Options
Please help with virus!
Hello, I keep getting pop-ups from AVG telling me I have the Downloader.Istbar.3.BE virus, but when I run AVG, no virus is detected. Here are the results from Hijack This, could someone please tell me what to delete? Thanks for your help!
Logfile of HijackThis v1.97.7
Scan saved at 10:09:15 PM, on 6/28/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\PROGRA~1\Grisoft\AVG6\avgserv.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\Explorer.EXE
H:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
H:\Program Files\Real\RealPlayer\RealPlay.exe
H:\WINDOWS\System32\P2P Networking\P2P Networking.exe
H:\WINDOWS\bgrd.exe
H:\WINDOWS\zyzviwuc.exe
H:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
H:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver\RtlWake.exe
H:\WINDOWS\System32\wuauclt.exe
H:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver\RtwAdvCfg.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\WINDOWS\mmbun.exe
H:\Documents and Settings\Dan\My Documents\hijackthis\HijackThis.exe
H:\Program Files\Outlook Express\msimn.exe
H:\Program Files\AIM\aim.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.ebay.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - H:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG_CC] H:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [RealTray] H:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [P2P Networking] H:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [hqx] H:\WINDOWS\hqx.exe
O4 - HKLM\..\Run: [ubmj] H:\WINDOWS\ubmj.exe
O4 - HKLM\..\Run: [nifcl] H:\WINDOWS\nifcl.exe
O4 - HKLM\..\Run: [srmxcf] H:\WINDOWS\srmxcf.exe
O4 - HKLM\..\Run: [dzofdeme] H:\WINDOWS\bgrd.exe
O4 - HKLM\..\Run: [nlkf] H:\WINDOWS\zyzviwuc.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] "H:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] H:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "H:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [TypingSatellite] "H:\Program Files\TypingMaster\KBOOST.EXE"
O4 - HKCU\..\Run: [ares] "H:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Shareaza] "H:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - Startup: Reboot.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RtlWake.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {ABD45F35-2E4C-44C0-A075-6EF1DE75398E} - http://www.riversoftware.net/x0ff.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/mmed.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4370/mcfscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.overpro.com/WildApp.cab
Logfile of HijackThis v1.97.7
Scan saved at 10:09:15 PM, on 6/28/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\PROGRA~1\Grisoft\AVG6\avgserv.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\Explorer.EXE
H:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
H:\Program Files\Real\RealPlayer\RealPlay.exe
H:\WINDOWS\System32\P2P Networking\P2P Networking.exe
H:\WINDOWS\bgrd.exe
H:\WINDOWS\zyzviwuc.exe
H:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
H:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver\RtlWake.exe
H:\WINDOWS\System32\wuauclt.exe
H:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver\RtwAdvCfg.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\WINDOWS\mmbun.exe
H:\Documents and Settings\Dan\My Documents\hijackthis\HijackThis.exe
H:\Program Files\Outlook Express\msimn.exe
H:\Program Files\AIM\aim.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.ebay.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - H:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG_CC] H:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [RealTray] H:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [P2P Networking] H:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [hqx] H:\WINDOWS\hqx.exe
O4 - HKLM\..\Run: [ubmj] H:\WINDOWS\ubmj.exe
O4 - HKLM\..\Run: [nifcl] H:\WINDOWS\nifcl.exe
O4 - HKLM\..\Run: [srmxcf] H:\WINDOWS\srmxcf.exe
O4 - HKLM\..\Run: [dzofdeme] H:\WINDOWS\bgrd.exe
O4 - HKLM\..\Run: [nlkf] H:\WINDOWS\zyzviwuc.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] "H:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] H:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "H:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [TypingSatellite] "H:\Program Files\TypingMaster\KBOOST.EXE"
O4 - HKCU\..\Run: [ares] "H:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Shareaza] "H:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - Startup: Reboot.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RtlWake.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {ABD45F35-2E4C-44C0-A075-6EF1DE75398E} - http://www.riversoftware.net/x0ff.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/mmed.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4370/mcfscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.overpro.com/WildApp.cab
0