My Internet Explorer browser window has "Hacked by pokemon" at the window title. This happens in all the internet explorer windows that I open but not in mozilla firefox. I also could not open regedit before but now I can. I scanned and removed something before and the "Hacked by pokemon" window title went away for a few days but now it came back and I don't know how. I think it may be my USB so I formatted it.

I also ran combo fix once and the title "Hacked by pokemon" went totally away. But I think it came back when I inserted my USB again. Is there a way I can keep the data on the USB and delete whatever it is that is doing this? Thanks.

I've attached all the logs that are asked in the readme. I appreciate your help.

Recommended Answers

All 14 Replies

I suggest that you scan that USB device with your anti-virus program to see if you can remove this worm.
I also want you to run that ESET scanner again and have it fix/remove everything it finds.

Then you should do the following also;
Flash drive infections usually involve malware that loads an autorun.inf file into the root folder of all drives (internal, external, removable). When the removable media is inserted, autorun looks for autorun.inf and automatically executes another malicious file to run on your computer. When a flash drive becomes infected, the Trojan will infect a system when the removable media is inserted if autorun has not been disabled.

Please insert your flash drive before we begin!

Download Flash_Disinfector.exe by sUBs and save it to your desktop.

* Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
* The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
* Wait until it has finished scanning and then exit the program.
* Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that is plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

Once you have done the above please reboot and run HJT again and post that log and all the other new logs produced by the above steps.

hello friends,
The one which u got is browser virus and the virus code is written in VBscript (.VBS) type
and its a usb virus
can u please send me the latest log of ur system.

BYE

Rakesh Nagekar.

hello friends,
The one which u got is browser virus and the virus code is written in VBscript (.VBS) type
and its a usb virus
can u please send me the latest log of ur system.

BYE

Rakesh Nagekar.

We are well aware of what virus this is, that is why the various steps have been requested. I am sure help123456789 will post the requested logs back here when the steps have been completed. Then you will be able to view the logs just like the rest of us. It is not customary to send the logs anywhere.

Ok the window title is gone and it is normal again. I also formatted my USB so that everything inside was deleted. I also ran the USB disinfection program as you said. Now the browser window title is normal and when I insert my USB the virus does not return. Everything seems fine right now but I will appreciate it if you can still check my logs. I will post the ESET log soon as it takes a long time to scan. I have attached a new hijackthis log. Do you need all the other logs as well? (the ones from malwarebytes and DSS) Thank you for your help, I truly appreciate it.

Here is the new hijack this log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:33:04 AM, on 06/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Radio Tamil Toolbar - {5e0553ea-a853-4e93-b758-5f037d41a950} - C:\Program Files\Radio_Tamil\tbRadi.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: Radio Tamil Toolbar - {5e0553ea-a853-4e93-b758-5f037d41a950} - C:\Program Files\Radio_Tamil\tbRadi.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll
O2 - BHO: &Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Radio Tamil Toolbar - {5e0553ea-a853-4e93-b758-5f037d41a950} - C:\Program Files\Radio_Tamil\tbRadi.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [!CleanupNetMeetingDispDriver] "C:\WINDOWS\system32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [!CleanupNetMeetingDispDriver] "C:\WINDOWS\system32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0 (User 'Default user')
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\pg\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\pg\PartyPoker\RunApp.exe (file missing)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.bitstream.com/wfplayer/tdserver.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://dreamnil.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) - http://radaol-prod-web-rr.streamops.aol.com/mediaplugin/3.0.84.2/win32/unagi3.0.84.2.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqcpc/downloads/msxml4.cab
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.idesitv.com/livetv.ocx
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://220.227.116.204/activex/AMC.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by122fd.bay122.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 13480 bytes

I would say, just to be safe do one more malwarebytes scan also. I will look though this one and wait for the other.
Judy

Ok I did a malwarebytes scan and it found nothing. I will now do the ESET scan. The ESET scan took 2 hours last time so I will be back in two hours. I really appreciate your help. I have posted the malwarebytes log below:

