Adware.SoftMate) -> Quarantined and deleted successfully. C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\winpfz33.sys (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully. C:\Program Files\page.html (Malware.Trace) -> Quarantined and deleted successfully. C:\Program Files\Del.js (Malware.Trace) -> Quarantined and deleted successfully. C:\Program Files\func.js (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\ctfmona.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\din.ip (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\blank.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\box_2.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\button_buynow.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\button_freescan.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\cell_bg.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\cell_footer.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\cell_header_block.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\cell_header_remove.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\cell_header_scan.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\detect.htm (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\download_btn.jpg (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\download_now_btn.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\footer_back.jpg (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\header_1.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\header_2.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\header_3.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\header_4.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\header_red_bg.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\header_red_free_scan.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\header_red_free_scan_bg.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\header_red_protect_your_pc.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\infected.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\main_back.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\product_2_header.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\product_2_name_small.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\product_features.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\pt.htm (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\rating.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\s_detect.htm (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\screenshot.jpg (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\sep_hor.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\sep_vert.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\shadow.jpg (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\shadow_bg.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\spacer.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\star.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\star_gray.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\star_gray_small.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\star_small.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\style.css (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\v.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\warning_icon.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\win_logo.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\x.gif (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\dpqaqlqx.bin (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\jpewocmz.ini (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\Glenn Taylor\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Glenn Taylor\Start Menu\Programs\Startup\Think-Adz.lnk (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\Glenn Taylor\Start Menu\Programs\Startup\TA_Start.lnk (Malware.Trace) -> Quarantined and deleted successfully. ================================================================================ ================================================================================ ================================================================================ = SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 06/05/2008 at 08:31 AM Application Version : 3.9.1008 Core Rules Database Version : 3474 Trace Rules Database Version: 1465 Scan type : Complete Scan Total Scan Time : 00:50:34 Memory items scanned : 404 Memory threats detected : 0 Registry items scanned : 5699 Registry threats detected : 2 File items scanned : 49230 File threats detected : 35 Adware.Tracking Cookie C:\Documents and Settings\Glenn Taylor\cookies\glenn taylor@questionmarket[2].txt C:\Documents and Settings\Glenn Taylor\cookies\glenn taylor@media6degrees[1].txt C:\Documents and Settings\Glenn Taylor\cookies\glenn taylor@ads.addynamix[1].txt C:\Documents and Settings\Glenn Taylor\cookies\glenn taylor@mediaplex[1].txt C:\Documents and Settings\Glenn Taylor\cookies\glenn taylor@54528310[2].txt C:\Documents and Settings\Glenn Taylor\cookies\glenn taylor@tribalfusion[2].txt C:\Documents and Settings\Glenn Taylor\cookies\glenn taylor@ad.yieldmanager[1].txt C:\Documents and Settings\Glenn Taylor\cookies\glenn taylor@angleinteractive.directtrack[2].txt C:\Documents and Settings\Glenn Taylor\cookies\glenn taylor@server.iad.liveperson[1].txt C:\Documents and Settings\Glenn Taylor\cookies\glenn taylor@atdmt[2].txt C:\Documents and Settings\Glenn Taylor\cookies\glenn taylor@directtrack[1].txt C:\Documents and Settings\Glenn Taylor\cookies\glenn taylor@tacoda[1].txt C:\Documents and Settings\Glenn Taylor\cookies\glenn taylor@gadget[2].txt C:\Documents and Settings\Glenn Taylor\cookies\glenn taylor@interclick[1].txt C:\Documents and Settings\Glenn Taylor\cookies\glenn taylor@advertising[1].txt C:\Documents and Settings\Glenn Taylor\cookies\glenn taylor@ads.pointroll[2].txt C:\Documents and Settings\Glenn Taylor\cookies\glenn taylor@doubleclick[2].txt C:\Documents and Settings\Glenn Taylor\cookies\glenn taylor@statcounter[1].txt C:\Documents and Settings\Glenn Taylor\cookies\glenn taylor@trafficmp[2].txt Adware.SpeedRunner HKU\S-1-5-21-2778926507-3778330970-4205548030-1007\Software\Microsoft\Windows\CurrentVersion\Run#SpeedRunner [ C:\Documents and Settings\Glenn Taylor\Application Data\SpeedRunner\SpeedRunner.exe ] HKU\S-1-5-21-2778926507-3778330970-4205548030-1007\Software\Microsoft\Windows\CurrentVersion\Run#SfKg6wIP [ C:\Documents and Settings\Glenn Taylor\Application Data\Microsoft\Windows\aowfergf.exe ] C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1372\A0074188.EXE Adware.Vundo Variant C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1372\A0074180.