Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unknown issue relating to IE

Started by KtC Angel of Peace , Nov 06 2006 06:40 PM

  • This topic is locked This topic is locked

#1
KtC Angel of Peace
Posted 06 November 2006 - 06:40 PM

KtC Angel of Peace

    Member

  • Member
  • PipPip
  • 94 posts
Alright, hello Geeks To Go! Forum! I Have been having many small issues with my computer :whistling:. The background of everything is that this computer has seen it's fair share of viruses and of being reformatted etc. However, again the Virus's have struck again. Recently, I have encountered that every time I open Internet Explorer, two pop-up windows pop up, and then when I close, two more pop up. When I use firefox, this does not occur. When I open up Internet Explorer, I get to http://www.findthewebsiteyouneed.com/ Though this is NOT the website I have set it to, and it reverts back to such. The other issue is something that I do not understand in my control panel => Add/remove programs. When I open this up, there is a very large something in the middle. If unselected, it is a box within a box within a box within a box within a box, alternating black in the middle, then white, then black... and black on the outermost. When selected, there are eight boxes, going from the middle box out, it is orange inside of a blue inside of a white inside of a black back which is inside an orange box which is inside a blue box which is inside a white box which is inside a black box.

Have not seen anything major i.e. bluescreens, but would like to get rid of this annoyance if possible.

Here is everything that I have recorded

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:42:19 PM 11/4/2006

+ Scan result:



