Korean Job Discussion Forums

[thebum]

Hello,

My girlfriend insists on using Internet Explorer on my computer. Now, when she opens it, a webpage pops up. The title of the page is "800vod----Ӱ������". It loads this page: http://www.800vod.com/honglian/movie01.htm and ran this script: http://ad1.qu123.com/Script/stat.asp?user=291 (don't click it!!!!)

I've tried running Ad Aware and Spybot, but neither of them found anything. I've updated both of them of course. Any suggestions?

Thanks,

Chris

[Demophobe]

Hi Chris!

Sounds like a browser hijack of some kind. Try the program Hijack This but beware of the final list it compiles; it will contain some entries that don't need to be deleted or shouldn't be deleted. I lost internet functionality at work once by selecting everything and killing the lot.

Also, I'm not sure it's a good idea to put that script up...someone may click it.

[thebum]

yeah, i thought of that too...but did it anyway

thanks for the tip..i'll check it out

[thebum]

I installed it. When I open it sits there using 99% of my cpu until i end the process manually. Thanks for the advice though. I've tried so many hijack/spyware/adware removal programs but none work.

[the_beaver]

Check in the Add/Remove programs for odd looking programs, google the names of any suspect ones, and uninstall any offenders.

If that doesn't work (I've recommended this on the forum before and was promptly chastised for it but it works for me) go into regedit and do a search for something like "*800vod*" or "*honglian*" and delete that sucker.

[thebum]

thanks for the advice. i should have said this before, but i've already done everything you've tried! it's driving me crazy. �̾�

[whatthefunk]

Have you tried Spyware Doctor? That got rid of 99% of my problems... you can get a free trial version from download.com. Also, set up a firewall program like Zone Alert to prevent that program from calling home, if it is in fact doing that.

Does that page pop up instead of your requested home page? Id also reccomend ditching Internet Explorer and getting Firefox.

[thebum]

[thebum]

Spyware doctor found 248 things that ad aware and spybot couldn't find. The trial version is pretty useless though; it won't remove them. Good thing there's crackspider.net.

Here are the things it found:

