Search Engine Redirecting.

View previous topic View next topic Go down

Solved Search Engine Redirecting.

Post by Missiella on 8th February 2009, 5:54 pm

I'm getting redirected to commercial web pages via Google.
&& I get Anti Virus stuff popping up once in while.. fraud??



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:52:37, on 2/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\TEMP\winlognn.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\WINDOWS\system32\prunnet.exe
C:\Documents and Settings\Dorje\Application Data\cogad\cogad.exe
C:\Program Files\Transparent Windows\Transparent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\VnrPack\VnrPack23.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\TWVsaXNh\command.exe
C:\DOCUME~1\Dorje\LOCALS~1\Temp\csrssc.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Documents and Settings\Dorje\Desktop\hijackgpthis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\config\systemprofile\xaxnmm.exe \s
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P35 "EPSON Stylus CX3600 Series (Copy 1)" /O5 "LPT1:" /M "Stylus CX3600"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKLM\..\Run: [5c1a537b] rundll32.exe "C:\WINDOWS\system32\ixitbcyl.dll",b
O4 - HKLM\..\Run: [jsf8uiw3jnjgffght] C:\WINDOWS\TEMP\winlognn.exe
O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [EPSON Stylus SX400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE /FU "C:\WINDOWS\TEMP\E_SC1.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKCU\..\Run: [cogad] "C:\Documents and Settings\Dorje\Application Data\cogad\cogad.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKCU\..\Run: [jsf8uiw3jnjgffght] C:\WINDOWS\TEMP\winlognn.exe
O4 - HKCU\..\Run: [tezrtsjhfr84iusjfo84f] C:\DOCUME~1\Dorje\LOCALS~1\Temp\csrssc.exe
O4 - HKCU\..\Run: [VnrPack23] "C:\Program Files\VnrPack\VnrPack23.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [tjbtikxp.exe] C:\WINDOWS\tjbtikxp.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ntqzqwjb.exe] C:\WINDOWS\ntqzqwjb.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Transparent Windows.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Windows Live Search - [You must be registered and logged in to see this link.] Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Add to Windows &Live Favorites - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Open in new background tab - [You must be registered and logged in to see this link.] Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?2275ea2707b849c0983010060ea6b6ba
O8 - Extra context menu item: Open in new foreground tab - [You must be registered and logged in to see this link.] Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?2275ea2707b849c0983010060ea6b6ba
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - [You must be registered and logged in to see this link.]
O16 - DPF: ChatSpace Full Java Client 4.0.0.320 - [You must be registered and logged in to see this link.]
O16 - DPF: Yahoo! Bingo - [You must be registered and logged in to see this link.]
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - [You must be registered and logged in to see this link.]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - [You must be registered and logged in to see this link.]
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - [You must be registered and logged in to see this link.]
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWVsaXNh\command.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe

--
End of file - 13493 bytes

Missiella
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-01-12
OS OS : Windows XP
Points Points : 28890
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Search Engine Redirecting.

Post by Missiella on 8th February 2009, 5:57 pm

+ this website pops up often.

[You must be registered and logged in to see this link.]

Missiella
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-01-12
OS OS : Windows XP
Points Points : 28890
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Search Engine Redirecting.

Post by Belahzur on 8th February 2009, 7:20 pm

Moving to malware removal.

