1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Pc Rookie Sos

Discussion in 'Virus & Other Malware Removal' started by papason, Jul 13, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. papason

    papason Thread Starter

    Joined:
    Jun 5, 2007
    Messages:
    19
    I have a Dell PC running windows xp and have a virus that wont go away. I took my PC t o STAPLES STORE and they said they would remove any spyware ,adware, and the virus,but after shelling out 100 dollars I picked up my PC and they seem to not have done any thing to improve it.Now I am just ready to wipe clean my computer and start over. I am told if I format my computer it will take care of these problems and if so , how can I save some of the things I have stored on my PC before wiping it clean ? Also what is the best way or the easiest way for a PC ROOKIE to do this? Please understand that my computer is very basic that I use for the internet and saving pictures but otherwise I dont have a lot of stuff on it the I need to save. Thank You ahead of time for your help.
     
  2. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Why do think its still infected??? Are you still getting popups??? Please more specific on your problems with your computer. Thanks.
     
  3. papason

    papason Thread Starter

    Joined:
    Jun 5, 2007
    Messages:
    19
    Now it still gets pop ups and I get a window popping up all the time that says your computer may be at risk run scan no which if I do run it . it comes back saying I have how many ever infected files to correct this problem click here for this (AV) program then if I do that it says to register it in order for it to remove viruses but they want money via a credit card.But this window comes up like non stop while Im on the PC . Also I get a lot of windows that pop up while Im on line saying windows has encountered a problem and must shut down that seems to get it froze an then it takes 15 mins. starting it back up again.
     
  4. papason

    papason Thread Starter

    Joined:
    Jun 5, 2007
    Messages:
    19
    Logfile of HijackThis v1.99.1
    Scan saved at 2:43:06 AM, on 7/14/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    C:\PROGRA~1\Yahoo!\YOP\yop.exe
    C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Documents and Settings\KRISTY\My Documents\g flicks\Picasa2\PicasaMediaDetector.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
    C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\Program Files\Verizon\McciTrayApp.exe
    C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\STOPzilla!\STOPzilla.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://verizon.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://sidesearch.dropspam.com/sidesearch.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O2 - BHO: (no name) - rsion - (no file)
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O3 - Toolbar: Slide - {F25D0054-4CA2-49D5-A8B0-D79B7829D14E} - C:\Program Files\Slide\SlideBar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
    O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
    O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Documents and Settings\KRISTY\My Documents\g flicks\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
    O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm565MBUS
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15-3.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/16.27/uploader2.cab
    O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} (AxLoaderPassword Class) - http://www.blackberry.com/messenger/AxLoader.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://loganson.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175487698218
    O17 - HKLM\System\CCS\Services\Tcpip\..\{46D65B9B-D95F-49E2-9584-7E471E11337F}: NameServer = 208.67.222.222,208.67.220.220
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Radialpoint Unicorn Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Verizon\PC Security Checkup\rpsupdaterR.exe
    O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
     
  5. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Okay, thanks for the decription.

    Download RogueRemover from the link below.
    Unzip to a convenient location such as C:\RogueRemover.
    Navigate to the folder you unzipped the files to and double click on the file named RogueRemover.exe.
    Finally, select Scan and the program will walk you through the remaining steps.

    Compatible with Windows 2000, NT, XP

    http://www.malwarebytes.org/rogueremover.php


    ==================================

    Download Combofix and save it to your desktop.
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe


    Note: It is important that it is saved directly to your desktop

    Close any open browsers.

    Double click on combofix.exe & follow the prompts.
    When finished, it shall produce a log for you.

    Post the ComboFix.txt and a fresh Hijackthis log in your next reply.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall
     
  6. papason

    papason Thread Starter

    Joined:
    Jun 5, 2007
    Messages:
    19
    "KRISTY" - 2007-07-14 9:01:54 - ComboFix 07-07-14.6 - Service Pack 2 NTFS


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007\Data\Abbr
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007\Data\ActivationCode
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007\Data\ProductCode
    C:\DOCUME~1\KRISTY\APPLIC~1.\DriveCleaner Free
    C:\DOCUME~1\KRISTY\APPLIC~1.\DriveCleaner Free\Logs\update.log
    C:\DOCUME~1\KRISTY\APPLIC~1.\macromedia\Flash Player\#SharedObjects\TSTYGU8Y\www.broadcaster.com
    C:\DOCUME~1\KRISTY\APPLIC~1.\macromedia\Flash Player\#SharedObjects\TSTYGU8Y\www.broadcaster.com\played_list.sol
    C:\DOCUME~1\KRISTY\APPLIC~1.\macromedia\Flash Player\#SharedObjects\TSTYGU8Y\www.broadcaster.com\video_queue.sol
    C:\DOCUME~1\KRISTY\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
    C:\DOCUME~1\KRISTY\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
    C:\Documents and Settings\KRISTY.\err.log
    C:\Documents and Settings\KRISTY.\ResErrors.log
    C:\Program Files\Common Files\companion wizard
    C:\Program Files\Common Files\companion wizard\WapCHK.dll
    C:\Program Files\install provider
    C:\Program Files\install provider\data.ini
    C:\Program Files\install provider\InstallProvider.dlldat
    C:\WINDOWS\system32\nvs2.inf
    C:\WINDOWS\system32\oemcgjdtt.dat
    C:\WINDOWS\system32\oemcgjdtt.exe
    C:\WINDOWS\system32\oemcgjdtt_nav.dat
    C:\WINDOWS\system32\oemcgjdtt_navps.dat


    ((((((((((((((((((((((((( Files Created from 2007-06-14 to 2007-07-14 )))))))))))))))))))))))))))))))


    2007-07-14 08:57 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-07-14 08:49 <DIR> d-------- C:\Program Files\RogueRemover
    2007-07-11 19:41 <DIR> d-------- C:\Program Files\STOPzilla!
    2007-07-11 19:41 <DIR> d-------- C:\Program Files\Common Files\iS3
    2007-07-11 19:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\STOPzilla!
    2007-07-10 12:34 <DIR> d-------- C:\Program Files\Jump Style Each
    2007-07-10 12:34 <DIR> d-------- C:\DOCUME~1\KRISTY\APPLIC~1\NetPumper
    2007-07-10 12:34 <DIR> d-------- C:\DOCUME~1\KRISTY\APPLIC~1\Jump Style Each
    2007-07-10 12:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\For love 1 bias
    2007-07-10 12:33 <DIR> d-------- C:\Program Files\NetPumper
    2007-07-08 21:28 <DIR> d-------- C:\Program Files\FreeGamesWay.com
    2007-07-08 05:03 98,304 --a------ C:\WINDOWS\system32\msir3jp.dll
    2007-07-08 05:03 838,144 --a------ C:\WINDOWS\system32\chtbrkr.dll
    2007-07-08 05:03 70,656 --a------ C:\WINDOWS\system32\korwbrkr.dll
    2007-07-08 05:03 6,144 --a------ C:\WINDOWS\system32\kbd101a.dll
    2007-07-08 05:03 218,112 --a------ C:\WINDOWS\system32\c_g18030.dll
    2007-07-08 05:03 1,677,824 --a------ C:\WINDOWS\system32\chsbrkr.dll
    2007-07-08 05:02 9,216 --a------ C:\WINDOWS\system32\kbdnecAT.dll
    2007-07-08 05:02 7,680 --a------ C:\WINDOWS\system32\kbdnecNT.dll
    2007-07-08 05:02 7,168 --a------ C:\WINDOWS\system32\kbdnec95.dll
    2007-07-08 05:02 7,168 --a------ C:\WINDOWS\system32\kbdibm02.dll
    2007-07-08 05:02 7,168 --a------ C:\WINDOWS\system32\f3ahvoas.dll
    2007-07-08 05:02 6,656 --a------ C:\WINDOWS\system32\kbdlk41a.dll
    2007-07-08 05:02 6,656 --a------ C:\WINDOWS\system32\c_is2022.dll
    2007-07-08 05:02 6,144 --a------ C:\WINDOWS\system32\kbdlk41j.dll
    2007-07-08 05:02 6,144 --a------ C:\WINDOWS\system32\kbdax2.dll
    2007-07-08 05:02 6,144 --a------ C:\WINDOWS\system32\kbd106n.dll
    2007-07-08 05:02 6,144 --a------ C:\WINDOWS\system32\kbd101.dll
    2007-07-08 04:23 <DIR> d-------- C:\DOCUME~1\KRISTY\APPLIC~1\SPAMfighter
    2007-07-08 04:22 <DIR> d-------- C:\Program Files\Common Files\Ankiro
    2007-07-08 04:21 <DIR> d-------- C:\Program Files\SPAMfighter
    2007-07-08 04:21 <DIR> d-------- C:\Program Files\Common Files\Application
    2007-07-06 19:35 8 --a------ C:\WINDOWS\system32\winsusrx.dll
    2007-07-06 19:35 136 --a------ C:\WINDOWS\system32\winsusrm.dll
    2007-07-06 19:35 <DIR> d-------- C:\WINDOWS\5374-8831-2029-7643-5722
    2007-07-05 04:16 <DIR> d-------- C:\Program Files\DivX
    2007-07-05 03:52 76,288 --a------ C:\WINDOWS\system32\uniime.dll
    2007-07-05 03:51 811,064 --a------ C:\WINDOWS\system32\imjp81k.dll
    2007-07-05 03:51 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
    2007-07-05 03:51 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
    2007-07-05 03:51 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
    2007-07-05 03:51 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
    2007-07-05 03:51 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
    2007-07-05 03:51 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
    2007-07-04 14:22 1,184,400 --a------ C:\WINDOWS\system32\FreeImage.dll
    2007-07-02 12:41 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
    2007-07-02 12:41 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
    2007-06-28 11:53 217,088 -ra------ C:\WINDOWS\system32\SZBase5.dll
    2007-06-22 14:59 294,912 -ra------ C:\WINDOWS\system32\IS3DBA5.dll
    2007-06-22 14:59 126,976 -ra------ C:\WINDOWS\system32\IS3HTUI5.dll
    2007-06-22 14:58 69,632 -ra------ C:\WINDOWS\system32\IS3Hks5.dll
    2007-06-22 14:58 372,736 -ra------ C:\WINDOWS\system32\IS3UI5.dll
    2007-06-22 14:57 94,208 -ra------ C:\WINDOWS\system32\IS3Inet5.dll
    2007-06-22 14:57 23,040 -ra------ C:\WINDOWS\system32\IS3XDat5.dll
    2007-06-22 14:57 184,320 -ra------ C:\WINDOWS\system32\IS3Win325.dll
    2007-06-22 14:56 90,112 -ra------ C:\WINDOWS\system32\IS3Svc5.dll
    2007-06-22 14:56 688,128 -ra------ C:\WINDOWS\system32\IS3Base5.dll
    2007-06-16 20:34 <DIR> d-------- C:\Program Files\Kaboose Games


