0

My Internet Explorer browser window has "Hacked by pokemon" at the window title. This happens in all the internet explorer windows that I open but not in mozilla firefox. I also could not open regedit before but now I can. I scanned and removed something before and the "Hacked by pokemon" window title went away for a few days but now it came back and I don't know how. I think it may be my USB so I formatted it.

I also ran combo fix once and the title "Hacked by pokemon" went totally away. But I think it came back when I inserted my USB again. Is there a way I can keep the data on the USB and delete whatever it is that is doing this? Thanks.

I've attached all the logs that are asked in the readme. I appreciate your help.

Attachments
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 2.93GHz
Percentage of Memory in Use: 61%
Physical Memory (total/avail): 503.3 MiB / 195.09 MiB
Pagefile Memory (total/avail): 1227.84 MiB / 884.33 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1910.84 MiB

C: is Fixed (NTFS) - 142.07 GiB total, 51.95 GiB free. 
D: is Fixed (FAT32) - 6.96 GiB total, 1.24 GiB free. 
E: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
M: is Removable (FAT)
V: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - SAMSUNG SP1614C - 149.05 GiB - 2 partitions
  \PARTITION0 - Unknown - 6.97 GiB - D:
  \PARTITION1 (bootable) - Installable File System - 142.07 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device

\\.\PHYSICALDRIVE5 - Kingston DataTraveler 2.0 USB Device - 243.17 MiB - 1 partition
  \PARTITION0 (bootable) - MS-DOS V4 Huge - 243.5 MiB - M:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntivirusOverride is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\\iTunes\\iTunes.exe"="%ProgramFiles%\\iTunes\\iTunes.exe:*:enabled:iTunes"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe:*:Enabled:BackWeb for Pavilion"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"="C:\\WINDOWS\\system32\\usmt\\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windows NetMeeting"
"C:\\Program Files\\SHOUTcast\\sc_serv.exe"="C:\\Program Files\\SHOUTcast\\sc_serv.exe:*:Enabled:sc_serv"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:Torrent"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\EA SPORTS\\NBA LIVE 07\\nbalive07.exe"="C:\\Program Files\\EA SPORTS\\NBA LIVE 07\\nbalive07.exe:*:Enabled:NBA LIVE 07"
"C:\\WINDOWS\\system32\\fxsclnt.exe"="C:\\WINDOWS\\system32\\fxsclnt.exe:*:Enabled:Microsoft  Fax Console"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Documents and Settings\\HP_Owner\\Application Data\\SopCast\\adv\\SopAdver.exe"="C:\\Documents and Settings\\HP_Owner\\Application Data\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Program Files\\EA SPORTS\\MVP Baseball 2005\\mvp2005.exe"="C:\\Program Files\\EA SPORTS\\MVP Baseball 2005\\mvp2005.exe:*:Enabled:mvp2005"
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\SopCast\\sopvod.exe"="C:\\Program Files\\SopCast\\sopvod.exe:*:Enabled:sopvod"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\TVAnts\\Tvants.exe"="C:\\Program Files\\TVAnts\\Tvants.exe:*:Enabled:TVAnts"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\iCall\\iCall.exe"="C:\\Program Files\\iCall\\iCall.exe:*:Enabled:iCall"
"C:\\Program Files\\Foxit Software\\PDF Editor\\PDFEdit.exe"="C:\\Program Files\\Foxit Software\\PDF Editor\\PDFEdit.exe:*:Enabled:Foxit PDF Editor, the first REAL editor for PDF files!"
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"="C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe:*:Enabled:Microsoft Flight Simulator"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\HP_Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
GMAXLOC=C:\gmax\
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\HP_Owner
LOGONSERVER=\\HP
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Samsung\Samsung PC Studio 3;C:\Program Files\ImageConverter Plus;C:\Program Files\ImageConverter Plus\Microsoft.VC80.CRT;C:\Program Files\ImageConverter Plus\Microsoft.VC80.MFC;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\HP_Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\HP_Owner\LOCALS~1\Temp
USERDOMAIN=HP
USERNAME=HP_Owner
USERPROFILE=C:\Documents and Settings\HP_Owner
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI 


-- User Profiles ---------------------------------------------------------------

HP_Owner [I](admin)[/I]
LogMeInRemoteUser [I](admin)[/I]
Administrator [I](admin)[/I]


-- Add/Remove Programs ---------------------------------------------------------

 --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
 --> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
 --> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
 --> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
 --> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
 --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
 --> C:\WINDOWS\UNRecode.exe /UNINSTALL
Able2Extract v5.0 --> C:\Program Files\Investintech.com Inc\Able2Extract 5.0\Uninstal.exe
ACD/Labs Software in C:\ACDFREE10\ --> C:\ACDFREE10\setup\setup.exe -uninstall
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
A
# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3329 (20080805)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=66cc79fa6cea534585299f95bc4b2ba6
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-08-05 07:14:44
# local_time=2008-08-05 03:14:44 (-0500, Eastern Daylight Time)
# country="Canada"
# osver=5.1.2600 NT Service Pack 2
# scanned=665138
# found=21
# scan_time=7880
C:\autorun.inf	probably a variant of Win32/Agent trojan	D1BBAF318C111D31672E0804EDCF0CB8
C:\Bha.dll.vbs	VBS/Butsur.B worm	29FD8CBA3FF0F09F3E3991A20C244B03
C:\Documents and Settings\HP_Owner\My Documents\Setup\eMule0.46b_Installer.exe	a variant of Win32/Adware.Webdir application	42A612FECFB312966638DA2956862867
C:\Documents and Settings\HP_Owner\My Documents\Setup\eMule0.46b_Installer.exe NSIS vgraph.dll	a variant of Win32/Adware.Webdir application	00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\winupdates\a.zip.vir	Win32/VB.D worm	40172B358976785647F8D6C2840DE01F
C:\RECYCLER\S-1-5-21-1592457943-1159316699-1774401541-1009\Dc10.vir	probably a variant of Win32/Agent trojan	D1BBAF318C111D31672E0804EDCF0CB8
C:\RECYCLER\S-1-5-21-1592457943-1159316699-1774401541-1009\Dc11.vir	probably a variant of Win32/Agent trojan	D1BBAF318C111D31672E0804EDCF0CB8
C:\RECYCLER\S-1-5-21-1592457943-1159316699-1774401541-1009\Dc12\CS_220T Serial\2500-2700 Serial Updater v1.0.exe	Win32/Parite.B virus	00000000000000000000000000000000
C:\RECYCLER\S-1-5-21-1592457943-1159316699-1774401541-1009\Dc12\CS_220T Serial\2700 to 2500 Loader Converter.exe	Win32/Parite.B virus	00000000000000000000000000000000
C:\RECYCLER\S-1-5-21-1592457943-1159316699-1774401541-1009\Dc12\CS_220T Serial\Blacklist Updater.exe	Win32/Parite.B virus	00000000000000000000000000000000
C:\RECYCLER\S-1-5-21-1592457943-1159316699-1774401541-1009\Dc12\CS_220T Serial\FortecStarSTB.exe	Win32/Parite.B virus	00000000000000000000000000000000
C:\WINDOWS\Bha.dll.vbs	VBS/Butsur.B worm	29FD8CBA3FF0F09F3E3991A20C244B03
D:\Bha.dll.vbs	VBS/Butsur.B worm	29FD8CBA3FF0F09F3E3991A20C244B03
D:\autorun.inf	probably a variant of Win32/Agent trojan	D1BBAF318C111D31672E0804EDCF0CB8
D:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP576\A0128250.inf	probably a variant of Win32/Agent trojan	D1BBAF318C111D31672E0804EDCF0CB8
D:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP576\A0128264.inf	probably a variant of Win32/Agent trojan	D1BBAF318C111D31672E0804EDCF0CB8
D:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP576\A0128282.inf	probably a variant of Win32/Agent trojan	D1BBAF318C111D31672E0804EDCF0CB8
D:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP576\A0128296.inf	probably a variant of Win32/Agent trojan	D1BBAF318C111D31672E0804EDCF0CB8
D:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP577\A0128374.inf	probably a variant of Win32/Agent trojan	D1BBAF318C111D31672E0804EDCF0CB8
D:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP584\A0128772.vbs	VBS/Butsur.B worm	29FD8CBA3FF0F09F3E3991A20C244B03
D:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP584\A0128773.inf	probably a variant of Win32/Agent trojan	D1BBAF318C111D31672E0804EDCF0CB8
Deckard's System Scanner v20071014.68
Run by HP_Owner on 2008-08-05 15:32:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
112: 2008-08-05 19:33:07 UTC - RP585 - Deckard's System Scanner Restore Point
111: 2008-08-05 00:59:23 UTC - RP584 - System Checkpoint
110: 2008-08-03 20:05:04 UTC - RP583 - System Checkpoint
109: 2008-08-02 19:27:18 UTC - RP582 - Software Distribution Service 3.0
108: 2008-08-02 15:36:06 UTC - RP581 - System Checkpoint