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\config\systemprofile\xaxnmm.exe \s
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
    O4 - HKLM\..\Run: [5c1a537b] rundll32.exe "C:\WINDOWS\system32\ixitbcyl.dll",b
    O4 - HKLM\..\Run: [jsf8uiw3jnjgffght] C:\WINDOWS\TEMP\winlognn.exe
    O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
    O4 - HKCU\..\Run: [cogad] "C:\Documents and Settings\Dorje\Application Data\cogad\cogad.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
    O4 - HKCU\..\Run: [jsf8uiw3jnjgffght] C:\WINDOWS\TEMP\winlognn.exe
    O4 - HKCU\..\Run: [tezrtsjhfr84iusjfo84f] C:\DOCUME~1\Dorje\LOCALS~1\Temp\csrssc.exe
    O4 - HKCU\..\Run: [VnrPack23] "C:\Program Files\VnrPack\VnrPack23.exe"
    O4 - HKUS\S-1-5-18\..\Run: [tjbtikxp.exe] C:\WINDOWS\tjbtikxp.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [ntqzqwjb.exe] C:\WINDOWS\ntqzqwjb.exe (User 'SYSTEM')
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O22 - SharedTaskScheduler: jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - (no file)
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWVsaXNh\command.exe


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Search Engine Redirecting.

Post by Missiella on 8th February 2009, 9:16 pm

Malwarebytes' Anti-Malware 1.33
Database version: 1739
Windows 5.1.2600 Service Pack 3

2/8/2009 21:07:36
mbam-log-2009-02-08 (21-07-36).txt

Scan type: Quick Scan
Objects scanned: 72247
Time elapsed: 11 minute(s), 31 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 62
Registry Values Infected: 4
Registry Data Items Infected: 1
Folders Infected: 45
Files Infected: 516

Memory Processes Infected:
C:\Program Files\Network Monitor\netmon.exe (Trojan.DNSChanger) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\TWVsaXNh\asappsrv.dll (Adware.CommAd) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5bf49a2-94f3-42bd-f434-3604812c8955} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} (Trojan.Network.Monitor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hjepdgyd (Rootkit.Pakes) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\hjepdgyd (Rootkit.Pakes) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hjepdgyd (Rootkit.Pakes) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\protect (Trojan.NtRootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\protect (Trojan.NtRootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\protect (Trojan.NtRootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\icheck (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prunnet (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VnrPack (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService (Adware.CommAd) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor (Trojan.Service) -> Quarantined and deleted successfully.

Missiella
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-01-12
OS OS : Windows XP
Points Points : 28890
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Search Engine Redirecting.

Post by Missiella on 8th February 2009, 9:17 pm

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jsf8uiw3jnjgffght (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tezrtsjhfr84iusjfo84f (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Network Monitor (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlocker (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\IESkins (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\HostOI (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\HostOI\dynamic (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\HostOI\static (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\HostOL (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\HostOL\dynamic (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\HostOL\static (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\hstat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\ustat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\iCheck (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\VnrPack (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\VirusRemover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
C:\Program Files\Mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Melisa Gurung\Application Data\SpamBlocker (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\SpamBlocker (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dorje\Application Data\FunWebProducts (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dorje\Application Data\FunWebProducts\Data (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dorje\Application Data\FunWebProducts\Data\Dorje (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Updater (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Updater\2364 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Updater\2663 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dorje\Application Data\cogad (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dorje\Application Data\VirusRemover2008 (Rogue.VirusRemover) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dorje\Application Data\VirusRemover2008\Logs (Rogue.VirusRemover) -> Quarantined and deleted successfully.

Missiella
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-01-12
OS OS : Windows XP
Points Points : 28890
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Search Engine Redirecting.

Post by Missiella on 8th February 2009, 9:18 pm

Files Infected:
C:\WINDOWS\TWVsaXNh\asappsrv.dll (Adware.CommAd) -> Delete on reboot.
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
C:\WINDOWS\ntqzqwjb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\tjbtikxp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\prunnet.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oieuhqoa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXQIccY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_hsfd83jfdg.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnLfCVL.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnoNgdB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnomnlM.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekabsquwpjb.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\senekajnalxegr.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\drivers\senekakilqgrrn.sys (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\drivers\hjepdgyd.sys (Rootkit.Pakes) -> Delete on reboot.
C:\WINDOWS\system32\drivers\protect.sys (Trojan.NtRootkit.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nani\Local Settings\Temp\ssqOIYqo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dorje\Local Settings\Temp\prun.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dorje\Local Settings\Temp\rmxoscawne.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dorje\Local Settings\Temp\TDSS5f95.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dorje\Local Settings\Temp\cmdinst.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dorje\Local Settings\Temp\nemaxowsrc.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dorje\Local Settings\Temp\oexcwnsrma.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dorje\Local Settings\Temp\winlognn.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dorje\Local Settings\Temp\__1F5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dorje\Local Settings\Temp\__200.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dorje\Local Settings\Temp\__21F.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nani\Local Settings\Temporary Internet Files\Content.IE5\BESJ79R7\apstpldr.dll[1].htm (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dorje\Local Settings\Temporary Internet Files\Content.IE5\7IBRNUXG\148[1].net (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dorje\Local Settings\Temporary Internet Files\Content.IE5\7IBRNUXG\installer[1].exe (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dorje\Local Settings\Temporary Internet Files\Content.IE5\7IBRNUXG\hrobc[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dorje\Local Settings\Temporary Internet Files\Content.IE5\7IBRNUXG\aasuper2[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dorje\Local Settings\Temporary Internet Files\Content.IE5\GS2LX5P6\104[1].net (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dorje\Local Settings\Temporary Internet Files\Content.IE5\IOMWC4AS\152[1].net (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dorje\Local Settings\Temporary Internet Files\Content.IE5\IOMWC4AS\vbclmznn[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dorje\Local Settings\Temporary Internet Files\Content.IE5\IOMWC4AS\dnxkllz[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dorje\Local Settings\Temporary Internet Files\Content.IE5\MU7RHAAA\aasuper0[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dorje\Local Settings\Temporary Internet Files\Content.IE5\MU7RHAAA\islre[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dorje\Local Settings\Temporary Internet Files\Content.IE5\MU7RHAAA\qjgguh[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dorje\Local Settings\Temporary Internet Files\Content.IE5\MU7RHAAA\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Network Monitor\netmon.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Missiella
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-01-12
OS OS : Windows XP
Points Points : 28890
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Search Engine Redirecting.

Post by Belahzur on 8th February 2009, 9:21 pm

Lets see what's left.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run
  • When complete, DDS.txt will open.
  • Save the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Search Engine Redirecting.

Post by Missiella on 8th February 2009, 9:23 pm

C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\398397 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\402452 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\42013 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\42916 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\43907 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\44228 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\44229 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\44300 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\44323 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\44458 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\5136 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\528235 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\538263 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\54473 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\5464 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\56815 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\57973 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\5828 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\592031 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\608961 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\61212 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\64646 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\66836 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\6873 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\702289 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\70608 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\744758 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\744775 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\747293 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\79257 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\82292 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\83919 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\873 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\8732 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\87385 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\87410 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\87555 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\87576 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\87584 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\89658 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\90167 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\93921 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\95645 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\95704 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\97499 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\97518 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\97524 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\97741 (Adware.Hotbar) -> Quarantined and deleted successfully.

Missiella
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-01-12
OS OS : Windows XP
Points Points : 28890
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Search Engine Redirecting.

Post by Missiella on 8th February 2009, 9:24 pm

C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\ustat\348a.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\ads.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\btntrans.idx (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\btntrans1.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\business_promo.htm (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\buttondir.txt (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\components.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\default.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz1.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz10.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz11.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz12.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz13.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz14.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz15.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz16.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz17.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz18.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz19.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz2.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz20.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz3.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz4.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz5.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz6.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz7.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz8.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz9.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_categorize.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_comparison.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_em_PROFL_CA_flow_b_IEB.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_explorer-Mails.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_explorer-people.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_fastutilities.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_favorites.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Games.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Hide.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_hotbarcom.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Hotmail.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_hsskin.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_jemster.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_jemsterie.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_jemsteruk.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_jobsearch.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Mails.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_new.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.

Missiella
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-01-12
OS OS : Windows XP
Points Points : 28890
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Search Engine Redirecting.

Post by Missiella on 8th February 2009, 9:24 pm

C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_premium.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_reun.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_ringtones.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_SearchBoxTrapper.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_searchfor.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_searchgo.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_weather.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_yellowpages.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_1000.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_2000.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_3000.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_bar.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_bbar1.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_logos.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_other.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_weather.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\email-def-511724-9595.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\email-t1-bg.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\hotbar-premium-hotbar-premium.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\hotbar-premium.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\hotbar_promo.htm (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\icons2.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\keywords.idx (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\keywords1.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\layout.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\linkpathlegal.txt (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\progress.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\sales_buttons.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\sbuwallpaper.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\s_icons_buttons.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\t2_bg.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\theweb.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\top7.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Top7_theweb.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\tsd_bg.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\ads.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\btntrans.idx (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\btntrans1.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\business_promo.htm (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\buttondir.txt (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\components.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\default.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz1.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz10.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz11.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz12.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz13.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz14.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.

Missiella
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-01-12
OS OS : Windows XP
Points Points : 28890
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Search Engine Redirecting.

Post by Missiella on 8th February 2009, 9:24 pm

C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz15.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz16.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz17.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz18.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz19.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz2.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz20.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz3.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz4.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz5.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz6.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz7.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz8.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz9.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_categorize.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_comparison.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_em_PROFL_CA_flow_b_IEB.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_explorer-Mails.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_explorer-people.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_fastutilities.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_favorites.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_Games.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_Hide.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_hotbarcom.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_Hotmail.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_hsskin.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_jemster.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_jemsterie.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_jemsteruk.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_jobsearch.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_Mails.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_new.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_premium.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_reun.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_ringtones.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_SearchBoxTrapper.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_searchfor.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_searchgo.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_weather.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_yellowpages.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_1000.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_2000.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_3000.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_bar.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_bbar1.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_logos.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_other.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_weather.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\email-def-511724-9595.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\email-t1-bg.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\hotbar-premium-hotbar-premium.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\hotbar-premium.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\hotbar_promo.htm (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\icons2.res (Adware.Hotbar) -> Quarantined and deleted successfully.

Missiella
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-01-12
OS OS : Windows XP
Points Points : 28890
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Search Engine Redirecting.

Post by Missiella on 8th February 2009, 9:25 pm

C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\keywords.idx (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\keywords1.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\layout.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\linkpathlegal.txt (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\progress.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\sales_buttons.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\sbuwallpaper.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\s_icons_buttons.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\t2_bg.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\theweb.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\top7.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Top7_theweb.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\tsd_bg.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\ads.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\BtnTrans.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\BtnTrans1.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\business_promo.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\buttondir.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\default.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_1000.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_2000.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_3000.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_bar.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_bbar1.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_logos.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_other.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_weather.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\email-t1-bg.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\hotbar-premium.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\hotbar_promo.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\icons2.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\keywords.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\keywords1.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\layout.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\linkpathlegal.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\progress.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\sales_buttons.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\samplegroups2.txt (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\samplegroups2.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\sbuwallpaper.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\s_icons_buttons.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\t2_bg.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\top7.xip (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\tsd_bg.xip (Adware.Hotbar) -> Quarantined and deleted successfully.

Missiella
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-01-12
OS OS : Windows XP
Points Points : 28890
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Search Engine Redirecting.

Post by Missiella on 8th February 2009, 9:25 pm

C:\Program Files\IEToolbar\inst.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\iCheck\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\VnrPack\dicts.gz (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\VnrPack\trgts.gz (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\VnrPack\VnrPack23.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dorje\Application Data\FunWebProducts\xerks.exe (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dorje\Application Data\FunWebProducts\Data\Dorje\avatar.dat (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dorje\Application Data\FunWebProducts\Data\Dorje\register.dat (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dorje\Application Data\FunWebProducts\Data\Dorje\zbucks.dat (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\VideoEgg\user.dat (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\publisher.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\avcodec.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\crashRpt.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\FLVEncoder.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\lame_enc.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\LevelMeter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\libpng.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\npvideoegg-publisher.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\report.log (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\VideoEgg_FLVWriter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\zlib.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.

