Search:

Spybot and Kaspersky both find nothing, and Ad-Aware only finds the System Restore backups.

So, it looks like no problems. :)


Thanks,
Ura-Maru

Looks like that took care of it. Toolbar.Languagebar is gone now.

Thanks,
Ura-Maru

C:\PROGRAM FILES\CYBERLINK\POWERDVD\DVDLAUNCHER.EXE
c:\program files\cyberlink\powerdvd\dvdlauncher.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll
...

It's here:

Family Id: 1459 Name: Toolbar.LanguageBar Category: Trackware TAI:3
Item Id: 300040610 Value: Root: HKU Path:...

Spybot and Kaspersey both gave me a clean bill of health.

Ad-Aware found a big scary list of things:

Toolbar.LanguageBar
Win32.Trojan.BHO
PurityScan
Win32.TrojanDownloader.Homles...

Kaspersky log:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, June 29, 2008
Operating System: Microsoft Windows XP...

Spybot said it needed a scan after reboot to get rid of Zango, but the post-reboot scan didn't seem to find it again. Don't know if that's important or not.


HJT log:

Logfile of Trend Micro...

And just for the heck of it, a new Spybot log:


--- Search result list ---
Zango.ShoppingReport: [SBI $64DB0114] Settings (Registry value, nothing done)
...

New HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:19:31 PM, on 6/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot...

Now the more reasonably sized ones.

New, post-DeQuarintine ComboFix log:

ComboFix 08-06-20.4 - Edwina 2008-06-26 16:16:21.5 - NTFSx86
Microsoft Windows XP Professional ...

C:\Qoobox\Quarantine\C\Program Files\new antispyware\Spybot - Search & Destroy 1-5\aports.dll -> C:\Program Files\new antispyware\Spybot - Search & Destroy 1-5\aports.dll...

Ok, that seemed to do it. Once again, the log is too big, though.

Combofix DeQuarantine log, part 1:

C:\Qoobox\Quarantine\C\Program Files\new antispyware\Ad Aware 2008\AAWLic.exe -> C:\Program...

Done. or I think so, anyway. The folder didn't come back. Did I do something wrong?


ComboFix log:
ComboFix 08-06-20.4 - Edwina 2008-06-25 15:29:27.4 - NTFSx86
Microsoft Windows XP...

Hope this dosen't mess anything up . . .

ComboFix log, second half:

((((((((((((((((((((((((((((( snapshot_2008-06-23_18.05.18.82 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-23...

It's still too long.

ComboFix log, first half:

ComboFix 08-06-20.4 - Edwina 2008-06-25 14:27:55.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.139 [GMT -4:00]...

Vast improvement! No pop-ups, and running at what seems to be normal speed on reboot.

I've taken the liberty of hiding a few vital cables, so no one should be able to mess with it until you've...

I wasn't sure if the last part of the page was part of the results or not. If so, here it is. If not, I guess it can be ignored.

Start of Possible Scanner Results:

Statistics
...

Hopefully this is readable enough . . .

Start of scanner results:

File: pmai.dll
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will...

Sorry about that.

Normal Mode HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:52:10 PM, on 6/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer...

The zip's sent off. I have no idea what it is or where it came from. The dates imply it's just a few days old, and no one should have been using the computer since then for anything. (except...

Ok, I've sent it in.

Thanks,
Ura-Maru

I've got a real mess here. Virtumonde, a whole alphabet of Smitfrauds and CoolWWWSearches, Clientman, DeepDive, ZenoSearch, Win32.Small.ny, and probably a few others as well.

Taskmanager's been...