1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Can someone look at this list?! Possible virus

Discussion in 'Virus & Other Malware Removal' started by Mercury23us, Jan 12, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. Mercury23us

    Mercury23us Thread Starter

    Joined:
    Oct 9, 2003
    Messages:
    49
    Hello!

    I believe I have an on going virus problem... I have Zone Alarm, Defender Pro, Ad Adware, SpyBot, HiJackThis! all installed and run each often... I've also done online scans... Nothing is determining a virus but I continually find my pc running slow, having errors ect... I've recently looked in my c drive and notice a bunch of crap lol don't know what else to call it... I'm listing it here... If someone could go thru and tell me what are system files that I have to have I'd appreciate it... Or point me in another direction...

    C:\
    --------------------------------------------------------------------------------
    ~1stbody.html
    AUTOEXEC._AV
    AUTOEXEC.BAT
    AUTOEXEC.PSS
    AVGUN.LOG
    CLDMA.LOG
    COMMAND.COM
    CONFIG._AV
    CONFIG.PSS
    CONFIG.SYS
    custom.dic
    FRUNLOG.TXT
    hcScan.html
    HijackThis.exe
    kav3114.TMP
    klsfdb32.dat
    liprefs.js
    LOGO.SYS
    NETLOG.TXT
    RESETLOG.TXT
    SETUPXLG.TXT
    vsdata.dll
    WINDOWSWinHlp32.BMK
    ~
    ~DFE815.TMP
    ~DFE832.TMP
    autoexec.PIF
    backup-20031009-160211-353
    backup-20031009-160211-353.dll
    backup-20031009-160211-709
    backup-20031009-161815-824
    backup-20031020-032543-553
    backup-20031020-032543-804
    backup-20031020-032543-804.inf
    backup-20031022-113210-196
    backup-20031022-113211-349
    backup-20031022-113211-349.dll
    backup-20031022-113211-382
    backup-20031022-113211-382.dll
    backup-20031022-113211-633
    backup-20031022-113211-633-updater.lnk
    backup-20031022-113211-811
    backup-20031022-113211-900
    backup-20031022-113211-997
    backup-20031028-143923-176
    backup-20031028-152537-512
    backup-20031028-152537-732
    backup-20031028-152537-732-updater.lnk
    backup-20031028-152537-878
    backup-20031029-121705-189
    backup-20031029-121705-200
    backup-20031029-121705-279
    backup-20031029-121705-279.dll
    backup-20031029-121705-279.inf
    backup-20031029-121705-283
    backup-20031029-121705-375
    backup-20031029-121705-383
    backup-20031029-121705-383.dll
    backup-20031029-121705-383.inf
    backup-20031029-121705-980
    backup-20031030-040706-530
    backup-20031030-040706-530.osd
    backup-20031105-184220-366
    backup-20031105-184221-157
    backup-20031105-184221-157.dll
    backup-20031105-184221-157.inf
    backup-20031105-184221-272
    backup-20031105-184221-272.dll
    backup-20031105-184221-272.inf
    backup-20031105-184221-682
    backup-20031105-184221-760
    backup-20031107-233248-280
    backup-20031107-233248-503
    backup-20031107-233248-556
    backup-20031107-233248-734
    backup-20031107-233248-776
    backup-20031107-233248-951
    backup-20031107-233248-958
    backup-20031107-233249-129
    backup-20031107-233249-159
    backup-20031107-233249-435
    backup-20031107-233249-615
    backup-20031107-233249-795
    backup-20031107-233249-963
    backup-20031107-233249-963.dll
    backup-20031107-233249-963.inf
    backup-20031211-015328-235
    backup-20031227-181419-128
    backup-20031227-181419-128.dll
    backup-20031227-181419-128.inf
    backup-20040107-182924-196
    backup-20040107-182924-769
    Charter Pipeline® Professor.lnk
    ClrSchP030.exe
    dist1.exe
    exactSetup2.exe
    GLC4212.TMP
    GLF4230.TMP
    GLF4260.TMP
    GLG4223.TMP
    GLH4213.TMP
    h2r5352.TMP
    h2r92E5.TMP
    h2rA1F3.TMP
    HXDLAZWM.exe
    icinstaller.exe
    ICQ.lnk
    INSTALL.LOG
    JVM60E0.TMP
    JVM73A5.TMP
    JVM91F5.TMP
    JVMA315.TMP
    JVMB1B5.TMP
    JVME225.TMP
    klsfdb32.dat
    klsfdbM.dat
    links.txt
    Mos22B0.bin
    Pop-Up Control Center.lnk
    Pop-Up Stopper Free Edition.lnk
    ps_install-kim.exe
    pspbrwse.jbf
    r2h5352.TMP
    r2h92E5.TMP
    r2hA1F3.TMP
    SaveInstCm.exe
    SCANDISK.LOG
    SETA310.TMP
    SETD0B2.TMP
    Setup_bw.exe
    setup_td.exe
    ss_IGN7_setup.exe
    StartupLog.html
    tmp22B1.TMP
    TMP50C2.TMP
    TMP5364.TMP
    TMP7161.TMP
    TTIL_StarBlaster.exe
    updaterInstall_102.exe
    Window Washer.lnk
    Windows Media Player.lnk
    wmedia_bbi8015.exe
    www01F4.TMP
    www1061.TMP
    www1062.TMP
    www1325.TMP
    www1326.TMP
    www1F1.TMP
    www1F3.TMP
    www30E3.TMP
    www3135.TMP
    www3140.TMP
    www31B3.TMP
    www3281.TMP
    www3282.TMP
    www3315.TMP
    www4110.TMP
    www4171.TMP
    www4173.TMP
    www4174.TMP
    www4175.TMP
    www4232.TMP
    www42E1.TMP
    www4341.TMP
    www4352.TMP
    www4353.TMP
    www53B1.TMP
    www53B5.TMP
    www7051.TMP
    www7052.TMP
    www7260.TMP
    www7261.TMP
    www8203.TMP
    www8333.TMP
    www9114.TMP
    www9155.TMP
    wwwA363.TMP
    wwwB225.TMP
    wwwB284.TMP
    wwwB314.TMP
    wwwB315.TMP
    wwwC211.TMP
    wwwC232.TMP
    wwwC233.TMP
    wwwC383.TMP
    wwwE065.TMP
    wwwE070.TMP
    wwwE071.TMP
    wwwE202.TMP
    wwwE2A3.TMP
    wwwE2A4.TMP
    wwwE300.TMP
    wwwF093.TMP
    wwwF305.TMP
    wwwF324.TMP
    wwwF3A3.TMP
    wwwF3B0.TMP
    wwwF3B1.TMP
    yahoo!_messenger_install.exe
    yiebio5_3_11_0.cab
    ymsgr10
    ymsgr11
    ymsgr12
    ymsgr13
    ymsgr14
    ymsgr15
    ymsgr16
    ymsgr17
    ymsgr18
    ymsgr19
    ymsgr2
    ymsgr20
    ymsgr21
    ymsgr22
    ymsgr23
    ymsgr24
    ymsgr25
    ymsgr26
    ymsgr27
    ymsgr28
    ymsgr29
    ymsgr3
    ymsgr30
    ymsgr31
    ymsgr32
    ymsgr33
    ymsgr34
    ymsgr35
    ymsgr36
    ymsgr37
    ymsgr38
    ymsgr4
    ymsgr5
    ymsgr6
    ymsgr7
    ymsgr8
    ymsgr9
    yvertr.dll Thanks for any help you can give!
     
  2. Mercury23us

    Mercury23us Thread Starter

    Joined:
    Oct 9, 2003
    Messages:
    49
    And here is my hijack this log... Cuz I know y'all will ask for it lol :)

    Logfile of HijackThis v1.97.2
    Scan saved at 6:22:03 PM, on 1/12/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
    C:\PROGRAM FILES\DEFENDER\DEFENDER PRO ANTI-VIRUS\AVPM.EXE
    C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
    C:\PROGRAM FILES\DEFENDER\DEFENDER PRO ANTI-VIRUS\AVPM.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\PROGRAM FILES\CALYPSO3\CALYPSO.EXE
    C:\PROGRAM FILES\JASC SOFTWARE INC\PAINT SHOP PRO 7\PSP.EXE
    C:\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://charter.msn.com/
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\tz6fqrnz.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\tz6fqrnz.slt\prefs.js)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O2 - BHO: (no name) - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\Scanregw.exe /autorun
    O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
    O4 - HKLM\..\Run: [SSRunScript] "C:\Program Files\Support.com\Charter\bin\SSRunScript.exe" /script "C:\Program Files\Support.com\Charter\vbs\verifyconnection.vbs" /args //b startupdelay
    O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - HKLM\..\Run: [Kaspersky Anti-Virus Lite] C:\Program Files\Defender\Defender Pro Anti-Virus\AvpM.exe
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
    O12 - Plugin for .au: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37898.5228356481
    O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt0_x.cab
    O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et0_x.cab
    O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt3_x.cab
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553542500} - http://active.macromedia.com/flash2/cabs/swflash.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
     
  3. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,397
    Nothing jumps out at all...but i see your running 2 A/V programs......not a good idea.
    Defender pro is a new one on me but i know Kaspersky does slow down some systems.Try taking off Kaspersky and see if it improves things.
    ;)
     
  4. Mercury23us

    Mercury23us Thread Starter

    Joined:
    Oct 9, 2003
    Messages:
    49
    Well actually I'm not running 2 A/V's... I have Kaspersky installed... But only use it if I find something is wrong for a double check... Defender Pro is a cheapie LOL! Bought it at walmart yay rah! Didn't want to spend too much cuz I'm hopefully getting a new puter in the next few months... I was using AVG... And it kept not finding ANYTHING... Even when others had found something... Soooo... okey dokey... I'll keep looking! Thanks
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/194697