Tech Support Forum - View Single Post - Re: Posted Logs-need Spyware Removal Help

adasha · 01-09-2008, 01:35 PM

I am having problems with the search taking over my explorer and when I click on anything or even type in an address, it takes me through several other websites, then where it wants to. I also have something that keeps popping up on the left of the screen with its own search results, called ImSorry. HELP!
I've done the 5 steps above and here are my logs:

PandaScan:

Incident Status Location

Adware:Adware/AVSystemCare Not disinfected C:\WINDOWS\system32\ddrawe.dll
Adware:Adware/InternetSpeedMonitor Not disinfected C:\Program Files\QdrDrive\QdrDrive9.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\hggefec.dll
Spyware:Spyware/Vundo Not disinfected C:\WINDOWS\system32\vtutr.dll
Potentially unwanted tool:application/myglobalsearch Not disinfected c:\program files\MyGlobalSearch
Adware:adware/outerinfo Not disinfected Windows Registry
Adware:adware/savenow Not disinfected Windows Registry
Adware:adware/seekmo Not disinfected Windows Registry
Adware:Adware/PurityScan Not disinfected C:\Deckard\System Scanner\backup\DOCUME~1\ADASHA~1\LOCALS~1\Temp\TMP1.tmp
Adware:Adware/PurityScan Not disinfected C:\Deckard\System Scanner\backup\DOCUME~1\ADASHA~1\LOCALS~1\Temp\TMP1221.tmp
Adware:Adware/Yazzle Not disinfected C:\Deckard\System Scanner\backup\DOCUME~1\ADASHA~1\LOCALS~1\Temp\TMP1238.tmp
Adware:Adware/PurityScan Not disinfected C:\Deckard\System Scanner\backup\DOCUME~1\ADASHA~1\LOCALS~1\Temp\TMP2.tmp
Adware:Adware/PurityScan Not disinfected C:\Deckard\System Scanner\backup\DOCUME~1\ADASHA~1\LOCALS~1\Temp\TMP5C.tmp
Adware:Adware/InternetSpeedMonitor Not disinfected C:\Deckard\System Scanner\backup\DOCUME~1\ADASHA~1\LOCALS~1\Temp\TMP61.tmp
Adware:Adware/InternetSpeedMonitor Not disinfected C:\Deckard\System Scanner\backup\DOCUME~1\ADASHA~1\LOCALS~1\Temp\TMP64.tmp
Adware:Adware/Maxifiles Not disinfected C:\Deckard\System Scanner\backup\DOCUME~1\ADASHA~1\LOCALS~1\Temp\TMP67.tmp
Adware:Adware/Yazzle Not disinfected C:\Deckard\System Scanner\backup\DOCUME~1\ADASHA~1\LOCALS~1\Temp\TMP75.tmp
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Adasha Knight\Application Data\Mozilla\Firefox\Profiles\mgyhbhe9.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Adasha Knight\Application Data\Mozilla\Firefox\Profiles\mgyhbhe9.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Adasha Knight\Application Data\Mozilla\Firefox\Profiles\mgyhbhe9.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Adasha Knight\Application Data\Mozilla\Firefox\Profiles\mgyhbhe9.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Adasha Knight\Application Data\Mozilla\Firefox\Profiles\mgyhbhe9.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Adasha Knight\Application Data\Mozilla\Firefox\Profiles\mgyhbhe9.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Adasha Knight\Application Data\Mozilla\Firefox\Profiles\mgyhbhe9.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Adasha Knight\Application Data\Mozilla\Firefox\Profiles\mgyhbhe9.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Adasha Knight\Application Data\Mozilla\Firefox\Profiles\mgyhbhe9.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Adasha Knight\Application Data\Mozilla\Firefox\Profiles\mgyhbhe9.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Adasha Knight\Application Data\Mozilla\Firefox\Profiles\mgyhbhe9.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Adasha Knight\Application Data\Mozilla\Firefox\Profiles\mgyhbhe9.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Adasha Knight\Application Data\Mozilla\Firefox\Profiles\mgyhbhe9.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Adasha Knight\Cookies\adasha knight@ad.yieldmanager[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Adasha Knight\Cookies\adasha knight@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Adasha Knight\Cookies\adasha knight@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Adasha Knight\Cookies\adasha knight@doubleclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Adasha Knight\Cookies\adasha knight@mediaplex[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Adasha Knight\Cookies\adasha knight@server.iad.liveperson[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Adasha Knight\Cookies\adasha knight@statcounter[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Adasha Knight\Cookies\adasha knight@statse.webtrendslive[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Adasha Knight\Cookies\adasha knight@tribalfusion[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Adasha Knight\Cookies\adasha knight@zedo[1].txt