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1372\A0074181.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1372\A0074199.DLL Trojan.Unknown Origin C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1372\A0074182.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1372\A0074183.EXE Trojan.Dropper/Gen-Packed C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1372\A0074189.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1372\A0074190.EXE Trojan.Unclassified/BrowserDriver C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1372\A0074191.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1372\A0074192.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1372\A0074193.EXE Adware.DeeWoo/ThinkAdz C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1372\A0074194.EXE Trojan.Rootkit-TnCore C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1372\A0077203.SYS Trace.Known Threat Sources C:\Documents and Settings\Glenn Taylor\Local Settings\Temporary Internet Files\Content.IE5\EZG7492X\l.s.bg1z[1].gif C:\Documents and Settings\Glenn Taylor\Local Settings\Temporary Internet Files\Content.IE5\6B8R8ZQR\l.s.bg2z[1].gif C:\Documents and Settings\Glenn Taylor\Local Settings\Temporary Internet Files\Content.IE5\IVQ98BUX\indexsz[1].htm ========================================================================== ========================================================================== ========================================================================== ;**************************************************************************** ***************************************************************************** *************** ANALYSIS: 2008-06-05 10:46:31 PROTECTIONS: 0 MALWARE: 28 SUSPECTS: 0 ;*************************************************************************** ***************************************************************************** ***************** PROTECTIONS Description Version Active Updated ;=============================================================================== ================================================================================= =================== ;=============================================================================== ================================================================================= =================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=============================================================================== ================================================================================= =================== 00047660 adware/sqwire Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\tsa 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Glenn Taylor\Application Data\Mozilla\Firefox\Profiles\wot2asjq.default\cookies.txt[.trafficmp.com/] 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Glenn Taylor\Application Data\Mozilla\Firefox\Profiles\wot2asjq.default\cookies.txt[.trafficmp.com/] 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Glenn Taylor\Application Data\Mozilla\Firefox\Profiles\wot2asjq.default\cookies.txt[.trafficmp.com/] 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Glenn Taylor\Application Data\Mozilla\Firefox\Profiles\wot2asjq.default\cookies.txt[.trafficmp.com/] 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Glenn Taylor\Application Data\Mozilla\Firefox\Profiles\wot2asjq.default\cookies.txt[.trafficmp.com/] 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Glenn Taylor\Cookies\glenn taylor@doubleclick[1].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Glenn Taylor\Application Data\Mozilla\Firefox\Profiles\wot2asjq.default\cookies.txt[.doubleclick.net/] 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Glenn Taylor\Application Data\Mozilla\Firefox\Profiles\wot2asjq.default\cookies.txt[.247realmedia.com/] 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Glenn Taylor\Application Data\Mozilla\Firefox\Profiles\wot2asjq.default\cookies.txt[.fastclick.net/] 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Glenn Taylor\Application Data\Mozilla\Firefox\Profiles\wot2asjq.default\cookies.txt[.fastclick.net/] 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Glenn Taylor\Application Data\Mozilla\Firefox\Profiles\wot2asjq.default\cookies.txt[.fastclick.net/] 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Glenn Taylor\Application Data\Mozilla\Firefox\Profiles\wot2asjq.default\cookies.txt[.tribalfusion.com/] 00157562 Adware/Naupoint Adware No 0 Yes No C:\WINDOWS\Downloaded Program Files\vzbb.dll 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Glenn Taylor\Application Data\Mozilla\Firefox\Profiles\wot2asjq.default\cookies.txt[.com.com/] 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Glenn Taylor\Application Data\Mozilla\Firefox\Profiles\wot2asjq.default\cookies.txt[.com.com/] 00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Glenn Taylor\Application Data\Mozilla\Firefox\Profiles\wot2asjq.default\cookies.txt[.azjmp.com/] 00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Glenn Taylor\Application Data\Mozilla\Firefox\Profiles\wot2asjq.default\cookies.txt[.azjmp.com/] 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Glenn Taylor\Application Data\Mozilla\Firefox\Profiles\wot2asjq.default\cookies.txt[.statcounter.com/] 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Glenn Taylor\Application Data\Mozilla\Firefox\Profiles\wot2asjq.default\cookies.txt[.statcounter.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Glenn Taylor\Application Data\Mozilla\Firefox\Profiles\wot2asjq.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Glenn Taylor\Application Data\Mozilla\Firefox\Profiles\wot2asjq.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Glenn Taylor\Application Data\Mozilla\Firefox\Profiles\wot2asjq.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Glenn Taylor\Application Data\Mozilla\Firefox\Profiles\wot2asjq.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Glenn Taylor\Application Data\Mozilla\Firefox\Profiles\wot2asjq.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Glenn Taylor\Application Data\Mozilla\Firefox\Profiles\wot2asjq.default\cookies.txt[ad.yieldmanager.com/] 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Glenn Taylor\Application Data\Mozilla\Firefox\Profiles\wot2asjq.default\cookies.txt[.apmebf.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Glenn Taylor\Application Data\Mozilla\Firefox\Profiles\wot2asjq.default\cookies.txt[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Glenn Taylor\Application Data\Mozilla\Firefox\Profiles\wot2asjq.default\cookies.txt[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Glenn Taylor\Application Data\Mozilla\Firefox\Profiles\wot2asjq.default\cookies.txt[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Glenn Taylor\Application Data\Mozilla\Firefox\Profiles\wot2asjq.default\cookies.txt[.advertising.com/] 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Glenn Taylor\Application Data\Mozilla\Firefox\Profiles\wot2asjq.default\cookies.txt[.realmedia.com/] 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Glenn Taylor\Application Data\Mozilla\Firefox\Profiles\wot2asjq.default\cookies.txt[.realmedia.com/] 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Glenn Taylor\Application Data\Mozilla\Firefox\Profiles\wot2asjq.default\cookies.txt[.realmedia.com/] 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Glenn Taylor\Application Data\Mozilla\Firefox\Profiles\wot2asjq.default\cookies.txt[.realmedia.com/] 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Glenn Taylor\Application Data\Mozilla\Firefox\Profiles\wot2asjq.default\cookies.txt[.realmedia.com/] 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Glenn Taylor\Application Data\Mozilla\Firefox\Profiles\wot2asjq.default\cookies.txt[.questionmarket.com/] 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Glenn Taylor\Application Data\Mozilla\Firefox\Profiles\wot2asjq.default\cookies.txt[.questionmarket.com/] 00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Glenn Taylor\Application Data\Mozilla\Firefox\Profiles\wot2asjq.default\cookies.txt[.zedo.com/] 00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Glenn Taylor\Application Data\Mozilla\Firefox\Profiles\wot2asjq.default\cookies.txt[.zedo.com/] 00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Glenn Taylor\Application Data\Mozilla\Firefox\Profiles\wot2asjq.default\cookies.txt[.zedo.com/] 00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Glenn Taylor\Application Data\Mozilla\Firefox\Profiles\wot2asjq.default\cookies.txt[.zedo.com/] 00332832 Adware/DollarRevenue Adware No 1 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1366\A0069904.dll 02688464 Adware/DnsInsider Adware No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1366\A0069915.exe 02888175 Adware/Zenosearch Adware No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1366\A0069911.dll 02896112 Adware/Yazzle Adware No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1366\A0069916.exe 02898733 Trj/Downloader.SLD Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1372\A0074195.exe 02909454 Adware/Insider Adware No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1372\A0074184.exe 02930830 Adware/Maxifiles Adware No 1 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1372\A0074185.exe 02945143 Trj/Downloader.TMZ Virus/Trojan No 0 Yes No C:\WINDOWS\SYSTEM32\sfig\khnidnm.exe 02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\WINDOWS\SYSTEM32\gbnktfvu.exe 02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\WINDOWS\SYSTEM32\ytwxatvr.exe 02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\WINDOWS\SYSTEM32\rntpktyq.exe 02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\WINDOWS\SYSTEM32\gxfisivi.exe 02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\Documents and Settings\Glenn Taylor\Local Settings\Temporary Internet Files\Content.IE5\IVQ98BUX\yaypalassamosvala[1] 02970825 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1365\A0069861.exe 02970825 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1365\A0069790.exe 02970825 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1365\A0069791.exe 02970825 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1365\A0069792.exe 02976695 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1374\A0078231.exe 02976695 Generic Malware Virus/Trojan No 0 Yes No C:\Documents and Settings\Glenn Taylor\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.54643 02990293 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\wcwdixte.exe ;=============================================================================== ================================================================================= =================== SUSPECTS Sent Location W ;=============================================================================== ================================================================================= =================== ;=============================================================================== ================================================================================= =================== VULNERABILITIES Id Severity Description W ;=============================================================================== ================================================================================= =================== ;=============================================================================== ================================================================================= ===================

Rorschach112 View Member Profile	Jun 16 2008, 08:38 AM Post #2
GeekU Teacher Posts: 21,845 From: Dublin OS: XP	Hello Please download Deckard's System Scanner (DSS) and save it to your Desktop. Close all other windows before proceeding. Double-click on dss.exe and follow the prompts. If your anti-virus or firewall complains, please allow this script to run as it is not malicious. When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply. Please do an online scan with Kaspersky WebScanner Click on Kaspersky Online Scanner and click Accept You will be prompted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make that the following are selected: Scan using the following Anti-Virus database: Extended (if available otherwise Standard) Scan Options: Scan Archives Scan Mail Bases Click OK Now under select a target to scan: Select My Computer This will program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button: Save the file to your desktop. Copy and paste that information in your next post.

Rorschach112

Jun 20 2008, 04:50 PM

Post #3