Missiella
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-01-12
OS OS : Windows XP
Points Points : 28890
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Search Engine Redirecting.

Post by Missiella on 8th February 2009, 9:25 pm

C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\icon_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\icon_camcorder_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\icon_camcorder_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\icon_file_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\icon_file_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\icon_phone_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\icon_phone_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\icon_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\icon_webcam_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\icon_webcam_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\restart.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\restart_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

Missiella
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-01-12
OS OS : Windows XP
Points Points : 28890
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Search Engine Redirecting.

Post by Missiella on 8th February 2009, 9:26 pm

C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\text_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\text_camcorder_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\text_file.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\text_file_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\text_phone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\text_phone_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\text_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\text_webcam_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\messages\messages.en-US.bundle (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Updater\updater.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Updater\2364\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Updater\2364\updater.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Updater\2663\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\VideoEgg\Updater\2663\updater.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dorje\Application Data\cogad\cogad.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dorje\Application Data\VirusRemover2008\Logs\scns.log (Rogue.VirusRemover) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\atmtd.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\atmtd.dll._ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\makehm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twex.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\TDSSserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\services.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\uninstall_nmon.vbs (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dorje\Local Settings\Temp\TDSS5eaa.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\winlognn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\csrssc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nani\Local Settings\Temp\csrssc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dorje\Local Settings\Temp\csrssc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekaakgnelob.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekaidlxmfmp.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\senekakombqxdu.dat (Trojan.Agent) -> Quarantined and deleted successfully.

Missiella
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-01-12
OS OS : Windows XP
Points Points : 28890
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Search Engine Redirecting.

Post by Missiella on 8th February 2009, 9:26 pm

Finished finally.

Missiella
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-01-12
OS OS : Windows XP
Points Points : 28890
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Search Engine Redirecting.

Post by Belahzur on 8th February 2009, 9:27 pm

Your computer has multiple infections, including a backdoor. A backdoor gives intruders complete control of your computer, logs your keystrokes, steal personal information, etc.

You are strongly advised to do the following:

  • Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
  • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  • From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).

Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.

Due to its backdoor functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be to do a reformat and reinstallation of the operating system (OS). However, if you do not have the resources to reinstall your OS and would like me to attempt to clean your machine, I will be happy to do so.

To help you understand more, please take some time to read the following articles:

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Search Engine Redirecting.

Post by Missiella on 8th February 2009, 9:32 pm

Okay, that's just scaring me.

Please could you help clean it?

Missiella
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-01-12
OS OS : Windows XP
Points Points : 28890
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Search Engine Redirecting.

Post by Belahzur on 8th February 2009, 9:33 pm

Sure. Smile


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run
  • When complete, DDS.txt will open.
  • Save the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Search Engine Redirecting.

Post by Missiella on 8th February 2009, 9:35 pm

DDS (Ver_09-02-01.01) - NTFSx86
Run by Dorje at 21:27:28.82 on Sun 02/08/2009
Internet Explorer: 8.0.6001.18241 BrowserJavaVersion: 1.6.0_02
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.447.75 [GMT 0:00]

FW: Personal Firewall Plus *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\TWVsaXNh\command.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
svchost.exe C:\WINDOWS\TEMP\VRT1.tmp
C:\WINDOWS\system32\idaw64.exe
C:\WINDOWS\system32\idaw64.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Transparent Windows\Transparent.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
svchost.exe
C:\WINDOWS\system32\4.tmp
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Documents and Settings\Dorje\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uSearch Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
mDefault_Search_URL = [You must be registered and logged in to see this link.]
mSearch Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
mSearchAssistant = [You must be registered and logged in to see this link.]
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\idaw64.exe,
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: NoExplorer - No File
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [EPSON Stylus SX400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiege.exe /fu "c:\windows\temp\E_SC1.tmp" /EF "HKCU"
mRun: [EPSON Stylus CX3600 Series (Copy 1)] c:\windows\system32\spool\drivers\w32x86\3\E_FATI9BE.EXE /P35 "EPSON Stylus CX3600 Series (Copy 1)" /O5 "LPT1:" /M "Stylus CX3600"
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\mcupdate.exe
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\McAgent.exe
mRun: [McRegWiz] c:\progra~1\mcafee.com\agent\McRegWiz.exe /autorun
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.6.0_02\bin\jusched.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [VTTimer] VTTimer.exe
mRun: [VTTrayp] VTtrayp.exe
mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe"
mRun: [btbb_wcm_McciTrayApp] "c:\program files\bt broadband desktop help\btbb_wcm\McciTrayApp.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [fprfzxjv.exe] c:\windows\fprfzxjv.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\transp~1.lnk - c:\windows\installer\{26e30f32-01c0-47ef-930b-d36b676b86a9}\_294823.exe
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - [You must be registered and logged in to see this link.]
IE: Open in new background tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/229?2275ea2707b849c0983010060ea6b6ba
IE: Open in new foreground tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/230?2275ea2707b849c0983010060ea6b6ba
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
DPF: CabBuilder - [You must be registered and logged in to see this link.]
DPF: ChatSpace Full Java Client 4.0.0.320 - [You must be registered and logged in to see this link.]
DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: Yahoo! Bingo - [You must be registered and logged in to see this link.]
DPF: {0000000A-9980-0010-8000-00AA00389B71} - [You must be registered and logged in to see this link.]
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - [You must be registered and logged in to see this link.]
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - [You must be registered and logged in to see this link.]
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - [You must be registered and logged in to see this link.]
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - [You must be registered and logged in to see this link.]
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - [You must be registered and logged in to see this link.]
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - [You must be registered and logged in to see this link.]
DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} - [You must be registered and logged in to see this link.]
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3334504D-9980-0010-8000-00AA00389B71} - [You must be registered and logged in to see this link.]
DPF: {33564D57-0000-0010-8000-00AA00389B71} - [You must be registered and logged in to see this link.]
DPF: {33564D57-9980-0010-8000-00AA00389B71} - [You must be registered and logged in to see this link.]
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - [You must be registered and logged in to see this link.]
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - [You must be registered and logged in to see this link.]
DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} - [You must be registered and logged in to see this link.]
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - [You must be registered and logged in to see this link.]
DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} - [You must be registered and logged in to see this link.]
DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - [You must be registered and logged in to see this link.]
DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - [You must be registered and logged in to see this link.]
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\cbXPhgDs

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dorje\applic~1\mozilla\firefox\profiles\tvql7b5w.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\google\google updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll

============= SERVICES / DRIVERS ===============

R0 vvyvsthr;vvyvsthr;c:\windows\system32\drivers\vvyvsthr.sys [2009-2-8 33920]
R2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2006-12-12 147456]
R2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2006-12-12 139264]
RUnknown cmdService;cmdService; [x]
RUnknown protect;protect; [x]
S3 iadusb;BT Voyager 205 ADSL Router;c:\windows\system32\drivers\glauiad.sys [2005-9-21 30371]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2006-11-13 266240]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2009-02-08 21:13 23,553 a------- c:\windows\system32\6.tmp
2009-02-08 21:13 3,584 a------- c:\windows\fprfzxjv.exe
2009-02-08 21:10 33,920 a------- c:\windows\system32\drivers\vvyvsthr.sys
2009-02-08 21:09 163,780 a------- c:\windows\system32\4.tmp
2009-02-08 21:09 64,000 a------- c:\windows\system32\idaw64.exe
2009-02-08 20:54 --d----- c:\docume~1\dorje\applic~1\Malwarebytes
2009-02-08 20:54 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-08 20:54 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-08 20:54 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-08 20:54 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-08 16:01 --dsh--- c:\windows\TWVsaXNh
2009-02-08 13:54 529 a------- c:\windows\system32\winlogon2.exe
2009-02-08 11:19 66,560 ----h--- c:\windows\system32\secupdat.dat
2009-02-07 23:26 53,248 a------- c:\windows\system32\drivers\ndisio.sys
2009-02-07 23:25 137,792 a------- c:\windows\system32\drivers\lmimirr.sys
2009-02-07 15:36 15,000 a------- c:\windows\system32\hs78k4rgf4d.dll
2009-02-07 15:30 143,360 a------- C:\pfgiuuo.exe
2009-02-07 15:30 21,504 a------- C:\wskrote.exe
2009-02-07 15:30 39,936 a------- C:\xxweksc.exe
2009-02-07 15:30 21,504 a------- C:\jwfmld.exe
2009-02-07 15:30 2 a------- C:\1545229268
2009-02-07 15:30 --dsh--- c:\windows\system32\twain32
2009-02-07 15:30 103,592 a------- C:\oxrnx.exe
2009-02-07 15:30 64,000 a------- C:\stcojid.exe
2009-02-06 19:24 0 a------- c:\windows\system32\drivers\seneka.sys
2009-02-06 15:29 1,564,440 a--sh--- c:\windows\system32\lycbtixi.ini
2009-02-06 15:29 438,259 a--sh--- c:\windows\system32\sDghPXbc.ini2
2009-02-06 15:29 380,019 a--sh--- c:\windows\system32\sDghPXbc.ini
2009-02-06 15:29 236,544 a------- c:\windows\system32\cbXPhgDs.dll.vir
2009-02-05 09:07 54,156 a---h--- c:\windows\QTFont.qfn
2009-02-05 09:07 1,409 a------- c:\windows\QTFont.for
2009-01-12 17:56 --d----- c:\docume~1\alluse~1\applic~1\SITEguard
2009-01-12 17:51 --d----- c:\program files\common files\iS3
2009-01-12 17:50 --d----- c:\docume~1\alluse~1\applic~1\STOPzilla!
2009-01-11 17:33 --d----- c:\program files\CCleaner
2009-01-10 13:36 --d----- c:\docume~1\dorje\applic~1\McAfee.com Personal Firewall

==================== Find3M ====================

2009-01-05 22:33 3,772,475 a------- c:\windows\system32\GPhotos.scr
2008-12-11 10:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2001-11-23 04:08 712,704 a----r-- c:\windows\inf\other\AUDIO3D.DLL
2006-09-24 16:10 88 ---shr-- c:\windows\system32\E62BACA513.sys
2006-09-24 16:10 3,350 a--sh--- c:\windows\system32\KGyGaAvL.sys
2005-08-02 16:58 313,856 a--shr-- c:\windows\twvsaxnh\command.exe
2005-07-29 16:24 472 a--shr-- c:\windows\twvsaxnh\nqpPurh1.vbs

============= FINISH: 21:29:17.92 ===============

Missiella
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-01-12
OS OS : Windows XP
Points Points : 28890
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Search Engine Redirecting.

Post by Belahzur on 8th February 2009, 9:43 pm

Hello.
There is alot of malware left, more than I expected.


  • Download combofix from here [You must be registered and logged in to see this link.]
  • Please disable your local AV (Anti-virus) by right clicking it's icon in the tray, and exit it. See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Search Engine Redirecting.

Post by Doctor Inferno on 6th July 2009, 3:16 am

Since this issue has been addressed, a "solved" tag will be added and this topic will be closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a [You must be registered and logged in to see this link.] for your questions.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 11976
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104640
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum