privacy protection virus

Started by hiosilver, Aug 25 2008 04:18 PM

This topic is locked

15 replies to this topic

#1 OFFLINE hiosilver

Newbie

Members
8 posts

Posted 25 August 2008 - 04:18 PM

hello,
I was browsing google for a possible solution on how to fix this problem without having to reformat my harddrive and saw a thread similar to this one in that we have the same virus problem. but when i tried to follow the steps, I still ended up having issues with this virus.

one major problem is that i lost my ability to maintain a administrative profile on my computer. though I'm using an admin profile, I can't access task manager, I can't edit my registry, more or less I can't do anything. and I'm getting frustrated with this, and I would really not like to reformat if I don't have to.

I'm currently running another scan, but technically I can't do anything until i fix the admin situation first. any help would be greatly appreciated.

thank you!

from a HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:57: VIRUS ALERT!, on 8/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Common Files\AOL\1149740581\ee\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://free.avg.com/ww.virbase-appf8
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb124\Dealio.dll (file missing)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: QXK Olive - {E350B1C6-A8DC-4EEF-90DB-61DCAE9D1B67} - C:\WINDOWS\rodqgpvlkoa.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: qalkfxor - {18C388BB-5014-4906-AE38-E62BA5AA7387} - C:\WINDOWS\qalkfxor.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1149740581\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?98fb2ef24f6842488737ab0291f03c14
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?98fb2ef24f6842488737ab0291f03c14
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6} - http://pak06.pictures.aol.com/ygp/aol/plug...US.9.1.6.20.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O21 - SSODL: pdoskegl - {064EF5AB-C50F-4425-8C8D-9E2C705DFDAC} - C:\WINDOWS\pdoskegl.dll
O21 - SSODL: rqbmvpso - {E39AB196-4AFA-45CB-A2B8-379A815F31AC} - C:\WINDOWS\rqbmvpso.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 11200 bytes

#2 OFFLINE rridgely

I hate computers

Moderators
8,858 posts

Gender:Male

Posted 26 August 2008 - 02:27 AM

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

#3 OFFLINE hiosilver

Newbie

Members
8 posts

Posted 01 September 2008 - 06:46 PM

thank you for your help!

okay, ran SDfix, the report looks like this:

SDFix: Version 1.220
Run by owner on 09/01/2008 Mon at 01:59 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\Documents and Settings\owner\Desktop\SDFix

Checking Services :

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\WINDOWS\EDOT.EXE - Deleted
C:\WINDOWS\privacy_danger\index.htm - Deleted
C:\WINDOWS\privacy_danger\images\capt.gif - Deleted
C:\WINDOWS\privacy_danger\images\danger.jpg - Deleted
C:\WINDOWS\privacy_danger\images\down.gif - Deleted
C:\WINDOWS\privacy_danger\images\spacer.gif - Deleted
C:\Program Files\Insider\UnInstall.exe - Deleted
C:\Program Files\Microsoft Security Adviser\msavsc.exe - Deleted
C:\Program Files\Microsoft Security Adviser\msctrl.exe - Deleted
C:\Program Files\Microsoft Security Adviser\msfw.exe - Deleted
C:\Program Files\Microsoft Security Adviser\msiemon.exe - Deleted
C:\Program Files\Microsoft Security Adviser\mssadv.exe - Deleted
C:\Program Files\Microsoft Security Adviser\msscan.exe - Deleted
C:\Program Files\Temporary\InsiDERInst.exe - Deleted
C:\Program Files\VAV\vav.cpl - Deleted
C:\Program Files\VAV\vav0.dat - Deleted
C:\Program Files\VAV\vav1.dat - Deleted
C:\Program Files\XPSecurityCenter\htmlayout.dll - Deleted
C:\Program Files\XPSecurityCenter\install.exe - Deleted
C:\Program Files\XPSecurityCenter\pthreadVC2.dll - Deleted
C:\Program Files\XPSecurityCenter\un.ico - Deleted
C:\Program Files\XPSecurityCenter\unzip32.dll - Deleted
C:\Program Files\XPSecurityCenter\wscui.cpl - Deleted
C:\Program Files\XPSecurityCenter\data\daily.cvd - Deleted
C:\Program Files\XPSecurityCenter\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest - Deleted
C:\Program Files\XPSecurityCenter\Microsoft.VC80.CRT\msvcm80.dll - Deleted
C:\Program Files\XPSecurityCenter\Microsoft.VC80.CRT\msvcp80.dll - Deleted
C:\Program Files\XPSecurityCenter\Microsoft.VC80.CRT\msvcr80.dll - Deleted
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe - Deleted
C:\DOCUME~1\owner\LOCALS~1\Temp\bindsrv2.exe.bat - Deleted
C:\DOCUME~1\owner\LOCALS~1\Temp\lwpwer.exe.bat - Deleted
C:\DOCUME~1\owner\LOCALS~1\Temp\scksexde.exe.bat - Deleted
C:\DOCUME~1\owner\LOCALS~1\Temp\sfsrv.exe.bat - Deleted
C:\WINDOWS\b103.exe - Deleted
C:\WINDOWS\b104.exe - Deleted
C:\WINDOWS\b116.exe - Deleted
C:\WINDOWS\b122.exe - Deleted
C:\WINDOWS\b138.exe - Deleted
C:\WINDOWS\b147.exe - Deleted
C:\WINDOWS\b149.exe - Deleted
C:\WINDOWS\b151.exe - Deleted
C:\WINDOWS\b153.exe - Deleted
C:\DOCUME~1\owner\LOCALS~1\Temp\Binaries1.zip - Deleted
C:\DOCUME~1\owner\LOCALS~1\Temp\Binaries2.zip - Deleted
C:\DOCUME~1\owner\LOCALS~1\Temp\Binaries3.zip - Deleted
C:\DOCUME~1\owner\LOCALS~1\Temp\lwpwer.exe - Deleted
C:\DOCUME~1\owner\LOCALS~1\Temp\removalfile.bat - Deleted
C:\DOCUME~1\owner\LOCALS~1\Temp\s1265.php.bat - Deleted
C:\DOCUME~1\owner\LOCALS~1\Temp\sfsrv.exe - Deleted
C:\DOCUME~1\owner\LOCALS~1\Temp\yazzsnet.exe - Deleted
C:\svchost.exe - Deleted
C:\svchost2.exe - Deleted
C:\WINDOWS\eqvwamkl.dll - Deleted
C:\WINDOWS\fdkowvbp.dll - Deleted
C:\WINDOWS\grswptdl.exe - Deleted
C:\WINDOWS\msavsc.dll - Deleted
C:\WINDOWS\msctrl.dll - Deleted
C:\WINDOWS\msfw.dll - Deleted
C:\WINDOWS\msiemon.dll - Deleted
C:\WINDOWS\mssadv.dll - Deleted
C:\WINDOWS\msscan.dll - Deleted
C:\WINDOWS\system32\_scui.cpl - Deleted
C:\WINDOWS\system32\pac.txt - Deleted
C:\WINDOWS\system32\vav.cpl - Deleted
C:\WINDOWS\system32\winivstr.exe - Deleted

Folder C:\Program Files\drmupgds - Removed
Folder C:\Program Files\InetGet2 - Removed
Folder C:\Program Files\Insider - Removed
Folder C:\Program Files\Microsoft Security Adviser - Removed
Folder C:\Program Files\Temporary - Removed
Folder C:\Program Files\VAV - Removed
Folder C:\Program Files\xInsIDE - Removed
Folder C:\Program Files\XPSecurityCenter - Removed
Folder C:\Temp\1cb - Removed
Folder C:\WINDOWS\privacy_danger - Removed

Removing Temp Files

ADS Check :

afterwards ran the Hijackthis the log looks like this.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:43:06 PM, on 9/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\conime.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\update\update.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {88FBC32A-E120-4251-B164-6348077EC07D} - C:\WINDOWS\system32\ljJBrRJY.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\ko\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Lataa FlashGetill? - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Lataa kaikki FlashGetill? - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {04670ED5-3464-4A83-BE1F-24E6FFA41928} (Einsdigital Music Web Player Control) - http://www.club5678....ctivex/p3ed.cab
O16 - DPF: {0532FBFC-108A-44B7-B5DC-4E92166B80C7} (CVersionCheck Object) - http://download.sori...BStartOrgel.CAB
O16 - DPF: {1A6B786C-9062-4B2F-BD76-AD4653FF480E} (Club5678 Update Control) - http://www.club5678....ex/ClubCtrl.cab
O16 - DPF: {3AF68A74-A438-45AB-B0DF-995CDF51AB8D} (MainCtrl Class) - http://www.bomul.com...noFD/InnoFD.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1208383557871
O16 - DPF: {6738F66E-B252-4BDB-ADA6-1A18EB2AA8EA} (QbicUpdate2 Control) - http://qbic.hanafos....icComponent.cab
O16 - DPF: {AF11AA64-87A5-4146-AF3B-A7BD0F278485} (SBStarter Control) - http://download.soribada.com/down/Soribada...227/SBStart.CAB
O16 - DPF: {CB97291A-6603-466A-AA11-80C2EB74CB10} (CoxSelfInstallAx10 Control) - https://install.cox.net/CoxSelfInstall/CoxS...InstallAx10.ocx
O16 - DPF: {E3FA6DAA-04BF-4AEF-9612-341B2B7A25FC} (Payplus Client Control) - https://pay.kcp.co.k...ile/payplus.cab
O16 - DPF: {EBAA4551-7704-4625-8C7B-628B1C6CB1C7} (P3EinsSet Class) - http://music.club567...ab/p3edinst.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: ljjkkli - ljjkkli.dll (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 7063 bytes

again, I appreciate your help.

#4 OFFLINE rridgely

I hate computers

Moderators
8,858 posts

Gender:Male

Posted 02 September 2008 - 11:42 PM

Please reboot your system and then create a new hijackthis log. Post that log here.

#5 OFFLINE hiosilver

Newbie

Members
8 posts

Posted 03 September 2008 - 04:30 PM

after reboot:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:28:57 PM, on 9/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Winamp\Winampa.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: ÆE¾÷Aº ¾ßEA! Aø¹U·I A÷´UCI¼¼¿a. - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {88FBC32A-E120-4251-B164-6348077EC07D} - C:\WINDOWS\system32\ljJBrRJY.dll (file missing)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\ko\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: ÆE¾÷Aº ¾ßEA! Aø¹U·I A÷´UCI¼¼¿a. - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Lataa FlashGetill? - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Lataa kaikki FlashGetill? - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {04670ED5-3464-4A83-BE1F-24E6FFA41928} (Einsdigital Music Web Player Control) - http://www.club5678....ctivex/p3ed.cab
O16 - DPF: {0532FBFC-108A-44B7-B5DC-4E92166B80C7} (CVersionCheck Object) - http://download.sori...BStartOrgel.CAB
O16 - DPF: {1A6B786C-9062-4B2F-BD76-AD4653FF480E} (Club5678 Update Control) - http://www.club5678....ex/ClubCtrl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3AF68A74-A438-45AB-B0DF-995CDF51AB8D} (MainCtrl Class) - http://www.bomul.com...noFD/InnoFD.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1208383557871
O16 - DPF: {6738F66E-B252-4BDB-ADA6-1A18EB2AA8EA} (QbicUpdate2 Control) - http://qbic.hanafos....icComponent.cab
O16 - DPF: {AF11AA64-87A5-4146-AF3B-A7BD0F278485} (SBStarter Control) - http://download.soribada.com/down/Soribada...227/SBStart.CAB
O16 - DPF: {CB97291A-6603-466A-AA11-80C2EB74CB10} (CoxSelfInstallAx10 Control) - https://install.cox.net/CoxSelfInstall/CoxS...InstallAx10.ocx
O16 - DPF: {E3FA6DAA-04BF-4AEF-9612-341B2B7A25FC} (Payplus Client Control) - https://pay.kcp.co.k...ile/payplus.cab
O16 - DPF: {EBAA4551-7704-4625-8C7B-628B1C6CB1C7} (P3EinsSet Class) - http://music.club567...ab/p3edinst.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: ljjkkli - ljjkkli.dll (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

--
End of file - 8067 bytes

#6 OFFLINE rridgely

I hate computers

Moderators
8,858 posts

Gender:Male

Posted 03 September 2008 - 09:01 PM

Run Kaspersky WebScanner

Please go HERE and click Kaspersky Online Scanner
Read and Accept the Agreement
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
If you see a Windows dialog asking if you want to install this software, click the Install button.
The program will launch and then begin downloading the latest definition files,
When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.
Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.
Under "Please select a target to scan:", click My Computer to start the scan.
When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.
Paste kaspersky log onto forum.

#7 OFFLINE hiosilver

Newbie

Members
8 posts

Posted 04 September 2008 - 05:14 AM

I get an error message when I try to install the Active X software, it says:

"Windows has blocked the software because it can't verify the publisher.
Name: us/
publisher: Unknown Publisher"

I tried turning off the firewall and still get the same error message. I have AVG running,
but I'm not really sure how to turn it off temporarily so that I can check to see if that's what's
causing this error.

if it doesn't make any difference, I'll run a scan with AVG and post a log of that here.

"Scan ""Scan whole computer"" was finished."
"Infections found:;""47"""
"Infected objects removed or healed:;""0"""
"Not removed or healed:;""47"""
"Spyware found:;""1"""
"Spyware removed:;""0"""
"Not removed:;""1"""
"Warnings count:;""138"""
"Information count:;""22"""
"Scan started:;""Thursday, September 04, 2008, 1:16:22 AM"""
"Scan finished:;""Thursday, September 04, 2008, 1:53:10 AM (36 minute(s) 48 second(s))"""
"Total object scanned:;""475064"""
"User who launched the scan:;""owner"""

Infections
"File;""Infection"";""Result"""
"C:\Documents and Settings\owner\Desktop\SDFix\backups\backups.zip;""Trojan horse Generic6.QZR"";""Infected"""
"C:\Documents and Settings\owner\Desktop\SDFix\backups\backups.zip:\backups\b103.exe;""Trojan horse Generic6.QZR"";""Infected"""
"C:\Documents and Settings\owner\Desktop\SDFix\backups\backups.zip:\backups\b104.exe;""Trojan horse Downloader.Generic3.SZP"";""Infected"""
"C:\Documents and Settings\owner\Desktop\SDFix\backups\backups.zip:\backups\b104.exe:\$CG\InetGet2\MTE3MTk6ODoxNg.exe;""Trojan horse Downloader.Generic3.SZP"";""Infected"""
"C:\Documents and Settings\owner\Desktop\SDFix\backups\backups.zip:\backups\b116.exe;""Trojan horse Agent.JKR"";""Infected"""
"C:\Documents and Settings\owner\Desktop\SDFix\backups\backups.zip:\backups\b122.exe;""Trojan horse Downloader.Agent.AAWB"";""Infected"""
"C:\Documents and Settings\owner\Desktop\SDFix\backups\backups.zip:\backups\b138.exe;""Trojan horse Downloader.Agent.ROW"";""Infected"""
"C:\Documents and Settings\owner\Desktop\SDFix\backups\backups.zip:\backups\b147.exe;""Trojan horse Downloader.Agent.VUL"";""Infected"""
"C:\Documents and Settings\owner\Desktop\SDFix\backups\backups.zip:\backups\b149.exe;""Trojan horse Downloader.Small.60.L"";""Infected"""
"C:\Documents and Settings\owner\Desktop\SDFix\backups\backups.zip:\backups\b151.exe;""Trojan horse Downloader.Small.60.L"";""Infected"""
"C:\Documents and Settings\owner\Desktop\SDFix\backups\backups.zip:\backups\b153.exe;""Trojan horse Downloader.Generic6.AICC"";""Infected"""
"C:\Documents and Settings\owner\Desktop\SDFix\backups\backups.zip:\backups\Binaries1.zip;""Trojan horse Generic11.BXC"";""Infected"""
"C:\Documents and Settings\owner\Desktop\SDFix\backups\backups.zip:\backups\Binaries1.zip:\XPSecurityCenter.exe;""Trojan horse Generic11.BXC"";""Infected"""
"C:\Documents and Settings\owner\Desktop\SDFix\backups\backups.zip:\backups\Binaries2.zip;""Trojan horse Agent.XZN"";""Infected"""
"C:\Documents and Settings\owner\Desktop\SDFix\backups\backups.zip:\backups\Binaries2.zip:\wscui.cpl;""Trojan horse Generic11.JVR"";""Infected"""
"C:\Documents and Settings\owner\Desktop\SDFix\backups\backups.zip:\backups\Binaries2.zip:\XPSecurityCenter.dll;""Trojan horse Agent.XZN"";""Infected"""
"C:\Documents and Settings\owner\Desktop\SDFix\backups\backups.zip:\backups\capt.gif;""Trojan horse Generic_c.HFB"";""Infected"""
"C:\Documents and Settings\owner\Desktop\SDFix\backups\backups.zip:\backups\down.gif;""Trojan horse Generic_c.HEZ"";""Infected"""
"C:\Documents and Settings\owner\Desktop\SDFix\backups\backups.zip:\backups\edot.exe;""Trojan horse Downloader.Generic7.ADZJ"";""Infected"""
"C:\Documents and Settings\owner\Desktop\SDFix\backups\backups.zip:\backups\eqvwamkl.dll;""Trojan horse Adload_r.AX"";""Infected"""
"C:\Documents and Settings\owner\Desktop\SDFix\backups\backups.zip:\backups\fdkowvbp.dll;""Trojan horse Adload_r.O"";""Infected"""
"C:\Documents and Settings\owner\Desktop\SDFix\backups\backups.zip:\backups\grswptdl.exe;""Trojan horse Adload_r.R"";""Infected"""
"C:\Documents and Settings\owner\Desktop\SDFix\backups\backups.zip:\backups\index.htm;""Trojan horse Generic_c.MFD"";""Infected"""
"C:\Documents and Settings\owner\Desktop\SDFix\backups\backups.zip:\backups\InsiDERInst.exe;""Trojan horse Agent.PWK"";""Infected"""
"C:\Documents and Settings\owner\Desktop\SDFix\backups\backups.zip:\backups\_scui.cpl;""Trojan horse Generic11.JVR"";""Infected"""
"C:\Documents and Settings\owner\Desktop\SDFix\backups\backups.zip:\backups\msavsc.dll;""Trojan horse VB.BLX"";""Infected"""
"C:\Documents and Settings\owner\Desktop\SDFix\backups\backups.zip:\backups\msavsc.exe;""Trojan horse VB.BLX"";""Infected"""
"C:\Documents and Settings\owner\Desktop\SDFix\backups\backups.zip:\backups\msctrl.dll;""Trojan horse VB.BLX"";""Infected"""
"C:\Documents and Settings\owner\Desktop\SDFix\backups\backups.zip:\backups\msctrl.exe;""Trojan horse VB.BLX"";""Infected"""
"C:\Documents and Settings\owner\Desktop\SDFix\backups\backups.zip:\backups\msfw.dll;""Trojan horse VB.BLX"";""Infected"""
"C:\Documents and Settings\owner\Desktop\SDFix\backups\backups.zip:\backups\msfw.exe;""Trojan horse VB.BLX"";""Infected"""
"C:\Documents and Settings\owner\Desktop\SDFix\backups\backups.zip:\backups\install.exe;""Trojan horse Generic11.CAW"";""Infected"""
"C:\Documents and Settings\owner\Desktop\SDFix\backups\backups.zip:\backups\msiemon.dll;""Trojan horse VB.BLX"";""Infected"""
"C:\Documents and Settings\owner\Desktop\SDFix\backups\backups.zip:\backups\msiemon.exe;""Trojan horse VB.BLX"";""Infected"""
"C:\Documents and Settings\owner\Desktop\SDFix\backups\backups.zip:\backups\mssadv.dll;""Trojan horse Clicker.KWR"";""Infected"""
"C:\Documents and Settings\owner\Desktop\SDFix\backups\backups.zip:\backups\mssadv.exe;""Trojan horse Clicker.KWR"";""Infected"""
"C:\Documents and Settings\owner\Desktop\SDFix\backups\backups.zip:\backups\msscan.dll;""Trojan horse VB.BLX"";""Infected"""
"C:\Documents and Settings\owner\Desktop\SDFix\backups\backups.zip:\backups\msscan.exe;""Trojan horse VB.BLX"";""Infected"""
"C:\Documents and Settings\owner\Desktop\SDFix\backups\backups.zip:\backups\svchost.exe;""Trojan horse Downloader.Generic7.FOO"";""Infected"""
"C:\Documents and Settings\owner\Desktop\SDFix\backups\backups.zip:\backups\svchost2.exe;""Trojan horse Downloader.Generic7.FOO"";""Infected"""
"C:\Documents and Settings\owner\Desktop\SDFix\backups\backups.zip:\backups\UnInstall.exe;""Trojan horse Downloader.Small.BOS"";""Infected"""
"C:\Documents and Settings\owner\Desktop\SDFix\backups\backups.zip:\backups\vav.cpl;""Trojan horse FakeAlert.BD"";""Infected"""
"C:\Documents and Settings\owner\Desktop\SDFix\backups\backups.zip:\backups\sfsrv.exe;""Trojan horse FakeAlert.BI"";""Infected"""
"C:\Documents and Settings\owner\Desktop\SDFix\backups\backups.zip:\backups\winivstr.exe;""Trojan horse Generic11.CAW"";""Infected"""
"C:\Documents and Settings\owner\Desktop\SDFix\backups\backups.zip:\backups\wscui.cpl;""Trojan horse Generic11.JVR"";""Infected"""
"C:\Documents and Settings\owner\Desktop\SDFix\backups\backups.zip:\backups\Yazzle1281OinAdmin.exe;""Trojan horse Generic9.ARKP"";""Infected"""
"C:\Documents and Settings\owner\Desktop\SDFix\backups\backups.zip:\backups\yazzsnet.exe;""Trojan horse Downloader.Purityscan.Y"";""Infected"""

Spyware
"File;""Infection"";""Result"""
"C:\Documents and Settings\owner\Desktop\SDFix\backups\backups.zip:\backups\b104.exe:\$JK\Services.dll;""Adware Generic.RLK"";""Potentially dangerous object"""

Warnings
"File;""Infection"";""Result"""
"C:\Documents and Settings\owner\Cookies\owner@2o7[2].txt;""Found Tracking cookie.2o7"";""Potentially dangerous object"""
"C:\Documents and Settings\owner\Cookies\owner@2o7[2].txt:\2o7.net.e7e7d917;""Found Tracking cookie.2o7"";""Potentially dangerous object"""
"C:\Documents and Settings\owner\Cookies\owner@2o7[3].txt;""Found Tracking cookie.2o7"";""Potentially dangerous object"""
"C:\Documents and Settings\owner\Cookies\owner@2o7[3].txt:\2o7.net.1aa86b19;""Found Tracking cookie.2o7"";""Potentially dangerous object"""
"C:\Documents and Settings\owner\Cookies\owner@2o7[3].txt:\2o7.net.2e1f9920;""Found Tracking cookie.2o7"";""Potentially dangerous object"""
"C:\Documents and Settings\owner\Cookies\owner@2o7[3].txt:\2o7.net.35a30809;""Found Tracking cookie.2o7"";""Potentially dangerous object"""
"C:\Documents and Settings\owner\Cookies\owner@2o7[3].txt:\2o7.net.484dbb69;""Found Tracking cookie.2o7"";""Potentially dangerous object"""
"C:\Documents and Settings\owner\Cookies\owner@advertising[1].txt;""Found Tracking cookie.Advertising"";""Potentially dangerous object"""
"C:\Documents and Settings\owner\Cookies\owner@advertising[1].txt:\advertising.com.203aa218;""Found Tracking cookie.Advertising"";""Potentially dangerous object"""
"C:\Documents and Settings\owner\Cookies\owner@advertising[1].txt:\advertising.com.1820df7a;""Found Tracking cookie.Advertising"";""Potentially dangerous object"""
"C:\Documents and Settings\owner\Cookies\owner@advertising[1].txt:\advertising.com.1dfa2206;""Found Tracking cookie.Advertising"";""Potentially dangerous object"""
"C:\Documents and Settings\owner\Cookies\owner@advertising[1].txt:\advertising.com.525a5fb9;""Found Tracking cookie.Advertising"";""Potentially dangerous object"""
"C:\Documents and Settings\owner\Cookies\owner@advertising[1].txt:\advertising.com.b624fa46;""Found Tracking cookie.Advertising"";""Potentially dangerous object"""
"C:\Documents and Settings\owner\Cookies\owner@advertising[1].txt:\advertising.com.f62113d5;""Found Tracking cookie.Advertising"";""Potentially dangerous object"""
"C:\Documents and Settings\owner\Cookies\owner@atdmt[2].txt;""Found Tracking cookie.Atdmt"";""Potentially dangerous object"""
"C:\Documents and Settings\owner\Cookies\owner@atdmt[2].txt:\atdmt.com.b3e33b5f;""Found Tracking cookie.Atdmt"";""Potentially dangerous object"""
"C:\Documents and Settings\owner\Cookies\owner@doubleclick[1].txt;""Found Tracking cookie.Doubleclick"";""Potentially dangerous object"""
"C:\Documents and Settings\owner\Cookies\owner@doubleclick[1].txt:\doubleclick.net.bf396750;""Found Tracking cookie.Doubleclick"";""Potentially dangerous object"""
"C:\Documents and Settings\owner\Cookies\owner@revsci[1].txt;""Found Tracking cookie.Revsci"";""Potentially dangerous object"""
"C:\Documents and Settings\owner\Cookies\owner@revsci[1].txt:\revsci.net.2df99d79;""Found Tracking cookie.Revsci"";""Potentially dangerous object"""
"C:\Documents and Settings\owner\Cookies\owner@revsci[1].txt:\revsci.net.44927ec;""Found Tracking cookie.Revsci"";""Potentially dangerous object"""
"C:\Documents and Settings\owner\Cookies\owner@revsci[1].txt:\revsci.net.e9dbeb91;""Found Tracking cookie.Revsci"";""Potentially dangerous object"""
"C:\Documents and Settings\owner\Cookies\owner@tacoda[2].txt;""Found Tracking cookie.Tacoda"";""Potentially dangerous object"""
"C:\Documents and Settings\owner\Cookies\owner@tacoda[2].txt:\tacoda.net.27341d57;""Found Tracking cookie.Tacoda"";""Potentially dangerous object"""
"C:\Documents and Settings\owner\Cookies\owner@tacoda[2].txt:\tacoda.net.4366831a;""Found Tracking cookie.Tacoda"";""Potentially dangerous object"""
"C:\Documents and Settings\owner\Cookies\owner@tacoda[2].txt:\tacoda.net.5935e89;""Found Tracking cookie.Tacoda"";""Potentially dangerous object"""
"C:\Documents and Settings\owner\Cookies\owner@tacoda[2].txt:\tacoda.net.c4fe2ebb;""Found Tracking cookie.Tacoda"";""Potentially dangerous object"""
"C:\Documents and Settings\owner\Cookies\owner@tacoda[2].txt:\tacoda.net.cd7ce44f;""Found Tracking cookie.Tacoda"";""Potentially dangerous object"""
"C:\Documents and Settings\owner\Cookies\owner@tacoda[2].txt:\tacoda.net.e9f57f8;""Found Tracking cookie.Tacoda"";""Potentially dangerous object"""
"C:\Documents and Settings\owner\Cookies\owner@tacoda[2].txt:\tacoda.net.ed9c50d1;""Found Tracking cookie.Tacoda"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\A4561405.CAB;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\A4561405.CAB:\NWIND.MDB_1033;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\A4561405.CAB:\NWIND.MDB_1033:\embedded.doc;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\A4561405.CAB:\NWINDCS.NDF_1033;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\E3561405.CAB;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\E3561405.CAB:\HTML.XLA;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\E3561405.CAB:\SOLVSAMP.XLS_1033;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\E4561410.CAB;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\E4561410.CAB:\ATPVBAEN.XLA_1033;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\E4561410.CAB:\EUROTOOL.XLA;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\E4561410.CAB:\FUNCRES.XLA_1033;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\E4561410.CAB:\EXPSTM.XLT_1033;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\E4561410.CAB:\INVOICE.XLT_1033;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\E4561410.CAB:\PROCDB.XLA_1033;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\E4561410.CAB:\LOOKUP.XLA_1033;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\E4561410.CAB:\SOLVER.XLA_1033;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\E4561410.CAB:\SUMIF.XLA_1033;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\M3561404.CAB;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\M3561404.CAB:\EXPTOOWS.XLA_1033;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W3561405.CAB;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W3561405.CAB:\CONTFAX.DOT_1033;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W3561405.CAB:\CONTLTR.DOT_1033;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W3561405.CAB:\CONTMEMO.DOT_1033;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W3561405.CAB:\CONTREPO.DOT_1033;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W3561405.CAB:\CONTRESU.DOT_1033;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W3561405.CAB:\ELEGFAX.DOT_1033;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W3561405.CAB:\ELEGLTR.DOT_1033;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W3561405.CAB:\ELEGMEMO.DOT_1033;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W3561405.CAB:\ELEGREPO.DOT_1033;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W3561405.CAB:\ELEGRESU.DOT_1033;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W3561405.CAB:\ENVELOPE.WIZ_1033;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W3561405.CAB:\FAX.WIZ_1033;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W3561405.CAB:\LABEL.WIZ_1033;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W3561405.CAB:\LETTER.WIZ_1033;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W3561405.CAB:\MEMO.WIZ_1033;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W3561405.CAB:\PROFFAX.DOT_1033;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W3561405.CAB:\PROFLTR.DOT_1033;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W3561405.CAB:\PROFMEMO.DOT_1033;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W3561405.CAB:\PROFREPO.DOT_1033;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W3561405.CAB:\PROFRESU.DOT_1033;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W3561405.CAB:\RESUME.WIZ_1033;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W4561405.CAB;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W4561405.CAB:\AGENDA.WIZ_1033;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W4561405.CAB:\BROCHURE.DOT_1033;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W4561405.CAB:\CALENDAR.WIZ_1033;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W4561405.CAB:\CONTMADR.DOT_1033;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W4561405.CAB:\CONTMFAX.DOT_1033;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W4561405.CAB:\CONTMLTR.DOT_1033;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W4561405.CAB:\CONVERT.WIZ_1033;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W4561405.CAB:\DIRECTRY.DOT_1033;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W4561405.CAB:\ELEGMADR.DOT_1033;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W4561405.CAB:\ELEGMFAX.DOT_1033;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W4561405.CAB:\ELEGMLTR.DOT_1033;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W4561405.CAB:\MANUAL.DOT_1033;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W4561405.CAB:\MERGELTR.DOT_1033;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W4561405.CAB:\PLEADING.WIZ_1033;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W4561405.CAB:\PLEADSUB.WIZ_1033;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W4561405.CAB:\PROFMADR.DOT_1033;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W4561405.CAB:\PROFMFAX.DOT_1033;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W4561405.CAB:\PROFMLTR.DOT_1033;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W4561405.CAB:\SUPPORT.DOT_1033;""Contains macros"";""Potentially dangerous object"""
"C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W4561405.CAB:\THESIS.DOT_1033;""Contains macros"";""Potentially dangerous object"""
"C:\Program Files\Microsoft Office\OFFICE11\1033\EXPTOOWS.XLA;""Contains macros"";""Potentially dangerous object"""
"C:\Program Files\Microsoft Office\OFFICE11\Library\Analysis\ATPVBAEN.XLA;""Contains macros"";""Potentially dangerous object"""
"C:\Program Files\Microsoft Office\OFFICE11\Library\Analysis\FUNCRES.XLA;""Contains macros"";""Potentially dangerous object"""
"C:\Program Files\Microsoft Office\OFFICE11\Library\Analysis\PROCDB.XLA;""Contains macros"";""Potentially dangerous object"""
"C:\Program Files\Microsoft Office\OFFICE11\Library\EUROTOOL.XLA;""Contains macros"";""Potentially dangerous object"""
"C:\Program Files\Microsoft Office\OFFICE11\Library\HTML.XLA;""Contains macros"";""Potentially dangerous object"""
"C:\Program Files\Microsoft Office\OFFICE11\Library\LOOKUP.XLA;""Contains macros"";""Potentially dangerous object"""
"C:\Program Files\Microsoft Office\OFFICE11\Library\SOLVER\SOLVER.XLA;""Contains macros"";""Potentially dangerous object"""
"C:\Program Files\Microsoft Office\OFFICE11\Library\SUMIF.XLA;""Contains macros"";""Potentially dangerous object"""
"C:\Program Files\Microsoft Office\OFFICE11\MACROS\SUPPORT.DOT;""Contains macros"";""Potentially dangerous object"""
"C:\Program Files\Microsoft Office\OFFICE11\SAMPLES\SOLVSAMP.XLS;""Contains macros"";""Potentially dangerous object"""
"C:\Program Files\Microsoft Office\Templates\1033\Brochure.dot;""Contains macros"";""Potentially dangerous object"""
"C:\Program Files\Microsoft Office\Templates\1033\Contemporary Fax.dot;""Contains macros"";""Potentially dangerous object"""
"C:\Program Files\Microsoft Office\Templates\1033\Contemporary Letter.dot;""Contains macros"";""Potentially dangerous object"""
"C:\Program Files\Microsoft Office\Templates\1033\Contemporary Memo.dot;""Contains macros"";""Potentially dangerous object"""
"C:\Program Files\Microsoft Office\Templates\1033\Contemporary Report.dot;""Contains macros"";""Potentially dangerous object"""
"C:\Program Files\Microsoft Office\Templates\1033\Contemporary Resume.dot;""Contains macros"";""Potentially dangerous object"""
"C:\Program Files\Microsoft Office\Templates\1033\CONTMADR.DOT;""Contains macros"";""Potentially dangerous object"""
"C:\Program Files\Microsoft Office\Templates\1033\CONTMFAX.DOT;""Contains macros"";""Potentially dangerous object"""
"C:\Program Files\Microsoft Office\Templates\1033\CONTMLTR.DOT;""Contains macros"";""Potentially dangerous object"""
"C:\Program Files\Microsoft Office\Templates\1033\Directory.dot;""Contains macros"";""Potentially dangerous object"""
"C:\Program Files\Microsoft Office\Templates\1033\Elegant Fax.dot;""Contains macros"";""Potentially dangerous object"""
"C:\Program Files\Microsoft Office\Templates\1033\Elegant Letter.dot;""Contains macros"";""Potentially dangerous object"""
"C:\Program Files\Microsoft Office\Templates\1033\Elegant Memo.dot;""Contains macros"";""Potentially dangerous object"""
"C:\Program Files\Microsoft Office\Templates\1033\Elegant Report.dot;""Contains macros"";""Potentially dangerous object"""
"C:\Program Files\Microsoft Office\Templates\1033\Elegant Resume.dot;""Contains macros"";""Potentially dangerous object"""
"C:\Program Files\Microsoft Office\Templates\1033\ELEGMADR.DOT;""Contains macros"";""Potentially dangerous object"""
"C:\Program Files\Microsoft Office\Templates\1033\ELEGMFAX.DOT;""Contains macros"";""Potentially dangerous object"""
"C:\Program Files\Microsoft Office\Templates\1033\ELEGMLTR.DOT;""Contains macros"";""Potentially dangerous object"""
"C:\Program Files\Microsoft Office\Templates\1033\ExpenseStatement.xlt;""Contains macros"";""Potentially dangerous object"""
"C:\Program Files\Microsoft Office\Templates\1033\Manual.dot;""Contains macros"";""Potentially dangerous object"""
"C:\Program Files\Microsoft Office\Templates\1033\MERGELTR.DOT;""Contains macros"";""Potentially dangerous object"""
"C:\Program Files\Microsoft Office\Templates\1033\Professional Fax.dot;""Contains macros"";""Potentially dangerous object"""
"C:\Program Files\Microsoft Office\Templates\1033\Professional Letter.dot;""Contains macros"";""Potentially dangerous object"""
"C:\Program Files\Microsoft Office\Templates\1033\Professional Memo.dot;""Contains macros"";""Potentially dangerous object"""
"C:\Program Files\Microsoft Office\Templates\1033\Professional Report.dot;""Contains macros"";""Potentially dangerous object"""
"C:\Program Files\Microsoft Office\Templates\1033\Professional Resume.dot;""Contains macros"";""Potentially dangerous object"""
"C:\Program Files\Microsoft Office\Templates\1033\PROFMADR.DOT;""Contains macros"";""Potentially dangerous object"""
"C:\Program Files\Microsoft Office\Templates\1033\PROFMFAX.DOT;""Contains macros"";""Potentially dangerous object"""
"C:\Program Files\Microsoft Office\Templates\1033\PROFMLTR.DOT;""Contains macros"";""Potentially dangerous object"""
"C:\Program Files\Microsoft Office\Templates\1033\Sales Invoice.xlt;""Contains macros"";""Potentially dangerous object"""
"C:\Program Files\Microsoft Office\Templates\1033\Thesis.dot;""Contains macros"";""Potentially dangerous object"""
"C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\ATPVBAEN.XLA_1033;""Contains macros"";""Potentially dangerous object"""
"C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\EUROTOOL.XLA;""Contains macros"";""Potentially dangerous object"""
"C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FUNCRES.XLA_1033;""Contains macros"";""Potentially dangerous object"""
"C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\SUMIF.XLA_1033;""Contains macros"";""Potentially dangerous object"""

Information
"File;""Infection"";""Result"""
"C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat;""Locked file. Not tested."";""Locked file. Not tested."""
"C:\Documents and Settings\LocalService\NTUSER.DAT;""Locked file. Not tested."";""Locked file. Not tested."""
"C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat;""Locked file. Not tested."";""Locked file. Not tested."""
"C:\Documents and Settings\NetworkService\NTUSER.DAT;""Locked file. Not tested."";""Locked file. Not tested."""
"C:\Documents and Settings\owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat;""Locked file. Not tested."";""Locked file. Not tested."""
"C:\Documents and Settings\owner\NTUSER.DAT;""Locked file. Not tested."";""Locked file. Not tested."""
"C:\pagefile.sys;""Locked file. Not tested."";""Locked file. Not tested."""
"C:\Program Files\Logitech\Desktop Messenger\8876480\Users\owner\Data\chandir.dat;""Locked file. Not tested."";""Locked file. Not tested."""
"C:\Program Files\Logitech\Desktop Messenger\8876480\Users\owner\Data\chn.dat;""Locked file. Not tested."";""Locked file. Not tested."""
"C:\Program Files\Logitech\Desktop Messenger\8876480\Users\owner\Data\prs.dat;""Locked file. Not tested."";""Locked file. Not tested."""
"C:\Program Files\Logitech\Desktop Messenger\8876480\Users\owner\Data\prs_die.dat;""Locked file. Not tested."";""Locked file. Not tested."""
"C:\Program Files\Logitech\Desktop Messenger\8876480\Users\owner\Data\prs_dnd.dat;""Locked file. Not tested."";""Locked file. Not tested."""
"C:\Program Files\Logitech\Desktop Messenger\8876480\Users\owner\Data\prs_ext.dat;""Locked file. Not tested."";""Locked file. Not tested."""
"C:\Program Files\Logitech\Desktop Messenger\8876480\Users\owner\Data\prs_rcv.dat;""Locked file. Not tested."";""Locked file. Not tested."""
"C:\Program Files\Logitech\Desktop Messenger\8876480\Users\owner\Data\storydb.dat;""Locked file. Not tested."";""Locked file. Not tested."""
"C:\System Volume Information\;""Locked file. Not tested."";""Locked file. Not tested."""
"C:\WINDOWS\system32\config\default;""Locked file. Not tested."";""Locked file. Not tested."""
"C:\WINDOWS\system32\config\SAM;""Locked file. Not tested."";""Locked file. Not tested."""
"C:\WINDOWS\system32\config\SECURITY;""Locked file. Not tested."";""Locked file. Not tested."""
"C:\WINDOWS\system32\config\software;""Locked file. Not tested."";""Locked file. Not tested."""
"C:\WINDOWS\system32\config\system;""Locked file. Not tested."";""Locked file. Not tested."""
"D:\System Volume Information\;""Locked file. Not tested."";""Locked file. Not tested."""

#8 OFFLINE rridgely

I hate computers

Moderators
8,858 posts

Gender:Male

Posted 04 September 2008 - 03:04 PM

Only thing it found was stuff that sdfix removed and put in a back up folder.
I just wanted you to run kaspersky as a secondary scan.

Run a scan with hijackthis. Check off the following:

O2 - BHO: (no name) - {88FBC32A-E120-4251-B164-6348077EC07D} - C:\WINDOWS\system32\ljJBrRJY.dll (file missing)
O20 - Winlogon Notify: ljjkkli - ljjkkli.dll (file missing)

press "fix checked" and exit hijackthis.

-----------

Download Superantispyware

Load Superantispyware and click the check for updates button.
Once the update is finished click the scan your computer button.
Check Perform Complete Scan and then next.
Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
Make sure that they all have a check next to them and press next.
Click finish and you will be taken back to the main interface.
Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
Copy and paste the log onto the forum.

#9 OFFLINE hiosilver

Newbie

Members
8 posts

Posted 04 September 2008 - 08:01 PM

okay, I ran it. after the scan, I checked all the boxes, press next and after the clean up, it asked me to reboot so I did, and then got the log.

http://www.superantispyware.com

Generated 09/04/2008 at 03:18 PM

Application Version : 4.20.1046

Core Rules Database Version : 3556
Trace Rules Database Version: 1544

Scan type : Complete Scan
Total Scan Time : 00:23:15

Memory items scanned : 397
Memory threats detected : 0
Registry items scanned : 4693
Registry threats detected : 149
File items scanned : 14722
File threats detected : 158

Adware.HotBar/ShopperReports (Low Risk)
HKLM\Software\Classes\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}
HKCR\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}
HKCR\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}
HKCR\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\InprocServer32
HKCR\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\InprocServer32#ThreadingModel
HKCR\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\ProgID
HKCR\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\TypeLib
HKCR\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\VersionIndependentProgID
HKCR\ShoppingReport.RprtCtrl.1
HKCR\ShoppingReport.RprtCtrl.1\CLSID
HKCR\ShoppingReport.RprtCtrl
HKCR\ShoppingReport.RprtCtrl\CLSID
HKCR\ShoppingReport.RprtCtrl\CurVer
HKCR\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}
HKCR\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0
HKCR\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0\0
HKCR\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0\0\win32
HKCR\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0\FLAGS
HKCR\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0\HELPDIR
C:\PROGRAM FILES\SHOPPINGREPORT\BIN\2.5.0\SHOPPINGREPORT.DLL

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{8B622322-42C2-40CC-ACEA-EF2B6E2E14CA}
HKCR\CLSID\{8B622322-42C2-40CC-ACEA-EF2B6E2E14CA}
HKCR\CLSID\{8B622322-42C2-40CC-ACEA-EF2B6E2E14CA}\InprocServer32
HKCR\CLSID\{8B622322-42C2-40CC-ACEA-EF2B6E2E14CA}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\JKHFD.DLL
HKLM\Software\Classes\CLSID\{BFC8EBAF-B326-41EA-9262-44BC44B1B449}
HKCR\CLSID\{BFC8EBAF-B326-41EA-9262-44BC44B1B449}
HKCR\CLSID\{BFC8EBAF-B326-41EA-9262-44BC44B1B449}\InprocServer32
HKCR\CLSID\{BFC8EBAF-B326-41EA-9262-44BC44B1B449}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\PMNNL.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP67\A0021759.DLL

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{98663E21-9CCE-4CF6-863C-911A9523A66F}
HKCR\CLSID\{98663E21-9CCE-4CF6-863C-911A9523A66F}
HKCR\CLSID\{98663E21-9CCE-4CF6-863C-911A9523A66F}\InprocServer32
HKCR\CLSID\{98663E21-9CCE-4CF6-863C-911A9523A66F}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\LJJKKLI.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{98663E21-9CCE-4CF6-863C-911A9523A66F}
HKCR\CLSID\{98663E21-9CCE-4CF6-863C-911A9523A66F}
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP66\A0021382.DLL

Adware.Zango/ShoppingReport
HKLM\Software\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}
HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}
HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}
HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\Implemented Categories
HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\InprocServer32
HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\InprocServer32#ThreadingModel
HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\ProgID
HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\TypeLib
HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\VersionIndependentProgID
HKCR\ShoppingReport.HbInfoBand.1
HKCR\ShoppingReport.HbInfoBand.1\CLSID
HKCR\ShoppingReport.HbInfoBand
HKCR\ShoppingReport.HbInfoBand\CLSID
HKCR\ShoppingReport.HbInfoBand\CurVer
HKU\S-1-5-21-789336058-1614895754-682003330-1003\Software\Microsoft\Internet Explorer\Explorer Bars\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}
HKCR\ShoppingReport.HbAx
HKCR\ShoppingReport.HbAx\CLSID
HKCR\ShoppingReport.HbAx\CurVer
HKCR\ShoppingReport.HbAx.1
HKCR\ShoppingReport.HbAx.1\CLSID
HKCR\ShoppingReport.IEButton
HKCR\ShoppingReport.IEButton\CLSID
HKCR\ShoppingReport.IEButton\CurVer
HKCR\ShoppingReport.IEButton.1
HKCR\ShoppingReport.IEButton.1\CLSID
HKCR\ShoppingReport.IEButtonA
HKCR\ShoppingReport.IEButtonA\CLSID
HKCR\ShoppingReport.IEButtonA\CurVer
HKCR\ShoppingReport.IEButtonA.1
HKCR\ShoppingReport.IEButtonA.1\CLSID
HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}
HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\Control
HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\Implemented Categories
HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\InprocServer32
HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\InprocServer32#ThreadingModel
HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\ProgID
HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\Programmable
HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\ToolboxBitmap32
HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\TypeLib
HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\Version
HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\VersionIndependentProgID
HKCR\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}
HKCR\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\InprocServer32
HKCR\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\InprocServer32#ThreadingModel
HKCR\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\ProgID
HKCR\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\Programmable
HKCR\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\TypeLib
HKCR\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\VersionIndependentProgID
HKCR\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}
HKCR\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\InprocServer32
HKCR\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\InprocServer32#ThreadingModel
HKCR\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\ProgID
HKCR\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\Programmable
HKCR\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\TypeLib
HKCR\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\VersionIndependentProgID
HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}
HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0
HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\0
HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\0\win32
HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\FLAGS
HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\HELPDIR
HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}
HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0
HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\0
HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\0\win32
HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\FLAGS
HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\HELPDIR
HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}
HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\ProxyStubClsid
HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\ProxyStubClsid32
HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\TypeLib
HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\TypeLib#Version
HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}
HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\ProxyStubClsid
HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\ProxyStubClsid32
HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\TypeLib
HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\TypeLib#Version
HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}
HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\ProxyStubClsid
HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\ProxyStubClsid32
HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\TypeLib
HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\TypeLib#Version
HKU\S-1-5-21-789336058-1614895754-682003330-1003\Software\ShoppingReport
HKLM\Software\ShoppingReport
HKLM\Software\ShoppingReport#affid
HKLM\Software\ShoppingReport#Version
HKLM\Software\ShoppingReport#ProductName
HKLM\Software\ShoppingReport#requestor
HKLM\Software\ShoppingReport#SG_Not_Set
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport#DisplayIcon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport#DisplayVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport#URLInfoAbout
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport#Publisher
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#Default Visible
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#ButtonText
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#HotIcon
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#Icon
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#CLSID
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#ClsidExtension
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#Default Visible
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#ButtonText
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#HotIcon
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#Icon
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#CLSID
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#ClsidExtension
C:\Program Files\ShoppingReport\Bin\2.5.0
C:\Program Files\ShoppingReport\Bin
C:\Program Files\ShoppingReport\Uninst.exe
C:\Program Files\ShoppingReport
C:\Documents and Settings\owner\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\owner\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\owner\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\owner\Application Data\ShoppingReport\cs\db
C:\Documents and Settings\owner\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\owner\Application Data\ShoppingReport\cs\dwld
C:\Documents and Settings\owner\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\owner\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\owner\Application Data\ShoppingReport\cs\report
C:\Documents and Settings\owner\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\Documents and Settings\owner\Application Data\ShoppingReport\cs\res1
C:\Documents and Settings\owner\Application Data\ShoppingReport\cs
C:\Documents and Settings\owner\Application Data\ShoppingReport

Adware.Tracking Cookie
C:\Documents and Settings\owner\Cookies\owner@adserver.club5678[2].txt
C:\Documents and Settings\owner\Cookies\owner@edge.ru4[2].txt
C:\Documents and Settings\owner\Cookies\owner@advertising[1].txt
C:\Documents and Settings\owner\Cookies\owner@tacoda[2].txt
C:\Documents and Settings\owner\Cookies\owner@2o7[3].txt
C:\Documents and Settings\owner\Cookies\owner@at.atwola[1].txt
C:\Documents and Settings\owner\Cookies\owner@revsci[1].txt
C:\Documents and Settings\owner\Cookies\owner@atdmt[2].txt
C:\Documents and Settings\owner\Cookies\owner@ar.atwola[1].txt
C:\Documents and Settings\owner\Cookies\owner@trafficmp[2].txt
C:\Documents and Settings\owner\Cookies\owner@atwola[1].txt
C:\Documents and Settings\owner\Cookies\owner@doubleclick[1].txt
C:\Documents and Settings\owner\Cookies\owner@ad.yieldmanager[2].txt
C:\Documents and Settings\owner\Cookies\owner@2o7[2].txt

Trojan.Unknown Origin
C:\WINDOWS\system32\nGpxx01
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP66\A0021452.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP66\A0021456.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP66\A0021478.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP66\A0021482.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP67\A0021785.EXE

Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\aoprndtws
HKLM\SOFTWARE\Microsoft\FCOVM
HKLM\SOFTWARE\Microsoft\RemoveRP
HKU\S-1-5-21-789336058-1614895754-682003330-1003\Software\Microsoft\rdfa
C:\WINDOWS\SYSTEM32\DFHKJ.INI2
C:\WINDOWS\SYSTEM32\LNNMP.INI2

Adware.180solutions/Seekmo
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP61\A0020448.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP61\A0020449.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP61\A0020450.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP61\A0020451.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP61\A0020452.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP61\A0020461.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP61\A0020469.DLL

Adware.180solutions/Seekmo/Zango
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP61\A0020453.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP61\A0020456.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP61\A0020457.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP61\A0020458.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP61\A0020459.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP61\A0020460.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP61\A0020462.DLL

Adware.Vundo-Variant/Small-A
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP66\A0021383.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP66\A0021384.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP67\A0021769.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP67\A0021760.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP67\A0021762.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP67\A0021763.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP67\A0021764.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP67\A0021766.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP67\A0021767.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP67\A0021768.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP67\A0021771.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP67\A0021772.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP67\A0021773.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP67\A0021777.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP67\A0021779.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP67\A0021780.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP67\A0021781.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP67\A0021783.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP67\A0021786.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP67\A0021805.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP67\A0021790.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP67\A0021791.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP67\A0021792.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP67\A0021793.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP67\A0021794.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP67\A0021796.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP67\A0021799.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP67\A0021800.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP67\A0021801.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP67\A0021802.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP67\A0021804.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP67\A0021807.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP67\A0021808.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP67\A0021809.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP67\A0021810.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP67\A0021812.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP67\A0021813.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP67\A0021814.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP67\A0021815.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP67\A0021817.DLL

Trojan.Unclassified/MSCTRL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP66\A0021437.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP66\A0021432.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP66\A0021433.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP66\A0021434.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP66\A0021435.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP66\A0021465.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP66\A0021466.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP66\A0021467.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP66\A0021468.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP66\A0021470.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP66\A0021498.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP66\A0021499.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP66\A0021500.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP66\A0021501.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP66\A0021502.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP66\A0021503.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP66\A0021504.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP66\A0021505.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP66\A0021508.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP66\A0021509.EXE

Trojan.Dropper/Gen
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP66\A0021430.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP66\A0021464.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP66\A0021491.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP66\A0021488.EXE

Trojan.Aff-YourThumbs
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP66\A0021436.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP66\A0021469.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP66\A0021507.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP66\A0021506.DLL

Rogue.Vista AntiVirus 2008/A
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP66\A0021439.CPL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP66\A0021472.CPL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP66\A0021525.CPL

Trojan.SoftCashier-Installer/A
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP66\A0021441.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP66\A0021473.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP66\A0021494.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP66\A0021526.EXE

Trojan.Unclassified/DwnLdr
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP66\A0021460.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP66\A0021461.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP66\A0021520.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP66\A0021521.EXE

Adware.Vundo-Variant/J
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP66\A0021462.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP66\A0021489.DLL

Trojan.Unclassified/GTS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP66\A0021463.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP66\A0021490.DLL

Adware.Yazzle-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP66\A0021529.EXE

Trojan.Unclassified/Hider
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP67\A0021756.DLL

Trojan.Unclassified/ZRunner
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP67\A0021757.EXE

Adware.Vundo-Variant/E
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP67\A0021770.DLL

Trojan.Unclassified/Dropper-B
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP67\A0021776.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP67\A0021788.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP67\A0021795.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP67\A0021798.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP67\A0021806.DLL

Adware.Rabio Search Enhancer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP67\A0021778.EXE

Rootkit.TNCore-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP67\A0021782.EXE

Adware.Adservs
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP67\A0021803.EXE

Rogue.MalwareAlarm-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP67\A0021819.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4EFA8CB-CBD8-4659-AC35-991D25CF7758}\RP67\A0021820.EXE

Trojan.Vundo-Variant/Small-V2
C:\WINDOWS\SYSTEM32\AQABIEII.DLL
C:\WINDOWS\SYSTEM32\UOUEIHRN.DLL

#10 OFFLINE rridgely

I hate computers

Moderators
8,858 posts

Gender:Male

Posted 04 September 2008 - 11:35 PM

Run BitDefender Online Scanner

Using internet Explorer please go HERE to run BitDefender's Online scan.
Read the terms and then click I Agree
You may receive a Security Warning about the BitDefender ActiveX control, If you do, please allow it to install.
On the scanning Options screen, Press Click Here To Scan and then follow the on screen prompts.
Once bit defender is finished scanning your computer it will automatically remove the infections. Once the removal process is finished press the close button and a dialog box will appear asking if you want to send your scan log back to the makers of bitdefender. You do not have to do this but what you do want to do is press the button that says "view log" and then copy and paste that log into notepad and save it to your desktop as bitdefender.txt.
Reboot your computer

Post the bitdefender log on the forum.

#11 OFFLINE hiosilver

Newbie

Members
8 posts

Posted 07 September 2008 - 05:08 AM

here's the bitdefender log:

BitDefender Online Scanner - Real Time Virus Report

Generated at: Sat, Sep 06, 2008 - 22:58:01

--------------------------------------------------------------------------------

Scan Info

Scanned Files
83066

Infected Files
45

Virus Detected

Adware.XpAntivirus.AO
1

Trojan.Downloader.VB.VPG
1

DeepScan:Generic.Malware.SYddld.E35211BC
2

Adware.Zango.AU
1

Trojan.Generic.323150
1

Trojan.Zlob.19400
1

Adware.Softomate.BG
1

Trojan.Generic.87900
1

Trojan.Vundo.FHX
3

Adware.Zango.SH
1

Adware.Generic.29279
1

Adware.Purityscan.JA
2

Trojan.Downloader.JKBT
1

Trojan.Downloader.VB.VNL
2

Trojan.Generic.507967
2

Trojan.Generic.322584
1

Trojan.Downloader.Agent.BHU
1

Trojan.Generic.86818
1

Trojan.FakeAlert.ACZ
1

Trojan.FakeAlert.XA
1

Trojan.Generic.401534
1

Adware.Shopper.O
1

Adware.Generic.33257
1

Trojan.Agent.VB.ARO
10

Adware.Agent.NBO
2

Trojan.Generic.350520
1

Application.Generic.9544
1

Adware.Zango.SB
1

BehavesLike:Trojan.FWDisable
1

--------------------------------------------------------------------------------

This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.

#12 OFFLINE rridgely

I hate computers

Moderators
8,858 posts

Gender:Male

Posted 08 September 2008 - 07:50 PM

Post a new hijackthis log.

#13 OFFLINE hiosilver

Newbie

Members
8 posts

Posted 10 September 2008 - 02:54 AM

new Hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53:09 PM, on 9/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Winamp\Winampa.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: ÆE¾÷Aº ¾ßEA! Aø¹U·I A÷´UCI¼¼¿a. - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\ko\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: ÆE¾÷Aº ¾ßEA! Aø¹U·I A÷´UCI¼¼¿a. - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Lataa FlashGetill? - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Lataa kaikki FlashGetill? - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {04670ED5-3464-4A83-BE1F-24E6FFA41928} (Einsdigital Music Web Player Control) - http://www.club5678....ctivex/p3ed.cab
O16 - DPF: {0532FBFC-108A-44B7-B5DC-4E92166B80C7} (CVersionCheck Object) - http://download.sori...BStartOrgel.CAB
O16 - DPF: {1A6B786C-9062-4B2F-BD76-AD4653FF480E} (Club5678 Update Control) - http://www.club5678....ex/ClubCtrl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3AF68A74-A438-45AB-B0DF-995CDF51AB8D} (MainCtrl Class) - http://www.bomul.com...noFD/InnoFD.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1208383557871
O16 - DPF: {6738F66E-B252-4BDB-ADA6-1A18EB2AA8EA} (QbicUpdate2 Control) - http://qbic.hanafos....icComponent.cab
O16 - DPF: {AF11AA64-87A5-4146-AF3B-A7BD0F278485} (SBStarter Control) - http://download.soribada.com/down/Soribada...227/SBStart.CAB
O16 - DPF: {CB97291A-6603-466A-AA11-80C2EB74CB10} (CoxSelfInstallAx10 Control) - https://install.cox.net/CoxSelfInstall/CoxS...InstallAx10.ocx
O16 - DPF: {E3FA6DAA-04BF-4AEF-9612-341B2B7A25FC} (Payplus Client Control) - https://pay.kcp.co.k...ile/payplus.cab
O16 - DPF: {EBAA4551-7704-4625-8C7B-628B1C6CB1C7} (P3EinsSet Class) - http://music.club567...ab/p3edinst.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

--
End of file - 8193 bytes

#14 OFFLINE rridgely

I hate computers

Moderators
8,858 posts

Gender:Male

Posted 11 September 2008 - 01:34 AM

That hijackthis log looks fine to me.
Is the computer still having problems?

#15 OFFLINE hiosilver

Newbie

Members
8 posts

Posted 12 September 2008 - 12:08 AM

rridgely, on Sep 10 2008, 08:34 PM, said:

That hijackthis log looks fine to me.
Is the computer still having problems?

nope. Computer is working quite fine.

thank you sir! I appreciate the help, and your patience for bearing with me, hehe.

thank you again!

#16 OFFLINE rridgely

I hate computers

Moderators
8,858 posts

Gender:Male

Posted 12 September 2008 - 01:54 AM

Glad everything is back to normal.

This topic will be locked so I that I can keep track of which topics are finished.

For some advice on how to keep this computer clean in the future, please refer to this link:

http://internetrotsyourbrain.com/rridgely/...eprevention.htm

If you need help again in the future just start a new topic.

Back to Spyware Hell