Adware:Adware/AVSystemCare Not disinfected C:\Documents and Settings\Adasha Knight\Desktop\backups\backup-20071206-221922-851.dll
Adware:Adware/AVSystemCare Not disinfected C:\Documents and Settings\Adasha Knight\Desktop\backups\backup-20071206-222313-289.dll
Adware:Adware/AVSystemCare Not disinfected C:\Documents and Settings\Adasha Knight\Desktop\backups\backup-20071212-231333-851.dll
Adware:Adware/AVSystemCare Not disinfected C:\Documents and Settings\Adasha Knight\Desktop\backups\backup-20071215-131912-475.dll
Virus:Trj/Downloader.RUZ Disinfected C:\Documents and Settings\Adasha Knight\Local Settings\Temp\ismtpa8.exe
Spyware:Spyware/Virtumonde Not disinfected C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Virus:Generic Malware Disinfected C:\Program Files\DIGStream\digstream.exe
Possible Virus. Not disinfected C:\Program Files\FaxTools\Install\Setup.exe
Possible Virus. Not disinfected C:\Program Files\InstallShield Installation Information\{F45298E5-0083-426F-A668-1A2C5F04B8A0}\Setup.exe
Spyware:Spyware/Virtumonde Not disinfected C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
Adware:Adware/InternetSpeedMonitor Not disinfected C:\Program Files\ISM\Uninstall.exe
Adware:Adware/InternetSpeedMonitor Not disinfected C:\Program Files\QdrModule\QdrModule11 .exe
Adware:Adware/InternetSpeedMonitor Not disinfected C:\Program Files\QdrPack\QdrPack11.exe
Spyware:Spyware/Virtumonde Not disinfected C:\Program Files\QuickTime\qttask .exe
Spyware:Spyware/Virtumonde Not disinfected C:\Program Files\QuickTime\qttask .exe
Spyware:Spyware/Virtumonde Not disinfected C:\Program Files\QuickTime\qttask .exe
Spyware:Spyware/Virtumonde Not disinfected C:\Program Files\QuickTime\qttask.exe
Virus:Trj/WinAble.A Disinfected C:\Program Files\Temporary\wininstall.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\WinAble\winable .exe
Spyware:Spyware/Virtumonde Not disinfected C:\Program Files\WinAble\winable.exe
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\hggefec.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\iifeecd.dll.bad
Spyware:Spyware/Vundo Not disinfected C:\VundoFix Backups\vtutr.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\vtutr.exe.bad
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\b122.exe
Adware:Adware/Yazzle Not disinfected C:\WINDOWS\mrofinu72.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\mrofinu72.exe.tmp
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\ntanayog.dll
Virus:Trj/Sinowal.HM Disinfected C:\WINDOWS\system32\ntos.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\rutjgknp.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\vtutr.exe
And here is my HIJACK this log:
Logfile of HijackThis v1.99.1
Scan saved at 2:34:25 PM, on 1/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk .exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\QdrModule\QdrModule11 .exe
C:\Program Files\QdrPack\QdrPack11.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Adasha Knight\Desktop\Adasha Knight.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: {f4a12136-cd14-361a-d414-dd091ec260a0} - {0a062ce1-90dd-414d-a163-41dc63121a4f} - C:\WINDOWS\system32\bhxjtvbx.dll
O2 - BHO: (no name) - {6E8989EE-BA6F-4FD5-BEC8-B16CD90BCD4E} - C:\WINDOWS\system32\vtutr.dll
O2 - BHO: (no name) - {AFEAE967-F3A6-48FD-ACCA-A28E1CB1B48A} - C:\WINDOWS\system32\ddrawe.dll
O2 - BHO: (no name) - {CA4F0D8D-5F2B-4F16-838A-8D52249EAB21} - C:\WINDOWS\system32\hggefec.dll
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKCU\..\Run: [QdrPack11] "C:\Program Files\QdrPack\QdrPack11.exe"
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1189315894890
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.dotphoto.com/ImageUploader4.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/download...2/axofupld.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://games.pogo.com/online2/pogo/b...ploader_v6.cab
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

01-09-2008, 01:35 PM	#1 (permalink)
adasha Registered User Join Date: Jan 2008 Location: Texas Posts: 12 OS: Windows XP	Re: Posted Logs-need Spyware Removal Help I am having problems with the search taking over my explorer and when I click on anything or even type in an address, it takes me through several other websites, then where it wants to. I also have something that keeps popping up on the left of the screen with its own search results, called ImSorry. HELP! I've done the 5 steps above and here are my logs: PandaScan: Incident Status Location Adware:Adware/AVSystemCare Not disinfected C:\WINDOWS\system32\ddrawe.dll Adware:Adware/InternetSpeedMonitor Not disinfected C:\Program Files\QdrDrive\QdrDrive9.dll Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\hggefec.dll Spyware:Spyware/Vundo Not disinfected C:\WINDOWS\system32\vtutr.dll Potentially unwanted tool:application/myglobalsearch Not disinfected c:\program files\MyGlobalSearch Adware:adware/outerinfo Not disinfected Windows Registry Adware:adware/savenow Not disinfected Windows Registry Adware:adware/seekmo Not disinfected Windows Registry Adware:Adware/PurityScan Not disinfected C:\Deckard\System Scanner\backup\DOCUME~1\ADASHA~1\LOCALS~1\Temp\TMP1.tmp Adware:Adware/PurityScan Not disinfected C:\Deckard\System Scanner\backup\DOCUME~1\ADASHA~1\LOCALS~1\Temp\TMP1221.tmp Adware:Adware/Yazzle Not disinfected C:\Deckard\System Scanner\backup\DOCUME~1\ADASHA~1\LOCALS~1\Temp\TMP1238.tmp Adware:Adware/PurityScan Not disinfected C:\Deckard\System Scanner\backup\DOCUME~1\ADASHA~1\LOCALS~1\Temp\TMP2.tmp Adware:Adware/PurityScan Not disinfected C:\Deckard\System Scanner\backup\DOCUME~1\ADASHA~1\LOCALS~1\Temp\TMP5C.tmp Adware:Adware/InternetSpeedMonitor Not disinfected C:\Deckard\System Scanner\backup\DOCUME~1\ADASHA~1\LOCALS~1\Temp\TMP61.tmp Adware:Adware/InternetSpeedMonitor Not disinfected C:\Deckard\System Scanner\backup\DOCUME~1\ADASHA~1\LOCALS~1\Temp\TMP64.tmp Adware:Adware/Maxifiles Not disinfected C:\Deckard\System Scanner\backup\DOCUME~1\ADASHA~1\LOCALS~1\Temp\TMP67.tmp Adware:Adware/Yazzle Not disinfected C:\Deckard\System Scanner\backup\DOCUME~1\ADASHA~1\LOCALS~1\Temp\TMP75.tmp Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Adasha Knight\Application Data\Mozilla\Firefox\Profiles\mgyhbhe9.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Adasha Knight\Application Data\Mozilla\Firefox\Profiles\mgyhbhe9.default\cookies.txt[.advertising.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Adasha Knight\Application Data\Mozilla\Firefox\Profiles\mgyhbhe9.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Adasha Knight\Application Data\Mozilla\Firefox\Profiles\mgyhbhe9.default\cookies.txt[.adrevolver.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Adasha Knight\Application Data\Mozilla\Firefox\Profiles\mgyhbhe9.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Adasha Knight\Application Data\Mozilla\Firefox\Profiles\mgyhbhe9.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Adasha Knight\Application Data\Mozilla\Firefox\Profiles\mgyhbhe9.default\cookies.txt[.fastclick.net/] Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Adasha Knight\Application Data\Mozilla\Firefox\Profiles\mgyhbhe9.default\cookies.txt[.trafficmp.com/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Adasha Knight\Application Data\Mozilla\Firefox\Profiles\mgyhbhe9.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Adasha Knight\Application Data\Mozilla\Firefox\Profiles\mgyhbhe9.default\cookies.txt[.realmedia.com/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Adasha Knight\Application Data\Mozilla\Firefox\Profiles\mgyhbhe9.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Adasha Knight\Application Data\Mozilla\Firefox\Profiles\mgyhbhe9.default\cookies.txt[.questionmarket.com/] Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Adasha Knight\Application Data\Mozilla\Firefox\Profiles\mgyhbhe9.default\cookies.txt[.ads.pointroll.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Adasha Knight\Cookies\adasha knight@ad.yieldmanager[2].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Adasha Knight\Cookies\adasha knight@advertising[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Adasha Knight\Cookies\adasha knight@atdmt[2].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Adasha Knight\Cookies\adasha knight@doubleclick[1].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Adasha Knight\Cookies\adasha knight@mediaplex[1].txt Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Adasha Knight\Cookies\adasha knight@server.iad.liveperson[1].txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Adasha Knight\Cookies\adasha knight@statcounter[1].txt Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Adasha Knight\Cookies\adasha knight@statse.webtrendslive[2].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Adasha Knight\Cookies\adasha knight@tribalfusion[1].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Adasha Knight\Cookies\adasha knight@zedo[1].txt Adware:Adware/AVSystemCare Not disinfected C:\Documents and Settings\Adasha Knight\Desktop\backups\backup-20071206-221922-851.dll Adware:Adware/AVSystemCare Not disinfected C:\Documents and Settings\Adasha Knight\Desktop\backups\backup-20071206-222313-289.dll Adware:Adware/AVSystemCare Not disinfected C:\Documents and Settings\Adasha Knight\Desktop\backups\backup-20071212-231333-851.dll Adware:Adware/AVSystemCare Not disinfected C:\Documents and Settings\Adasha Knight\Desktop\backups\backup-20071215-131912-475.dll Virus:Trj/Downloader.RUZ Disinfected C:\Documents and Settings\Adasha Knight\Local Settings\Temp\ismtpa8.exe Spyware:Spyware/Virtumonde Not disinfected C:\Program Files\Common Files\Real\Update_OB\realsched.exe Virus:Generic Malware Disinfected C:\Program Files\DIGStream\digstream.exe Possible Virus. Not disinfected C:\Program Files\FaxTools\Install\Setup.exe Possible Virus. Not disinfected C:\Program Files\InstallShield Installation Information\{F45298E5-0083-426F-A668-1A2C5F04B8A0}\Setup.exe Spyware:Spyware/Virtumonde Not disinfected C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe Adware:Adware/InternetSpeedMonitor Not disinfected C:\Program Files\ISM\Uninstall.exe Adware:Adware/InternetSpeedMonitor Not disinfected C:\Program Files\QdrModule\QdrModule11 .exe Adware:Adware/InternetSpeedMonitor Not disinfected C:\Program Files\QdrPack\QdrPack11.exe Spyware:Spyware/Virtumonde Not disinfected C:\Program Files\QuickTime\qttask .exe Spyware:Spyware/Virtumonde Not disinfected C:\Program Files\QuickTime\qttask .exe Spyware:Spyware/Virtumonde Not disinfected C:\Program Files\QuickTime\qttask .exe Spyware:Spyware/Virtumonde Not disinfected C:\Program Files\QuickTime\qttask.exe Virus:Trj/WinAble.A Disinfected C:\Program Files\Temporary\wininstall.exe Adware:Adware/Maxifiles Not disinfected C:\Program Files\WinAble\winable .exe Spyware:Spyware/Virtumonde Not disinfected C:\Program Files\WinAble\winable.exe Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\hggefec.dll.bad Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\iifeecd.dll.bad Spyware:Spyware/Vundo Not disinfected C:\VundoFix Backups\vtutr.dll.bad Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\vtutr.exe.bad Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\b122.exe Adware:Adware/Yazzle Not disinfected C:\WINDOWS\mrofinu72.exe Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\mrofinu72.exe.tmp Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\ntanayog.dll Virus:Trj/Sinowal.HM Disinfected C:\WINDOWS\system32\ntos.exe Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\rutjgknp.exe Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\vtutr.exe And here is my HIJACK this log: Logfile of HijackThis v1.99.1 Scan saved at 2:34:25 PM, on 1/9/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk .exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\QdrModule\QdrModule11 .exe C:\Program Files\QdrPack\QdrPack11.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Adasha Knight\Desktop\Adasha Knight.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/ F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\ntos.exe, O2 - BHO: {f4a12136-cd14-361a-d414-dd091ec260a0} - {0a062ce1-90dd-414d-a163-41dc63121a4f} - C:\WINDOWS\system32\bhxjtvbx.dll O2 - BHO: (no name) - {6E8989EE-BA6F-4FD5-BEC8-B16CD90BCD4E} - C:\WINDOWS\system32\vtutr.dll O2 - BHO: (no name) - {AFEAE967-F3A6-48FD-ACCA-A28E1CB1B48A} - C:\WINDOWS\system32\ddrawe.dll O2 - BHO: (no name) - {CA4F0D8D-5F2B-4F16-838A-8D52249EAB21} - C:\WINDOWS\system32\hggefec.dll O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKCU\..\Run: [QdrPack11] "C:\Program Files\QdrPack\QdrPack11.exe" O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1189315894890 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.dotphoto.com/ImageUploader4.cab O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/download...2/axofupld.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://games.pogo.com/online2/pogo/b...ploader_v6.cab O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe