Tech Support Forum - View Single Post - Best Offer Popups and SLOW response times

krazymoo · 08-04-2006, 07:33 PM

LOG FILES!
Logfile of HijackThis v1.99.1
Scan saved at 9:26:12 PM, on 8/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Documents and Settings\HP_Owner\My Documents\My Media\Scrapbooking\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Ewido!
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:15:57 PM 8/4/2006

+ Scan result:

C:\Program Files\Common Files\Sandlot Shared\slghex.dll -> Adware.SpywareStorm : Cleaned with backup (quarantined).
C:\country.exe -> Backdoor.Haxdoor.gb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3600263141-977406453-1974778803-1009\Dc80.rar/Setup_toolBar.exe -> Downloader.IstBar.nj : Cleaned with backup (quarantined).
C:\nj.exe -> Downloader.Small.cpg : Cleaned with backup (quarantined).
C:\tool3.exe -> Downloader.Tiny.al : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\My Documents\_\AceFTP v3.01 Pro.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\My Documents\_\Ad Popup Killer v4.0.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\My Documents\_\BoomBox Radio.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\My Documents\_\Clean Disk security v7.02.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\My Documents\_\Filemanag v3.01.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\My Documents\_\FlashFXP v2.2.951 BETA.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\My Documents\_\NeoTrace Pro 3.25.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\My Documents\_\No1 CD Ripper v1.72.42.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\My Documents\_\ProKon v10.0k.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\My Documents\_\Set Machine v2.42A.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\My Documents\_\SpyAnytime PC Spy v2.24.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\My Documents\_\SuperCleaner v2.65.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\My Documents\_\Teleport Pro v1.29.2018.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\My Documents\_\TransMac v6.1.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\My Documents\_\WinGlobe 2.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\My Documents\_\xzxzxzxzxzxz.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\WINDOWS\pss\svchost.exeCommon Startup -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3600263141-977406453-1974778803-1009\Dc39.zip/Video.exe -> Dropper.WinAD.h : Cleaned with backup (quarantined).
C:\tool5.exe -> Hijacker.Small.kr : Cleaned with backup (quarantined).
C:\mx.exe -> Hijacker.VB.lb : Cleaned with backup (quarantined).
C:\tool4.exe -> Logger.Haxspy.w : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@anheuserbusch.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@edfinancial.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Visitor\Cookies\visitor@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@bestoffersnetworks[1].txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@bfast[1].txt -> TrackingCookie.Bfast : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@cz11.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@cz5.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@vip2.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@cliks[2].txt -> TrackingCookie.Cliks : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@com[1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@e-2dj6wfkiagdpclo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@e-2dj6wfkyuicjwcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@e-2dj6wflospcpgep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@e-2dj6wfmicoczsep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@e-2dj6wfmyendzwco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@e-2dj6whliqoczwdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@e-2dj6wjmispazckq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ehg-gamespot.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@need2find[2].txt -> TrackingCookie.Need2find : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@data4.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@h.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@try.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\zdj.exe -> Trojan.LowZones.dm : Cleaned with backup (quarantined).
C:\tool1.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined).
C:\toolbar.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe -> Trojan.Sinowal.d : Cleaned with backup (quarantined).
C:\Program Files\winsupdater\a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Program Files\winsupdater\winsupdater.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Program Files\winupdates\a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Program Files\winupdates\winupdates.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3600263141-977406453-1974778803-1009\Dc20.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3600263141-977406453-1974778803-1009\Dc21.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3600263141-977406453-1974778803-1009\Dc22.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3600263141-977406453-1974778803-1009\Dc23.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3600263141-977406453-1974778803-1009\Dc24.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3600263141-977406453-1974778803-1009\Dc25.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3600263141-977406453-1974778803-1009\Dc26.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3600263141-977406453-1974778803-1009\Dc28.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3600263141-977406453-1974778803-1009\Dc29.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3600263141-977406453-1974778803-1009\Dc30.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3600263141-977406453-1974778803-1009\Dc31.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3600263141-977406453-1974778803-1009\Dc32.exe -> Worm.VB.an : Cleaned with backup (quarantined).

::Report end

I couldn't get Kapersky online virus checker to work, but I did recently but Norton Anti Virus, and will run it if you want. Let's see, starting at the beginning...

I could not find these to check in Hijack this...is that a good thing?
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll
O3 - Toolbar: RX Toolbar - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - C:\Program Files\RXToolBar\RXToolBar.dll
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll

Then, I was unable to uninstall these because they were not on the list to remove them from the system.
Need2Find
RXToolBar
altnet\points manager
Best Offers

In C:\, the only folder I couldn't find to delete was
C:\program files\altnet\points manager\

Cleanup! found 63,140files and 3.5gig to delete.

My computer doesn't seem any faster or slower, but the best offer pop ups are gone. Thanks.

Just saw the note about Kapersky, running Panda...

oh and I'll do Java...

08-04-2006, 07:33 PM	#6 (permalink)
krazymoo Registered User Join Date: Aug 2006 Posts: 5 OS: Win XP	Thanks so much... LOG FILES! Logfile of HijackThis v1.99.1 Scan saved at 9:26:12 PM, on 8/4/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Documents and Settings\HP_Owner\My Documents\My Media\Scrapbooking\hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Ewido! --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 9:15:57 PM 8/4/2006 + Scan result: C:\Program Files\Common Files\Sandlot Shared\slghex.dll -> Adware.SpywareStorm : Cleaned with backup (quarantined). C:\country.exe -> Backdoor.Haxdoor.gb : Cleaned with backup (quarantined). C:\RECYCLER\S-1-5-21-3600263141-977406453-1974778803-1009\Dc80.rar/Setup_toolBar.exe -> Downloader.IstBar.nj : Cleaned with backup (quarantined). C:\nj.exe -> Downloader.Small.cpg : Cleaned with backup (quarantined). C:\tool3.exe -> Downloader.Tiny.al : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\My Documents\_\AceFTP v3.01 Pro.exe -> Dropper.VB.lu : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\My Documents\_\Ad Popup Killer v4.0.exe -> Dropper.VB.lu : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\My Documents\_\BoomBox Radio.exe -> Dropper.VB.lu : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\My Documents\_\Clean Disk security v7.02.exe -> Dropper.VB.lu : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\My Documents\_\Filemanag v3.01.exe -> Dropper.VB.lu : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\My Documents\_\FlashFXP v2.2.951 BETA.exe -> Dropper.VB.lu : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\My Documents\_\NeoTrace Pro 3.25.exe -> Dropper.VB.lu : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\My Documents\_\No1 CD Ripper v1.72.42.exe -> Dropper.VB.lu : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\My Documents\_\ProKon v10.0k.exe -> Dropper.VB.lu : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\My Documents\_\Set Machine v2.42A.exe -> Dropper.VB.lu : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\My Documents\_\SpyAnytime PC Spy v2.24.exe -> Dropper.VB.lu : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\My Documents\_\SuperCleaner v2.65.exe -> Dropper.VB.lu : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\My Documents\_\Teleport Pro v1.29.2018.exe -> Dropper.VB.lu : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\My Documents\_\TransMac v6.1.exe -> Dropper.VB.lu : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\My Documents\_\WinGlobe 2.exe -> Dropper.VB.lu : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\My Documents\_\xzxzxzxzxzxz.exe -> Dropper.VB.lu : Cleaned with backup (quarantined). C:\WINDOWS\pss\svchost.exeCommon Startup -> Dropper.VB.lu : Cleaned with backup (quarantined). C:\RECYCLER\S-1-5-21-3600263141-977406453-1974778803-1009\Dc39.zip/Video.exe -> Dropper.WinAD.h : Cleaned with backup (quarantined). C:\tool5.exe -> Hijacker.Small.kr : Cleaned with backup (quarantined). C:\mx.exe -> Hijacker.VB.lb : Cleaned with backup (quarantined). C:\tool4.exe -> Logger.Haxspy.w : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\Cookies\hp_owner@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\Cookies\hp_owner@anheuserbusch.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\Cookies\hp_owner@edfinancial.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\Cookies\hp_owner@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). C:\Documents and Settings\Visitor\Cookies\visitor@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\Cookies\hp_owner@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\Cookies\hp_owner@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\Cookies\hp_owner@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\Cookies\hp_owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\Cookies\hp_owner@bestoffersnetworks[1].txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\Cookies\hp_owner@bfast[1].txt -> TrackingCookie.Bfast : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\Cookies\hp_owner@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\Cookies\hp_owner@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\Cookies\hp_owner@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\Cookies\hp_owner@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\Cookies\hp_owner@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\Cookies\hp_owner@cz11.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\Cookies\hp_owner@cz5.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\Cookies\hp_owner@vip2.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\Cookies\hp_owner@cliks[2].txt -> TrackingCookie.Cliks : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\Cookies\hp_owner@com[1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\Cookies\hp_owner@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\Cookies\hp_owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\Cookies\hp_owner@e-2dj6wfkiagdpclo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\Cookies\hp_owner@e-2dj6wfkyuicjwcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\Cookies\hp_owner@e-2dj6wflospcpgep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\Cookies\hp_owner@e-2dj6wfmicoczsep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\Cookies\hp_owner@e-2dj6wfmyendzwco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\Cookies\hp_owner@e-2dj6whliqoczwdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\Cookies\hp_owner@e-2dj6wjmispazckq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\Cookies\hp_owner@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ehg-gamespot.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\Cookies\hp_owner@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\Cookies\hp_owner@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\Cookies\hp_owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\Cookies\hp_owner@need2find[2].txt -> TrackingCookie.Need2find : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\Cookies\hp_owner@data4.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\Cookies\hp_owner@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\Cookies\hp_owner@h.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\Cookies\hp_owner@try.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\Cookies\hp_owner@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\Cookies\hp_owner@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\Cookies\hp_owner@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\Cookies\hp_owner@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\Cookies\hp_owner@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\Cookies\hp_owner@web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined). C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined). C:\zdj.exe -> Trojan.LowZones.dm : Cleaned with backup (quarantined). C:\tool1.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined). C:\toolbar.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined). C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe -> Trojan.Sinowal.d : Cleaned with backup (quarantined). C:\Program Files\winsupdater\a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined). C:\Program Files\winsupdater\winsupdater.exe -> Worm.VB.an : Cleaned with backup (quarantined). C:\Program Files\winupdates\a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined). C:\Program Files\winupdates\winupdates.exe -> Worm.VB.an : Cleaned with backup (quarantined). C:\RECYCLER\S-1-5-21-3600263141-977406453-1974778803-1009\Dc20.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined). C:\RECYCLER\S-1-5-21-3600263141-977406453-1974778803-1009\Dc21.exe -> Worm.VB.an : Cleaned with backup (quarantined). C:\RECYCLER\S-1-5-21-3600263141-977406453-1974778803-1009\Dc22.exe -> Worm.VB.an : Cleaned with backup (quarantined). C:\RECYCLER\S-1-5-21-3600263141-977406453-1974778803-1009\Dc23.exe -> Worm.VB.an : Cleaned with backup (quarantined). C:\RECYCLER\S-1-5-21-3600263141-977406453-1974778803-1009\Dc24.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined). C:\RECYCLER\S-1-5-21-3600263141-977406453-1974778803-1009\Dc25.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined). C:\RECYCLER\S-1-5-21-3600263141-977406453-1974778803-1009\Dc26.exe -> Worm.VB.an : Cleaned with backup (quarantined). C:\RECYCLER\S-1-5-21-3600263141-977406453-1974778803-1009\Dc28.exe -> Worm.VB.an : Cleaned with backup (quarantined). C:\RECYCLER\S-1-5-21-3600263141-977406453-1974778803-1009\Dc29.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined). C:\RECYCLER\S-1-5-21-3600263141-977406453-1974778803-1009\Dc30.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined). C:\RECYCLER\S-1-5-21-3600263141-977406453-1974778803-1009\Dc31.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined). C:\RECYCLER\S-1-5-21-3600263141-977406453-1974778803-1009\Dc32.exe -> Worm.VB.an : Cleaned with backup (quarantined). ::Report end I couldn't get Kapersky online virus checker to work, but I did recently but Norton Anti Virus, and will run it if you want. Let's see, starting at the beginning... I could not find these to check in Hijack this...is that a good thing? O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll O3 - Toolbar: RX Toolbar - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - C:\Program Files\RXToolBar\RXToolBar.dll O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll Then, I was unable to uninstall these because they were not on the list to remove them from the system. Need2Find RXToolBar altnet\points manager Best Offers In C:\, the only folder I couldn't find to delete was C:\program files\altnet\points manager\ Cleanup! found 63,140files and 3.5gig to delete. My computer doesn't seem any faster or slower, but the best offer pop ups are gone. Thanks. Just saw the note about Kapersky, running Panda... oh and I'll do Java... Last edited by krazymoo; 08-04-2006 at 07:40 PM.