-- First Restore Point -- 
1: 2008-05-08 15:32:46 UTC - RP474 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

[color=red]Total Physical Memory: 504 MiB (512 MiB recommended).[/color]


-- HijackThis (run as HP_Owner.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:37:29 PM, on 05/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\HP_Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by pokemon
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Radio Tamil Toolbar - {5e0553ea-a853-4e93-b758-5f037d41a950} - C:\Program Files\Radio_Tamil\tbRadi.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: Radio Tamil Toolbar - {5e0553ea-a853-4e93-b758-5f037d41a950} - C:\Program Files\Radio_Tamil\tbRadi.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll
O2 - BHO: &Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Radio Tamil Toolbar - {5e0553ea-a853-4e93-b758-5f037d41a950} - C:\Program Files\Radio_Tamil\tbRadi.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MS32DLL] C:\WINDOWS\Bha.dll.vbs
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [!CleanupNetMeetingDispDriver] "C:\WINDOWS\system32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [!CleanupNetMeetingDispDriver] "C:\WINDOWS\system32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0 (User 'Default user')
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\pg\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\pg\PartyPoker\RunApp.exe (file missing)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.bitstream.com/wfplayer/tdserver.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab
O16 - DPF: {3EA4FA88-
Malwarebytes' Anti-Malware 1.24
Database version: 1027
Windows 5.1.2600 Service Pack 2

5:58:54 PM 05/08/2008
mbam-log-8-5-2008 (17-58-54).txt

Scan type: Full Scan (C:\|D:\|M:\|)
Objects scanned: 243502
Time elapsed: 2 hour(s), 14 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 9
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\SEC (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ShipTr (Trojan.ShipUp) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{cadaa2e5-43b8-48fe-9572-a9caaed9b70c}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.62,85.255.112.107 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{e727310e-3154-4314-88e5-ada2279b907c}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.62,85.255.112.107 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f26af1c4-cb09-4cbb-871f-f21948cc0570}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.62,85.255.112.107 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{cadaa2e5-43b8-48fe-9572-a9caaed9b70c}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.62,85.255.112.107 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{e727310e-3154-4314-88e5-ada2279b907c}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.62,85.255.112.107 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f26af1c4-cb09-4cbb-871f-f21948cc0570}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.62,85.255.112.107 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{cadaa2e5-43b8-48fe-9572-a9caaed9b70c}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.62,85.255.112.107 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{e727310e-3154-4314-88e5-ada2279b907c}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.62,85.255.112.107 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{f26af1c4-cb09-4cbb-871f-f21948cc0570}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.62,85.255.112.107 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Able2Extract v5.0
ACD/Labs Software in C:\ACDFREE10\
Adobe Flash Player ActiveX
Adobe Shockwave Player
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
AVI to DVD Converter
AXIS Media Control Embedded
Baseball Mogul 2008
CambridgeSoft Activation Client
CambridgeSoft ChemDraw Ultra 11.0
Channel Master
DivX Content Uploader
DivX Web Player
EA downloader
EHM
Embanet 8.3
ESET Online Scanner
Foxit PDF Suite
Fraps
FRED
GlobalWebTV 6.0
Google Desktop
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
GRE POWERPREP
Hex Workshop v5
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800)
Hotfix for Windows XP (KB935448)
iCall
ImageConverter Plus 7.1
Internet Call Waiting PC
IPL / Cricket 08 Roster - PCvXa - Black Magic
IPL Super Patch 2.0 - Black Magic
iTunes
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
LogMeIn
LRC Editor 4.0 (remove only)
LSM Image Browser, Release 3.2
Magic ISO Maker v5.4 (build 0251)
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
Messenger Plus! Live
MestReC 4.7.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Flight Simulator 2004 A Century of Flight
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft WorldWide Telescope
mIRC
Mozilla Firefox (2.0.0.16)
MP3 Player Utilities 3.63
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
MVP Baseball 2005
NBA LIVE 07
Nero 7 Ultra Edition
NHL Eastside Hockey Manager 2007
Norton 360
Norton Security Scan
OshoWorld Font Installer
Panda ActiveScan 2.0
PhotoNow! 1.0
PIXresizer 2.0.1
Plato Video To 3GP Converter 4.80
Popup Blocker (Windows Live Toolbar)
PowerDirector
PowerISO
PrimoPDF
QuickTime
Radio Tamil Toolbar
Rainlendar2 (remove only)
Real Desktop 1.21
RealPlayer
Rhapsody Player Engine
RM Converter 4.12
s1res
SAMSUNG CDMA Modem Driver Set
Samsung ML-2510 Series
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio
Samsung PC Studio 3 USB Driver Installer
Samsung Samples Installer
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB946974)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Office 2007 (KB934062)
Security Update for Office 2007 (KB947801)
Security Update for the 2007 Microsoft Office System (KB936960)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)
Smart Menus (Windows Live Toolbar)
Smart PDF Converter 4.2
Sony USB Driver
SopCast 2.0.4
SUPER  Version 2008.bld.30 (Mar 22, 2008)
System Requirements Lab
TBS WMP Plug-in
Thoosje Sidebar V2.3
Total Video Converter 3.12 080330
TVAnts 1.0
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB932080)
Update for Office 2007 (KB934391)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb953463)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
VeohTV BETA
WavePad Uninstall
Winamp
Winamp Toolbar for Internet Explorer
Windows Defender
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Mail
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
WinPcap 4.0
3
Contributors
14
Replies
15
Views
9 Years
Discussion Span
Last Post by jholland1964
0

I suggest that you scan that USB device with your anti-virus program to see if you can remove this worm.
I also want you to run that ESET scanner again and have it fix/remove everything it finds.

Then you should do the following also;
Flash drive infections usually involve malware that loads an autorun.inf file into the root folder of all drives (internal, external, removable). When the removable media is inserted, autorun looks for autorun.inf and automatically executes another malicious file to run on your computer. When a flash drive becomes infected, the Trojan will infect a system when the removable media is inserted if autorun has not been disabled.

Please insert your flash drive before we begin!

Download Flash_Disinfector.exe by sUBs and save it to your desktop.

* Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
* The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
* Wait until it has finished scanning and then exit the program.
* Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that is plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

Once you have done the above please reboot and run HJT again and post that log and all the other new logs produced by the above steps.

0

hello friends,
The one which u got is browser virus and the virus code is written in VBscript (.VBS) type
and its a usb virus
can u please send me the latest log of ur system.

BYE

Rakesh Nagekar.

0

hello friends,
The one which u got is browser virus and the virus code is written in VBscript (.VBS) type
and its a usb virus
can u please send me the latest log of ur system.

BYE

Rakesh Nagekar.

We are well aware of what virus this is, that is why the various steps have been requested. I am sure help123456789 will post the requested logs back here when the steps have been completed. Then you will be able to view the logs just like the rest of us. It is not customary to send the logs anywhere.

0

Ok the window title is gone and it is normal again. I also formatted my USB so that everything inside was deleted. I also ran the USB disinfection program as you said. Now the browser window title is normal and when I insert my USB the virus does not return. Everything seems fine right now but I will appreciate it if you can still check my logs. I will post the ESET log soon as it takes a long time to scan. I have attached a new hijackthis log. Do you need all the other logs as well? (the ones from malwarebytes and DSS) Thank you for your help, I truly appreciate it.

Here is the new hijack this log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:33:04 AM, on 06/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Radio Tamil Toolbar - {5e0553ea-a853-4e93-b758-5f037d41a950} - C:\Program Files\Radio_Tamil\tbRadi.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: Radio Tamil Toolbar - {5e0553ea-a853-4e93-b758-5f037d41a950} - C:\Program Files\Radio_Tamil\tbRadi.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll
O2 - BHO: &Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Radio Tamil Toolbar - {5e0553ea-a853-4e93-b758-5f037d41a950} - C:\Program Files\Radio_Tamil\tbRadi.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [!CleanupNetMeetingDispDriver] "C:\WINDOWS\system32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [!CleanupNetMeetingDispDriver] "C:\WINDOWS\system32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0 (User 'Default user')
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\pg\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\pg\PartyPoker\RunApp.exe (file missing)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.bitstream.com/wfplayer/tdserver.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://dreamnil.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) - http://radaol-prod-web-rr.streamops.aol.com/mediaplugin/3.0.84.2/win32/unagi3.0.84.2.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqcpc/downloads/msxml4.cab
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.idesitv.com/livetv.ocx
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://220.227.116.204/activex/AMC.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by122fd.bay122.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 13480 bytes

0

I would say, just to be safe do one more malwarebytes scan also. I will look though this one and wait for the other.
Judy

0

Ok I did a malwarebytes scan and it found nothing. I will now do the ESET scan. The ESET scan took 2 hours last time so I will be back in two hours. I really appreciate your help. I have posted the malwarebytes log below:

Malwarebytes' Anti-Malware 1.24
Database version: 1027
Windows 5.1.2600 Service Pack 2

11:18:37 AM 06/08/2008
mbam-log-8-6-2008 (11-18-37).txt

Scan type: Full Scan (C:\|D:\|M:\|)
Objects scanned: 240871
Time elapsed: 1 hour(s), 32 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

0

I have noticed that I have two internet explorer logos on my desktop. When i press delete on one of them it says "Are you sure you want to send Internet explorer to recycling bin?" and I think this one is the original. The other logo, when I press delete, it says "Are you sure you want to delete the Internet explorer icon from your desktop? To restore it later you can go to display in control panel" My ESET scan is still ongoing. Thanks for your help.

0

Check properties on both logos, that should give the date of install. You can remove an icon, this is just a shortcut and doesn't remove the actual program.

0

Ok I right click and select properties for the one that I think is the true logo and I get the window with tabs General and Shortcut. It says created on Feb. 4 2008 so it looks legitimate. I click properties on the second internet explorer logo and I get a window titled internet properties and it has the tabs: General, Security, Privacy etc. It is the one you get when you go to tools and then internet options in Internet explorer. I think this might have to do with running combofix, it said that it would make my Internet explorer return the default stage or something. I will delete the second logo now, it looks real and not a fake spyware tool. I will restart and see if it reappears later. My ESET scan is still running with 2 threats found. Thank you for your assistance.

0

ok here is the ESET scan log:

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3332 (20080806)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=66cc79fa6cea534585299f95bc4b2ba6
# end=finished
# remove_checked=true
# unwanted_checked=false
# utc_time=2008-08-06 05:22:09
# local_time=2008-08-06 01:22:09 (-0500, Eastern Daylight Time)
# country="Canada"
# osver=5.1.2600 NT Service Pack 2
# scanned=661626
# found=25
# scan_time=6718
C:\Documents and Settings\HP_Owner\My Documents\Setup\eMule0.46b_Installer.exe a variant of Win32/Adware.Webdir application (deleted) 00000000000000000000000000000000
C:\Documents and Settings\HP_Owner\My Documents\Setup\eMule0.46b_Installer.exe ┬╗NSIS ┬╗vgraph.dll a variant of Win32/Adware.Webdir application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\autorun.inf.vir probably a variant of Win32/Agent trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Bha.dll.vbs.vir VBS/Butsur.B worm (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\winupdates\a.zip.vir Win32/VB.D worm (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\Bha.dll.vbs.vir VBS/Butsur.B worm (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\D\autorun.inf.vir probably a variant of Win32/Agent trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\D\Bha.dll.vbs.vir VBS/Butsur.B worm (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP576\A0128250.inf probably a variant of Win32/Agent trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP576\A0128264.inf probably a variant of Win32/Agent trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP576\A0128282.inf probably a variant of Win32/Agent trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP576\A0128296.inf probably a variant of Win32/Agent trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP577\A0128374.inf probably a variant of Win32/Agent trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP585\A0128784.vbs VBS/Butsur.B worm (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP585\A0128785.inf probably a variant of Win32/Agent trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP585\A0128826.vbs VBS/Butsur.B worm (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP585\A0128827.inf probably a variant of Win32/Agent trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP584\A0128772.vbs VBS/Butsur.B worm (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP584\A0128773.inf probably a variant of Win32/Agent trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP586\A0128848.vbs VBS/Butsur.B worm (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP586\A0128849.inf probably a variant of Win32/Agent trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP587\A0128896.vbs VBS/Butsur.B worm (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP587\A0128897.inf probably a variant of Win32/Agent trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP587\A0128949.vbs VBS/Butsur.B worm (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP587\A0128950.inf probably a variant of Win32/Agent trojan (unable to clean - deleted) 00000000000000000000000000000000

0

Hi, can you let me know if everything is clean now? I truly appreciate your help.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.