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-14 13:20:26 7,520 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    2007-07-13 17:18:04 -------- d-----w C:\DOCUME~1\KRISTY\APPLIC~1\Motive
    2007-07-13 17:14:30 -------- d-----w C:\Program Files\Verizon
    2007-07-13 17:05:22 -------- d-----w C:\Program Files\Common Files\Motive
    2007-07-12 02:16:21 -------- d-----w C:\Program Files\MSN Messenger
    2007-07-10 02:56:38 -------- d-----w C:\Program Files\Yahoo!
    2007-07-05 10:24:41 630,200 ----a-w C:\WINDOWS\system32\drivers\VetEFile.sys
    2007-07-05 10:24:40 108,392 ----a-w C:\WINDOWS\system32\drivers\VetEBoot.sys
    2007-07-03 09:28:24 -------- d-----w C:\Program Files\ClickArt 400,000
    2007-07-02 19:08:34 -------- d-----w C:\Program Files\Personal Resume Workshop
    2007-06-19 10:31:56 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-06-13 17:53:35 -------- d-----w C:\Program Files\SUPERAntiSpyware
    2007-06-13 17:52:32 -------- d-----w C:\Program Files\QuickTime
    2007-06-13 17:13:06 -------- d-----w C:\Program Files\Phantom EFX
    2007-06-12 23:21:19 -------- d-----w C:\Program Files\Common Files\Symantec Shared
    2007-06-08 11:09:21 -------- d-----w C:\Program Files\Zylom Games
    2007-06-08 11:08:47 -------- d-----w C:\Program Files\Gunner2_at
    2007-06-08 11:07:35 -------- d-----w C:\Program Files\Feelers_at
    2007-06-08 01:19:07 -------- d-----w C:\DOCUME~1\KRISTY\APPLIC~1\SUPERAntiSpyware.com
    2007-06-04 21:39:14 -------- d-----w C:\DOCUME~1\KRISTY\APPLIC~1\SpywareBot
    2007-06-03 12:12:21 158,952 ------w C:\DOCUME~1\KRISTY\APPLIC~1\install_en[1].exe
    2007-06-03 11:27:27 -------- d-----w C:\Program Files\Common Files\Scanner
    2007-06-03 11:21:31 -------- d-----w C:\Program Files\Common Files\Authentium
    2007-06-01 03:47:43 -------- d-----w C:\Program Files\ReflexiveArcade
    2007-05-31 10:52:09 -------- d-----w C:\Program Files\Common Files\DirectX
    2007-05-29 00:57:38 -------- d-----w C:\DOCUME~1\KRISTY\APPLIC~1\Help
    2007-05-28 23:23:01 -------- d-----w C:\Program Files\Oberon Media
    2007-05-24 00:55:18 -------- d--h--w C:\DOCUME~1\KRISTY\APPLIC~1\Move Networks
    2007-05-20 23:43:17 -------- d-----w C:\Program Files\bfgclient
    2007-05-19 21:57:25 -------- d-----w C:\DOCUME~1\KRISTY\APPLIC~1\Zylom
    2007-05-18 23:54:15 -------- d-----w C:\Program Files\BearShare Applications
    2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-04-30 10:46:41 1,121 ----a-w C:\WINDOWS\unins000.dat
    2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
    2007-04-20 23:37:50 119,296 ----a-w C:\WINDOWS\system32\zlibwapi.dll
    2007-04-20 23:37:50 119,296 ----a-w C:\WINDOWS\system32\zlib.dll
    2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
    2007-04-17 05:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-17 05:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-17 05:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-17 05:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-17 05:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2007-04-17 05:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
    2007-04-17 05:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
    2007-01-06 16:10:13 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
    2006-12-14 15:31:26 56 --sh--r C:\WINDOWS\system32\015A5C3B2D.sys
    2007-02-17 13:23:10 88 --sh--r C:\WINDOWS\system32\0D416F04DE.sys
    2007-01-14 16:35:18 56 -csh--r C:\WINDOWS\system32\DE046F410D.sys


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
    2007-05-30 14:18 808472 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    2006-10-22 23:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1827766B-9F49-4854-8034-F6EE26FCB1EC}]
    2007-06-28 12:01 275640 -ra------ C:\Program Files\STOPzilla!\SZSG.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    2007-05-02 18:56 2403392 -ra------ c:\program files\google\googletoolbar2.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E3215F20-3212-11D6-9F8B-00D0B743919D}]
    2007-06-28 12:01 177336 -ra------ C:\Program Files\STOPzilla!\SZIEBHO.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2005-06-17 00:30]
    "VerizonServicepoint.exe"="C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe" [2006-02-01 19:33]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-11 02:33]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 17:42]
    "Picasa Media Detector"="C:\Documents and Settings\KRISTY\My Documents\g flicks\Picasa2\PicasaMediaDetector.exe" [2007-05-01 23:08]
    "MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16]
    "Motive SmartBridge"="C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe" [2006-06-23 12:33]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 08:44]
    "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 08:44]
    "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 01:12]
    "CAVRID"="C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" [2006-12-14 05:22]
    "CaAvTray"="C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" [2006-12-14 05:22]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
    "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-07-04 14:22]
    "Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-03-11 14:37]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-02-03 06:24]
    "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
    "YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-03-28 15:10]


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f2ab6a4-dc80-11da-8b7a-806d6172696f}]
    AutoRun\command- E:\ReelDealSlots4Launcher.exe


    Contents of the 'Scheduled Tasks' folder
    2007-07-14 16:00:00 C:\WINDOWS\tasks\A89251DD9059D0F1.job
    2007-07-14 14:38:03 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    2007-07-14 01:30:00 C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (SPUNKYS-POPPY).job
    2007-07-14 10:00:01 C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job
    2007-07-14 10:23:12 C:\WINDOWS\tasks\User_Feed_Synchronization-{8B2D93F7-6A72-4C4C-8028-09174E3E8989}.job

    **************************************************************************

    catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-14 09:14:14
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-07-14 9:17:34
    C:\ComboFix-quarantined-files.txt ... 2007-07-14 09:17

    --- E O F ---
     
  7. papason

    papason Thread Starter

    Joined:
    Jun 5, 2007
    Messages:
    19
    The first log report was from the Rougeremover, this one is from Hijack this. Once my problems are solved can I delete programs like Stopzilla? And will the promp from AV stop popping up? Logfile of HijackThis v1.99.1
    Scan saved at 9:27:29 AM, on 7/14/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Yahoo!\YOP\yop.exe
    C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Documents and Settings\KRISTY\My Documents\g flicks\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
    C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\Program Files\Verizon\McciTrayApp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\alg.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\STOPzilla!\STOPzilla.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://verizon.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://sidesearch.dropspam.com/sidesearch.htm
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O2 - BHO: (no name) - rsion - (no file)
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O3 - Toolbar: Slide - {F25D0054-4CA2-49D5-A8B0-D79B7829D14E} - C:\Program Files\Slide\SlideBar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
    O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
    O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Documents and Settings\KRISTY\My Documents\g flicks\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
    O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm565MBUS
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15-3.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/16.27/uploader2.cab
    O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} (AxLoaderPassword Class) - http://www.blackberry.com/messenger/AxLoader.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://loganson.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175487698218
    O17 - HKLM\System\CCS\Services\Tcpip\..\{46D65B9B-D95F-49E2-9584-7E471E11337F}: NameServer = 208.67.222.222,208.67.220.220
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Radialpoint Unicorn Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Verizon\PC Security Checkup\rpsupdaterR.exe
    O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
     
  8. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Panda Activescan
    http://www.pandasoftware.com/products/activescan.htm
    1. Once you are on the Panda site click the Scan your PC button
    2. A new window will open...click the Check Now button
    3. Enter your Country
    4. Enter your State/Province
    5. Enter your e-mail address and click send
    6. Select either Home User or Company
    7. Click the big Scan Now button
    8. If it wants to install an ActiveX component allow it
    9. It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    10. When download is complete, click on Local Disks to start the scan
    11. When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.


    In your next reply, please include the log from panda activescan. Thanks
     
  9. papason

    papason Thread Starter

    Joined:
    Jun 5, 2007
    Messages:
    19
    I clicked on the Pandasoftware link , it ran the scan but the window I could not get to Maximize I tried everything I could think of but nothing seemed to work, so when the scan was finished I could not see in the window a spot to check for a log file of what was found. Now I go to the link again and it wont start at all? Dont know what Im doing wrong?
     
  10. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Okay, try this one

    Please perform a scan with Kaspersky Webscan Online Virus Scanner
    1. Click the "Kaspersky Online Scanner" button (NOT "Kaspersky File Scanner").
    2. Read the Requirements and Privacy statement, then select "Accept".
    3. A new window will appear promting you to install an ActiveX component from Kaspersky - "Do you want to install this software?".
    4. Click "Yes or select "Install" to download the ActiveX controls that allows ActiveScan to run.
    5. When the download is complete it will say ready, click "Next".
    6. Click "Scan Settings" and check the option to use the Extended Database if available otherwise Standard).
    7. Click "Scan Options" and select both "Scan Archives" and "Scan Mail Bases".
    8. Click "OK".
    9. Under "Select a target to scan", click on "My Computer".
    10. When the scan is complete choose to save the results as "Save as Text" named kaspersky.txt to your desktop and post them in your next reply.

    Kaspersky does not remove anything but will provide a log of anything it finds. On August 8th, 2006 Kaspersky updated the software used for Free Online Virus Scanner. In order to continue using the online scanner you will need to uninstall the old version (if previously used) from your Add/Remove Programs list and then install the latest version. To do this, follow the steps here and reboot afterwards if your system does not reboot automatically or it will show 'Kaspersky Online Scanner license key was not found!
     
  11. papason

    papason Thread Starter

    Joined:
    Jun 5, 2007
    Messages:
    19
    When I try to post the KASPERSKY report it tells me it is to long 41273 characters and to shorten it to 30000. How do I do this ?
     
  12. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Open Notepad and copy and paste the log and attach it has Kaspersky.txt.
     
  13. papason

    papason Thread Starter

    Joined:
    Jun 5, 2007
    Messages:
    19
    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Monday, July 16, 2007 4:03:39 PM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.93.0
    Kaspersky Anti-Virus database last update: 16/07/2007
    Kaspersky Anti-Virus database records: 363085
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    C:\
    D:\
    E:\

    Scan Statistics:
    Total number of scanned objects: 81630
    Number of viruses found: 18
    Number of infected objects: 64
    Number of suspicious objects: 0
    Duration of the scan process: 01:05:07

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\All Users\Documents\cleaners_setup.exe/file03/MeMediaSetup.exe Infected: not-a-virus:AdTool.Win32.WhenU.k skipped
    C:\Documents and Settings\All Users\Documents\cleaners_setup.exe/file03 Infected: not-a-virus:AdTool.Win32.WhenU.k skipped
    C:\Documents and Settings\All Users\Documents\cleaners_setup.exe Inno: infected - 2 skipped
    C:\Documents and Settings\All Users\Documents\galaxygsetup.exe/file03/MeMediaSetup.exe Infected: not-a-virus:AdTool.Win32.WhenU.k skipped
    C:\Documents and Settings\All Users\Documents\galaxygsetup.exe/file03 Infected: not-a-virus:AdTool.Win32.WhenU.k skipped
    C:\Documents and Settings\All Users\Documents\galaxygsetup.exe Inno: infected - 2 skipped
    C:\Documents and Settings\All Users\Documents\luckyfishsetup.exe/file03/MeMediaSetup.exe Infected: not-a-virus:AdTool.Win32.WhenU.k skipped
    C:\Documents and Settings\All Users\Documents\luckyfishsetup.exe/file03 Infected: not-a-virus:AdTool.Win32.WhenU.k skipped
    C:\Documents and Settings\All Users\Documents\luckyfishsetup.exe Inno: infected - 2 skipped
    C:\Documents and Settings\All Users\Documents\NetPumper-1.50-setup-0180.exe/data0079 Infected: Trojan.Win32.Obfuscated.en skipped
    C:\Documents and Settings\All Users\Documents\NetPumper-1.50-setup-0180.exe Inno: infected - 1 skipped
    C:\Documents and Settings\KRISTY\Application Data\Earthlink\6.0\[email protected]\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\KRISTY\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
    C:\Documents and Settings\KRISTY\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped
    C:\Documents and Settings\KRISTY\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped
    C:\Documents and Settings\KRISTY\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
    C:\Documents and Settings\KRISTY\Application Data\install_en[1].exe Infected: not-a-virus:Downloader.Win32.WinFixer.z skipped
    C:\Documents and Settings\KRISTY\Application Data\SPAMfighter\Logs\Agent.log.txt Object is locked skipped
    C:\Documents and Settings\KRISTY\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 06-08-2007 - 03-06-08\{08080D51-75DE-4967-AC88-2CBDACC52BEC}/data0012 Infected: not-a-virus:AdWare.Win32.180Solutions.ba skipped
    C:\Documents and Settings\KRISTY\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 06-08-2007 - 03-06-08\{08080D51-75DE-4967-AC88-2CBDACC52BEC} NSIS: infected - 1 skipped
    C:\Documents and Settings\KRISTY\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 06-08-2007 - 03-06-08\{5D3ADAF1-76D3-4699-893B-F7E1DD993328}/file01 Infected: Trojan-Downloader.Win32.Agent.alr skipped
    C:\Documents and Settings\KRISTY\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 06-08-2007 - 03-06-08\{5D3ADAF1-76D3-4699-893B-F7E1DD993328} Inno: infected - 1 skipped
    C:\Documents and Settings\KRISTY\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 06-08-2007 - 03-06-08\{6F33574B-A69F-4D58-89B4-0E190F80D5D6}/file01 Infected: Trojan-Downloader.Win32.Agent.alr skipped
    C:\Documents and Settings\KRISTY\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 06-08-2007 - 03-06-08\{6F33574B-A69F-4D58-89B4-0E190F80D5D6} Inno: infected - 1 skipped
    C:\Documents and Settings\KRISTY\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 06-08-2007 - 03-06-08\{B7DF15EC-1E93-4C19-ACD5-40DFF79DCF14}/data0012 Infected: not-a-virus:AdWare.Win32.180Solutions.ba skipped
    C:\Documents and Settings\KRISTY\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 06-08-2007 - 03-06-08\{B7DF15EC-1E93-4C19-ACD5-40DFF79DCF14} NSIS: infected - 1 skipped
    C:\Documents and Settings\KRISTY\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 06-08-2007 - 03-06-08\{F751FCBC-F210-4BCD-BD91-8BB34295647D} Infected: not-a-virus:Downloader.Win32.WinFixer.m skipped
    C:\Documents and Settings\KRISTY\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 06-08-2007 - 03-06-08\{F7B9F140-0373-47C9-BF70-7E52826D5C2F} Infected: not-a-virus:Downloader.Win32.WinFixer.m skipped
    C:\Documents and Settings\KRISTY\Application Data\Verizon\VSP\client_gateway.log Object is locked skipped
    C:\Documents and Settings\KRISTY\Local Settings\Application Data\Google\Google Desktop Search\dbc2e.ht1 Object is locked skipped
    C:\Documents and Settings\KRISTY\Local Settings\Application Data\Google\Google Desktop Search\dbdam Object is locked skipped
    C:\Documents and Settings\KRISTY\Local Settings\Application Data\Google\Google Desktop Search\dbdao Object is locked skipped
    C:\Documents and Settings\KRISTY\Local Settings\Application Data\Google\Google Desktop Search\dbeam Object is locked skipped
    C:\Documents and Settings\KRISTY\Local Settings\Application Data\Google\Google Desktop Search\dbeao Object is locked skipped
    C:\Documents and Settings\KRISTY\Local Settings\Application Data\Google\Google Desktop Search\dbm Object is locked skipped
    C:\Documents and Settings\KRISTY\Local Settings\Application Data\Google\Google Desktop Search\dbu2d.ht1 Object is locked skipped
    C:\Documents and Settings\KRISTY\Local Settings\Application Data\Google\Google Desktop Search\dbvm.cf1 Object is locked skipped
    C:\Documents and Settings\KRISTY\Local Settings\Application Data\Google\Google Desktop Search\dbvmh.ht1 Object is locked skipped
    C:\Documents and Settings\KRISTY\Local Settings\Application Data\Google\Google Desktop Search\fii.cf1 Object is locked skipped
    C:\Documents and Settings\KRISTY\Local Settings\Application Data\Google\Google Desktop Search\fiih.ht1 Object is locked skipped
    C:\Documents and Settings\KRISTY\Local Settings\Application Data\Google\Google Desktop Search\rpm.cf1 Object is locked skipped
    C:\Documents and Settings\KRISTY\Local Settings\Application Data\Google\Google Desktop Search\rpmh.ht1 Object is locked skipped
    C:\Documents and Settings\KRISTY\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
    C:\Documents and Settings\KRISTY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\KRISTY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\KRISTY\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\KRISTY\Local Settings\History\History.IE5\MSHist012007071620070717\index.dat Object is locked skipped
    C:\Documents and Settings\KRISTY\Local Settings\Temp\~DFBFD2.tmp Object is locked skipped
    C:\Documents and Settings\KRISTY\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
    C:\Documents and Settings\KRISTY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\KRISTY\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\KRISTY\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Downloads\HeavyweightThunderSetup-dm[1].exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
    C:\Program Files\FreeGamesWay.com\Lucky Fisherman\MeMediaSetupInst.exe/MeMediaSetup.exe Infected: not-a-virus:AdTool.Win32.WhenU.k skipped
    C:\Program Files\FreeGamesWay.com\Lucky Fisherman\MeMediaSetupInst.exe CAB: infected - 1 skipped
    C:\Program Files\MSN Messenger\msimg32.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
    C:\Program Files\MSN Messenger\riched20.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
    C:\Program Files\NetPumper\ZM\minime.exe Infected: Trojan.Win32.Obfuscated.en skipped
    C:\Program Files\Verizon\SmartBridge\AlertFilter.log Object is locked skipped
    C:\Program Files\Verizon\SmartBridge\log\httpclient.log Object is locked skipped
    C:\Program Files\Verizon\SmartBridge\SmartBridge.log Object is locked skipped
    C:\QooBox\Quarantine\C\Program Files\Common Files\Companion Wizard\WapCHK.dll.vir Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.2006 skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP244\A0059620.dll Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.2006 skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP245\A0060732.dll Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.2006 skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP249\A0061811.exe Object is locked skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP249\A0061813.dll Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.2006 skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP249\A0061817.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP249\A0061819.dll Infected: not-a-virus:AdTool.Win32.WhenU.i skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP249\A0061820.exe Infected: not-a-virus:AdTool.Win32.WhenU.i skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP249\A0061823.exe/data0012 Infected: not-a-virus:AdWare.Win32.180Solutions.ba skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP249\A0061823.exe NSIS: infected - 1 skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP249\A0061825.dll Infected: not-a-virus:AdWare.Win32.HotBar.bz skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP249\A0061826.dll Infected: not-a-virus:AdWare.Win32.HotBar.ca skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP249\A0062963.dll Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.2006 skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP250\A0064859.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.NaviPromo.ao skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP250\A0064859.exe/stream Infected: not-a-virus:AdWare.Win32.NaviPromo.ao skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP250\A0064859.exe NSIS: infected - 2 skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP250\A0065863.exe Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP251\A0065864.dll Infected: not-a-virus:AdWare.Win32.HotBar.ca skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP252\A0067591.dll Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.2006 skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP268\A0069905.exe Infected: not-a-virus:Downloader.Win32.WinFixer.z skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP268\A0069906.exe Infected: not-a-virus:Downloader.Win32.WinFixer.z skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP268\A0070941.dll Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.2006 skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP268\A0070971.exe Infected: not-a-virus:Downloader.Win32.WinFixer.z skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP270\A0072003.exe Infected: not-a-virus:Downloader.Win32.WinFixer.z skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP277\A0074034.exe Infected: not-a-virus:Downloader.Win32.WinFixer.m skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP278\A0076229.dll Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.2006 skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP282\A0080673.exe/MeMediaSetup.exe Infected: not-a-virus:AdTool.Win32.WhenU.k skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP282\A0080673.exe CAB: infected - 1 skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP284\A0081848.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.gen skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP284\A0081877.exe/MeMediaSetup.exe Infected: not-a-virus:AdTool.Win32.WhenU.k skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP284\A0081877.exe CAB: infected - 1 skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP288\A0082078.exe Infected: Trojan.Win32.Obfuscated.en skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP288\A0082079.exe Infected: Trojan.Win32.Obfuscated.en skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP288\A0082080.exe Infected: Trojan.Win32.Inject.au skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP288\A0082081.exe Infected: Trojan.Win32.Inject.au skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP289\A0083205.dll Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.2006 skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP289\A0083212.exe Infected: not-a-virus:Downloader.Win32.WinFixer.z skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP292\change.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped
    D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    Scan process completed.
     
  14. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Please DELETE the following file(s) IF STILL PRESENT. You can use Windows Explorer to navigate or use Windows Search feature to locate them.

    Files:

    C:\Documents and Settings\All Users\Documents\cleaners_setup.exe <-- this file
    C:\Documents and Settings\All Users\Documents\galaxygsetup.exe <-- this file
    C:\Documents and Settings\All Users\Documents\luckyfishsetup.exe <-- this file
    C:\Documents and Settings\All Users\Documents\NetPumper-1.50-setup-0180.exe <-- this file
    C:\Documents and Settings\KRISTY\Application Data\install_en[1].exe <-- this file
    C:\Program Files\FreeGamesWay.com\Lucky Fisherman\MeMediaSetupInst.exe <-- this file


    How is everything running???
     
  15. papason

    papason Thread Starter

    Joined:
    Jun 5, 2007
    Messages:
    19
    Everything seems to be running fine again. Thank you so much for your expert help and time. I have one last question for you befor I go and that is, do you think I need to keep any other spyware program on my computer other than the Yahoo online protection program thats on there now?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/595509

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice