Author Topic: Bugs eating background, background changed to blue with spyware warning ... (Read 39050 times)

ComputerTired · « **on:** May 29, 2008, 10:31:57 AM »

Alright, I have a problem with a spyware infection. My screensaver seemed to change itself from the regular Windows XP sign floating around to some random bug screensaver where bugs munch on my background, and where they munch on, it turns blue.

Also, when that happens, my background COMPLETELY changes to blue, with a warning sign in the middle that is blue and yellow. It says : "Warning! Spyware detected on your computer! Install an antivirus or spyware remover to clean your computer."

Another thing is this annoying balloon/bubble [ I believe that's what they're called ] that always pops up every 2 seconds on my tray on the bottom right of the screen with the yellow warning sign with the black exclamation mark in the middle. That says : "Your computer is infected! Windows has detected spyware infection. It is recommended to use special antispyware tools to prevent data loss. Windows will now download and install the most up-to-date antispyware for you. Click here to protect your computer from spyware." I haven't purposefully clicked on the balloon, because I'm aware that it's a bogus warning that only wants me to click it to further damage my computer. However, I've accidentally clicked on it a couple times because it pops up every couple seconds and is in the way of my entire screen. When I clicked on it, it automatically downloaded this thing called INSTALLER. I would immediately then go to that program and uninstall it from my computer.

I've searched the internet for ways to remove these problems, and I found a site that said to download Malwarebytes' Anti-Malware. I did, and it seemed to be a total success. The bugs went away, the yellow and blue warning went away, and the balloon from the system tray went away. However, after two days, it would always come back.

Please help. I'll be back later with screen shots.

=)

ComputerTired · « **Reply #1 on:** May 29, 2008, 10:49:00 AM »

Here's the screenshot of blue background with warning and balloon on system tray with warning.

evilfantasy · « **Reply #2 on:** May 29, 2008, 10:49:45 AM »

Start here > http://www.computerhope.com/forum/index.php/topic,46313.0.html

We need all of the logs to see whats going on.

ComputerTired · « **Reply #3 on:** May 29, 2008, 10:57:04 AM »

When I try to go here ---> http://www.microsoft.com/windowsxp/downloads/updates/sp1/default.mspx to download it, the page won't display.

evilfantasy · « **Reply #4 on:** May 29, 2008, 10:58:48 AM »

Are you sure you don't have SP1?

ComputerTired · « **Reply #5 on:** May 29, 2008, 11:15:45 AM »

=(

I'm not even sure what it is.

evilfantasy · « **Reply #6 on:** May 29, 2008, 11:17:56 AM »

Just scroll down to the removal tools and get the logs needed.

ComputerTired · « **Reply #7 on:** May 29, 2008, 02:44:39 PM »

Alright, I did the CCleaner, and downloaded the SUPERAntiSpyware Free Edition program. During that scan, my computer had blanked out and went into this blue screen with white lettering. The first line said "A problem has been detected and Windows has been shut down to prevent damage to your computer."

I'll re-do the scan. It went as far as 2 hours and so far, I remember it said it detected 351 items.

Re-doing scan now. Logs will be up when I finish all the steps.

=)

ComputerTired · « **Reply #8 on:** May 29, 2008, 10:12:00 PM »

Here are the three log files.

With the SuperAntispyware program, when I was restarting the computer to finish the clean-up process, the reboot process had froze, so I waited about ten minutes. Nothing happened, so I turned the computer off and followed the rest of the steps with getting the log.

Thanks for the help !!

=)

[recovering space - attachment deleted by admin]

evilfantasy · « **Reply #9 on:** May 30, 2008, 07:26:11 PM »

Your computer is infected by at least one Keylogger and various Backdoor Trojans. Please read all of this carefully.

Backdoor Trojans, IRCBots and rootkits are very dangerous because they provide a means of accessing a computer system that bypasses security mechanisms and steal sensitive information like passwords, personal and financial data which they send back to the hacker. Remote attackers use Backdoor Trojans as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge.

Read this article: Danger: Remote Access Trojans.

If your computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay and forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one! If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach.

Your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because the Backdoor Trojan has been removed the computer is now secure. Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat and reinstall the OS.

When should I re-format? How should I reinstall?.
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Should you decide not to follow that advice, we will do our best to help clean the computer of any infections but we cannot guarantee it will be 100% secure afterwards or that the removal will be successful.

Should you have any questions, please feel free to ask.

If you decide to continue with the cleaning process continue with the following.

Download DrWeb CureIt & save it to your desktop.

Scan with DrWeb-CureIt as follows:

Double-click on drweb-cureit.exe and then click Start.
An Express Scan of your PC notice will appear.
Under Start the Express Scan Now Click OK to start.
- This is a short scan that will scan the files currently running in memory.
- If or when something is found, click the Yes button when it asks you if you want to cure it.
Once the short scan has finished, Click Options > Change settings
Choose the Scan tab and UNcheck Heuristic analysis and click OK
Back at the main window, select the Complete scan button.
Then click the Green Arrow Start Scanning button on the right and the scan will start.
- Click Yes to all if it asks if you want to cure/move any file(s).
When the scan is done.
In the Dr.Web CureIt menu on top left, click File and choose Save report list.
Save the DrWeb.csv report to your Desktop.
Exit Dr.Web Cureit.

Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

[/COLOR]

After reboot, Right-click the Dr.Web log on the desktop and choose Open With > Notepad
Copy and paste that log in the next reply

ComputerTired · « **Reply #10 on:** May 31, 2008, 07:15:59 AM »

During the scan, some of the stuff couldn't be cured, so I wasn't sure if I should move them or delete them.

The reboots worked soo much better. Fast and easy. I didn't get that blue screen of death.

On the scan tab, I didn't see a Hueristic analysis checkbox. There was only an Express Scan, Complete Scan, and Custom Scan.

Here's the results of the Complete Scan:

[next post]

ComputerTired · « **Reply #11 on:** May 31, 2008, 07:18:04 AM »

I added the results as an attachment, but if you want me to copy and paste the results as well, I'll do it.

[recovering space - attachment deleted by admin]

evilfantasy · « **Reply #12 on:** May 31, 2008, 12:11:57 PM »

Now run a new Hijackthis scan and post the log.

ComputerTired · « **Reply #13 on:** May 31, 2008, 02:15:49 PM »

Here's the HJT log:

[recovering space - attachment deleted by admin]

evilfantasy · « **Reply #14 on:** May 31, 2008, 06:09:27 PM »

Run the F-Secure online scan for Viruses, Spyware and RootKits:

This scanner works with Internet Explorer only

Go to the F-Secure Online Virus Scanner
Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
Allow the Active X control to be installed on your computer, then click the Accept button
Click Full System Scan and allow the components to download and the scan to complete.
If malware is found, check Submit samples to F-Secure then select Automatic cleaning
When cleaning has finished, click Show report (this will open an Internet Explorer window containing the report)
Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post

If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan

When the cleaning option is presented, Uncheck Submit samples to F-Secure
Click Automatic cleaning
When cleaning has finished, click Show report (this will open an Internet Explorer window containing the report)
Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post along with a fresh HijackThis log.

Note:

This scan will only work with Internet Explorer
You must have administrator rights to run this scan
This scan can take several hours, so please be patient

[/I]
.
----------

Now run a new Hijackthis scan and post that log also.

ComputerTired · « **Reply #15 on:** June 01, 2008, 01:20:37 AM »

I have a problem with the F-Secure Online scanner. The new window pops up, but nothing on that window will load except the input box for the language and there's no OK or CANCEL type of button thing at the bottom.

I checked to make sure that Active X was enabled by following the steps it told me to in Internet Options, but still, the page will not load.

If you want a screen shot of what I mean, I'll be sure to paste one for you.

ComputerTired · « **Reply #16 on:** June 01, 2008, 11:14:39 AM »

Here's the screenshot of the scanner:

evilfantasy · « **Reply #17 on:** June 01, 2008, 11:32:34 AM »

Let's run this instead.

Please download, update and run a-squared free

At the main menu, click Scan Now, there will be 4 options, choose Deep Scan.

* If malware is found, click the button Remove Selected Malware
* If malware is found, select all found and click Quarantine selected objects
* Click Save Report. Save the report to somewhere convenient, such as your desktop
* Add the report in your next post.

ComputerTired · « **Reply #18 on:** June 01, 2008, 04:10:25 PM »

The attachment size is too large, so I'll just copy and paste the log.

a-squared Free - Version 3.5
Last update: 6/1/2008 1:15:28 PM

Scan settings:

Objects: Memory, Traces, Cookies, C:\
Scan archives: On
Heuristics: On
ADS Scan: On

Scan start:   6/1/2008 1:16:28 PM

c:\program files\common files\slmss    detected: Trace.Directory.2ndThought
c:\windows\system32\newmsrdk    detected: Trace.Directory.AlwaysUpdateNews
c:\windows\system32\dealhelper    detected: Trace.Directory.DealHelper.com
c:\program files\downloadware    detected: Trace.Directory.DownloadWare
c:\program files\downloadware\cfg    detected: Trace.Directory.DownloadWare
c:\program files\downloadware\downloads    detected: Trace.Directory.DownloadWare
c:\sysfwb    detected: Trace.Directory.FizzleWizzleEntertainme ntSearchbar
c:\program files\fwbartemp    detected: Trace.Directory.FizzleWizzleEntertainme ntSearchbar
c:\program files\inexplorersch    detected: Trace.Directory.inExplorer Toolbar
c:\program files\inexplorersch\cache    detected: Trace.Directory.inExplorer Toolbar
c:\documents and settings\brittany horton\favorites\-shopping-    detected: Trace.Directory.NetworkEssentials.SCBar
c:\documents and settings\brittany horton\favorites\-sports-    detected: Trace.Directory.NetworkEssentials.SCBar
c:\documents and settings\brittany horton\favorites\-travel-    detected: Trace.Directory.NetworkEssentials.SCBar
c:\program files\downloadware\temp    detected: Trace.Directory.NetworkEssentials
c:\program files\recommended hotfix - 421701d    detected: Trace.Directory.NetworkEssentials
c:\program files\autoupdate    detected: Trace.Directory.PeopleOnPage
c:\documents and settings\brittany horton\favorites\1111    detected: Trace.Directory.SafeSurfing
c:\documents and settings\brittany horton\favorites\casino & carrers    detected: Trace.Directory.SearchMiracle.EliteBar
c:\documents and settings\brittany horton\favorites\finances & business    detected: Trace.Directory.SearchMiracle.EliteBar
c:\documents and settings\brittany horton\favorites\health & insurance    detected: Trace.Directory.SearchMiracle.EliteBar
c:\documents and settings\brittany horton\favorites\homelife & travel    detected: Trace.Directory.SearchMiracle.EliteBar
c:\windows\elitesidebar    detected: Trace.Directory.SearchMiracle.EliteBar
c:\program files\sf    detected: Trace.Directory.smily
c:\documents and settings\brittany horton\favorites\going places    detected: Trace.Directory.YourSiteBar
c:\documents and settings\brittany horton\favorites\living    detected: Trace.Directory.YourSiteBar
c:\documents and settings\brittany horton\favorites\shop    detected: Trace.Directory.YourSiteBar
c:\documents and settings\brittany horton\favorites\technology    detected: Trace.Directory.YourSiteBar
c:\windows\system32\winupdt.bin    detected: Trace.File.Agent
c:\windows\system32\bbchk.exe    detected: Trace.File.BargainBuddy
c:\windows\system32\exclean.exe    detected: Trace.File.BargainBuddy
c:\documents and settings\brittany horton\favorites\1111\1111.url    detected: Trace.File.Begin2Search
c:\windows\system32\data.~    detected: Trace.File.E2Give(CharityNetwork)
c:\windows\system32\key.~    detected: Trace.File.E2Give(CharityNetwork)
c:\windows\del.tmp    detected: Trace.File.Enhancemysearch
c:\windows\searchen.dat    detected: Trace.File.Enhancemysearch
c:\windows\system32\exclean.exe    detected: Trace.File.eXact.NaviSearch
c:\windows\system32\tbps.ini    detected: Trace.File.IBISToolbar
c:\windows\button0.gif    detected: Trace.File.iePlugin
c:\windows\button1.gif    detected: Trace.File.iePlugin
c:\windows\button2.gif    detected: Trace.File.iePlugin
c:\windows\button3.gif    detected: Trace.File.iePlugin
c:\windows\downloaded program files\default.inf    detected: Trace.File.iePlugin
c:\program files\inexplorersch\cache\home001.bmp    detected: Trace.File.inExplorer Toolbar
c:\program files\inexplorersch\cache\zoom001.bmp    detected: Trace.File.inExplorer Toolbar
c:\program files\inexplorersch\toolbar.ini    detected: Trace.File.inExplorer Toolbar
c:\program files\inexplorersch\uninstall.exe    detected: Trace.File.inExplorer Toolbar
c:\windows\downloaded program files\mirarsetup.inf    detected: Trace.File.Mirar
c:\windows\system32\tbps.ini    detected: Trace.File.WebSearchToolbar
c:\windows\system32\winupdt.bin    detected: Trace.File.Windupdates

ComputerTired · « **Reply #19 on:** June 01, 2008, 04:11:12 PM »

Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\tsl installer    detected: Trace.Registry.180Solutions
Key: HKEY_CLASSES_ROOT\interface\{1cfb8b32-4053-4144-af6f-1540eec7f101}\typelib    detected: Trace.Registry.AdLogix
Value: HKEY_CLASSES_ROOT\drs.n --> uid    detected: Trace.Registry.AdShooter.SearchForIt
Key: HKEY_CLASSES_ROOT\interface\{2db1a6df-8120-47bd-9dce-cfcd47b17b24}    detected: Trace.Registry.AdShooter.SearchForIt
Key: HKEY_CLASSES_ROOT\interface\{ab94d42b-64e9-436f-887c-cf38fe475cfc}    detected: Trace.Registry.AdShooter.SearchForIt
Value: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\searchforitsearchforit --> displayname    detected: Trace.Registry.AdShooter.SearchForIt
Value: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\searchforitsearchforit --> uninstallstring    detected: Trace.Registry.AdShooter.SearchForIt
Key: HKEY_CLASSES_ROOT\typelib\{d8bd4ded-5bb2-4d4e-9a6a-f10244fed7d6}    detected: Trace.Registry.AzeSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{8eee58d5-130e-4cbd-9c83-35a0564e1357}    detected: Trace.Registry.BargainBuddy
Key: HKEY_CLASSES_ROOT\interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678}    detected: Trace.Registry.BargainBuddy
Key: HKEY_CLASSES_ROOT\interface\{c6906a23-4717-4e1f-b6fd-f06ebed11357}    detected: Trace.Registry.BargainBuddy
Key: HKEY_CLASSES_ROOT\interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678}    detected: Trace.Registry.BargainBuddy
Key: HKEY_CLASSES_ROOT\typelib\{12ee7a5e-0674-42f9-a76c-000000004d00}    detected: Trace.Registry.BrowserAid
Key: HKEY_LOCAL_MACHINE\software\classes\protocols\name-space handler\res\toolbar.resprotocol    detected: Trace.Registry.DownloadWare
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform --> Iebar    detected: Trace.Registry.Elite Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0878B424-1F95-4E26-B5AB-F0D349D89650}\DownloadInformation --> CODEBASE    detected: Trace.Registry.eXact.FunCade
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0878B424-1F95-4E26-B5AB-F0D349D89650} --> Installer    detected: Trace.Registry.eXact.FunCade
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0878B424-1F95-4E26-B5AB-F0D349D89650} --> SystemComponent    detected: Trace.Registry.eXact.FunCade
Key: HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{0878b424-1f95-4e26-b5ab-f0d349d89650}    detected: Trace.Registry.EXactAdvertisingCashback
Key: HKEY_CLASSES_ROOT\interface\{a42dc659-33b5-409e-a433-650ac42ecca4}    detected: Trace.Registry.Ezula
Key: HKEY_CLASSES_ROOT\interface\{a8516f49-8046-4295-8ee9-c59d5041c9e2}    detected: Trace.Registry.Ezula
Key: HKEY_CLASSES_ROOT\interface\{fb82ccd5-174b-4379-bc37-72d9b5adaeda}    detected: Trace.Registry.Ezula
Key: HKEY_CLASSES_ROOT\interface\{3116ed38-8599-4261-8f81-f43266ffaaff}    detected: Trace.Registry.FizzleWizzleEntertainmen tSearchbar
Key: HKEY_CLASSES_ROOT\interface\{36a89c39-da76-49d6-98f8-0cbec6b8b352}    detected: Trace.Registry.FizzleWizzleEntertainmen tSearchbar
Key: HKEY_CLASSES_ROOT\interface\{234f09fb-fe89-4c6d-9203-31832fc051c3}    detected: Trace.Registry.IBISToolbar
Key: HKEY_CLASSES_ROOT\interface\{365b9a54-e613-46e5-9db1-4f91a9de80bd}    detected: Trace.Registry.IBISToolbar
Key: HKEY_CLASSES_ROOT\interface\{618be527-b7f5-417c-bc51-98fdc2d6de61}    detected: Trace.Registry.IBISToolbar
Key: HKEY_CLASSES_ROOT\interface\{66c22569-f05c-4a70-a142-763b337e1002}    detected: Trace.Registry.IBISToolbar
Key: HKEY_CLASSES_ROOT\interface\{7b8bd940-b1ef-460c-85a2-9acaaf7f9303}    detected: Trace.Registry.IBISToolbar
Key: HKEY_CLASSES_ROOT\interface\{99aa88d1-d9d3-410a-be9e-044f94c183da}    detected: Trace.Registry.IBISToolbar
Key: HKEY_CLASSES_ROOT\interface\{d1951679-1d52-43fc-9585-0737143585f5}    detected: Trace.Registry.IBISToolbar
Key: HKEY_CLASSES_ROOT\interface\{f273d4ea-2025-4410-8408-251a0cd46be7}    detected: Trace.Registry.IBISToolbar
Key: HKEY_CLASSES_ROOT\protocols\handler\tpro    detected: Trace.Registry.IBISToolbar
Key: HKEY_CLASSES_ROOT\protocols\name-space handler\res    detected: Trace.Registry.IBISToolbar
Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\sto    detected: Trace.Registry.IBISToolbar
Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/wupdt.exe    detected: Trace.Registry.IEPlugin
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/wupdt.exe --> .Owner    detected: Trace.Registry.iePlugin
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\inexplorersch --> Changed    detected: Trace.Registry.inExplorer Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\inexplorersch --> SlowInfoCache    detected: Trace.Registry.inExplorer Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\inexplorersch --> DisplayIcon    detected: Trace.Registry.inExplorer Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\inexplorersch --> DisplayName    detected: Trace.Registry.inExplorer Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\inexplorersch --> UninstallString    detected: Trace.Registry.inExplorer Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\mm --> check    detected: Trace.Registry.InternetOptimizer
Key: HKEY_LOCAL_MACHINE\software\classes\hp.hopper.1\clsid    detected: Trace.Registry.MediaLoadsEnhanced
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\media-motor --> Changed    detected: Trace.Registry.MediaMotor
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\media-motor --> SlowInfoCache    detected: Trace.Registry.MediaMotor
Key: HKEY_CLASSES_ROOT\interface\{205ff73a-ca67-11d5-99dd-444553540013}    detected: Trace.Registry.MediaTickets
Value: HKEY_USERS\S-1-5-21-354348320-3626668711-587776703-1007\software\microsoft\windows\currentversion\run --> ssgrate.exe    detected: Trace.Registry.Mitglieder
Key: HKEY_CLASSES_ROOT\clsid\{147a976e-eee1-4377-8ea7-4716e4cdd239}    detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{147a976e-eee1-4377-8ea7-4716e4cdd239}    detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\appid\{c81cff28-6df1-402f-b78c-d9493ef59882}    detected: Trace.Registry.NetworkEssentials
Key: HKEY_CLASSES_ROOT\appid\hp.exe    detected: Trace.Registry.NetworkEssentials
Key: HKEY_CLASSES_ROOT\hp.hopper.1    detected: Trace.Registry.NetworkEssentials
Key: HKEY_CLASSES_ROOT\hp.hopper    detected: Trace.Registry.NetworkEssentials
Key: HKEY_CLASSES_ROOT\interface\{1423903e-86cc-4470-8ab0-257c10d77d45}    detected: Trace.Registry.NetworkEssentials
Key: HKEY_CLASSES_ROOT\interface\{4dea7ca1-3372-4204-937c-2dd4a6ed6562}    detected: Trace.Registry.NetworkEssentials
Key: HKEY_CLASSES_ROOT\typelib\{47350d97-09e9-4590-864e-3431da53bf37}    detected: Trace.Registry.NetworkEssentials
Key: HKEY_LOCAL_MACHINE\software\classes\appid\{c81cff28-6df1-402f-b78c-d9493ef59882}    detected: Trace.Registry.NetworkEssentials
Value: HKEY_LOCAL_MACHINE\software\classes\appid\hp.exe --> appid    detected: Trace.Registry.NetworkEssentials
Key: HKEY_LOCAL_MACHINE\software\classes\hp.hopper.1    detected: Trace.Registry.NetworkEssentials
Key: HKEY_LOCAL_MACHINE\software\classes\hp.hopper\clsid    detected: Trace.Registry.NetworkEssentials
Key: HKEY_LOCAL_MACHINE\software\classes\hp.hopper\curver    detected: Trace.Registry.NetworkEssentials
Key: HKEY_LOCAL_MACHINE\software\classes\hp.hopper    detected: Trace.Registry.NetworkEssentials
Key: HKEY_LOCAL_MACHINE\software\classes\interface\{1423903e-86cc-4470-8ab0-257c10d77d45}    detected: Trace.Registry.NetworkEssentials
Key: HKEY_LOCAL_MACHINE\software\classes\interface\{4dea7ca1-3372-4204-937c-2dd4a6ed6562}    detected: Trace.Registry.NetworkEssentials
Key: HKEY_LOCAL_MACHINE\software\classes\interface\{a42dc659-33b5-409e-a433-650ac42ecca4}    detected: Trace.Registry.NetworkEssentials
Key: HKEY_LOCAL_MACHINE\software\classes\interface\{a8516f49-8046-4295-8ee9-c59d5041c9e2}    detected: Trace.Registry.NetworkEssentials
Key: HKEY_LOCAL_MACHINE\software\classes\interface\{fb82ccd5-174b-4379-bc37-72d9b5adaeda}    detected: Trace.Registry.NetworkEssentials
Key: HKEY_LOCAL_MACHINE\software\classes\typelib\{47350d97-09e9-4590-864e-3431da53bf37}    detected: Trace.Registry.NetworkEssentials
Key: HKEY_LOCAL_MACHINE\software\autoloader    detected: Trace.Registry.PeopleOnPage
Key: HKEY_CLASSES_ROOT\clsid\{205ff73b-ca67-11d5-99dd-444553540013}    detected: Trace.Registry.RegistryCleaner
Key: HKEY_CLASSES_ROOT\typelib\{205ff72e-ca67-11d5-99dd-444553540013}    detected: Trace.Registry.RegistryCleaner
Key: HKEY_CLASSES_ROOT\interface\{83a13e87-fa20-4b6a-aae8-c1226b5e1573}    detected: Trace.Registry.Search-Exe
Key: HKEY_USERS\S-1-5-21-354348320-3626668711-587776703-1007\software\lq    detected: Trace.Registry.SearchMiracle.EliteBar
Key: HKEY_LOCAL_MACHINE\software\ddate    detected: Trace.Registry.SpywareWall
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSL Installer --> NoRemove    detected: Trace.Registry.TargetSaver
Value: HKEY_LOCAL_MACHINE\SOFTWARE\TopMoxie\TopSearch --> UniqueMachineId    detected: Trace.Registry.TopSearch
Key: HKEY_USERS\S-1-5-21-354348320-3626668711-587776703-1007\software\local appwizard-generated applications\popup    detected: Trace.Registry.UnclassifiedDialer
Key: HKEY_CLASSES_ROOT\interface\{234f09fb-fe89-4c6d-9203-31832fc051c3}    detected: Trace.Registry.WebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{365b9a54-e613-46e5-9db1-4f91a9de80bd}    detected: Trace.Registry.WebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{618be527-b7f5-417c-bc51-98fdc2d6de61}    detected: Trace.Registry.WebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{66c22569-f05c-4a70-a142-763b337e1002}    detected: Trace.Registry.WebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{6f59d850-a155-4930-98ae-689a2bc7b8e8}    detected: Trace.Registry.WebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{7b8bd940-b1ef-460c-85a2-9acaaf7f9303}    detected: Trace.Registry.WebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{99aa88d1-d9d3-410a-be9e-044f94c183da}    detected: Trace.Registry.WebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{c380566d-f343-42ab-987b-6b38a1a35747}    detected: Trace.Registry.WebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{d1951679-1d52-43fc-9585-0737143585f5}    detected: Trace.Registry.WebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{f273d4ea-2025-4410-8408-251a0cd46be7}    detected: Trace.Registry.WebSearchToolbar
Key: HKEY_CLASSES_ROOT\protocols\handler\tpro    detected: Trace.Registry.WebSearchToolbar
Key: HKEY_CLASSES_ROOT\protocols\name-space handler\res\toolbar.resprotocol    detected: Trace.Registry.WebSearchToolbar
Key: HKEY_CLASSES_ROOT\protocols\name-space handler\res    detected: Trace.Registry.WebSearchToolbar
Key: HKEY_CLASSES_ROOT\radio.radioplayer    detected: Trace.Registry.WebSearchToolbar
Key: HKEY_CLASSES_ROOT\typelib\{b23b3add-84b1-414a-92b9-0cabe5a781f4}    detected: Trace.Registry.WebSearchToolbar
Key: HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{87067f04-de4c-4688-bc3c-4fcf39d609e7}    detected: Trace.Registry.WebSearchToolbar
Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\sto    detected: Trace.Registry.WebSearchToolbar
Key: HKEY_LOCAL_MACHINE\software\media gateway    detected: Trace.Registry.WindUpdates.MediaGateway
Value: HKEY_LOCAL_MACHINE\software\media gateway --> lastupdate    detected: Trace.Registry.WindUpdates.MediaGateway
Value: HKEY_LOCAL_MACHINE\software\media gateway --> param    detected: Trace.Registry.WindUpdates.MediaGateway
Value: HKEY_LOCAL_MACHINE\software\media gateway --> softwaretable    detected: Trace.Registry.WindUpdates.MediaGateway
Key: HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{15ad6789-cdb4-47e1-a9da-992ee8e6bad6}    detected: Trace.Registry.WindUpdates.MediaGateway
Key: HKEY_LOCAL_MACHINE\system\currentcontrolset\services\wintoolssvc    detected: Trace.Registry.WinTools
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\My Global Search Uninstall --> Changed    detected: Trace.Registry.My Global Search Bar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\My Global Search Uninstall --> SlowInfoCache    detected: Trace.Registry.My Global Search Bar
Value: HKEY_CLASSES_ROOT\Interface\{FAAEB405-B7B0-4749-81DE-DF36B2D36531}\TypeLib --> Version    detected: Trace.Registry.SearchForIt
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FAAEB405-B7B0-4749-81DE-DF36B2D36531}\TypeLib --> Version    detected: Trace.Registry.SearchForIt
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSL Installer --> NoRemove    detected: Trace.Registry.TargetSaver
Value: HKEY_LOCAL_MACHINE\SOFTWARE\TopMoxie\TopSearch --> UniqueMachineId    detected: Trace.Registry.TopFive Search Assistant

ComputerTired · « **Reply #20 on:** June 01, 2008, 04:12:19 PM »

c:\windows\ncuninst.exe    detected: Trace.File.MARAVEL Screensaver
c:\program files\inexplorersch\inexplorersch.dll    detected: Trace.File.inExplorer Search
Value: HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-8AA5-A930F887B531}\InprocServer32 --> ThreadingModel    detected: Trace.Registry.inExplorer Search
Value: HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-8AA5-A930F887B532}\InprocServer32 --> ThreadingModel    detected: Trace.Registry.inExplorer Search
Value: HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-8AA5-A930F887B533}\InprocServer32 --> ThreadingModel    detected: Trace.Registry.inExplorer Search
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-8AA5-A930F887B531}\InprocServer32 --> ThreadingModel    detected: Trace.Registry.inExplorer Search
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-8AA5-A930F887B532}\InprocServer32 --> ThreadingModel    detected: Trace.Registry.inExplorer Search
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-8AA5-A930F887B533}\InprocServer32 --> ThreadingModel    detected: Trace.Registry.inExplorer Search
C:\Documents and Settings\Brittany Horton\Cookies\brittany horton@2o7[1].txt    detected: Trace.TrackingCookie
C:\Documents and Settings\Brittany Horton\Cookies\brittany horton@advertising[1].txt    detected: Trace.TrackingCookie
C:\Documents and Settings\Brittany Horton\Cookies\brittany horton@atdmt[2].txt    detected: Trace.TrackingCookie
C:\Documents and Settings\Brittany Horton\Cookies\brittany horton@casalemedia[1].txt    detected: Trace.TrackingCookie
C:\Documents and Settings\Brittany Horton\Cookies\brittany horton@computer-juice[2].txt    detected: Trace.TrackingCookie
C:\Documents and Settings\Brittany Horton\Cookies\brittany horton@computerhope[1].txt    detected: Trace.TrackingCookie
C:\Documents and Settings\Brittany Horton\Cookies\brittany horton@doubleclick[1].txt    detected: Trace.TrackingCookie
C:\Documents and Settings\Brittany Horton\Cookies\brittany [email protected][1].txt    detected: Trace.TrackingCookie
C:\Documents and Settings\Brittany Horton\Cookies\brittany horton@media6degrees[2].txt    detected: Trace.TrackingCookie
C:\Documents and Settings\Brittany Horton\Cookies\brittany horton@mediaplex[1].txt    detected: Trace.TrackingCookie
C:\Documents and Settings\Brittany Horton\Cookies\brittany horton@questionmarket[2].txt    detected: Trace.TrackingCookie
C:\Documents and Settings\Brittany Horton\Cookies\brittany horton@revenue[2].txt    detected: Trace.TrackingCookie
C:\Documents and Settings\Brittany Horton\Cookies\brittany horton@rubiconproject[1].txt    detected: Trace.TrackingCookie
C:\Documents and Settings\Brittany Horton\Cookies\brittany [email protected][2].txt    detected: Trace.TrackingCookie
C:\Documents and Settings\Brittany Horton\Cookies\brittany horton@specificclick[2].txt    detected: Trace.TrackingCookie
C:\Documents and Settings\Brittany Horton\Cookies\brittany [email protected][2].txt    detected: Trace.TrackingCookie
C:\Documents and Settings\Brittany Horton\Cookies\brittany horton@trafficmp[2].txt    detected: Trace.TrackingCookie
C:\Documents and Settings\Brittany Horton\Cookies\brittany horton@tribalfusion[1].txt    detected: Trace.TrackingCookie
C:\Documents and Settings\Brittany Horton\Cookies\brittany [email protected][2].txt    detected: Trace.TrackingCookie
C:\Documents and Settings\Brittany Horton\Cookies\brittany [email protected][1].txt    detected: Trace.TrackingCookie
C:\Documents and Settings\Brittany Horton\Cookies\brittany horton@zedo[1].txt    detected: Trace.TrackingCookie
C:\Documents and Settings\All Users\Application Data\McAfee\AntiSpyware\Monitors\hosts    detected: Trojan.Win32.Qhost.nl
C:\DqoB.exe    detected: Backdoor.Win32.Agent.eks

ComputerTired · « **Reply #21 on:** June 01, 2008, 04:12:52 PM »

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP456\A0456915.dll    detected: Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP456\A0456920.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP457\A0456951.dll    detected: Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP457\A0456957.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP457\A0456986.dll    detected: Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP457\A0456992.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP457\A0457015.dll    detected: Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP457\A0457020.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP458\A0457056.dll    detected: Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP458\A0457065.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP458\A0457104.dll    detected: Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP458\A0457110.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP459\A0457153.dll    detected: Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP459\A0457160.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP459\A0457191.dll    detected: Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP459\A0457196.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP459\A0458191.dll    detected: Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP459\A0458198.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP459\A0459191.dll    detected: Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP459\A0459197.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP459\A0460198.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP459\A0460210.dll    detected: Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP459\A0460220.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP459\A0460236.dll    detected: Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP459\A0461216.dll    detected: Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP459\A0461223.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP459\A0461304.dll    detected: Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP459\A0461310.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP459\A0461362.dll    detected: Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP459\A0461367.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP459\A0461407.dll    detected: Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP459\A0461412.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP459\A0461459.dll    detected: Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP459\A0461464.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP460\A0461513.dll    detected: Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP460\A0461520.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP460\A0461567.dll    detected: Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP460\A0461572.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP461\A0461612.dll    detected: Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP461\A0461618.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP461\A0462612.dll    detected: Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP461\A0462618.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP462\A0462664.dll    detected: Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP462\A0462669.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP462\A0462714.dll    detected: Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP462\A0462719.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP462\A0462737.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP462\A0462774.dll    detected: Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP462\A0462779.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP462\A0462797.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP462\A0462814.dll    detected: Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP462\A0462831.dll    detected: Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP462\A0462837.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP462\A0462876.dll    detected: Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP462\A0462882.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP463\A0462934.dll    detected: Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP463\A0462942.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP463\A0462970.dll    detected: Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP463\A0462977.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP464\A0463044.dll    detected: Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP464\A0463049.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP464\A0463099.dll    detected: Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP464\A0463104.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP464\A0463130.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP464\A0463173.dll    detected: Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP464\A0463180.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP464\A0464180.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP465\A0464212.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP465\A0465213.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP465\A0465237.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP466\A0465283.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP466\A0465311.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP466\A0465341.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP466\A0466342.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP467\A0466377.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP467\A0467379.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP467\A0467402.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP468\A0468403.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP468\A0468429.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP468\A0469428.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP468\A0469452.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP468\A0470453.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP468\A0471454.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP468\A0472453.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP468\A0473454.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP468\A0474454.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP469\A0475454.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP469\A0476453.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP469\A0476490.exe    detected: Trojan.Win32.Pakes

ComputerTired · « **Reply #22 on:** June 01, 2008, 04:13:19 PM »

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP469\A0476517.ocx    detected: Adware.DelphinMediaViewer.c
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP469\A0476518.dll    detected: Adware.Win32.DelphinMediaViewer.f
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP470\A0476600.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP470\A0476619.ocx    detected: Adware.DelphinMediaViewer.c
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP470\A0476620.dll    detected: Adware.Win32.DelphinMediaViewer.f
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP470\A0476640.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP470\A0476655.ocx    detected: Adware.DelphinMediaViewer.c
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP470\A0476657.dll    detected: Adware.Win32.DelphinMediaViewer.f
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP470\A0477641.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP470\A0478641.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP471\A0478678.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP471\A0478744.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP471\A0478763.ocx    detected: Adware.DelphinMediaViewer.c
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP471\A0478764.dll    detected: Adware.Win32.DelphinMediaViewer.f
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP471\A0479715.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP471\A0479756.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP472\A0479785.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP472\A0480787.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP473\A0480818.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP473\A0480846.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP474\A0480882.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP474\A0481847.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP474\A0481888.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP474\A0482888.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP476\A0482929.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP477\A0482955.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0483955.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0484955.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0484975.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP479\A0485011.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP479\A0485032.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP479\A0485055.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP479\A0485085.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP479\A0485104.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP479\A0485126.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP480\A0485146.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP480\A0485161.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP480\A0485215.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP480\A0486218.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP481\A0486250.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP481\A0487251.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP482\A0487289.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP482\A0487309.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP482\A0487355.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP482\A0488359.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP482\A0488388.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP482\A0488422.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP482\A0489423.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP483\A0489451.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP483\A0490452.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP483\A0490507.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP483\A0490540.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP484\A0491541.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP484\A0491584.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP484\A0492585.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP484\A0492639.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP484\A0493638.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP485\A0493663.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP485\A0494664.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP485\A0495664.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP485\A0495690.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP485\A0496689.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP485\A0497690.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP488\A0498712.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP488\A0498735.exe    detected: Trojan.Win32.VB.ceh

ComputerTired · « **Reply #23 on:** June 01, 2008, 04:14:01 PM »

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP488\A0498736.exe    detected: Backdoor.Win32.Agent.hgk
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP488\A0498737.exe    detected: Trojan.Win32.VB.cby
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP488\A0498827.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP488\A0499822.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP488\A0499841.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP488\A0500844.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP488\A0500895.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP489\A0500950.exe    detected: Backdoor.Win32.Agent.hke
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP489\A0501895.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP489\A0502896.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP489\A0502931.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP490\A0502969.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP491\A0503977.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP491\A0504971.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP491\A0504991.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP492\A0505024.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP493\A0505053.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP494\A0506055.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP495\A0507055.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP495\A0508054.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP495\A0508088.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP495\A0508134.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP495\A0509135.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP495\A0510135.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP495\A0510157.exe    detected: Trojan.Win32.VB.cby
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP495\A0510158.exe    detected: Trojan.Win32.VB.ceh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP495\A0511137.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP495\A0512142.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP496\A0513134.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP496\A0514136.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP496\A0515134.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP496\A0516136.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP496\A0517136.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP496\A0518137.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP498\A0519136.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP498\A0519195.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP498\A0520195.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP498\A0520241.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP498\A0521241.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP498\A0522238.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP498\A0523239.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP500\A0524240.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP500\A0524260.cpl    detected: Trojan-Downloader.Win32.Qoologic.ah
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP500\A0524265.exe    detected: Trojan-Downloader.Win32.VB.eu
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP500\A0524273.dll    detected: Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP500\A0524274.exe    detected: Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP500\A0524280.exe    detected: Adware.Win32.Look2Me.ag
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP500\A0525233.dll    detected: Trojan-Downloader.Win32.Qoologic.ae
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP500\A0525243.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP500\A0525244.dll    detected: Trojan-Downloader.Win32.Qoologic.ak
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP502\A0525481.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP502\A0525482.dll    detected: Trojan-Downloader.Win32.Qoologic.ak
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP502\A0526467.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP502\A0526468.dll    detected: Trojan-Downloader.Win32.Qoologic.ak
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP505\A0527467.exe    detected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP505\A0527468.dll    detected: Trojan-Downloader.Win32.Qoologic.ak
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP505\A0528476.exe    detected: Trojan.Win32.StartPage.nk
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP505\A0528477.exe    detected: Trojan.Win32.StartPage.nk
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP505\A0528478.exe    detected: Trojan.Win32.StartPage.nk
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP505\A0528479.exe    detected: Trojan.Win32.StartPage.nk
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP505\A0528480.exe    detected: Trojan-Dropper.Win32.Small.qn

ComputerTired · « **Reply #24 on:** June 01, 2008, 04:14:29 PM »

C:\WINDOWS\SYSTEM32\Cache\HelperInstall.exe    detected: Trojan-Dropper.Win32.Delf.z
C:\WINDOWS\SYSTEM32\Cache\Setup_no_inital_ad.exe    detected: Trojan-Downloader.Win32.VB.id
C:\WINDOWS\SYSTEM32\Cache\weirdontheweb_ventura2.exe    detected: Adware.WeirWeb.b
C:\WINDOWS\SYSTEM32\cnxocan.exe    detected: Trojan.Win32.Pakes
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS    detected: Trojan.Win32.Qhost.nl
C:\WINDOWS\SYSTEM32\eVnOsU.syz    detected: Backdoor.Win32.Agent.hgk
C:\WINDOWS\SYSTEM32\geqlg.dll    detected: Trojan-Downloader.Win32.Qoologic.ak
C:\WINDOWS\SYSTEM32\InstallerV4.exe    detected: Adware.SafeSurfing.o
C:\WINDOWS\SYSTEM32\IzWvrF.syz    detected: Backdoor.Win32.Agent.hgk
C:\WINDOWS\SYSTEM32\K07EcC.syz    detected: Backdoor.Win32.Agent.hgk
C:\WINDOWS\SYSTEM32\nfomon\nfom.dll    detected: Adware.Win32.DelphinMediaViewer.f
C:\WINDOWS\SYSTEM32\QWav7E.syz    detected: Backdoor.Win32.Agent.hgk
C:\WINDOWS\SYSTEM32\tE1kbQ.syz    detected: Rootkit.Win32.Agent.ahs
C:\WINDOWS\SYSTEM32\U8CGow.syz    detected: Backdoor.Win32.Agent.hgk
C:\WINDOWS\SYSTEM32\VSxgAa.syz    detected: Backdoor.Win32.Agent.hgk
C:\WINDOWS\SYSTEM32\YVMLPK.syz    detected: Rootkit.Win32.Agent.ahs
C:\WINDOWS\SYSTEM32\YYTypQ.syz    detected: Rootkit.Win32.Agent.ahs

Scanned

Files:    173714
Traces:    407494
Cookies:    132
Processes:    63

Found

Files:    234
Traces:    164
Cookies:    21
Processes:    0
Registry keys:    0

Scan end:   6/1/2008 4:53:26 PM
Scan time:   3:36:58

ComputerTired · « **Reply #25 on:** June 01, 2008, 04:15:31 PM »

C:\WINDOWS\SYSTEM32\tE1kbQ.syz   Quarantined Rootkit.Win32.Agent.ahs
C:\WINDOWS\SYSTEM32\YVMLPK.syz   Quarantined Rootkit.Win32.Agent.ahs
C:\WINDOWS\SYSTEM32\YYTypQ.syz   Quarantined Rootkit.Win32.Agent.ahs
C:\WINDOWS\SYSTEM32\Cache\Setup_no_inital_ad.exe   Quarantined Trojan-Downloader.Win32.VB.id
C:\WINDOWS\SYSTEM32\Cache\HelperInstall.exe   Quarantined Trojan-Dropper.Win32.Delf.z
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP505\A0528480.exe   Quarantined Trojan-Dropper.Win32.Small.qn
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP505\A0528476.exe   Quarantined Trojan.Win32.StartPage.nk
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP505\A0528477.exe   Quarantined Trojan.Win32.StartPage.nk
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP505\A0528478.exe   Quarantined Trojan.Win32.StartPage.nk
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP505\A0528479.exe   Quarantined Trojan.Win32.StartPage.nk
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP500\A0525244.dll   Quarantined Trojan-Downloader.Win32.Qoologic.ak
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP502\A0525482.dll   Quarantined Trojan-Downloader.Win32.Qoologic.ak
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP502\A0526468.dll   Quarantined Trojan-Downloader.Win32.Qoologic.ak
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP505\A0527468.dll   Quarantined Trojan-Downloader.Win32.Qoologic.ak
C:\WINDOWS\SYSTEM32\geqlg.dll   Quarantined Trojan-Downloader.Win32.Qoologic.ak
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP500\A0525233.dll   Quarantined Trojan-Downloader.Win32.Qoologic.ae
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP500\A0524265.exe   Quarantined Trojan-Downloader.Win32.VB.eu
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP500\A0524260.cpl   Quarantined Trojan-Downloader.Win32.Qoologic.ah
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP489\A0500950.exe   Quarantined Backdoor.Win32.Agent.hke
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP488\A0498737.exe   Quarantined Trojan.Win32.VB.cby
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP495\A0510157.exe   Quarantined Trojan.Win32.VB.cby
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP488\A0498736.exe   Quarantined Backdoor.Win32.Agent.hgk
C:\WINDOWS\SYSTEM32\eVnOsU.syz   Quarantined Backdoor.Win32.Agent.hgk
C:\WINDOWS\SYSTEM32\IzWvrF.syz   Quarantined Backdoor.Win32.Agent.hgk
C:\WINDOWS\SYSTEM32\K07EcC.syz   Quarantined Backdoor.Win32.Agent.hgk
C:\WINDOWS\SYSTEM32\QWav7E.syz   Quarantined Backdoor.Win32.Agent.hgk
C:\WINDOWS\SYSTEM32\U8CGow.syz   Quarantined Backdoor.Win32.Agent.hgk
C:\WINDOWS\SYSTEM32\VSxgAa.syz   Quarantined Backdoor.Win32.Agent.hgk

ComputerTired · « **Reply #26 on:** June 01, 2008, 04:17:19 PM »

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP488\A0498735.exe   Quarantined Trojan.Win32.VB.ceh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP495\A0510158.exe   Quarantined Trojan.Win32.VB.ceh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP456\A0456920.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP457\A0456957.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP457\A0456992.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP457\A0457020.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP458\A0457065.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP458\A0457110.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP459\A0457160.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP459\A0457196.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP459\A0458198.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP459\A0459197.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP459\A0460198.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP459\A0460220.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP459\A0461223.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP459\A0461310.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP459\A0461367.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP459\A0461412.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP459\A0461464.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP460\A0461520.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP460\A0461572.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP461\A0461618.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP461\A0462618.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP462\A0462669.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP462\A0462719.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP462\A0462737.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP462\A0462779.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP462\A0462797.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP462\A0462837.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP462\A0462882.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP463\A0462942.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP463\A0462977.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP464\A0463049.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP464\A0463104.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP464\A0463130.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP464\A0463180.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP464\A0464180.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP465\A0464212.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP465\A0465213.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP465\A0465237.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP466\A0465283.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP466\A0465311.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP466\A0465341.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP466\A0466342.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP467\A0466377.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP467\A0467379.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP467\A0467402.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP468\A0468403.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP468\A0468429.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP468\A0469428.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP468\A0469452.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP468\A0470453.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP468\A0471454.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP468\A0472453.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP468\A0473454.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP468\A0474454.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP469\A0475454.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP469\A0476453.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP469\A0476490.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP470\A0476600.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP470\A0476640.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP470\A0477641.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP470\A0478641.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP471\A0478678.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP471\A0478744.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP471\A0479715.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP471\A0479756.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP472\A0479785.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP472\A0480787.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP473\A0480818.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP473\A0480846.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP474\A0480882.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP474\A0481847.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP474\A0481888.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP474\A0482888.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP476\A0482929.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP477\A0482955.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0483955.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0484955.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP478\A0484975.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP479\A0485011.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP479\A0485032.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP479\A0485055.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP479\A0485085.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP479\A0485104.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP479\A0485126.exe   Quarantined Trojan.Win32.Pakes

ComputerTired · « **Reply #27 on:** June 01, 2008, 04:17:45 PM »

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP480\A0485146.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP480\A0485161.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP480\A0485215.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP480\A0486218.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP481\A0486250.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP481\A0487251.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP482\A0487289.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP482\A0487309.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP482\A0487355.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP482\A0488359.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP482\A0488388.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP482\A0488422.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP482\A0489423.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP483\A0489451.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP483\A0490452.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP483\A0490507.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP483\A0490540.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP484\A0491541.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP484\A0491584.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP484\A0492585.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP484\A0492639.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP484\A0493638.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP485\A0493663.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP485\A0494664.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP485\A0495664.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP485\A0495690.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP485\A0496689.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP485\A0497690.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP488\A0498712.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP488\A0498827.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP488\A0499822.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP488\A0499841.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP488\A0500844.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP488\A0500895.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP489\A0501895.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP489\A0502896.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP489\A0502931.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP490\A0502969.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP491\A0503977.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP491\A0504971.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP491\A0504991.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP492\A0505024.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP493\A0505053.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP494\A0506055.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP495\A0507055.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP495\A0508054.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP495\A0508088.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP495\A0508134.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP495\A0509135.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP495\A0510135.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP495\A0511137.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP495\A0512142.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP496\A0513134.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP496\A0514136.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP496\A0515134.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP496\A0516136.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP496\A0517136.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP496\A0518137.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP498\A0519136.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP498\A0519195.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP498\A0520195.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP498\A0520241.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP498\A0521241.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP498\A0522238.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP498\A0523239.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP500\A0524240.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP500\A0525243.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP502\A0525481.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP502\A0526467.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP505\A0527467.exe   Quarantined Trojan.Win32.Pakes

ComputerTired · « **Reply #28 on:** June 01, 2008, 04:18:06 PM »

C:\WINDOWS\SYSTEM32\cnxocan.exe   Quarantined Trojan.Win32.Pakes
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP456\A0456915.dll   Quarantined Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP457\A0456951.dll   Quarantined Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP457\A0456986.dll   Quarantined Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP457\A0457015.dll   Quarantined Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP458\A0457056.dll   Quarantined Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP458\A0457104.dll   Quarantined Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP459\A0457153.dll   Quarantined Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP459\A0457191.dll   Quarantined Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP459\A0458191.dll   Quarantined Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP459\A0459191.dll   Quarantined Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP459\A0460210.dll   Quarantined Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP459\A0460236.dll   Quarantined Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP459\A0461216.dll   Quarantined Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP459\A0461304.dll   Quarantined Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP459\A0461362.dll   Quarantined Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP459\A0461407.dll   Quarantined Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP459\A0461459.dll   Quarantined Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP460\A0461513.dll   Quarantined Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP460\A0461567.dll   Quarantined Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP461\A0461612.dll   Quarantined Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP461\A0462612.dll   Quarantined Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP462\A0462664.dll   Quarantined Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP462\A0462714.dll   Quarantined Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP462\A0462774.dll   Quarantined Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP462\A0462814.dll   Quarantined Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP462\A0462831.dll   Quarantined Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP462\A0462876.dll   Quarantined Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP463\A0462934.dll   Quarantined Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP463\A0462970.dll   Quarantined Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP464\A0463044.dll   Quarantined Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP464\A0463099.dll   Quarantined Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP464\A0463173.dll   Quarantined Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP500\A0524273.dll   Quarantined Trojan.Win32.EliteBar.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP500\A0524274.exe   Quarantined Trojan.Win32.EliteBar.h
C:\DqoB.exe   Quarantined Backdoor.Win32.Agent.eks
C:\WINDOWS\SYSTEM32\InstallerV4.exe   Quarantined Adware.SafeSurfing.o
C:\WINDOWS\SYSTEM32\Cache\weirdontheweb_ventura2.exe   Quarantined Adware.WeirWeb.b

ComputerTired · « **Reply #29 on:** June 01, 2008, 04:18:55 PM »

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP500\A0524280.exe   Quarantined Adware.Win32.Look2Me.ag
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP469\A0476518.dll   Quarantined Adware.Win32.DelphinMediaViewer.f
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP470\A0476620.dll   Quarantined Adware.Win32.DelphinMediaViewer.f
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP470\A0476657.dll   Quarantined Adware.Win32.DelphinMediaViewer.f
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP471\A0478764.dll   Quarantined Adware.Win32.DelphinMediaViewer.f
C:\WINDOWS\SYSTEM32\nfomon\nfom.dll   Quarantined Adware.Win32.DelphinMediaViewer.f
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP469\A0476517.ocx   Quarantined Adware.DelphinMediaViewer.c
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP470\A0476619.ocx   Quarantined Adware.DelphinMediaViewer.c
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP470\A0476655.ocx   Quarantined Adware.DelphinMediaViewer.c
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP471\A0478763.ocx   Quarantined Adware.DelphinMediaViewer.c
C:\Documents and Settings\All Users\Application Data\McAfee\AntiSpyware\Monitors\hosts   Quarantined Trojan.Win32.Qhost.nl
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS   Quarantined Trojan.Win32.Qhost.nl
C:\Documents and Settings\Brittany Horton\Cookies\brittany horton@2o7[1].txt   Quarantined Trace.TrackingCookie
C:\Documents and Settings\Brittany Horton\Cookies\brittany horton@advertising[1].txt   Quarantined Trace.TrackingCookie
C:\Documents and Settings\Brittany Horton\Cookies\brittany horton@atdmt[2].txt   Quarantined Trace.TrackingCookie
C:\Documents and Settings\Brittany Horton\Cookies\brittany horton@casalemedia[1].txt   Quarantined Trace.TrackingCookie
C:\Documents and Settings\Brittany Horton\Cookies\brittany horton@computer-juice[2].txt   Quarantined Trace.TrackingCookie
C:\Documents and Settings\Brittany Horton\Cookies\brittany horton@computerhope[1].txt   Quarantined Trace.TrackingCookie
C:\Documents and Settings\Brittany Horton\Cookies\brittany horton@doubleclick[1].txt   Quarantined Trace.TrackingCookie
C:\Documents and Settings\Brittany Horton\Cookies\brittany [email protected][1].txt   Quarantined Trace.TrackingCookie
C:\Documents and Settings\Brittany Horton\Cookies\brittany horton@media6degrees[2].txt   Quarantined Trace.TrackingCookie
C:\Documents and Settings\Brittany Horton\Cookies\brittany horton@mediaplex[1].txt   Quarantined Trace.TrackingCookie
C:\Documents and Settings\Brittany Horton\Cookies\brittany horton@questionmarket[2].txt   Quarantined Trace.TrackingCookie
C:\Documents and Settings\Brittany Horton\Cookies\brittany horton@revenue[2].txt   Quarantined Trace.TrackingCookie
C:\Documents and Settings\Brittany Horton\Cookies\brittany horton@rubiconproject[1].txt   Quarantined Trace.TrackingCookie
C:\Documents and Settings\Brittany Horton\Cookies\brittany [email protected][2].txt   Quarantined Trace.TrackingCookie
C:\Documents and Settings\Brittany Horton\Cookies\brittany horton@specificclick[2].txt   Quarantined Trace.TrackingCookie
C:\Documents and Settings\Brittany Horton\Cookies\brittany [email protected][2].txt   Quarantined Trace.TrackingCookie
C:\Documents and Settings\Brittany Horton\Cookies\brittany horton@trafficmp[2].txt   Quarantined Trace.TrackingCookie
C:\Documents and Settings\Brittany Horton\Cookies\brittany horton@tribalfusion[1].txt   Quarantined Trace.TrackingCookie
C:\Documents and Settings\Brittany Horton\Cookies\brittany [email protected][2].txt   Quarantined Trace.TrackingCookie
C:\Documents and Settings\Brittany Horton\Cookies\brittany [email protected][1].txt   Quarantined Trace.TrackingCookie
C:\Documents and Settings\Brittany Horton\Cookies\brittany horton@zedo[1].txt   Quarantined Trace.TrackingCookie
Value: HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-8AA5-A930F887B531}\InprocServer32 --> ThreadingModel   Quarantined Trace.Registry.inExplorer Search
Value: HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-8AA5-A930F887B532}\InprocServer32 --> ThreadingModel   Quarantined Trace.Registry.inExplorer Search
Value: HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-8AA5-A930F887B533}\InprocServer32 --> ThreadingModel   Quarantined Trace.Registry.inExplorer Search
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-8AA5-A930F887B531}\InprocServer32 --> ThreadingModel   Quarantined Trace.Registry.inExplorer Search
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-8AA5-A930F887B532}\InprocServer32 --> ThreadingModel   Quarantined Trace.Registry.inExplorer Search
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-8AA5-A930F887B533}\InprocServer32 --> ThreadingModel   Quarantined Trace.Registry.inExplorer Search
c:\program files\inexplorersch\inexplorersch.dll   Quarantined Trace.File.inExplorer Search
c:\windows\ncuninst.exe   Quarantined Trace.File.MARAVEL Screensaver
Value: HKEY_LOCAL_MACHINE\SOFTWARE\TopMoxie\TopSearch --> UniqueMachineId   Quarantined Trace.Registry.TopFive Search Assistant
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSL Installer --> NoRemove   Quarantined Trace.Registry.TargetSaver
Value: HKEY_CLASSES_ROOT\Interface\{FAAEB405-B7B0-4749-81DE-DF36B2D36531}\TypeLib --> Version   Quarantined Trace.Registry.SearchForIt
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FAAEB405-B7B0-4749-81DE-DF36B2D36531}\TypeLib --> Version   Quarantined Trace.Registry.SearchForIt
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\My Global Search Uninstall --> Changed   Quarantined Trace.Registry.My Global Search Bar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\My Global Search Uninstall --> SlowInfoCache   Quarantined Trace.Registry.My Global Search Bar
Key: HKEY_LOCAL_MACHINE\system\currentcontrolset\services\wintoolssvc   Quarantined Trace.Registry.WinTools
Key: HKEY_LOCAL_MACHINE\software\media gateway   Quarantined Trace.Registry.WindUpdates.MediaGateway
Value: HKEY_LOCAL_MACHINE\software\media gateway --> lastupdate   Quarantined Trace.Registry.WindUpdates.MediaGateway
Value: HKEY_LOCAL_MACHINE\software\media gateway --> param   Quarantined Trace.Registry.WindUpdates.MediaGateway
Value: HKEY_LOCAL_MACHINE\software\media gateway --> softwaretable   Quarantined Trace.Registry.WindUpdates.MediaGateway

ComputerTired · « **Reply #30 on:** June 01, 2008, 04:19:19 PM »

Key: HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{15ad6789-cdb4-47e1-a9da-992ee8e6bad6}   Quarantined Trace.Registry.WindUpdates.MediaGateway
Key: HKEY_CLASSES_ROOT\interface\{234f09fb-fe89-4c6d-9203-31832fc051c3}   Quarantined Trace.Registry.WebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{365b9a54-e613-46e5-9db1-4f91a9de80bd}   Quarantined Trace.Registry.WebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{618be527-b7f5-417c-bc51-98fdc2d6de61}   Quarantined Trace.Registry.WebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{66c22569-f05c-4a70-a142-763b337e1002}   Quarantined Trace.Registry.WebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{6f59d850-a155-4930-98ae-689a2bc7b8e8}   Quarantined Trace.Registry.WebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{7b8bd940-b1ef-460c-85a2-9acaaf7f9303}   Quarantined Trace.Registry.WebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{99aa88d1-d9d3-410a-be9e-044f94c183da}   Quarantined Trace.Registry.WebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{c380566d-f343-42ab-987b-6b38a1a35747}   Quarantined Trace.Registry.WebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{d1951679-1d52-43fc-9585-0737143585f5}   Quarantined Trace.Registry.WebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{f273d4ea-2025-4410-8408-251a0cd46be7}   Quarantined Trace.Registry.WebSearchToolbar
Key: HKEY_CLASSES_ROOT\protocols\handler\tpro   Quarantined Trace.Registry.WebSearchToolbar
Key: HKEY_CLASSES_ROOT\protocols\name-space handler\res\toolbar.resprotocol   Quarantined Trace.Registry.WebSearchToolbar
Key: HKEY_CLASSES_ROOT\protocols\name-space handler\res   Quarantined Trace.Registry.WebSearchToolbar
Key: HKEY_CLASSES_ROOT\radio.radioplayer   Quarantined Trace.Registry.WebSearchToolbar
Key: HKEY_CLASSES_ROOT\typelib\{b23b3add-84b1-414a-92b9-0cabe5a781f4}   Quarantined Trace.Registry.WebSearchToolbar
Key: HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{87067f04-de4c-4688-bc3c-4fcf39d609e7}   Quarantined Trace.Registry.WebSearchToolbar
Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\sto   Quarantined Trace.Registry.WebSearchToolbar
Key: HKEY_USERS\S-1-5-21-354348320-3626668711-587776703-1007\software\local appwizard-generated applications\popup   Quarantined Trace.Registry.UnclassifiedDialer
Value: HKEY_LOCAL_MACHINE\SOFTWARE\TopMoxie\TopSearch --> UniqueMachineId   Quarantined Trace.Registry.TopSearch
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSL Installer --> NoRemove   Quarantined Trace.Registry.TargetSaver
Key: HKEY_LOCAL_MACHINE\software\ddate   Quarantined Trace.Registry.SpywareWall
Key: HKEY_USERS\S-1-5-21-354348320-3626668711-587776703-1007\software\lq   Quarantined Trace.Registry.SearchMiracle.EliteBar
Key: HKEY_CLASSES_ROOT\interface\{83a13e87-fa20-4b6a-aae8-c1226b5e1573}   Quarantined Trace.Registry.Search-Exe
Key: HKEY_CLASSES_ROOT\clsid\{205ff73b-ca67-11d5-99dd-444553540013}   Quarantined Trace.Registry.RegistryCleaner
Key: HKEY_CLASSES_ROOT\typelib\{205ff72e-ca67-11d5-99dd-444553540013}   Quarantined Trace.Registry.RegistryCleaner
Key: HKEY_LOCAL_MACHINE\software\autoloader   Quarantined Trace.Registry.PeopleOnPage
Key: HKEY_CLASSES_ROOT\appid\{c81cff28-6df1-402f-b78c-d9493ef59882}   Quarantined Trace.Registry.NetworkEssentials
Key: HKEY_CLASSES_ROOT\appid\hp.exe   Quarantined Trace.Registry.NetworkEssentials
Key: HKEY_CLASSES_ROOT\hp.hopper.1   Quarantined Trace.Registry.NetworkEssentials
Key: HKEY_CLASSES_ROOT\hp.hopper   Quarantined Trace.Registry.NetworkEssentials
Key: HKEY_CLASSES_ROOT\interface\{1423903e-86cc-4470-8ab0-257c10d77d45}   Quarantined Trace.Registry.NetworkEssentials
Key: HKEY_CLASSES_ROOT\interface\{4dea7ca1-3372-4204-937c-2dd4a6ed6562}   Quarantined Trace.Registry.NetworkEssentials
Key: HKEY_CLASSES_ROOT\typelib\{47350d97-09e9-4590-864e-3431da53bf37}   Quarantined Trace.Registry.NetworkEssentials
Key: HKEY_LOCAL_MACHINE\software\classes\appid\{c81cff28-6df1-402f-b78c-d9493ef59882}   Quarantined Trace.Registry.NetworkEssentials
Value: HKEY_LOCAL_MACHINE\software\classes\appid\hp.exe --> appid   Quarantined Trace.Registry.NetworkEssentials
Key: HKEY_LOCAL_MACHINE\software\classes\hp.hopper.1   Quarantined Trace.Registry.NetworkEssentials
Key: HKEY_LOCAL_MACHINE\software\classes\hp.hopper\clsid   Quarantined Trace.Registry.NetworkEssentials
Key: HKEY_LOCAL_MACHINE\software\classes\hp.hopper\curver   Quarantined Trace.Registry.NetworkEssentials
Key: HKEY_LOCAL_MACHINE\software\classes\hp.hopper   Quarantined Trace.Registry.NetworkEssentials

ComputerTired · « **Reply #31 on:** June 01, 2008, 04:20:04 PM »

Key: HKEY_LOCAL_MACHINE\software\classes\interface\{1423903e-86cc-4470-8ab0-257c10d77d45}   Quarantined Trace.Registry.NetworkEssentials
Key: HKEY_LOCAL_MACHINE\software\classes\interface\{4dea7ca1-3372-4204-937c-2dd4a6ed6562}   Quarantined Trace.Registry.NetworkEssentials
Key: HKEY_LOCAL_MACHINE\software\classes\interface\{a42dc659-33b5-409e-a433-650ac42ecca4}   Quarantined Trace.Registry.NetworkEssentials
Key: HKEY_LOCAL_MACHINE\software\classes\interface\{a8516f49-8046-4295-8ee9-c59d5041c9e2}   Quarantined Trace.Registry.NetworkEssentials
Key: HKEY_LOCAL_MACHINE\software\classes\interface\{fb82ccd5-174b-4379-bc37-72d9b5adaeda}   Quarantined Trace.Registry.NetworkEssentials
Key: HKEY_LOCAL_MACHINE\software\classes\typelib\{47350d97-09e9-4590-864e-3431da53bf37}   Quarantined Trace.Registry.NetworkEssentials
Key: HKEY_CLASSES_ROOT\clsid\{147a976e-eee1-4377-8ea7-4716e4cdd239}   Quarantined Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{147a976e-eee1-4377-8ea7-4716e4cdd239}   Quarantined Trace.Registry.MyWebSearchToobar
Value: HKEY_USERS\S-1-5-21-354348320-3626668711-587776703-1007\software\microsoft\windows\currentversion\run --> ssgrate.exe   Quarantined Trace.Registry.Mitglieder
Key: HKEY_CLASSES_ROOT\interface\{205ff73a-ca67-11d5-99dd-444553540013}   Quarantined Trace.Registry.MediaTickets
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\media-motor --> Changed   Quarantined Trace.Registry.MediaMotor
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\media-motor --> SlowInfoCache   Quarantined Trace.Registry.MediaMotor
Key: HKEY_LOCAL_MACHINE\software\classes\hp.hopper.1\clsid   Quarantined Trace.Registry.MediaLoadsEnhanced
Value: HKEY_LOCAL_MACHINE\SOFTWARE\mm --> check   Quarantined Trace.Registry.InternetOptimizer
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\inexplorersch --> Changed   Quarantined Trace.Registry.inExplorer Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\inexplorersch --> SlowInfoCache   Quarantined Trace.Registry.inExplorer Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\inexplorersch --> DisplayIcon   Quarantined Trace.Registry.inExplorer Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\inexplorersch --> DisplayName   Quarantined Trace.Registry.inExplorer Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\inexplorersch --> UninstallString   Quarantined Trace.Registry.inExplorer Toolbar
Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/wupdt.exe   Quarantined Trace.Registry.IEPlugin
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/wupdt.exe --> .Owner   Quarantined Trace.Registry.IEPlugin
Key: HKEY_CLASSES_ROOT\interface\{234f09fb-fe89-4c6d-9203-31832fc051c3}   Quarantined Trace.Registry.IBISToolbar
Key: HKEY_CLASSES_ROOT\interface\{365b9a54-e613-46e5-9db1-4f91a9de80bd}   Quarantined Trace.Registry.IBISToolbar
Key: HKEY_CLASSES_ROOT\interface\{618be527-b7f5-417c-bc51-98fdc2d6de61}   Quarantined Trace.Registry.IBISToolbar
Key: HKEY_CLASSES_ROOT\interface\{66c22569-f05c-4a70-a142-763b337e1002}   Quarantined Trace.Registry.IBISToolbar
Key: HKEY_CLASSES_ROOT\interface\{7b8bd940-b1ef-460c-85a2-9acaaf7f9303}   Quarantined Trace.Registry.IBISToolbar
Key: HKEY_CLASSES_ROOT\interface\{99aa88d1-d9d3-410a-be9e-044f94c183da}   Quarantined Trace.Registry.IBISToolbar
Key: HKEY_CLASSES_ROOT\interface\{d1951679-1d52-43fc-9585-0737143585f5}   Quarantined Trace.Registry.IBISToolbar
Key: HKEY_CLASSES_ROOT\interface\{f273d4ea-2025-4410-8408-251a0cd46be7}   Quarantined Trace.Registry.IBISToolbar
Key: HKEY_CLASSES_ROOT\protocols\handler\tpro   Quarantined Trace.Registry.IBISToolbar
Key: HKEY_CLASSES_ROOT\protocols\name-space handler\res   Quarantined Trace.Registry.IBISToolbar
Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\sto   Quarantined Trace.Registry.IBISToolbar
Key: HKEY_CLASSES_ROOT\interface\{3116ed38-8599-4261-8f81-f43266ffaaff}   Quarantined Trace.Registry.FizzleWizzleEntertainmen tSearchbar
Key: HKEY_CLASSES_ROOT\interface\{36a89c39-da76-49d6-98f8-0cbec6b8b352}   Quarantined Trace.Registry.FizzleWizzleEntertainmen tSearchbar
Key: HKEY_CLASSES_ROOT\interface\{a42dc659-33b5-409e-a433-650ac42ecca4}   Quarantined Trace.Registry.Ezula
Key: HKEY_CLASSES_ROOT\interface\{a8516f49-8046-4295-8ee9-c59d5041c9e2}   Quarantined Trace.Registry.Ezula
Key: HKEY_CLASSES_ROOT\interface\{fb82ccd5-174b-4379-bc37-72d9b5adaeda}   Quarantined Trace.Registry.Ezula
Key: HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{0878b424-1f95-4e26-b5ab-f0d349d89650}   Quarantined Trace.Registry.EXactAdvertisingCashback
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0878B424-1F95-4E26-B5AB-F0D349D89650}\DownloadInformation --> CODEBASE   Quarantined Trace.Registry.eXact.FunCade
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0878B424-1F95-4E26-B5AB-F0D349D89650} --> Installer   Quarantined Trace.Registry.eXact.FunCade
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0878B424-1F95-4E26-B5AB-F0D349D89650} --> SystemComponent   Quarantined Trace.Registry.eXact.FunCade
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform --> Iebar   Quarantined Trace.Registry.Elite Toolbar
Key: HKEY_LOCAL_MACHINE\software\classes\protocols\name-space handler\res\toolbar.resprotocol   Quarantined Trace.Registry.DownloadWare
Key: HKEY_CLASSES_ROOT\typelib\{12ee7a5e-0674-42f9-a76c-000000004d00}   Quarantined Trace.Registry.BrowserAid
Key: HKEY_CLASSES_ROOT\interface\{8eee58d5-130e-4cbd-9c83-35a0564e1357}   Quarantined Trace.Registry.BargainBuddy
Key: HKEY_CLASSES_ROOT\interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678}   Quarantined Trace.Registry.BargainBuddy
Key: HKEY_CLASSES_ROOT\interface\{c6906a23-4717-4e1f-b6fd-f06ebed11357}   Quarantined Trace.Registry.BargainBuddy
Key: HKEY_CLASSES_ROOT\interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678}   Quarantined Trace.Registry.BargainBuddy
Key: HKEY_CLASSES_ROOT\typelib\{d8bd4ded-5bb2-4d4e-9a6a-f10244fed7d6}   Quarantined Trace.Registry.AzeSearchToolbar
Value: HKEY_CLASSES_ROOT\drs.n --> uid   Quarantined Trace.Registry.AdShooter.SearchForIt
Key: HKEY_CLASSES_ROOT\interface\{2db1a6df-8120-47bd-9dce-cfcd47b17b24}   Quarantined Trace.Registry.AdShooter.SearchForIt
Key: HKEY_CLASSES_ROOT\interface\{ab94d42b-64e9-436f-887c-cf38fe475cfc}   Quarantined Trace.Registry.AdShooter.SearchForIt
Value: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\searchforitsearchforit --> displayname   Quarantined Trace.Registry.AdShooter.SearchForIt
Value: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\searchforitsearchforit --> uninstallstring   Quarantined Trace.Registry.AdShooter.SearchForIt
Key: HKEY_CLASSES_ROOT\interface\{1cfb8b32-4053-4144-af6f-1540eec7f101}\typelib   Quarantined Trace.Registry.AdLogix
Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\tsl installer   Quarantined Trace.Registry.180Solutions
c:\windows\system32\winupdt.bin   Quarantined Trace.File.Windupdates
c:\windows\system32\tbps.ini   Quarantined Trace.File.WebSearchToolbar
c:\windows\downloaded program files\mirarsetup.inf   Quarantined Trace.File.Mirar
c:\program files\inexplorersch\cache\home001.bmp   Quarantined Trace.File.inExplorer Toolbar
c:\program files\inexplorersch\cache\zoom001.bmp   Quarantined Trace.File.inExplorer Toolbar
c:\program files\inexplorersch\toolbar.ini   Quarantined Trace.File.inExplorer Toolbar
c:\program files\inexplorersch\uninstall.exe   Quarantined Trace.File.inExplorer Toolbar
c:\windows\button0.gif   Quarantined Trace.File.iePlugin
c:\windows\button1.gif   Quarantined Trace.File.iePlugin
c:\windows\button2.gif   Quarantined Trace.File.iePlugin
c:\windows\button3.gif   Quarantined Trace.File.iePlugin
c:\windows\downloaded program files\default.inf   Quarantined Trace.File.iePlugin
c:\windows\system32\tbps.ini   Quarantined Trace.File.IBISToolbar
c:\windows\system32\exclean.exe   Quarantined Trace.File.eXact.NaviSearch
c:\windows\del.tmp   Quarantined Trace.File.Enhancemysearch
c:\windows\searchen.dat   Quarantined Trace.File.Enhancemysearch
c:\windows\system32\data.~   Quarantined Trace.File.E2Give(CharityNetwork)
c:\windows\system32\key.~   Quarantined Trace.File.E2Give(CharityNetwork)
c:\documents and settings\brittany horton\favorites\1111\1111.url   Quarantined Trace.File.Begin2Search
c:\windows\system32\bbchk.exe   Quarantined Trace.File.BargainBuddy
c:\windows\system32\exclean.exe   Quarantined Trace.File.BargainBuddy
c:\windows\system32\winupdt.bin   Quarantined Trace.File.Agent
c:\documents and settings\brittany horton\favorites\going places   Quarantined Trace.Directory.YourSiteBar
c:\documents and settings\brittany horton\favorites\living   Quarantined Trace.Directory.YourSiteBar
c:\documents and settings\brittany horton\favorites\shop   Quarantined Trace.Directory.YourSiteBar
c:\documents and settings\brittany horton\favorites\technology   Quarantined Trace.Directory.YourSiteBar
c:\program files\sf   Quarantined Trace.Directory.smily

ComputerTired · « **Reply #32 on:** June 01, 2008, 04:20:25 PM »

c:\documents and settings\brittany horton\favorites\casino & carrers   Quarantined Trace.Directory.SearchMiracle.EliteBar
c:\documents and settings\brittany horton\favorites\finances & business   Quarantined Trace.Directory.SearchMiracle.EliteBar
c:\documents and settings\brittany horton\favorites\health & insurance   Quarantined Trace.Directory.SearchMiracle.EliteBar
c:\documents and settings\brittany horton\favorites\homelife & travel   Quarantined Trace.Directory.SearchMiracle.EliteBar
c:\windows\elitesidebar   Quarantined Trace.Directory.SearchMiracle.EliteBar
c:\documents and settings\brittany horton\favorites\1111   Quarantined Trace.Directory.SafeSurfing
c:\program files\autoupdate   Quarantined Trace.Directory.PeopleOnPage
c:\program files\downloadware\temp   Quarantined Trace.Directory.NetworkEssentials
c:\program files\recommended hotfix - 421701d   Quarantined Trace.Directory.NetworkEssentials
c:\documents and settings\brittany horton\favorites\-shopping-   Quarantined Trace.Directory.NetworkEssentials.SCBar
c:\documents and settings\brittany horton\favorites\-sports-   Quarantined Trace.Directory.NetworkEssentials.SCBar
c:\documents and settings\brittany horton\favorites\-travel-   Quarantined Trace.Directory.NetworkEssentials.SCBar
c:\program files\inexplorersch   Quarantined Trace.Directory.inExplorer Toolbar
c:\program files\inexplorersch\cache   Quarantined Trace.Directory.inExplorer Toolbar
c:\sysfwb   Quarantined Trace.Directory.FizzleWizzleEntertainme ntSearchbar
c:\program files\fwbartemp   Quarantined Trace.Directory.FizzleWizzleEntertainme ntSearchbar
c:\program files\downloadware   Quarantined Trace.Directory.DownloadWare
c:\program files\downloadware\cfg   Quarantined Trace.Directory.DownloadWare
c:\program files\downloadware\downloads   Quarantined Trace.Directory.DownloadWare
c:\windows\system32\dealhelper   Quarantined Trace.Directory.DealHelper.com
c:\windows\system32\newmsrdk   Quarantined Trace.Directory.AlwaysUpdateNews
c:\program files\common files\slmss   Quarantined Trace.Directory.2ndThought

Quarantined

Files:    14
Traces:    164
Cookies:    21

ComputerTired · « **Reply #33 on:** June 01, 2008, 04:23:25 PM »

I'm sorry if all of that seems a bit overwhelming but the attachment was too large to send.

Hopefully this will send. This is the same as the above, pasted log, I just separated the attachment into two parts. Hopefully this will make things a bit easier.

Thanks again for all the help thus far. You're totally amazing!!

[recovering space - attachment deleted by admin]

ComputerTired · « **Reply #34 on:** June 01, 2008, 04:27:06 PM »

Here's the second part of the same log, just with the actions included.

[recovering space - attachment deleted by admin]

evilfantasy · « **Reply #35 on:** June 01, 2008, 05:28:30 PM »

Download Combofix by sUBs from one of the below links.
(Try all three if necessary)

Important! Combofix.exe MUST be saved to and ran from the Desktop.

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting Combofix.
Important! Temporarily disable your antivirus, script blocking and any antispyware real time protection before performing a scan.
- Click this link to see a list of security programs that should be disabled and how to disable them.
- If yours is not listed and you don't know how to disable it, please ask.
Warning: Combofix disconnects your computer from the internet. The connection is automatically restored before Combofix completes its run.
Double click combofix.exe & follow the prompts.
Choose Yes to accept the Disclaimers.

When finished, it will produce a log for you.
Post that log in your next reply.

Warning: Do not mouseclick combofix's window while it is running. That may cause it to stall

If Combofix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your computer.
Important: Remember to re-enable your antivirus and antispyware before reconnecting to the Internet.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

If needed, see this Combofix tutorial with screenshots that will detail the downloading and running of combofix more thoroughly.

ComputerTired · « **Reply #36 on:** June 01, 2008, 06:27:05 PM »

Should I disable any of the programs that you informed me to install earlier in this post?

I just finished disabling my Mcafee antivirus protection and firewall.

evilfantasy · « **Reply #37 on:** June 01, 2008, 06:27:57 PM »

That should be enough.

ComputerTired · « **Reply #38 on:** June 01, 2008, 09:09:26 PM »

Alright, everything was going fine until the automatic restart that ComboFix did for the scan. The blue screen unfortunately came up, and I was forced to turn the computer off and back on. I did that and the ComboFix command prompt screen thing was up and it said it was preparing the log report. So, I waited and I read in the article that it said it takes it a whole so be patient.

I waited about 2 hours. The article said the time will fix itself and a new screen will pop up saying program is almost finished and it'll also say where the log file is located.

That screen didn't appear, but thanks to the article, I was able to locate it in my C drive.

Here's the log file. I'm not sure if the ComboFix program finished all of its steps however.

THANKS AGAIN FOR THE HELP !!

[recovering space - attachment deleted by admin]

evilfantasy · « **Reply #39 on:** June 01, 2008, 09:20:52 PM »

No it didn't complete but there was enough to do the next step. Hopefully it will complete this time. Combofix should never take more than 20 minutes. If it takes any longer then restart the PC manually.

This PC was seriously infected. Hopefully we are getting close to being ahead of the infections.

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.

Click Start , then Run
Type notepad.exe in the Run Box.

2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

File::
C:\Documents and Settings\Brittany Horton\Application Data\fovbs.exe
C:\LOG1D6.tmp
C:\WINDOWS\SYSTEM32\DhJGdn.syz
C:\LOG71.tmp
C:\WINDOWS\SYSTEM32\n3RMIj.syz
C:\LOG5EC.tmp
C:\LOG58F.tmp
C:\WINDOWS\SYSTEM32\rEpuD6.syz

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick combofix's window while it is running. That may cause your system to freeze

ComputerTired · « **Reply #40 on:** June 01, 2008, 09:58:24 PM »

The reboot was great. No blue screen.

However, with startup, the program did the same thing. I'm not sure if it finished its steps. It didn't notify me of any log file being produced. I waited about twenty minutes this time and not a full 2 hours

.

So, I checked the C drive again for another log in there. I hope this isn't the same log file.

[recovering space - attachment deleted by admin]

evilfantasy · « **Reply #41 on:** June 01, 2008, 10:11:36 PM »

It's getting most of the way but it isn't showing me the registry entries I need so we will run DSS to get them. This is a fairly quick scan so please be patient and let it finish. Be sure to get both logs posted.

Download Deckard's System Scanner (DSS) and save it to your Desktop.

Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
When it has finished, dss will open two Notepads main.txt and extra.txt
Add the contents of main.txt and extra.txt in your next reply.

ComputerTired · « **Reply #42 on:** June 01, 2008, 10:31:52 PM »

Here are the logs.

[recovering space - attachment deleted by admin]

evilfantasy · « **Reply #43 on:** June 01, 2008, 11:04:09 PM »

Go to add/remove programs and uninstall:

Java DB 10.3.1.4
Java(TM) SE Development Kit 6 Update 6
Viewpoint Media Player

----------

Open Hijackthis and select Do a system scan only and place a check mark next to these entries:

- R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.search-exe.com/nph-search.cgi?tcode=exebar1&look=sbar1_srchbtn
- R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
- R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
- O4 - HKLM\..\Run: [SoftwareUpdater] C:\WINDOWS\SoftwareUpdater.exe
- O4 - HKLM\..\Run: [GoogleUpdate] C:\Program Files\Internet Explorer\3424.EXE
- O4 - HKCU\..\Run: [SoftwareUpdater] C:\WINDOWS\SoftwareUpdater.exe
- O4 - HKCU\..\Policies\Explorer\Run: [shsxpr] C:\WINDOWS\System32\shsxpr.exe
- O16 - DPF: {10000000-1000-0000-1000-000000000000} - mhtml:file://C:\ARCHIVE.MHT!http://aseger.info/server.exe
- O16 - DPF: {10003000-1000-0000-1000-000000000000} - http://www.ethiotravelandtours.com/kav1.exe
- O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://d: oo.mht!http://www.ethiotravelandtours.com/x.chm::/money.e xe
- O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7.cab
- O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab
- O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://ax.web-nexus.net/download/ax/228/installer.exe
- O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
- O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab

Important: Close all windows and then click Fix checked.

Exit Hijackthis.

----------

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.

Click Start , then Run
Type notepad.exe in the Run Box.

2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

File::
C:\WINDOWS\SoftwareUpdater.exe
C:\Program Files\Internet Explorer\3424.EXE
C:\WINDOWS\System32\shsxpr.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoftwareUpdater"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"shsxpr"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmona]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\2e790fdd-3996-497e-a3ab-29a954949d29]

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick combofix's window while it is running. That may cause your system to freeze

----------

Download ATF Cleaner by Atribune.
Note: Vista users must use Run As Administrator

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

----------

Next post
Combofix log

How are things now?

ComputerTired · « **Reply #44 on:** June 02, 2008, 12:02:36 AM »

Success !!

The log for Combofix came!!

I'm so excited!!

Now let me finish the rest of the instructions ...

evilfantasy · « **Reply #45 on:** June 02, 2008, 12:03:20 AM »

Quote from: ComputerTired on June 02, 2008, 12:02:36 AM

The log for Combofix came!!

I need to see it...

ComputerTired · « **Reply #46 on:** June 02, 2008, 12:06:49 AM »

Here it is:

[recovering space - attachment deleted by admin]

evilfantasy · « **Reply #47 on:** June 02, 2008, 12:13:49 AM »

A few more appeared but we are getting there.

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.

Click Start , then Run
Type notepad.exe in the Run Box.

2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Quote

KillAll::

File::
C:\WINDOWS\System32\cnxocan.exe

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"\\DqoB.exe"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\2e790fdd-3996-497e-a3ab-29a954949d29]

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick combofix's window while it is running. That may cause your system to freeze

ComputerTired · « **Reply #48 on:** June 02, 2008, 12:40:20 AM »

Here's the new combofix log:

[recovering space - attachment deleted by admin]

evilfantasy · « **Reply #49 on:** June 02, 2008, 12:51:48 AM »

This next scan will take a while but it is needed to make sure everything is OK.

You may need to wait until you know for sure you'll be at the PC for at least an hour, maybe longer so you can be sure to get the log it produces.

Use the Kaspersky Online Scanner

Click Accept.
Answer Yes, when prompted to install an ActiveX component.

The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
- Extended
Scan Options:
Scan Archives
Scan Mail Bases

Click OK & have it scan My Computer

When the scan is done, in the Scan is complete window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As...

Next, in the Save as prompt, Save in area, select: Desktop.
In the File name area, use KScan, or something similar.
In Save as type: click the drop arrow and select: Text file [*.txt]
Then, click: Save

Please copy and paste the Kaspersky Online Scanner Report in your next post.
[/list]

ComputerTired · « **Reply #50 on:** June 02, 2008, 12:54:07 AM »

Hmm, alright. Thanks for all the immediate responses and your help !!

Is it okay to run the scan through the night and get the logs in the morning when I wake up or should I just do everything all at once?

Sorry if this may seem like a silly question.

=\

evilfantasy · « **Reply #51 on:** June 02, 2008, 12:56:18 AM »

You can do that and it should be OK. If something happens you can always run it again tomorrow when you have more time to babysit the PC. I mention it because I have has a few people run it over night and then had to re-run it to get the log.

It's worth a try to run it over night I would say.

Things are better now?

ComputerTired · « **Reply #52 on:** June 02, 2008, 12:58:45 AM »

Okay, I'll do the scan over night and see what happens in the morning.

And yes ... things have been going VERY smoothly so far. No bugs devouring my screen or that blue/yellow warning anymore.

You're a GENIUS!!

evilfantasy · « **Reply #53 on:** June 02, 2008, 01:00:19 AM »

Cool, we should be able to finish up fairly quick tomorrow.

See ya then......

ComputerTired · « **Reply #54 on:** June 02, 2008, 10:56:39 AM »

Okie dokie. Here's the Kaspersky log:

[recovering space - attachment deleted by admin]

evilfantasy · « **Reply #55 on:** June 02, 2008, 01:32:14 PM »

1. Empty the aSquared quarantined files.

2.

Click START then RUN
Now type Combofix /u in the runbox
Make sure there's a space between Combofix and /u
Then hit Enter.

.

3.

Go to Start > Programs > Accessories > System Tools and click System Restore
Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
Next go to Start > Run and type Cleanmgr
Click OK
Click the More Options Tab.
Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.

.
4. This mp3 is infected and needs to be deleted. If you play it then the infection will spread again.

Day 26 - Co Star.mp3

It's location is C:\Documents and Settings\Brittany Horton\Shared\Day 26 - Co Star.mp3

5. These files have been patched in order to load one malware. There are not dangerous anymore but still patched. It is your choice if you like to uninstall and re-install corresponding programs.

Quote

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\hpwuschd.exe
C:\Program Files\Dell\Media Experience\pcmservice.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

6. Download OTMoveIt2 by OldTimer

Save it to your desktop.

Double-click OTMoveIt2.exe to run it.
Copy the lines in the codebox below.

Code: [Select]

C:\WINDOWS\addit.exe

Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste

Click the red Moveit! button.
Copy everything in the Results window (under the green bar) and paste it in your next reply.
Close OTMoveIt2

ComputerTired · « **Reply #56 on:** June 02, 2008, 02:46:10 PM »

I've performed all the steps up until number 5.

I just want a better understanding of what you mean by patched. Does that mean they're all linked together somehow and they can trigger the spread of malware?

evilfantasy · « **Reply #57 on:** June 02, 2008, 02:57:16 PM »

At some point your antivirus cleaned them from whatever infection they had. They work the same but have been patched (virus removed). So now they show up as infected by Kaspersky because of the modifications made to them.

ComputerTired · « **Reply #58 on:** June 02, 2008, 03:00:52 PM »

Oh ok. Thanks for that info.

Continuing the process ...

ComputerTired · « **Reply #59 on:** June 02, 2008, 03:11:42 PM »

I'm sorry, I have one more question, lol.

Should I go to my C drive and delete the file or uninstall it?

Would deleting the file be the same as uninstalling?

...sorry if these sound like silly questions, just trying to better understand things.

evilfantasy · « **Reply #60 on:** June 02, 2008, 03:14:59 PM »

You would actually need to uninstall the programs and then reinstall them from the websites.

HP\hpcoretech < Not sure what this is, a printer maybe?
HP Software Update
Dell Media Experience
Sonic Update Manager

ComputerTired · « **Reply #61 on:** June 02, 2008, 03:31:36 PM »

C:\WINDOWS\addit.exe moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06022008_163044

evilfantasy · « **Reply #62 on:** June 02, 2008, 03:34:00 PM »

How is everything now?

Run CCleaner.

----------

Final steps and free security programs.

Download OTMoveIt2 by OldTimer OTMoveIt2.exe and place it on your desktop. (unless you already have it installed)

1. Double click OTMoveIt2.exe to launch it.
Vista users right click and choose Run As Administrator
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
5. Once complete exit out of OTMoveIt2

Set a New Restore Point to prevent possible reinfection from an old one
Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.

Go to Start > Programs > Accessories > System Tools and click System Restore
Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
Next go to Start > Run and type Cleanmgr
Click OK
Click the More Options Tab.
Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.

.
Use the Secunia Software Inspector to check for out of date software.

Click Start Now
Check the box next to Enable thorough system inspection.
Click Start
Allow the scan to finish and scroll down to see if any updates are needed.
Update anything listed.

.
Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC.

To prevent unknown applications from being installed on your computer install WinPatrol 2008
Using Winpatrol to protect your computer from malicious software

Another thing I would suggest installing SiteAdvisor. SiteAdvisor rates sites on business practices and spam.

SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
Using SpywareBlaster to protect your computer from Spyware and Malware

Check out Keeping Yourself Safe On The Web for tips and free tools to keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

ComputerTired · « **Reply #63 on:** June 02, 2008, 09:20:53 PM »

I needed to update my Windows XP, and when I was updating it [ the Windows XP Service Pack 2 ], the installation/updating process lasted for 4 hours and finally, it stopped. However, it said that the Service Pack 2 could not be installed on my computer.

=(

I took some screen shots of the error message just in case you wanted to see them.

Also, I sent an error report to help Microsoft come up with a solution to the problem [ said they did not have a solution for it yet ].

When I checked my C drive, a lot of space was eaten up from the incomplete and failed installation.

I created a system restore point before I began the installation so I'm wondering would it be alright to just restore my computer to that point to regain the space that was taken away.

evilfantasy · « **Reply #64 on:** June 02, 2008, 09:27:48 PM »

A system restore should work.

Download this from Microsoft and run it on your computer
Filename = MGADiag2.exe
http://go.microsoft.com/fwlink/?linkid=52012

Press "Copy to clipboard" and then you can paste it in this thread.

ComputerTired · « **Reply #65 on:** June 02, 2008, 09:29:31 PM »

Which one should I do first?
The restore or the Microsoft download?

evilfantasy · « **Reply #66 on:** June 02, 2008, 09:30:36 PM »

Either one. The MGDiag will be a scan with info. about your PC.

ComputerTired · « **Reply #67 on:** June 02, 2008, 09:34:52 PM »

Diagnostic Report (1.7.0095.0):
-----------------------------------------
WGA Data-->
Validation Status: Validation Control not Installed
Validation Code: 0
Online Validation Code: N/A
Cached Validation Code: N/A
Windows Product Key: *****-*****-GD6GR-K6DP3-4C8MT
Windows Product Key Hash: s2kt66ZJWfV4nS1wFD5F9bxTSDw=
Windows Product ID: 55277-OEM-2111907-00102
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010300.1.0.hom
CSVLK Server: N/A
CSVLK PID: N/A
ID: {7BDBCAE4-F879-4461-AD0A-18831330171A}(1)
Is Admin: Yes
TestCab: 0x0
WGA Version: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-171-1_16E0B333-156-80004005
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A
Version: N/A

WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
WGATray.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 101 Not Activated
Microsoft Office Standard Edition 2003 - 101 Not Activated
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-171-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\WINDOWS\system32\winlogon.exe[5.1.2600.1557]
File Mismatch: C:\WINDOWS\system32\crypt32.dll[5.131.2600.1123]
File Mismatch: C:\WINDOWS\system32\oembios.bin[hr = 0x80070714]
File Mismatch: C:\WINDOWS\system32\oembios.dat[hr = 0x80070714]
File Mismatch: C:\WINDOWS\system32\oembios.sig[hr = 0x80070714]

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{7BDBCAE4-F879-4461-AD0A-18831330171A}</UGUID><Version>1.7.0095.0</Version><OS>5.1.2600.2.00010300.1.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-4C8MT</PKey><PID>55277-OEM-2111907-00102</PID><PIDType>2</PIDType><SID>S-1-5-21-354348320-3626668711-587776703</SID><SYSTEM><Manufacturer>Dell Computer Corporation</Manufacturer><Model>Inspiron 5150 </Model></SYSTEM><BIOS><Manufacturer>Dell Computer Corporation</Manufacturer><Version>A38</Version><SMBIOSVersion major="2" minor="3"/><Date>20041210******.******+***</Date><SLPBIOS>Dell System,Dell Computer,Dell System,Dell System</SLPBIOS></BIOS><HWID>8D7B3F07018400D2</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>Dell Computer Corporation</name><model>Dell INSPIRON I5150</model></SBID><OEM/><BRT/></MachineData> <Software><Office><Result>101</Result><Products><Product GUID="{91120409-6000-11D3-8CFE-0150048383C9}"><LegitResult>101</LegitResult><Name>Microsoft Office Standard Edition 2003</Name><Ver>11</Ver><Val>42BA952905EC862</Val><Hash>M0rx/A4ZJryB5D6Xfwq57CKExZ4=</Hash><Pid>70141-049-4039831-56200</Pid><PidType>1</PidType></Product></Products><Applications><App Id="16" Version="11" Result="101"/><App Id="18" Version="11" Result="101"/><App Id="1A" Version="11" Result="101"/><App Id="1B" Version="11" Result="101"/></Applications></Office></Software></GenuineResults>

evilfantasy · « **Reply #68 on:** June 02, 2008, 09:49:17 PM »

Quote

WGA Data-->
Validation Status: Validation Control not Installed

You need to validate your Windows installation or the updates won't work.
.

Go here using Internet Explorer.
Click on "Validate Windows"
Be patient while the ActiveX loads, do not click on any links.
Read the instructions on this page while it's loading. You will be prompted to install - click YES.
Enter your product key then click "continue"
When it says "Validation Complete" click "Continue to return to your previous activity"
Copy what it says and paste it here.

ComputerTired · « **Reply #69 on:** June 02, 2008, 10:23:05 PM »

Ran into a small teensy weensy problem.

When I click on the Validate Windows button, a message pops up that says "Your current security settings prohibit running ActiveX controls on this page. As a result, the page may not display correctly."

So, getting out of that window by pressing OK, the screen says there's an alternate method of the little Internet Info Bar doesn't appear at the top.

I waited, just in case the page felt like loading anyway for me to validate my windows...it didn't happen so, I waited some more. Unfortunately it didn't work so, I went to the alternate method.

When I clicked on the method to Open [ it said to either open it or run it ], I clicked on Run. Now, a window is on my screen that is supposed to run as an HTML application, but the screen is not doing anything. It's just blank.

I've waited for that screen as well and I'm still waiting. Maybe it will do something.

=)

Or maybe it won't....

=(

I'll still wait for it though.

Also, I see on the Microsoft Genuine Advantage Diagnostic Tool a resolve button. So, I have the option to resolve the information [ the Validation Control not Installed ] was in red, so I'm guessing it's referring to that.

Is it possible that I can resolve or validate my windows from there? I still have the scan thing open.

evilfantasy · « **Reply #70 on:** June 02, 2008, 10:28:56 PM »

You can try, I've never actually gone through the whole process so I'm not sure what to do next.

ComputerTired · « **Reply #71 on:** June 02, 2008, 11:21:00 PM »

I was not able to validate windows, unfortunately. I kept trying however, but to no success.

I tried to regain all of the GB's that the incomplete Windows update had ate, but when I went to my system restore, I saw that the point that I created before I ran the update was gone. It seems as if the Windows update had got rid of it. I saw that there were about 20 different Windows XP KB versions on the system restore calendar points.

I found the earliest one and restored my computer to that time.

Boy was it nerve-wracking !!

I really thought for a moment that my computer was a goner. The reboot lasted for a long time and there were points in the restore process that I had never seen before in relation to other system restores that I have done.

All in all, Windows started up [ a new startup message appeared but it just said that McAfee's components were becoming my default security program ] and when I checked my C drive pie to see if my space returned ....

$:-\$

..yea. It actually got worse, but at least I have my computer back in running condition.

ComputerTired · « **Reply #72 on:** June 02, 2008, 11:34:18 PM »

My McaFee firewall alert just appeared and said that the program Spooler SubSystem App has changed since it was last granted access to the internet.

It's giving me the path :

C:\WINDOWS\SYSTEM32\spoolsv.exe

McAfee is allowing it because it recognizes the application. I just looked on a website and it said that spoolsv.exe is sometimes identified as a virus ...

I think I'm just going to run Malwarebyte's to see what it says or another virus scan on my computer to see what's up.

evilfantasy · « **Reply #73 on:** June 02, 2008, 11:36:16 PM »

It's probably legitimate related to your printer.

Quote

spoolsv.exe is a Microsoft Windows system executable which handles the printing process. This program is important for the stable and secure running of your computer and should not be terminated.

I will give you the only information I have on this issue right now. This is copy/pasted so isn't specific to you but the information will be useful for contacting MS and getting validated. I'm not sure what else to do. Until you get validated and updated you will continue to have occasional problems. Windows is at SP3 now so you are two Service Packs behind so are open to all kinds of security issues.

Because the Validation Control is not installed, we need you to go to the Diagnostic Site: http://www.microsoft.com/genuine/diag/ and follow the instructions there. Then re-run the original MGADiag.exe.

I strongly suggest you pull out the license information and call 1-866-PCSAFETY (1-866-727-2338). This phone number is for virus and other security-related support. It is available 24 hours a day for the U.S. and Canada.

If you have valid, licensed software, then you need to go to the Windows Genuine Forum, register and post the log. http://forums.microsoft.com/Genuine/default.aspx?ForumGroupID=125&SiteID=25 If necessary, copy the original log or provide a link to this thread.

In the event you are a victim of piracy, help is available from this site: http://www.microsoft.com/piracy/

ComputerTired · « **Reply #74 on:** June 03, 2008, 12:30:09 PM »

Hey evilfantasy, just came by here to say THANKS A LOT for ALLLLL the help and time you put in on helping me fix this infection issue.

I'm glad that there are sites/forums where you can ask for help without having to ship out your computer and pay hundreds of bucks for pretty much the same assistance given online.

You're a lifesaver.

Thanks again.

p.s. - I still haven't given up on getting my computer validated. Cross your fingers!

evilfantasy · « **Reply #75 on:** June 03, 2008, 12:42:46 PM »

Thanks and good luck!!!!

Computer Hope Forum

News:

Author Topic: Bugs eating background, background changed to blue with spyware warning ... (Read 39050 times)

ComputerTired

ComputerTired

evilfantasy

ComputerTired

evilfantasy

ComputerTired

evilfantasy

ComputerTired

ComputerTired

evilfantasy

ComputerTired

ComputerTired

evilfantasy

ComputerTired

evilfantasy

ComputerTired

ComputerTired

evilfantasy

ComputerTired

ComputerTired

ComputerTired

ComputerTired

ComputerTired

ComputerTired

ComputerTired

ComputerTired

ComputerTired

ComputerTired

ComputerTired

ComputerTired

ComputerTired

ComputerTired

ComputerTired

ComputerTired

ComputerTired

evilfantasy

ComputerTired

evilfantasy

ComputerTired

evilfantasy

ComputerTired

evilfantasy

ComputerTired

evilfantasy

ComputerTired

evilfantasy

ComputerTired

evilfantasy

ComputerTired

evilfantasy

ComputerTired

evilfantasy

ComputerTired

evilfantasy

ComputerTired

evilfantasy

ComputerTired

evilfantasy

ComputerTired

ComputerTired

evilfantasy

ComputerTired

evilfantasy

ComputerTired

evilfantasy

ComputerTired

evilfantasy

ComputerTired

evilfantasy

ComputerTired

evilfantasy

ComputerTired

ComputerTired

evilfantasy