Malwarebytes' Anti-Malware 1.24
Database version: 1027
Windows 5.1.2600 Service Pack 2

11:18:37 AM 06/08/2008
mbam-log-8-6-2008 (11-18-37).txt

Scan type: Full Scan (C:\|D:\|M:\|)
Objects scanned: 240871
Time elapsed: 1 hour(s), 32 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I have noticed that I have two internet explorer logos on my desktop. When i press delete on one of them it says "Are you sure you want to send Internet explorer to recycling bin?" and I think this one is the original. The other logo, when I press delete, it says "Are you sure you want to delete the Internet explorer icon from your desktop? To restore it later you can go to display in control panel" My ESET scan is still ongoing. Thanks for your help.

Check properties on both logos, that should give the date of install. You can remove an icon, this is just a shortcut and doesn't remove the actual program.

Ok I right click and select properties for the one that I think is the true logo and I get the window with tabs General and Shortcut. It says created on Feb. 4 2008 so it looks legitimate. I click properties on the second internet explorer logo and I get a window titled internet properties and it has the tabs: General, Security, Privacy etc. It is the one you get when you go to tools and then internet options in Internet explorer. I think this might have to do with running combofix, it said that it would make my Internet explorer return the default stage or something. I will delete the second logo now, it looks real and not a fake spyware tool. I will restart and see if it reappears later. My ESET scan is still running with 2 threats found. Thank you for your assistance.

ok here is the ESET scan log:

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3332 (20080806)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=66cc79fa6cea534585299f95bc4b2ba6
# end=finished
# remove_checked=true
# unwanted_checked=false
# utc_time=2008-08-06 05:22:09
# local_time=2008-08-06 01:22:09 (-0500, Eastern Daylight Time)
# country="Canada"
# osver=5.1.2600 NT Service Pack 2
# scanned=661626
# found=25
# scan_time=6718
C:\Documents and Settings\HP_Owner\My Documents\Setup\eMule0.46b_Installer.exe a variant of Win32/Adware.Webdir application (deleted) 00000000000000000000000000000000
C:\Documents and Settings\HP_Owner\My Documents\Setup\eMule0.46b_Installer.exe »NSIS »vgraph.dll a variant of Win32/Adware.Webdir application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\autorun.inf.vir probably a variant of Win32/Agent trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Bha.dll.vbs.vir VBS/Butsur.B worm (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\winupdates\a.zip.vir Win32/VB.D worm (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\Bha.dll.vbs.vir VBS/Butsur.B worm (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\D\autorun.inf.vir probably a variant of Win32/Agent trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\D\Bha.dll.vbs.vir VBS/Butsur.B worm (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP576\A0128250.inf probably a variant of Win32/Agent trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP576\A0128264.inf probably a variant of Win32/Agent trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP576\A0128282.inf probably a variant of Win32/Agent trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP576\A0128296.inf probably a variant of Win32/Agent trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP577\A0128374.inf probably a variant of Win32/Agent trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP585\A0128784.vbs VBS/Butsur.B worm (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP585\A0128785.inf probably a variant of Win32/Agent trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP585\A0128826.vbs VBS/Butsur.B worm (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP585\A0128827.inf probably a variant of Win32/Agent trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP584\A0128772.vbs VBS/Butsur.B worm (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP584\A0128773.inf probably a variant of Win32/Agent trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP586\A0128848.vbs VBS/Butsur.B worm (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP586\A0128849.inf probably a variant of Win32/Agent trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP587\A0128896.vbs VBS/Butsur.B worm (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP587\A0128897.inf probably a variant of Win32/Agent trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP587\A0128949.vbs VBS/Butsur.B worm (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP587\A0128950.inf probably a variant of Win32/Agent trojan (unable to clean - deleted) 00000000000000000000000000000000

Hi, can you let me know if everything is clean now? I truly appreciate your help.

Other than some unnecessary auto starts the system appears to be clean.

ok...thank you so much for all your help.

Happy to have helped.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.