Infection Name Location Risk
CWS related HKCU\Software\Microsoft\Internet Explorer\Main##Search Page_bak High
CWS related HKCU\Software\Microsoft\Internet Explorer\Main##Start Page_bak High
SaveNow HKLM\software\classes\.gnu Medium
SideFind HKCU\software\microsoft\internet explorer\extensions\cmdmapping##{10e42047-deb9-4535-a118-b3f6ec39b807} Medium
Virtual Bouncer HKCR\Interface\{13C243A0-50E9-43F4-8E5B-9FF857C3A0B5} Medium
Virtual Bouncer HKCR\Interface\{13C243A0-50E9-43F4-8E5B-9FF857C3A0B5}\ProxyStubClsid Medium
Virtual Bouncer HKCR\Interface\{13C243A0-50E9-43F4-8E5B-9FF857C3A0B5}\ProxyStubClsid32 Medium
Virtual Bouncer HKCR\Interface\{13C243A0-50E9-43F4-8E5B-9FF857C3A0B5}\TypeLib Medium
Virtual Bouncer HKCR\Interface\{4340DF8E-D7A3-4675-BE74-80077B2B3E81} Medium
Virtual Bouncer HKCR\Interface\{4340DF8E-D7A3-4675-BE74-80077B2B3E81}\ProxyStubClsid Medium
Virtual Bouncer HKCR\Interface\{4340DF8E-D7A3-4675-BE74-80077B2B3E81}\ProxyStubClsid32 Medium
Virtual Bouncer HKCR\Interface\{4340DF8E-D7A3-4675-BE74-80077B2B3E81}\TypeLib Medium
Virtual Bouncer HKCR\Interface\{49DB48FF-02B5-4645-B676-94A4DF1AA026} Medium
Virtual Bouncer HKCR\Interface\{49DB48FF-02B5-4645-B676-94A4DF1AA026}\Forward Medium
Virtual Bouncer HKCR\Interface\{49DB48FF-02B5-4645-B676-94A4DF1AA026}\ProxyStubClsid Medium
Virtual Bouncer HKCR\Interface\{49DB48FF-02B5-4645-B676-94A4DF1AA026}\ProxyStubClsid32 Medium
Virtual Bouncer HKCR\Interface\{4A277E1B-B130-4E4A-92AE-8712F4A150BD} Medium
Virtual Bouncer HKCR\Interface\{4A277E1B-B130-4E4A-92AE-8712F4A150BD}\ProxyStubClsid Medium
Virtual Bouncer HKCR\Interface\{4A277E1B-B130-4E4A-92AE-8712F4A150BD}\ProxyStubClsid32 Medium
Virtual Bouncer HKCR\Interface\{4A277E1B-B130-4E4A-92AE-8712F4A150BD}\TypeLib Medium
Virtual Bouncer HKCR\Interface\{4B795337-D704-49C7-8CA1-D65722B28EBD} Medium
Virtual Bouncer HKCR\Interface\{4B795337-D704-49C7-8CA1-D65722B28EBD}\ProxyStubClsid Medium
Virtual Bouncer HKCR\Interface\{4B795337-D704-49C7-8CA1-D65722B28EBD}\ProxyStubClsid32 Medium
Virtual Bouncer HKCR\Interface\{4B795337-D704-49C7-8CA1-D65722B28EBD}\TypeLib Medium
Virtual Bouncer HKCR\Interface\{6D37DED8-1944-4E32-93FD-B9610E0AD8E3} Medium
Virtual Bouncer HKCR\Interface\{6D37DED8-1944-4E32-93FD-B9610E0AD8E3}\ProxyStubClsid Medium
Virtual Bouncer HKCR\Interface\{6D37DED8-1944-4E32-93FD-B9610E0AD8E3}\ProxyStubClsid32 Medium
Virtual Bouncer HKCR\Interface\{6D37DED8-1944-4E32-93FD-B9610E0AD8E3}\TypeLib Medium
Virtual Bouncer HKCR\Interface\{6E0ED53C-9908-49ED-B055-7CB31B162577} Medium
Virtual Bouncer HKCR\Interface\{6E0ED53C-9908-49ED-B055-7CB31B162577}\Forward Medium
Virtual Bouncer HKCR\Interface\{6E0ED53C-9908-49ED-B055-7CB31B162577}\ProxyStubClsid Medium
Virtual Bouncer HKCR\Interface\{6E0ED53C-9908-49ED-B055-7CB31B162577}\ProxyStubClsid32 Medium
Virtual Bouncer HKCR\Interface\{830D3AED-2FA9-454F-B266-D931862BBF34} Medium
Virtual Bouncer HKCR\Interface\{830D3AED-2FA9-454F-B266-D931862BBF34}\Forward Medium
Virtual Bouncer HKCR\Interface\{830D3AED-2FA9-454F-B266-D931862BBF34}\ProxyStubClsid Medium
Virtual Bouncer HKCR\Interface\{830D3AED-2FA9-454F-B266-D931862BBF34}\ProxyStubClsid32 Medium
Virtual Bouncer HKCR\Interface\{8C53BD8E-B12D-4C8F-AD0E-C9DDC39D1273} Medium
Virtual Bouncer HKCR\Interface\{8C53BD8E-B12D-4C8F-AD0E-C9DDC39D1273}\ProxyStubClsid Medium
Virtual Bouncer HKCR\Interface\{8C53BD8E-B12D-4C8F-AD0E-C9DDC39D1273}\ProxyStubClsid32 Medium
Virtual Bouncer HKCR\Interface\{8C53BD8E-B12D-4C8F-AD0E-C9DDC39D1273}\TypeLib Medium
Virtual Bouncer HKCR\Interface\{8DD9B882-0041-449D-A0BD-77A87119AD90} Medium
Virtual Bouncer HKCR\Interface\{8DD9B882-0041-449D-A0BD-77A87119AD90}\ProxyStubClsid Medium
Virtual Bouncer HKCR\Interface\{8DD9B882-0041-449D-A0BD-77A87119AD90}\ProxyStubClsid32 Medium
Virtual Bouncer HKCR\Interface\{8DD9B882-0041-449D-A0BD-77A87119AD90}\TypeLib Medium
Virtual Bouncer HKCR\Interface\{92DD4B20-DE93-4F74-8BCA-EC7F88FDAC5D} Medium
Virtual Bouncer HKCR\Interface\{92DD4B20-DE93-4F74-8BCA-EC7F88FDAC5D}\ProxyStubClsid Medium
Virtual Bouncer HKCR\Interface\{92DD4B20-DE93-4F74-8BCA-EC7F88FDAC5D}\ProxyStubClsid32 Medium
Virtual Bouncer HKCR\Interface\{92DD4B20-DE93-4F74-8BCA-EC7F88FDAC5D}\TypeLib Medium
Virtual Bouncer HKCR\Interface\{950695DA-8F77-4852-AD93-8C1E64995D4B} Medium
Virtual Bouncer HKCR\Interface\{950695DA-8F77-4852-AD93-8C1E64995D4B}\ProxyStubClsid Medium
Virtual Bouncer HKCR\Interface\{950695DA-8F77-4852-AD93-8C1E64995D4B}\ProxyStubClsid32 Medium
Virtual Bouncer HKCR\Interface\{950695DA-8F77-4852-AD93-8C1E64995D4B}\TypeLib Medium
Virtual Bouncer HKCR\Interface\{9BCDD51B-4A7B-446C-8452-D32D38004582} Medium
Virtual Bouncer HKCR\Interface\{9BCDD51B-4A7B-446C-8452-D32D38004582}\Forward Medium
Virtual Bouncer HKCR\Interface\{9BCDD51B-4A7B-446C-8452-D32D38004582}\ProxyStubClsid Medium
Virtual Bouncer HKCR\Interface\{9BCDD51B-4A7B-446C-8452-D32D38004582}\ProxyStubClsid32 Medium
Virtual Bouncer HKCR\Interface\{A986F4DB-792E-4571-8974-0BB6E024766F} Medium
Virtual Bouncer HKCR\Interface\{A986F4DB-792E-4571-8974-0BB6E024766F}\Forward Medium
Virtual Bouncer HKCR\Interface\{A986F4DB-792E-4571-8974-0BB6E024766F}\ProxyStubClsid Medium
Virtual Bouncer HKCR\Interface\{A986F4DB-792E-4571-8974-0BB6E024766F}\ProxyStubClsid32 Medium
Virtual Bouncer HKCR\Interface\{BCCAB53D-0895-40C3-A942-A03538CE227A} Medium
Virtual Bouncer HKCR\Interface\{BCCAB53D-0895-40C3-A942-A03538CE227A}\Forward Medium
Virtual Bouncer HKCR\Interface\{BCCAB53D-0895-40C3-A942-A03538CE227A}\ProxyStubClsid Medium
Virtual Bouncer HKCR\Interface\{BCCAB53D-0895-40C3-A942-A03538CE227A}\ProxyStubClsid32 Medium
Virtual Bouncer HKCR\Interface\{C0F88E9E-DCEB-4655-968A-AE508A677C39} Medium
Virtual Bouncer HKCR\Interface\{C0F88E9E-DCEB-4655-968A-AE508A677C39}\Forward Medium
Virtual Bouncer HKCR\Interface\{C0F88E9E-DCEB-4655-968A-AE508A677C39}\ProxyStubClsid Medium
Virtual Bouncer HKCR\Interface\{C0F88E9E-DCEB-4655-968A-AE508A677C39}\ProxyStubClsid32 Medium
Virtual Bouncer HKCR\Interface\{D7EAC2D8-2D52-4010-A4AD-DFDF60C1706C} Medium
Virtual Bouncer HKCR\Interface\{D7EAC2D8-2D52-4010-A4AD-DFDF60C1706C}\Forward Medium
Virtual Bouncer HKCR\Interface\{D7EAC2D8-2D52-4010-A4AD-DFDF60C1706C}\ProxyStubClsid Medium
Virtual Bouncer HKCR\Interface\{D7EAC2D8-2D52-4010-A4AD-DFDF60C1706C}\ProxyStubClsid32 Medium
Virtual Bouncer HKCR\SWRT01.RT Medium
Virtual Bouncer HKCR\SWRT01.RT\Clsid Medium
Virtual Bouncer HKCR\TypeLib\{5E594162-60A9-487D-84B8-DBDD716CB862} Medium
Virtual Bouncer HKCR\TypeLib\{5E594162-60A9-487D-84B8-DBDD716CB862}\2.8 Medium
Virtual Bouncer HKCR\TypeLib\{5E594162-60A9-487D-84B8-DBDD716CB862}\2.8\0 Medium
Virtual Bouncer HKCR\TypeLib\{5E594162-60A9-487D-84B8-DBDD716CB862}\2.8\0\win32 Medium
Virtual Bouncer HKCR\TypeLib\{5E594162-60A9-487D-84B8-DBDD716CB862}\2.8\FLAGS Medium
Virtual Bouncer HKCR\TypeLib\{5E594162-60A9-487D-84B8-DBDD716CB862}\2.8\HELPDIR Medium
Virtual Bouncer HKCR\TypeLib\{6F65ED0D-066E-4C92-B442-2704E7B64111} Medium
Virtual Bouncer HKCR\TypeLib\{6F65ED0D-066E-4C92-B442-2704E7B64111}\1.0 Medium
Virtual Bouncer HKCR\TypeLib\{6F65ED0D-066E-4C92-B442-2704E7B64111}\1.0\0 Medium
Virtual Bouncer HKCR\TypeLib\{6F65ED0D-066E-4C92-B442-2704E7B64111}\1.0\0\win32 Medium
Virtual Bouncer HKCR\TypeLib\{6F65ED0D-066E-4C92-B442-2704E7B64111}\1.0\FLAGS Medium
Virtual Bouncer HKCR\TypeLib\{6F65ED0D-066E-4C92-B442-2704E7B64111}\1.0\HELPDIR Medium
XXXToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{386A771C-E96A-421F-8BA7-32F1B706892F} Elevated
XXXToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{386A771C-E96A-421F-8BA7-32F1B706892F}\iexplore Elevated
Tracking Cookie(s) chr15@overture[1].txt Medium
Tracking Cookie(s) chr15@pogo[1].txt Medium
Tracking Cookie(s) chr15@tripod[1].txt Medium
Tracking Cookie(s) chr15@2o7[1].txt Medium
Tracking Cookie(s) chr15@casalemedia[2].txt Medium
Tracking Cookie(s) chr15@79430329[1].txt Medium
Tracking Cookie(s) chr15@maxserving[1].txt Medium
Tracking Cookie(s) chr15@cgi-bin[1].txt Medium
Tracking Cookie(s) [email protected][1].txt Medium
Tracking Cookie(s) chr15@revenue[2].txt Medium
Tracking Cookie(s) [email protected][1].txt Medium
Tracking Cookie(s) chr15@wellsfargo[1].txt Medium
Tracking Cookie(s) chr15@apmebf[2].txt Medium
Tracking Cookie(s) chr15@atwola[1].txt Medium
Tracking Cookie(s) chr15@statcounter[1].txt Medium
Tracking Cookie(s) [email protected][2].txt Medium
2nd-thought.com [email protected][1].txt Medium
Tracking Cookie(s) chr15@realmedia[2].txt Medium
404Search HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4} Medium
404Search HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}\iexplore Medium
ActiveSearch (411 Ferret) HKLM\Software\Microsoft\Internet Explorer\Extensions\{12f02779-6d88-4958-8ad3-83c12d86adc7} Elevated
ActiveSearch (411 Ferret) HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping##{12f02779-6d88-4958-8ad3-83c12d86adc7} Elevated
ActiveSearch (411 Ferret) HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{12f02779-6d88-4958-8ad3-83c12d86adc7} Elevated
ActiveSearch (411 Ferret) HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{12f02779-6d88-4958-8ad3-83c12d86adc7}\iexplore Elevated
ActiveSearch (411 Ferret) HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser##{12f02779-6d88-4958-8ad3-83c12d86adc7} Elevated
Dotcomtoolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F1ABCDB-A875-46C1-8345-B72A4567E486} Elevated
Dotcomtoolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F1ABCDB-A875-46C1-8345-B72A4567E486}\iexplore Elevated
EasyWebSearch HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{79849612-A98F-45B8-95E9-4D13C7B6B35C} High
EasyWebSearch HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\iexplore High
IEPlugin HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01F44A8A-8C97-4325-A378-76E68DC4AB2E} Medium
IEPlugin HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01F44A8A-8C97-4325-A378-76E68DC4AB2E}\iexplore Medium
ISTbar/XXXToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F1ABCDB-A875-46C1-8345-B72A4567E486} Medium
ISTbar/XXXToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F1ABCDB-A875-46C1-8345-B72A4567E486}\iexplore Medium
Neo Toolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7F82252-EF7F-4E46-8595-84AE76D5FE03} Elevated
Neo Toolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7F82252-EF7F-4E46-8595-84AE76D5FE03}\iexplore Elevated
Twain-tech HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01F44A8A-8C97-4325-A378-76E68DC4AB2E} Elevated
Twain-tech HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01F44A8A-8C97-4325-A378-76E68DC4AB2E}\iexplore Elevated
Virtual Bouncer HKCR\CLSID\{18BBDF4D-611D-41CE-A7E7-B2DD23C250D1} Medium
Virtual Bouncer HKCR\CLSID\{18BBDF4D-611D-41CE-A7E7-B2DD23C250D1}\InprocServer32 Medium
Virtual Bouncer HKCR\CLSID\{18BBDF4D-611D-41CE-A7E7-B2DD23C250D1}\ProgID Medium
Virtual Bouncer HKCR\CLSID\{18BBDF4D-611D-41CE-A7E7-B2DD23C250D1}\Programmable Medium
Virtual Bouncer HKCR\CLSID\{18BBDF4D-611D-41CE-A7E7-B2DD23C250D1}\TypeLib Medium
Virtual Bouncer HKCR\CLSID\{18BBDF4D-611D-41CE-A7E7-B2DD23C250D1}\VersionIndependentProgID Medium
Virtual Bouncer HKLM\Software\Classes\CLSID\{18BBDF4D-611D-41CE-A7E7-B2DD23C250D1} Medium
Virtual Bouncer HKLM\Software\Classes\CLSID\{18BBDF4D-611D-41CE-A7E7-B2DD23C250D1}\InprocServer32 Medium
Virtual Bouncer HKLM\Software\Classes\CLSID\{18BBDF4D-611D-41CE-A7E7-B2DD23C250D1}\ProgID Medium
Virtual Bouncer HKLM\Software\Classes\CLSID\{18BBDF4D-611D-41CE-A7E7-B2DD23C250D1}\Programmable Medium
Virtual Bouncer HKLM\Software\Classes\CLSID\{18BBDF4D-611D-41CE-A7E7-B2DD23C250D1}\TypeLib Medium
Virtual Bouncer HKLM\Software\Classes\CLSID\{18BBDF4D-611D-41CE-A7E7-B2DD23C250D1}\VersionIndependentProgID Medium
Virtual Bouncer HKCR\CLSID\{8551311D-F3BF-4718-AD66-96E302500735} Medium
Virtual Bouncer HKCR\CLSID\{8551311D-F3BF-4718-AD66-96E302500735}\InprocServer32 Medium
Virtual Bouncer HKCR\CLSID\{8551311D-F3BF-4718-AD66-96E302500735}\ProgID Medium
Virtual Bouncer HKCR\CLSID\{8551311D-F3BF-4718-AD66-96E302500735}\Programmable Medium
Virtual Bouncer HKCR\CLSID\{8551311D-F3BF-4718-AD66-96E302500735}\TypeLib Medium
Virtual Bouncer HKCR\CLSID\{8551311D-F3BF-4718-AD66-96E302500735}\VersionIndependentProgID Medium
Virtual Bouncer HKLM\Software\Classes\CLSID\{8551311D-F3BF-4718-AD66-96E302500735} Medium
Virtual Bouncer HKLM\Software\Classes\CLSID\{8551311D-F3BF-4718-AD66-96E302500735}\InprocServer32 Medium
Virtual Bouncer HKLM\Software\Classes\CLSID\{8551311D-F3BF-4718-AD66-96E302500735}\ProgID Medium
Virtual Bouncer HKLM\Software\Classes\CLSID\{8551311D-F3BF-4718-AD66-96E302500735}\Programmable Medium
Virtual Bouncer HKLM\Software\Classes\CLSID\{8551311D-F3BF-4718-AD66-96E302500735}\TypeLib Medium
Virtual Bouncer HKLM\Software\Classes\CLSID\{8551311D-F3BF-4718-AD66-96E302500735}\VersionIndependentProgID Medium
Virtual Bouncer HKCR\CLSID\{8940E505-72C6-44DE-BE85-1D746780EFBF} Medium
Virtual Bouncer HKCR\CLSID\{8940E505-72C6-44DE-BE85-1D746780EFBF}\Implemented Categories Medium
Virtual Bouncer HKCR\CLSID\{8940E505-72C6-44DE-BE85-1D746780EFBF}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} Medium
Virtual Bouncer HKCR\CLSID\{8940E505-72C6-44DE-BE85-1D746780EFBF}\InprocServer32 Medium
Virtual Bouncer HKCR\CLSID\{8940E505-72C6-44DE-BE85-1D746780EFBF}\ProgID Medium
Virtual Bouncer HKCR\CLSID\{8940E505-72C6-44DE-BE85-1D746780EFBF}\Programmable Medium
Virtual Bouncer HKCR\CLSID\{8940E505-72C6-44DE-BE85-1D746780EFBF}\TypeLib Medium
Virtual Bouncer HKCR\CLSID\{8940E505-72C6-44DE-BE85-1D746780EFBF}\VERSION Medium
Virtual Bouncer HKLM\Software\Classes\CLSID\{8940E505-72C6-44DE-BE85-1D746780EFBF} Medium
Virtual Bouncer HKLM\Software\Classes\CLSID\{8940E505-72C6-44DE-BE85-1D746780EFBF}\Implemented Categories Medium
Virtual Bouncer HKLM\Software\Classes\CLSID\{8940E505-72C6-44DE-BE85-1D746780EFBF}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} Medium
Virtual Bouncer HKLM\Software\Classes\CLSID\{8940E505-72C6-44DE-BE85-1D746780EFBF}\InprocServer32 Medium
Virtual Bouncer HKLM\Software\Classes\CLSID\{8940E505-72C6-44DE-BE85-1D746780EFBF}\ProgID Medium
Virtual Bouncer HKLM\Software\Classes\CLSID\{8940E505-72C6-44DE-BE85-1D746780EFBF}\Programmable Medium
Virtual Bouncer HKLM\Software\Classes\CLSID\{8940E505-72C6-44DE-BE85-1D746780EFBF}\TypeLib Medium
Virtual Bouncer HKLM\Software\Classes\CLSID\{8940E505-72C6-44DE-BE85-1D746780EFBF}\VERSION Medium
Virtual Bouncer HKCR\CLSID\{CE23505D-68FB-4C49-AE4B-D4F1CF86A2C4} Medium
Virtual Bouncer HKCR\CLSID\{CE23505D-68FB-4C49-AE4B-D4F1CF86A2C4}\InprocServer32 Medium
Virtual Bouncer HKCR\CLSID\{CE23505D-68FB-4C49-AE4B-D4F1CF86A2C4}\Programmable Medium
Virtual Bouncer HKLM\Software\Classes\CLSID\{CE23505D-68FB-4C49-AE4B-D4F1CF86A2C4} Medium
Virtual Bouncer HKLM\Software\Classes\CLSID\{CE23505D-68FB-4C49-AE4B-D4F1CF86A2C4}\InprocServer32 Medium
Virtual Bouncer HKLM\Software\Classes\CLSID\{CE23505D-68FB-4C49-AE4B-D4F1CF86A2C4}\Programmable Medium
Virtual Bouncer HKCR\CLSID\{DB90DEA9-0897-4B02-9FE0-1E321A22EAB0} Medium
Virtual Bouncer HKCR\CLSID\{DB90DEA9-0897-4B02-9FE0-1E321A22EAB0}\Control Medium
Virtual Bouncer HKCR\CLSID\{DB90DEA9-0897-4B02-9FE0-1E321A22EAB0}\InprocServer32 Medium
Virtual Bouncer HKCR\CLSID\{DB90DEA9-0897-4B02-9FE0-1E321A22EAB0}\Insertable Medium
Virtual Bouncer HKCR\CLSID\{DB90DEA9-0897-4B02-9FE0-1E321A22EAB0}\MiscStatus Medium
Virtual Bouncer HKCR\CLSID\{DB90DEA9-0897-4B02-9FE0-1E321A22EAB0}\MiscStatus\1 Medium
Virtual Bouncer HKCR\CLSID\{DB90DEA9-0897-4B02-9FE0-1E321A22EAB0}\ProgID Medium
Virtual Bouncer HKCR\CLSID\{DB90DEA9-0897-4B02-9FE0-1E321A22EAB0}\Programmable Medium
Virtual Bouncer HKCR\CLSID\{DB90DEA9-0897-4B02-9FE0-1E321A22EAB0}\ToolboxBitmap32 Medium
Virtual Bouncer HKCR\CLSID\{DB90DEA9-0897-4B02-9FE0-1E321A22EAB0}\TypeLib Medium
Virtual Bouncer HKCR\CLSID\{DB90DEA9-0897-4B02-9FE0-1E321A22EAB0}\Version Medium
Virtual Bouncer HKCR\CLSID\{DB90DEA9-0897-4B02-9FE0-1E321A22EAB0}\VersionIndependentProgID Medium
Virtual Bouncer HKLM\Software\Classes\CLSID\{DB90DEA9-0897-4B02-9FE0-1E321A22EAB0} Medium
Virtual Bouncer HKLM\Software\Classes\CLSID\{DB90DEA9-0897-4B02-9FE0-1E321A22EAB0}\Control Medium
Virtual Bouncer HKLM\Software\Classes\CLSID\{DB90DEA9-0897-4B02-9FE0-1E321A22EAB0}\InprocServer32 Medium
Virtual Bouncer HKLM\Software\Classes\CLSID\{DB90DEA9-0897-4B02-9FE0-1E321A22EAB0}\Insertable Medium
Virtual Bouncer HKLM\Software\Classes\CLSID\{DB90DEA9-0897-4B02-9FE0-1E321A22EAB0}\MiscStatus Medium
Virtual Bouncer HKLM\Software\Classes\CLSID\{DB90DEA9-0897-4B02-9FE0-1E321A22EAB0}\MiscStatus\1 Medium
Virtual Bouncer HKLM\Software\Classes\CLSID\{DB90DEA9-0897-4B02-9FE0-1E321A22EAB0}\ProgID Medium
Virtual Bouncer HKLM\Software\Classes\CLSID\{DB90DEA9-0897-4B02-9FE0-1E321A22EAB0}\Programmable Medium
Virtual Bouncer HKLM\Software\Classes\CLSID\{DB90DEA9-0897-4B02-9FE0-1E321A22EAB0}\ToolboxBitmap32 Medium
Virtual Bouncer HKLM\Software\Classes\CLSID\{DB90DEA9-0897-4B02-9FE0-1E321A22EAB0}\TypeLib Medium
Virtual Bouncer HKLM\Software\Classes\CLSID\{DB90DEA9-0897-4B02-9FE0-1E321A22EAB0}\Version Medium
Virtual Bouncer HKLM\Software\Classes\CLSID\{DB90DEA9-0897-4B02-9FE0-1E321A22EAB0}\VersionIndependentProgID Medium
Virtual Bouncer HKCR\CLSID\{DB92433D-1902-4789-BAFC-B46B0DCDEBB7} Medium
Virtual Bouncer HKCR\CLSID\{DB92433D-1902-4789-BAFC-B46B0DCDEBB7}\Control Medium
Virtual Bouncer HKCR\CLSID\{DB92433D-1902-4789-BAFC-B46B0DCDEBB7}\InprocServer32 Medium
Virtual Bouncer HKCR\CLSID\{DB92433D-1902-4789-BAFC-B46B0DCDEBB7}\Insertable Medium
Virtual Bouncer HKCR\CLSID\{DB92433D-1902-4789-BAFC-B46B0DCDEBB7}\MiscStatus Medium
Virtual Bouncer HKCR\CLSID\{DB92433D-1902-4789-BAFC-B46B0DCDEBB7}\MiscStatus\1 Medium
Virtual Bouncer HKCR\CLSID\{DB92433D-1902-4789-BAFC-B46B0DCDEBB7}\ProgID Medium
Virtual Bouncer HKCR\CLSID\{DB92433D-1902-4789-BAFC-B46B0DCDEBB7}\Programmable Medium
Virtual Bouncer HKCR\CLSID\{DB92433D-1902-4789-BAFC-B46B0DCDEBB7}\ToolboxBitmap32 Medium
Virtual Bouncer HKCR\CLSID\{DB92433D-1902-4789-BAFC-B46B0DCDEBB7}\TypeLib Medium
Virtual Bouncer HKCR\CLSID\{DB92433D-1902-4789-BAFC-B46B0DCDEBB7}\Version Medium
Virtual Bouncer HKCR\CLSID\{DB92433D-1902-4789-BAFC-B46B0DCDEBB7}\VersionIndependentProgID Medium
Virtual Bouncer HKLM\Software\Classes\CLSID\{DB92433D-1902-4789-BAFC-B46B0DCDEBB7} Medium
Virtual Bouncer HKLM\Software\Classes\CLSID\{DB92433D-1902-4789-BAFC-B46B0DCDEBB7}\Control Medium
Virtual Bouncer HKLM\Software\Classes\CLSID\{DB92433D-1902-4789-BAFC-B46B0DCDEBB7}\InprocServer32 Medium
Virtual Bouncer HKLM\Software\Classes\CLSID\{DB92433D-1902-4789-BAFC-B46B0DCDEBB7}\Insertable Medium
Virtual Bouncer HKLM\Software\Classes\CLSID\{DB92433D-1902-4789-BAFC-B46B0DCDEBB7}\MiscStatus Medium
Virtual Bouncer HKLM\Software\Classes\CLSID\{DB92433D-1902-4789-BAFC-B46B0DCDEBB7}\MiscStatus\1 Medium
Virtual Bouncer HKLM\Software\Classes\CLSID\{DB92433D-1902-4789-BAFC-B46B0DCDEBB7}\ProgID Medium
Virtual Bouncer HKLM\Software\Classes\CLSID\{DB92433D-1902-4789-BAFC-B46B0DCDEBB7}\Programmable Medium
Virtual Bouncer HKLM\Software\Classes\CLSID\{DB92433D-1902-4789-BAFC-B46B0DCDEBB7}\ToolboxBitmap32 Medium
Virtual Bouncer HKLM\Software\Classes\CLSID\{DB92433D-1902-4789-BAFC-B46B0DCDEBB7}\TypeLib Medium
Virtual Bouncer HKLM\Software\Classes\CLSID\{DB92433D-1902-4789-BAFC-B46B0DCDEBB7}\Version Medium
Virtual Bouncer HKLM\Software\Classes\CLSID\{DB92433D-1902-4789-BAFC-B46B0DCDEBB7}\VersionIndependentProgID Medium
Virtual Bouncer HKCR\CLSID\{EC352548-52B5-41AC-B8C1-8CB561ECF7AD} Medium
Virtual Bouncer HKCR\CLSID\{EC352548-52B5-41AC-B8C1-8CB561ECF7AD}\InprocServer32 Medium
Virtual Bouncer HKCR\CLSID\{EC352548-52B5-41AC-B8C1-8CB561ECF7AD}\ProgID Medium
Virtual Bouncer HKCR\CLSID\{EC352548-52B5-41AC-B8C1-8CB561ECF7AD}\Programmable Medium
Virtual Bouncer HKCR\CLSID\{EC352548-52B5-41AC-B8C1-8CB561ECF7AD}\TypeLib Medium
Virtual Bouncer HKCR\CLSID\{EC352548-52B5-41AC-B8C1-8CB561ECF7AD}\VersionIndependentProgID Medium
Virtual Bouncer HKLM\Software\Classes\CLSID\{EC352548-52B5-41AC-B8C1-8CB561ECF7AD} Medium
Virtual Bouncer HKLM\Software\Classes\CLSID\{EC352548-52B5-41AC-B8C1-8CB561ECF7AD}\InprocServer32 Medium
Virtual Bouncer HKLM\Software\Classes\CLSID\{EC352548-52B5-41AC-B8C1-8CB561ECF7AD}\ProgID Medium
Virtual Bouncer HKLM\Software\Classes\CLSID\{EC352548-52B5-41AC-B8C1-8CB561ECF7AD}\Programmable Medium
Virtual Bouncer HKLM\Software\Classes\CLSID\{EC352548-52B5-41AC-B8C1-8CB561ECF7AD}\TypeLib Medium
Virtual Bouncer HKLM\Software\Classes\CLSID\{EC352548-52B5-41AC-B8C1-8CB561ECF7AD}\VersionIndependentProgID Medium
Wowvirgins HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B} High
Wowvirgins HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\iexplore High
XXXToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00320615-B6C2-40A6-8F99-F1C52D674FAD} Elevated
XXXToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00320615-B6C2-40A6-8F99-F1C52D674FAD}\iexplore Elevated
XXXToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F1ABCDB-A875-46c1-8345-B72A4567E486} Elevated
XXXToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F1ABCDB-A875-46c1-8345-B72A4567E486}\iexplore Elevated
XXXToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} Elevated
XXXToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}\iexplore Elevated
Zango Search Assistant HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00320615-B6C2-40A6-8F99-F1C52D674FAD} Elevated
Zango Search Assistant HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00320615-B6C2-40A6-8F99-F1C52D674FAD}\iexplore Elevated
Zango Search Assistant HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} Elevated
Zango Search Assistant HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}\iexplore Elevated
Zango Search Assistant C:\WINDOWS\conscorr.ini Elevated
XXXToolbar C:\WINDOWS\conscorr.ini Elevated
XXXToolbar C:\WINDOWS\INF\conscorr.inf Elevated
Zango Search Assistant C:\WINDOWS\INF\conscorr.inf Elevated
Virtual Bouncer C:\WINDOWS\system32\SWRT01.dll Medium


thanks again for the tip. it's amazing that ad aware and spybot couldn't find any of those.

Chris

[thebum]

Looks like I got excited over nothing. I restarted and that same popup keeps comping up. Guess it wasn't in the 248 things that spyware doctor removed.

[redbird]

Does the popup only happen in IE? Can you just get around this by removing all shortcuts to IE and not using it? It still may infect something later on, but this could give you a lot of time.

If you want to kill it completely and have peace of mind about it, backing up your data, reinstalling windows, and then reloading all your programs from the CDs is your best bet.

My experience has been that these anti-spyware programs are just band-aids and that computer viruses tend to be more like ebola. But the anti-spyware stuff might buy you some time...

[the saint]

you say you've run everything to get rid of this. Have you run everything/anything in safe mode?

Just a thought...

[thebum]

Yes, I have. Thanks for the tip though. I know a lot of people don't think of doing that. I guess I'll keep looking through the registry and other places...

[whatthefunk]

Is it a porn pop-up? Try getting System Mechanic...again free trial availible at download.com. Its a full working trial too with a 30 day time limit. Theres a spyware remover that doesnt pick up as many as other programs do, but it tends to pick up weird ones. It also has a 'remove your tracks' thing that might help.
Do you know if the pop-up is calling home? Your Spyware Doctor didnt pick up and trojan downloads or dialers so maybe not... It wouldnt help to up your security to prevent things like this from happening in the future. Do you have a firewall? Oh yeah....tell your girl friend to stop looking at WOW Virigins websites...

[Sage Monkey]