C:\System Volume Information\_restore{E39D788E-C32D-4234-BCFB-DF7D306185DA}\RP230\A0193408.exe -> Adware.CommAd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E39D788E-C32D-4234-BCFB-DF7D306185DA}\RP230\A0193420.dll -> Adware.CommAd : Cleaned with backup (quarantined).
HKU\S-1-5-21-73586283-484763869-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F7D40011-29BB-43EB-9C97-875CE89E9E36} -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\p2pnetworks -> Adware.MediaPipe : Cleaned with backup (quarantined).
C:\Program Files\p2pnetworks\AlConfig.xml -> Adware.MediaPipe : Cleaned with backup (quarantined).
C:\Program Files\p2pnetworks\alp2plib.log -> Adware.MediaPipe : Cleaned with backup (quarantined).
C:\Program Files\p2pnetworks\alp2plib.log.bak -> Adware.MediaPipe : Cleaned with backup (quarantined).
C:\Program Files\p2pnetworks\install.log -> Adware.MediaPipe : Cleaned with backup (quarantined).
C:\Program Files\p2pnetworks\p2pnetworks.exe -> Adware.MediaPipe : Cleaned with backup (quarantined).
C:\Program Files\p2pnetworks\sp2p.cache -> Adware.MediaPipe : Cleaned with backup (quarantined).
C:\Program Files\p2pnetworks\uninst.exe -> Adware.MediaPipe : Cleaned with backup (quarantined).
C:\Program Files\Deskbar -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\Cache -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\about.html -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\basis.xml -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\deskbar.crc -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\deskbar.inf -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\icons.bmp -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\inst.bat -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\mbback.bmp -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\mbbigopen.bmp -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\mbclose.bmp -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\mbfwd.bmp -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\mblogo.bmp -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\mbsep.bmp -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\options.html -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\softomate.gif -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\version.txt -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E39D788E-C32D-4234-BCFB-DF7D306185DA}\RP230\A0193407.dll -> Adware.Softomate : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DBTB00001.DBTB00001Deskbar -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E39D788E-C32D-4234-BCFB-DF7D306185DA}\RP230\A0193423.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\Program Files\mIRC\mirc.exe -> Backdoor.Ciadoor.13 : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E39D788E-C32D-4234-BCFB-DF7D306185DA}\RP230\A0193452.exe -> Backdoor.Rbot : Cleaned with backup (quarantined).
C:\mc44a48.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E39D788E-C32D-4234-BCFB-DF7D306185DA}\RP230\A0193425.dll -> Downloader.Agent.agw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E39D788E-C32D-4234-BCFB-DF7D306185DA}\RP230\A0193419.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E39D788E-C32D-4234-BCFB-DF7D306185DA}\RP230\A0193421.dll -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E39D788E-C32D-4234-BCFB-DF7D306185DA}\RP230\A0193422.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E39D788E-C32D-4234-BCFB-DF7D306185DA}\RP230\A0193453.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\WINDOWS\system32\gwtwdmr.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E39D788E-C32D-4234-BCFB-DF7D306185DA}\RP230\A0193405.dll -> Downloader.Small.ctp : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Local Settings\Temp\Temporary Internet Files\Content.IE5\JNTQ2NTY\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E39D788E-C32D-4234-BCFB-DF7D306185DA}\RP230\A0193406.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\Program Files\MSN\poko.html -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\Program Files\Windows NT\meheby.html -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E39D788E-C32D-4234-BCFB-DF7D306185DA}\RP230\A0193404.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Cookies\kevin [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Kevin Tran\Cookies\kevin tran@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Kevin Tran\Local Settings\Temp\Cookies\kevin tran@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Kevin Tran\Cookies\kevin [email protected][1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Kevin Tran\Cookies\kevin [email protected][2].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Kevin Tran\Cookies\kevin tran@admarketplace[2].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\Kevin Tran\Local Settings\Temp\Cookies\kevin tran@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned.
:mozilla.91:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.92:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.93:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.94:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.95:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.96:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Kevin Tran\Cookies\kevin tran@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Kevin Tran\Local Settings\Temp\Cookies\kevin tran@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.37:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.38:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Kevin Tran\Cookies\kevin [email protected][2].txt -> TrackingCookie.Adtrak : Cleaned.
:mozilla.67:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.68:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.69:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.70:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.21:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.22:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.23:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.24:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Kevin Tran\Cookies\kevin tran@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Kevin Tran\Local Settings\Temp\Cookies\kevin tran@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.164:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.97:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.119:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.120:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.121:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.122:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.25:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.175:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.73:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Kevin Tran\Cookies\kevin [email protected][1].txt -> TrackingCookie.Enhance : Cleaned.
:mozilla.153:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.110:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.111:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Kevin Tran\Cookies\kevin tran@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Kevin Tran\Cookies\kevin [email protected][2].txt -> TrackingCookie.Goclick : Cleaned.
:mozilla.74:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Kevin Tran\Local Settings\Temp\Cookies\kevin tran@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.187:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.39:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.40:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.41:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.71:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.72:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Kevin Tran\Cookies\kevin [email protected][2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Kevin Tran\Local Settings\Temp\Cookies\kevin tran@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Kevin Tran\Cookies\kevin [email protected][1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Kevin Tran\Local Settings\Temp\Cookies\kevin [email protected][1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Kevin Tran\Cookies\kevin [email protected][1].txt -> TrackingCookie.Searchingbooth : Cleaned.
C:\Documents and Settings\Kevin Tran\Cookies\kevin tran@searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned.
C:\Documents and Settings\Kevin Tran\Local Settings\Temp\Cookies\kevin [email protected][1].txt -> TrackingCookie.Searchingbooth : Cleaned.
:mozilla.154:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.155:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.156:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.157:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.158:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Kevin Tran\Cookies\kevin [email protected][2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Kevin Tran\Local Settings\Temp\Cookies\kevin [email protected][2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Kevin Tran\Cookies\kevin [email protected][1].txt -> TrackingCookie.Top-banners : Cleaned.
C:\Documents and Settings\Kevin Tran\Local Settings\Temp\Cookies\kevin [email protected][1].txt -> TrackingCookie.Top-banners : Cleaned.
:mozilla.147:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.140:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.141:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.142:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.143:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.144:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.145:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.146:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Kevin Tran\Cookies\kevin tran@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.44:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Kevin Tran\Cookies\kevin tran@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Kevin Tran\Local Settings\Temp\Cookies\kevin tran@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.87:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Kevin Tran\Cookies\kevin [email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Kevin Tran\Local Settings\Temp\Cookies\kevin [email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\System Volume Information\_restore{E39D788E-C32D-4234-BCFB-DF7D306185DA}\RP230\A0193411.dll -> Trojan.Agent.qg : Cleaned with backup (quarantined).
C:\WINDOWS\unwn.exe -> Trojan.Qoologic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E39D788E-C32D-4234-BCFB-DF7D306185DA}\RP230\A0193424.exe -> Trojan.Runner.j : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Shared\Final Fantasy VII.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Program Files\winupdates\a.tmp -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Program Files\winupdates\a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E39D788E-C32D-4234-BCFB-DF7D306185DA}\RP230\A0193450.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\-#17 MotoGP (29 10 2006) Valencia ITA1 DT Rip (DivX) (Fr33man) avi.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\.hackG.U. Terminal Disc [NTSC USC] by .hackersKite.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\10 evening avi.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\111 Cool Hand Writing Fonts.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\12 Hypnosis eBooks - (torrential.kicks-[bleep].org).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\187 Good Logos Collection.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\3001 business letters.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\90's - Collection.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\ABBYY FineReader Professional v8 0 0 706-CORE.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Advanced search.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Ali Face.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\All Kabbalah Books by Michael Laitman PhD zip.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\And Your Little Dog Too. Comedy e-book.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Audiobook - The Emerald City of Oz [Librivox].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Avatar - 217 - Lake Laogai {Cartoon Palace}.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\BC-Guitar Hero 2 PS2DVD-EMiNENT.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Battlestar Galactica S03E06 WS DSR XviD-ORENJi [eztv].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Better Homes Interior Designer Tutorials.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Billboard Top 100 Of 2005.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Britney Spears HQ Pictures.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Browse categories.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Celebrity Wallpapers.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Christmas Pop-2004-2CD-The Pirate Bay-.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Classic Superman Cartoons, Free and Legal on BitTorrent.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Coast to Coast AM Spiritual Phenomena Collection.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Complete Dummy's Guide.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Contact Us.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Copyright policy.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Crazy Taxi 3 High Roller NTSC XBOX.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\DEEP PURPLE - THE PLATINUM COLLECTION.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\David Bowie - Last Night Of Low And Heroes Tour - 12-12-1978 [DVD].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\DivX Pro Bundle v6 4 Full zip.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Doctor Who - BF009 - The Spectre of Lanyon Moor [REMIXED].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Elfen Laid Daishikin Helena Ep1 2 Uncensored.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Firefox plugin.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Goo Goo Dolls - Let Love In - (2006).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Heaven and [bleep] - what happens when you die.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Horiyoshi III 108 Heroes of the Suikoden Tattoo Flash.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\How To Develop A Perfect Memory (Dominic O'Brien) Quantum Memory Power.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\IRC chat.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Katherine Heigl 130 HQ Pictures.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Las Vegas S04E02 HDTV XviD-LOL [eztv].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Law and Order S17E07 HDTV XviD-LOL [eztv].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Learnkey - Linux+ DVD 1 iso.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Legion of Superheroes - 004 - Phantoms {C P} [Hi-Def 768x576 XviD Dolby 5 1 384Kbps AC3] avi.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Leonard Cohen - Discography.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Little Man[2006]DvDrip[Eng]-aXXo 3546774 TPB.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\MPAA’s Propaganda Contest.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Mad Magazine #459 2005 November.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Masters of Horror S02E02 HDTV XviD-442 [eztv].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Mike Tyson - Man or Machine.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Mininova's new design (beta).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Motorola Phone Tools v4.0 Full + 1CD + WEBSEED.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Need For Speed Carbon USA PS2-ECHELON.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Need For Speed Carbon USA PS2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Need for Speed Carbon Collectors Edition-Razor1911-Proper-IOAKOU.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Neverwinter Nights 2 No-DVD zip.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Neverwinter Nights 2-RELOADED-By Max Araujo.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\New layout.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Numb3rs 3x07 (HDTV-NOTV)[VTV].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Numb3rs S03E07 HDTV XviD-NoTV [eztv].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Pans Labyrinth 2006 FRENCH DVDSCR XviD-CiNEFOX ALLTEAM.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Password Cracker-Ultimate_WCcT.us.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Privacy policy.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Queen - Discography.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\RIAA Targets University.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Recover password.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Register Now.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Robin Hood S01E05 HDTV XviD-GOTHiC [eztv].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Rush USA PSP -pSyPSP.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Satellite photo of world trade centre after terrorist attacks 9-11.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Scissor Sisters-Ta-Dah(Limited 2CD)(Darkside RG).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Search Cloud.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Secrets of Street Magicians Finally Revealed.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Server Move.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Show all of today →.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Slayers Evox Auto Installer v2 7.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Steve Miller Band - The Joker [www p2p-world dl am].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Stormbreaker 2006 DVDRip XviD-NL Subs srt.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\TV Shows.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\The 30 second secret to blasting your energy levels through the roof in the morning.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\The Best And Most Expensive Fonts.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\The Da Vinci Code 2006 NTSC FRENCH DVDR-DAVINCI.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\The Da Vinci Code FRENCH DVDRIP XVID-LAST.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Ultra Lounge Collection - 25 Albums Of The Coolest Music On Earth!.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Upload a torrent.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Vanished S01E08 HDTV XviD-NoTV [eztv].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Vanished S01E08 REPACK HDTV XviD-NoTV [eztv].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Windows Media Player 11 (works without wga!!!).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\Windows Vista Wallpapers.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\XP Genuine Maker_WCcT.us.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\[AAN] Naruto 208 (Spanish).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\[Aoi-Zen] Elfen Lied Vostf DVDRIP 1-7.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\[Aoi-Zen] Elfen Lied Vostf DVDRIP 8-13 + 10.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\[Ayu] The Third - Aoi Hitomi no Shoujo - 13 [8A2DF4FF] avi.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\[Nipponsei] MAR -Marchen Awakens Romance- ED7 Single - Mou Kokoro Yuretari Shinaide [Kitahara Aiko].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\[Nipponsei] NIGHT HEAD GENESIS ED - Nemutteita Kimochi Nemutteita Kokoro [Aya Kamiki] zip.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\[Oyasumi] Welcome to the NHK! 17 [60B4DE4D] mkv.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\alex rider stormbreaker.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\battlestar galactica.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\dark messiah.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\desperate housewives.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\family guy.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\gilmore girls.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\grand atlas de l'histoire du monde Les grandes invasions.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\grey s anatomy.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\greys anatomy.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\lost s03.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\lost s03e04.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\lost s03e05.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\miami vice.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\my name is earl.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\need for speed carbon.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\need for speed.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\neverwinter nights 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\nip tuck.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\numb3rs s03e07 hr hdtv xvid-ctu [eztv].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\one tree hill.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\open season.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\prison break s02e09.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\prison break.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\pro evolution soccer 6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\saw 3 french- saw3 francais [www stormreactor com].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\saw 3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\south park.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\the departed.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\the office.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\the prestige.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Complete\tiny girl masturbating outdoor with bannana wmv.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Shared\Final Fantasy VII demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Program Files\outlook\p.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Program Files\outlook\v.tmp -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E39D788E-C32D-4234-BCFB-DF7D306185DA}\RP230\A0193451.exe -> Worm.VB.dw : Cleaned with backup (quarantined).


::Report end


Activescan

Incident Status Location

Potentially unwanted tool:Application/MediaPipe Not disinfected c:\program files\downloadmanager\mptray.exe
Adware:Adware/ActiveSearch Not disinfected C:\Program Files\Common Files\{5C092525-0578-1033-0711-020613020001}\Services.dll
Adware:Adware/ActiveSearch Not disinfected C:\Program Files\Common Files\{5C092525-0578-1033-0711-020613020001}\Update.exe
Adware:adware/dollarrevenue Not disinfected c:\windows\keyboard1.dat
Adware:adware/commad Not disinfected c:\windows\uninstall_nmon.vbs
Adware:adware/emediacodec Not disinfected c:\program files\ZipCodec
Adware:adware/qoologic Not disinfected Windows Registry
Adware:adware/ist.istbar Not disinfected Windows Registry
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Kevin Tran\Cookies\kevin tran@adrevolver[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Kevin Tran\Cookies\kevin tran@belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Kevin Tran\Cookies\kevin [email protected][2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Kevin Tran\Cookies\kevin tran@drivecleaner[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Kevin Tran\Cookies\kevin tran@realmedia[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Kevin Tran\Cookies\kevin [email protected][1].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Kevin Tran\Cookies\kevin [email protected][1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Kevin Tran\Desktop\New Folder\SmitfraudFix\Process.exe
Possible Virus. Not disinfected C:\Documents and Settings\Kevin Tran\Desktop\New Folder\SmitfraudFix\swsc.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Kevin Tran\Desktop\New Folder\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Possible Virus. Not disinfected C:\Documents and Settings\Kevin Tran\Desktop\New Folder\SmitfraudFix.zip[SmitfraudFix/swsc.exe]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Kevin Tran\Local Settings\Temp\Cookies\kevin tran@adrevolver[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Kevin Tran\Local Settings\Temp\Cookies\kevin tran@drivecleaner[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Kevin Tran\Local Settings\Temp\Cookies\kevin [email protected][2].txt
Adware:Adware/ActiveSearch Not disinfected C:\Program Files\Common Files\{3C092525-0578-1033-0711-020613020001}\888Bar.dll
Adware:Adware/ActiveSearch Not disinfected C:\Program Files\Common Files\{3C092525-0578-1033-0711-020613020001}\Activate.exe
Adware:Adware/ActiveSearch Not disinfected C:\Program Files\Common Files\{3C092525-0578-1033-0711-020613020001}\Uninst.exe
Adware:Adware/ActiveSearch Not disinfected C:\Program Files\Deskbar\__delete_on_reboot__d_e_s_k_b_a_r_._d_l_l_
Potentially unwanted tool:Application/MediaPipe Not disinfected C:\Program Files\DownloadManager\insdl.dll
Adware:Adware/Itbill Not disinfected C:\Program Files\fsupport\notifier.exe
Possible Virus. Not disinfected C:\Program Files\softnyx\Rakion\Bin\GameGuard\NPSCAN.DES
Adware:Adware/EMediaCodec Not disinfected C:\Program Files\ZipCodec\uninst.exe
Adware:Adware/CommAd Not disinfected C:\WINDOWS\S2V2aW4gVHJhbg\mZpZuqb0pJL1v0.vbs
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
Possible Virus. Not disinfected C:\WINDOWS\system32\swsc.exe


Highjacksthis
Logfile of HijackThis v1.99.1
Scan saved at 4:29:10 PM, on 11/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\X3watch\x3watch.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\kybrdff_e48.exe
C:\nwnmff_e48.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\dfndrff_e48.exe
C:\Program Files\Common Files\{5C092525-0578-1033-0711-020613020001}\Update.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Wireless LAN\WlanUtil.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\Program Files\mIRC\mirc.exe
C:\WINDOWS\system32\svchost.exe
c:\kybrdff_e49.exe
c:\dfndrff_e49.exe
c:\nwnmff_e49.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Kevin Tran\Desktop\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.fin...siteyouneed.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\vb
  • 0

Advertisements

#2
KtC Angel of Peace
Posted 06 November 2006 - 06:42 PM

KtC Angel of Peace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.fin...siteyouneed.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\vbnsr.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,gwtwdmr.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program

Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop

Search\dsWebAllow.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Jkzlbfarb Class - {754515CD-5059-4133-B6D5-3757DD84D6C0} - C:\WINDOWS\system32\s9ndzm6.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live

Toolbar\msntb.dll
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [keyboard] c:\\kybrdff_e49.exe
O4 - HKLM\..\Run: [newname] c:\\nwnmff_e49.exe
O4 - HKLM\..\Run: [ejbgrf] C:\WINDOWS\system32\frwosh.exe reg_run
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [defender] c:\\dfndrff_e49.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [bghht] C:\WINDOWS\system32\frwosh.exe reg_run
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: IEEE 802.11g USB Wireless LAN Utility.lnk = C:\Program Files\Wireless LAN\WlanUtil.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live

Toolbar\Components\en-us\msntabres.dll.mui/229?54742a2a733144de8421e143a2768240
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live

Toolbar\Components\en-us\msntabres.dll.mui/230?54742a2a733144de8421e143a2768240
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program

Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program

Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -

http://cdn2.zone.msn...ro.cab34246.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - {AE3B25B6-4C21-4038-BD35-99A05B5EF3EB} - C:\WINDOWS\system32\s9ndzm6.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware

7.5\guard.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\S2V2aW4gVHJhbg\command.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe


Uninstall list

888Bar
Ad-Aware SE Personal
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.5 Language Support
Adobe Reader 7.0.8
Adobe® Photoshop® Album Starter Edition 3.0
AOL Instant Messenger
Apple Software Update
AVG Anti-Spyware 7.5
Black and White
Command
DivX
Dungeon Siege
Electronic Arts Game Updater
Elinks
eMusic - 50 Free MP3 offer
EV Nova (remove only)
FATE from WildGames (remove only)
Form Fill (Windows Live Toolbar)
Guild Wars
GunboundWC
HijackThis 1.99.1
IC Maps Generator V2.4a (remove only)
IEEE 802.11g USB Wireless LAN Adapter
InterActual Player
InterVideo WinDVD 7
iTunes
J2SE Runtime Environment 5.0 Update 6
LimeWire 4.12.6
Macromedia Shockwave Player
Microsoft Office FrontPage 2003
Microsoft Office PowerPoint Viewer 2003
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
Microsoft Phishing Filter Add-in
mIRC
Mozilla Firefox (2.0)
MSN Music Assistant
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 Parser and SDK
MTG GamePack for Magic Workstation
Need For Speed - Porsche Unleashed
Nero 6 Ultra Edition
Network Monitor
NVIDIA Drivers
p2pnetworks
Panda ActiveScan
Plasma Pong v1.3b
QuickTime
Rakion International
Rhapsody Player Engine
Roll
Search Bar
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Septerra Core
Softnyx Launcher
Soldier of Fortune
Tabbed Browsing (Windows Live Toolbar)
Uniblue Registry Booster
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Web Nexus Network
WildTangent Web Driver
Winamp (remove only)
Windows Desktop Search
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Live Toolbar MSN Extension (Windows Live Toolbar)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
X3watch 4.7.0
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Photos Easy Upload Tool 1v7
Yahoo! Toolbar
ZipCodec 6.0

Edited by KtC Angel of Peace, 06 November 2006 - 06:50 PM.

  • 0

#3
Daemon
Posted 07 November 2006 - 07:57 AM

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
First open AVG Anti-Spyware
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • 2. Please download Brute Force Uninstaller to your desktop.[list]
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

4. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

5. IMPORTANT: Do not open any other windows or programs while AVG Anti-spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode.
6. Then, please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Behind the scriptline to execute field click the folder icon Posted Image and select alcanshorty.bfu
  • Press Execute and let it do it?s job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.
Reboot into normal windows and post the contents of the AVG Anti-Spyware text report that you saved and a new HiJackThis log.
  • 0

#4
KtC Angel of Peace
Posted 07 November 2006 - 07:56 PM

KtC Angel of Peace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
Roger Doger,

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:38:06 PM 11/7/2006

+ Scan result:



C:\System Volume Information\_restore{E39D788E-C32D-4234-BCFB-DF7D306185DA}\RP232\A0193735.dll -> Adware.CommAd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E39D788E-C32D-4234-BCFB-DF7D306185DA}\RP232\A0193736.exe -> Adware.CommAd : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{3C092525-0578-1033-0711-020613020001}\888Bar.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{5C092525-0578-1033-0711-020613020001}\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{5C092525-0578-1033-0711-020613020001}\services.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\Cache -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\about.html -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\basis.xml -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\deskbar.crc -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\deskbar.inf -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\icons.bmp -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\inst.bat -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\mbback.bmp -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\mbbigopen.bmp -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\mbclose.bmp -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\mbfwd.bmp -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\mblogo.bmp -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\mbsep.bmp -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\options.html -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\softomate.gif -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\version.txt -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E39D788E-C32D-4234-BCFB-DF7D306185DA}\RP231\A0193621.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E39D788E-C32D-4234-BCFB-DF7D306185DA}\RP232\A0193739.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\deskbar.exe -> Adware.Softomate : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A8B28872-3324-4CD2-8AA3-7D555C872D96} -> Adware.Softomate : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D7CC80D4-376C-4586-B023-4F35C2CEB28E} -> Adware.Softomate : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D8C2D4B4-EEAF-4EC4-B1F8-9B6ED15D5A38} -> Adware.Softomate : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TypeLib\{A4C8F181-6CDB-4DCC-9FC9-BB9933C81E1F} -> Adware.Softomate : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8B28872-3324-4CD2-8AA3-7D555C872D96} -> Adware.Softomate : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DBTB00001.DBTB00001Deskbar -> Adware.Softomate : Cleaned with backup (quarantined).
HKU\S-1-5-21-73586283-484763869-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A8B28872-3324-4CD2-8AA3-7D555C872D96} -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E39D788E-C32D-4234-BCFB-DF7D306185DA}\RP230\A0193462.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
C:\mc44a49.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E39D788E-C32D-4234-BCFB-DF7D306185DA}\RP231\A0193624.exe -> Downloader.Adload.ht : Cleaned with backup (quarantined).
C:\dfndrff_e48.exe -> Downloader.Adload.hw : Cleaned with backup (quarantined).
C:\kybrdff_e48.exe -> Downloader.Adload.hw : Cleaned with backup (quarantined).
C:\nwnmff_e48.exe -> Downloader.Adload.hw : Cleaned with backup (quarantined).
C:\windows.exe -> Downloader.Adload.hw : Cleaned with backup (quarantined).
C:\dfndrff_e49.exe -> Downloader.Adload.hy : Cleaned with backup (quarantined).
C:\kybrdff_e49.exe -> Downloader.Adload.hy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E39D788E-C32D-4234-BCFB-DF7D306185DA}\RP230\A0193464.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Local Settings\Temporary Internet Files\Content.IE5\FT20PEMY\MTE3NDI6ODoxNg[1].exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\MTE3NDI6ODoxNgMTE3NDI6ODoxNg.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E39D788E-C32D-4234-BCFB-DF7D306185DA}\RP232\A0193738.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin Tran\Cookies\kevin tran@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Kevin Tran\Cookies\kevin [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Kevin Tran\Cookies\kevin [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Kevin Tran\Cookies\kevin [email protected][2].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Kevin Tran\Cookies\kevin tran@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.92:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.93:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.94:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.95:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Kevin Tran\Cookies\kevin tran@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.47:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Kevin Tran\Cookies\kevin tran@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.58:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Kevin Tran\Cookies\kevin tran@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Kevin Tran\Cookies\kevin [email protected][2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Kevin Tran\Cookies\kevin tran@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.34:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Kevin Tran\Cookies\kevin tran@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.38:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Kevin Tran\Cookies\kevin tran@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Kevin Tran\Cookies\kevin [email protected][2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Kevin Tran\Cookies\kevin tran@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.22:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.25:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.26:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.77:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.78:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Kevin Tran\Cookies\kevin [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Kevin Tran\Cookies\kevin [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Kevin Tran\Cookies\kevin tran@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.35:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Kevin Tran\Cookies\kevin tran@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Kevin Tran\Cookies\kevin [email protected][2].txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.79:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Kevin Tran\Cookies\kevin [email protected][1].txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.36:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.37:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Kevin Tran\Cookies\kevin tran@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Kevin Tran\Cookies\kevin [email protected][1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Kevin Tran\Cookies\kevin [email protected][1].txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.39:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.40:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.41:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.42:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.43:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Kevin Tran\Cookies\kevin [email protected][1].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Kevin Tran\Cookies\kevin [email protected][1].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Kevin Tran\Cookies\kevin tran@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Kevin Tran\Cookies\kevin [email protected][2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Kevin Tran\Cookies\kevin tran@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Kevin Tran\Cookies\kevin tran@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.97:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Kevin Tran\Cookies\kevin tran@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.102:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.103:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Kevin Tran\Cookies\kevin [email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\System Volume Information\_restore{E39D788E-C32D-4234-BCFB-DF7D306185DA}\RP230\A0193465.exe -> Trojan.Qoologic : Cleaned with backup (quarantined).


::Report end


New Hijacksthis

Logfile of HijackThis v1.99.1
Scan saved at 5:54:20 PM, on 11/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\X3watch\x3watch.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Wireless LAN\WlanUtil.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Windows Desktop Search\wds_sl.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Kevin Tran\Desktop\HJT\Gotcha.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.fin...siteyouneed.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\vbnsr.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,gwtwdmr.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Jkzlbfarb Class - {754515CD-5059-4133-B6D5-3757DD84D6C0} - C:\WINDOWS\system32\s9ndzm6.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ejbgrf] C:\WINDOWS\system32\frwosh.exe reg_run
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [bghht] C:\WINDOWS\system32\frwosh.exe reg_run
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: IEEE 802.11g USB Wireless LAN Utility.lnk = C:\Program Files\Wireless LAN\WlanUtil.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?54742a2a733144de8421e143a2768240
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?54742a2a733144de8421e143a2768240
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - {AE3B25B6-4C21-4038-BD35-99A05B5EF3EB} - C:\WINDOWS\system32\s9ndzm6.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  • 0

#5
Daemon
Posted 08 November 2006 - 01:02 AM

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Looking better - bit more to do. Please download Qoofix by Rubber Ducky to your desktop.
  • Right click on the Qoofix folder, and choose "Extract All". Extract Qoofix to your C: drive
  • Close all windows and programs, including internet windows.
  • Go to C:\Qoofix and open the folder, then double click on Qoofix.exe
  • Click Begin Removal and wait for the scan to finish
  • If Qoofix finds an infection, select yes to restart your computer
  • You will now find a log from this tool, located at C:\Qoofix\Qoofix Logfile.txt Copy and paste the contents of that report into your next reply here with a new HJT log.

  • 0

#6
KtC Angel of Peace
Posted 08 November 2006 - 09:14 AM

KtC Angel of Peace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
Qoofix v1.03 by http://www.malwarebytes.org
Scan started on [11/8/2006] at [7:04:21 AM]
-------------------------------------------------------------
No malicious modules found!
-------------------------------------------------------------
No Qoologic infected files found!
-------------------------------------------------------------
Scan COMPLETED SUCCESSFULLY on [11/8/2006] at [7:05:21 AM]

Note: Some registry keys may have been removed.


Logfile of HijackThis v1.99.1
Scan saved at 7:12:43 AM, on 11/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\X3watch\x3watch.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Wireless LAN\WlanUtil.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe
C:\Documents and Settings\Kevin Tran\Desktop\HJT\Gotcha.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.fin...siteyouneed.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Jkzlbfarb Class - {754515CD-5059-4133-B6D5-3757DD84D6C0} - C:\WINDOWS\system32\s9ndzm6.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: IEEE 802.11g USB Wireless LAN Utility.lnk = C:\Program Files\Wireless LAN\WlanUtil.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?54742a2a733144de8421e143a2768240
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?54742a2a733144de8421e143a2768240
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - {AE3B25B6-4C21-4038-BD35-99A05B5EF3EB} - C:\WINDOWS\system32\s9ndzm6.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

There y'are
  • 0

#7
Daemon
Posted 08 November 2006 - 12:27 PM

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Getting better. Make sure that you have no browser windows open as this could prevent the fix from working properly. Open HijackThis, scan and when complete, remove the following entries by checking the box to the left and clicking 'fixed checked':

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.fin...siteyouneed.com
O2 - BHO: Jkzlbfarb Class - {754515CD-5059-4133-B6D5-3757DD84D6C0} - C:\WINDOWS\system32\s9ndzm6.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O18 - Filter: text/html - {AE3B25B6-4C21-4038-BD35-99A05B5EF3EB} - C:\WINDOWS\system32\s9ndzm6.dll

Exit HijackThis when done. Reboot, rescan with HijackThis and post a new log here.
  • 0

#8
KtC Angel of Peace
Posted 08 November 2006 - 06:03 PM

KtC Angel of Peace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
Rwar

Logfile of HijackThis v1.99.1
Scan saved at 4:02:17 PM, on 11/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\X3watch\x3watch.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Wireless LAN\WlanUtil.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Desktop Search\wds_sl.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Kevin Tran\Desktop\HJT\Rwar.exe
C:\WINDOWS\system32\wuauclt.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: IEEE 802.11g USB Wireless LAN Utility.lnk = C:\Program Files\Wireless LAN\WlanUtil.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?54742a2a733144de8421e143a2768240
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?54742a2a733144de8421e143a2768240
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  • 0

#9
Daemon
Posted 09 November 2006 - 12:26 AM

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Looks OK now - how is it running?
  • 0

#10
KtC Angel of Peace
Posted 09 November 2006 - 01:13 AM

KtC Angel of Peace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
Got rid of the pop-ups, but that weird box thingy in my add/remove programs is still there, just wondering what that would be.

if it helps

it is between the programs

Dungeon siege
BOXES
[big icon, really big]
Elinks

Alphabetically

Don't know what that is, but I can't get rid of it, it's just there.

But yeah, I.E. is working fine now :whistling:
  • 0

Advertisements

#11
Daemon
Posted 09 November 2006 - 01:44 PM

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Does it have a name? Do this:

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.
  • 0

#12
KtC Angel of Peace
Posted 09 November 2006 - 07:01 PM

KtC Angel of Peace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
888Bar
Ad-Aware SE Personal
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.5 Language Support
Adobe Reader 7.0.8
Adobe® Photoshop® Album Starter Edition 3.0
AOL Instant Messenger
Apple Software Update
AVG Anti-Spyware 7.5
Black and White
DivX
Dungeon Siege
Electronic Arts Game Updater
Elinks
eMusic - 50 Free MP3 offer
EV Nova (remove only)
FATE from WildGames (remove only)
Form Fill (Windows Live Toolbar)
Guild Wars
GunboundWC
HijackThis 1.99.1
IC Maps Generator V2.4a (remove only)
IEEE 802.11g USB Wireless LAN Adapter
InterActual Player
InterVideo WinDVD 7
iTunes
J2SE Runtime Environment 5.0 Update 6
LimeWire 4.12.6
Macromedia Shockwave Player
Microsoft Office FrontPage 2003
Microsoft Office PowerPoint Viewer 2003
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
mIRC
Mozilla Firefox (2.0)
MSN Music Assistant
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 Parser and SDK
MTG GamePack for Magic Workstation
Need For Speed - Porsche Unleashed
Nero 6 Ultra Edition
NVIDIA Drivers
OneCare Advisor (Windows Live Toolbar)
Panda ActiveScan
Plasma Pong v1.3b
QuickTime
Rakion International
Rhapsody Player Engine
Roll
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Septerra Core
Smart Menus (Windows Live Toolbar)
Softnyx Launcher
Soldier of Fortune
Tabbed Browsing (Windows Live Toolbar)
Uniblue Registry Booster
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WildTangent Web Driver
Winamp (remove only)
Windows Desktop Search
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
X3watch 4.7.0
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Photos Easy Upload Tool 1v7
Yahoo! Toolbar
ZipCodec 6.0



Electronic Arts Game Updater
name
Electronic Arts Game Updater

uninstall command
C:\WINDOWS\IsUninst.exe -f"c:\Program Files\EACom\Update\Uninst.isu"


I guess is it =/. But I don't see a name on it. I don't know how to take screen shots, but that perhaps would help?
  • 0

#13
Daemon
Posted 10 November 2006 - 12:32 AM

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
It seems like you are not alone with this:

http://www.pcreview....read-262837.php

It looks like it comes with this game: Need For Speed - Porsche Unleashed

If you want to get rid of that entry in the Add/Remove list, do this. Download RegCleaner from here:

http://www.aplusfree...RegCleaner.html

Unzip it and install it. Then start RegCleaner, go to the Uninstall Menu tab, scroll down to Electronic Arts Game Updater and put a check in the box along side it. Click uninstall and exit.

Reboot, go back into Add/Remove Programs and it should be gone. Whilst you are in there use Add/Remove to uninstall 888Bar - the first entry.
  • 0

#14
KtC Angel of Peace
Posted 10 November 2006 - 01:01 PM

KtC Angel of Peace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
Delete file: C:\Program Files\Common Files\{3C092525-0578-1033-0711-020613020001}\Uninst.exe
Could not load: C:\Program Files\Common Files\{3C092525-0578-1033-0711-020613020001}\888Bar.dll
Delete file: C:\Program Files\Common Files\{3C092525-0578-1033-0711-020613020001}\Activate.exe
Remove folder: C:\Program Files\Common Files\{3C092525-0578-1033-0711-020613020001}\
Completed

Awesome, AVG found the malware there.

Anything else you're seeing? And that huge thingy is gone :whistling:
  • 0

#15
Daemon
Posted 10 November 2006 - 01:53 PM

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
You should be good to go now - how is it running?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP