1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Dreaded explorer.exe trojan =/ (Admin's please help)

Discussion in 'Virus & Other Malware Removal' started by skate4lifee, May 14, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. skate4lifee

    skate4lifee Thread Starter

    Joined:
    May 14, 2007
    Messages:
    60
    Hey admins/user's who know how to deal with the explorer.exe virus. I have had it only for a day or two but i could tell the symptoms of the adware/trojan because 1) my computer was running slow. 2) random pop ups. 3) random new desktop icons. and 4) my mcafee anti-virus kept showing new viruses and most of them it could delete but there was always one that kept showing up which i believe is the main virus that it could not delete. ill be on here every day waiting for help.

    Thank you,

    The Indian Guy
     
  2. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    69,445
    Hi, Welcome to TSG!!


    Click here to download HJTsetup.exe
    Save HJTsetup.exe to your desktop.

    Double click on the HJTsetup.exe icon on your desktop.
    By default it will install to C:\Program Files\Hijack This.
    Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    Put a check by Create a desktop icon then click Next again.
    Continue to follow the rest of the prompts from there.
    At the final dialogue box click Finish and it will launch Hijack This.
    Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    Click Save to save the log file and then the log will open in notepad.
    Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    Come back here to this thread and Paste the log in your next reply.
    DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  3. skate4lifee

    skate4lifee Thread Starter

    Joined:
    May 14, 2007
    Messages:
    60
    Logfile of HijackThis v1.99.1
    Scan saved at 3:14:36 PM, on 5/14/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\System32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    G:\Program Files\Apache HTTP Server\bin\httpd.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\PROGRA~1\Iomega\System32\AppServices.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    G:\Program Files\Apache HTTP Server\bin\httpd.exe
    C:\Program Files\Network Associates\VirusScan\mcshield.exe
    C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\WINDOWS\retadpu1000272.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\messenger\msmsgs.exe
    G:\Program Files\Apache HTTP Server\bin\ApacheMonitor.exe
    C:\Program Files\NETGEAR\WG121 Configuration Utility\wlancfg8.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    G:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.playmacro.co.kr
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.dragonballz.com/"); (C:\Documents and Settings\Dustin\Application Data\Mozilla\Profiles\default\57ihib45.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\Dustin\Application Data\Mozilla\Profiles\default\57ihib45.slt\prefs.js)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [Secure] C:\WINDOWS\WindowsUpdates.exe
    O4 - HKLM\..\Run: [SManager] smanager.7.exe
    O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\cuqwqcmh.dll",realset
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
    O4 - HKLM\..\Run: [RegistrySmart] "C:\Program Files\RegistrySmart\RegistrySmart.exe" -boot
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Iinl] "C:\PROGRA~1\RACLE~1\mmc.exe" -vt ndrv
    O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O4 - Global Startup: Monitor Apache Servers.lnk = G:\Program Files\Apache HTTP Server\bin\ApacheMonitor.exe
    O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE (file missing)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
    O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
    O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
    O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
    O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Zan...ffce0e0ba0a8:7b1601be9f83b906d9b1a279c57bb948
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs:
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apache2 - Unknown owner - G:\Program Files\Apache HTTP Server\bin\httpd.exe" -k runservice (file missing)
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
     
  4. skate4lifee

    skate4lifee Thread Starter

    Joined:
    May 14, 2007
    Messages:
    60
    a friend told me to try and use avast in boot-scan mode. I really don't want to get a new OS but as a last resort i guess i will download a new one
     
  5. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    69,445
    You don't download a new OS you install it again from your original source.

    Click Here and download Killbox and save it to your desktop.



    Run HJT again and put a check in the following:

    O4 - HKLM\..\Run: [Secure] C:\WINDOWS\WindowsUpdates.exe
    O4 - HKLM\..\Run: [SManager] smanager.7.exe
    O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\cuqwqcmh.dll",realset
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F 310
    O4 - HKCU\..\Run: [Iinl] "C:\PROGRA~1\RACLE~1\mmc.exe" -vt ndrv
    O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe

    Close all applications and browser windows before you click "fix checked".


    Double-click on Killbox.exe to run it.
    Put a tick by Delete on Reboot.
    Copy the following list of files to clipboard, CTRL+C to copy

    C:\WINDOWS\system32\cuqwqcmh.dll
    C:\WINDOWS\WindowsUpdates.exe
    C:\WINDOWS\retadpu1000272.exe
    C:\WINDOWS\system32\smanager.7.exe


    Now in Killbox go to File, Paste from clipboard.
    Click the All Files button.
    Click on the button that has the red circle with the X in the middle.
    It will ask for confimation to delete the file.
    Click Yes.
    It will ask if you want to reboot now,
    Click Yes.

    Note: It is possible that Killbox will tell you that the file does not exist.

    If your computer does not restart automatically then please restart it manually.
    If you get an error message "PendingFileRenameOperations Registry Data has been Removed by External Process!" message then just restart manually.


    Download this tool to your desktop:
    http://www.uploads.ejvindh.net/rootchk.exe
    Run the program. After a short time a logfile will turn up. Copy the contents of the log into the thread.

    Notice: Some security-programs prevent the creation of dummy drivers with certain names. This may cause false positives. If the log of rootchk contains a lot of hidden drivers, you may want to turn of your security programs while rootchk is scanning (you should then unhook your network connection as well)


    Download ComboFix from Here or Here to your Desktop.
    • Double click combofix.exe and follow the prompts.
    • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall
     
  6. skate4lifee

    skate4lifee Thread Starter

    Joined:
    May 14, 2007
    Messages:
    60
    ********************************* ROOTCHK-(02-05-07)-LOG, by ejvindh
    Mon 05/14/2007 16:12:54.32

    Driver pe386 (hidden) is present. Run RUSTBFIX by ejvindh.
    Driver pe386 (visible) is present. Run RUSTBFIX by ejvindh.

    ********************************* ROOTCHK-LOG-end


    catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-05-14 16:12:54
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden services ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    C:\WINDOWS\system32:lzx32.sys 71354 bytes executable hidden from API
    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 1
     
  7. skate4lifee

    skate4lifee Thread Starter

    Joined:
    May 14, 2007
    Messages:
    60
    i dont think this will help but here is a picture of the explorer.exe virus that pops up everytime i turn on my computer and also the combofix made me restart because of a rootkit it found but its still scanning.
     

    Attached Files:

  8. skate4lifee

    skate4lifee Thread Starter

    Joined:
    May 14, 2007
    Messages:
    60
    I THINK YOU FIXED IT!!! when i ran my computer just now i didnt get the explorer.exe pop up but i dont think its completly gone not sure yet here is the ComboFix:

    "Dustin" - 2007-05-14 16:20:36 Service Pack 2
    ComboFix 07-05.13.V - Running from: ""


    (((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\isrorbaw.dll
    C:\WINDOWS\system32\nmmpmpyq.dll
    C:\WINDOWS\system32\cbxyyxv.dll
    C:\WINDOWS\system32\mljiifg.dll
    C:\WINDOWS\system32\qommmjk.dll
    C:\WINDOWS\system32\winexz32.dll
    C:\WINDOWS\system32\qtstv.bak2
    C:\WINDOWS\system32\qtstv.ini
    C:\WINDOWS\system32\qtstv.ini2
    C:\WINDOWS\system32\qtstv.tmp
    C:\WINDOWS\system32\vtstq.dll
    C:\WINDOWS\system32\cbxyawv.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Program Files\Common Files\Yazzle1162OinAdmin.exe
    C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
    C:\Program Files\inetget2
    ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
    Folders Quarantined:
    C:\qoobox\purity\C\Program Files\RACLE~1


    ((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\pe386


    ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-14 ))))))))))))))))))))))))))))))))))


    2007-05-14 16:17 <DIR> d-------- C:\WINDOWS\system32\LogFiles
    2007-05-14 16:00 <DIR> d-------- C:\!KillBox
    2007-05-14 15:45 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr
    2007-05-14 15:45 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-05-14 15:45 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2007-05-14 15:45 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
    2007-05-14 15:45 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-05-14 15:45 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-05-14 15:45 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-05-13 20:29 <DIR> d-------- C:\DOCUME~1\Dustin\APPLIC~1\RegistrySmart
    2007-05-13 20:23 <DIR> d-------- C:\DOCUME~1\Dustin\APPLIC~1\Uniblue
    2007-05-13 19:55 <DIR> d-------- C:\DOCUME~1\Dustin\APPLIC~1\Lavasoft
    2007-05-13 18:18 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE
    2007-05-13 18:18 0 --a------ C:\WINDOWS\ORUN32.EXE
    2007-05-13 18:15 <DIR> d-------- C:\DOCUME~1\Dustin\APPLIC~1\SuperAdBlocker.com
    2007-05-13 17:26 <DIR> d-------- C:\Program Files\Enigma Software Group
    2007-05-13 12:47 417,792 --a------ C:\WINDOWS\Nero PhotoShow.scr
    2007-05-13 12:40 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
    2007-05-13 12:40 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
    2007-05-12 14:40 1,994,752 --------- C:\WINDOWS\UNNeroVision.exe
    2007-05-12 14:18 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
    2007-05-12 14:18 <DIR> d-------- C:\Program Files\Ahead
    2007-05-12 09:25 <DIR> d-------- C:\WINDOWS\system32\bak
    2007-05-12 09:25 <DIR> d-------- C:\WINDOWS\bak
    2007-05-11 23:27 <DIR> d-------- C:\Program Files\àdobe
    2007-05-09 16:21 <DIR> d-------- C:\DOCUME~1\Dustin\APPLIC~1\Opera
    2007-05-08 17:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
    2007-05-08 17:10 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
    2007-05-08 15:33 356,352 --a------ C:\WINDOWS\eSellerateEngine.dll
    2007-05-08 15:24 <DIR> d-------- C:\Program Files\Common Files\DistributeShield
    2007-04-26 18:53 <DIR> d-------- C:\Program Files\Neffy
    2007-04-26 18:20 180,224 --a------ C:\WINDOWS\system32\nvudisp.exe
    2007-04-26 18:19 180,224 --a------ C:\WINDOWS\system32\NVUNINST.EXE
    2007-04-18 22:03 24,575 --a------ C:\WINDOWS\system32\mssetwinsyspios55.dll
    2007-04-18 22:02 73,728 --a------ C:\WINDOWS\system32\ltlst14N.dll
    2007-04-18 22:02 57,344 --a------ C:\WINDOWS\system32\lfbmp14N.dll
    2007-04-18 22:02 53,248 --a------ C:\WINDOWS\system32\zlib.dll
    2007-04-18 22:02 53,248 --a------ C:\WINDOWS\system32\lttmb14N.dll
    2007-04-18 22:02 487,424 --a------ C:\WINDOWS\system32\LTKRN14n.DLL
    2007-04-18 22:02 303,104 --a------ C:\WINDOWS\system32\LTDIS14n.DLL
    2007-04-18 22:02 274,432 --a------ C:\WINDOWS\system32\LTEFX14n.DLL
    2007-04-18 22:02 180,224 --a------ C:\WINDOWS\system32\LTFIL14n.DLL
    2007-04-18 22:02 1,126,400 --a------ C:\WINDOWS\system32\LTIMG14n.DLL
    2007-04-16 19:00 <DIR> d-------- C:\Program Files\Windows Live Safety Center
    2007-04-14 22:15 <DIR> d-------- C:\DOCUME~1\Dustin\.borland


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    Rootkit driver pe386 is present. ... attempting disinfection
    pe386 ...... driver unloaded successfully.
    ADS removed - system32: deleted 71354 bytes in 1 streams.

    2007-05-14 06:28:34 -------- d-----w C:\DOCUME~1\Dustin\APPLIC~1\uTorrent
    2007-05-13 22:52:55 -------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
    2007-05-12 16:35:05 -------- d-----w C:\Program Files\AviSynth 2.5
    2007-05-12 16:25:50 -------- d-----w C:\Program Files\QuickTime
    2007-05-12 16:25:50 -------- d-----w C:\Program Files\Microsoft AntiSpyware
    2007-05-12 16:25:47 -------- d-----w C:\Program Files\MSN Messenger
    2007-05-12 16:25:47 -------- d-----w C:\Program Files\messenger
    2007-05-12 16:25:47 -------- d-----w C:\DOCUME~1\Dustin\APPLIC~1\Gpl Meta
    2007-05-12 06:27:57 -------- d-----w C:\Program Files\?dobe
    2007-04-27 05:38:09 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-04-27 00:00:35 14,297 -c--a-w C:\WINDOWS\mozver.dat
    2007-04-25 04:26:03 249,856 ------w C:\WINDOWS\Setup1.exe
    2007-04-25 04:26:02 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
    2007-04-10 22:32:12 -------- d-----w C:\DOCUME~1\Dustin\APPLIC~1\PE Explorer
    2007-04-07 22:17:46 24 -c--a-w C:\WINDOWS\system32\kadmdc.dll
    2007-04-05 20:21:04 -------- d-----w C:\DOCUME~1\Dustin\APPLIC~1\Xfire
    2007-04-02 04:22:04 -------- d-----w C:\DOCUME~1\Dustin\APPLIC~1\Hamachi
    2007-04-02 02:43:05 26,056 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
    2007-04-01 20:23:11 -------- d-----w C:\Program Files\Real
    2007-03-31 09:25:43 32,768 ----a-w C:\WINDOWS\SecureWin33.exe
    2007-03-31 09:25:29 45,056 ----a-w C:\WINDOWS\SecureWin32.exe
    2007-03-24 19:27:04 -------- d-----w C:\DOCUME~1\Dustin\APPLIC~1\BitTorrent
    2007-03-24 17:08:42 65,536 ----a-w C:\WINDOWS\IFinst27.exe
    2007-03-16 03:55:58 40,960 ----a-w C:\WINDOWS\system32\frapsvid.dll
    2007-03-15 19:23:16 497,496 ----a-w C:\WINDOWS\system32\XceedZip.dll
    2007-03-15 19:19:58 526,184 ----a-w C:\WINDOWS\system32\XceedCry.dll
    2007-03-10 09:04:28 -------- d-----w C:\DOCUME~1\Dustin\APPLIC~1\Leadertech
    2007-03-10 08:05:01 -------- d-----w C:\DOCUME~1\Dustin\APPLIC~1\AdobeAUM
    2007-03-10 07:05:01 -------- d-----w C:\Program Files\uTorrent
    2007-03-10 06:25:36 -------- d-----w C:\DOCUME~1\Dustin\APPLIC~1\Swigart Consulting


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15 04:23]
    {9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 20:33]
    {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll []

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "ATIModeChange"="Ati2mdxx.exe"
    "AGRSMMSG"="AGRSMMSG.exe"
    "ShStatEXE"="\"C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
    "gcasServ"="\"C:\\Program Files\\Microsoft AntiSpyware\\gcasServ.exe\""
    "RegistrySmart"="\"C:\\Program Files\\RegistrySmart\\RegistrySmart.exe\" -boot"
    "avast!"="G:\\PROGRA~1\\AVASTA~1\\ashDisp.exe"
    "Adobe Photo Downloader"="\"G:\\Program Files\\Adobe Photoshop\\3.0\\Apps\\apdproxy.exe\""
    "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "PSPVideo9"="G:\\Program Files\\PSPVideo9\\pspVideo9.exe -t"
    "SeekmoToolbar"="C:\\Program Files\\SeekmoToolbar\\Bin\\4.8.4.0\\${HOOKOE_FILE}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 16:24 C:\WINDOWS\system32\Ati2mdxx.exe])
    "AGRSMMSG"="AGRSMMSG.exe" [])
    "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" [2003-09-29 07:10]
    "gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" []
    "RegistrySmart"="C:\Program Files\RegistrySmart\RegistrySmart.exe" []
    "avast!"="G:\PROGRA~1\AVASTA~1\ashDisp.exe" [2007-04-30 08:42]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
    "MSMSGS"="C:\Program Files\messenger\msmsgs.exe" [2004-08-04 01:56]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "MSMSGS"="\"C:\\Program Files\\messenger\\msmsgs.exe\" /background"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AutorunsDisabled]
    "BitTorrent"="\"G:\\Program Files\\bittorrent.exe\" --force_start_minimized"
    "DefaultBind"="C:\\DOCUME~1\\Dustin\\APPLIC~1\\GPLMET~1\\nurb fast bin.exe"
    "Free Download Manager"="D:\\Free Download Manager\\fdm.exe -autorun"
    "Ozdgze"="\"C:\\Program Files\\?dobe\\nslookup.exe\""
    "PhotoShow Deluxe Media Manager"="C:\\PROGRA~1\\Ahead\\Ahead\\data\\Xtras\\mssysmgr.exe"
    "Yahoo! Pager"="\"D:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [2005-02-10 22:32]


    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
    Authentication Packages msv1_0\0\0
    Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
    Notification Packages scecli\0\0




    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
    LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService DnsCache\0\0
    rpcss RpcSs\0\0
    imgsvc StiSvc\0\0
    termsvcs TermService\0\0
    HTTPFilter HTTPFilter\0\0
    DcomLaunch DcomLaunch\0TermService\0\0

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost


    ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

    backup-20070514-160251-483
    O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
    backup-20070514-160251-607
    O4 - HKCU\..\Run: [Iinl] "C:\PROGRA~1\RACLE~1\mmc.exe" -vt ndrv
    backup-20070514-160251-730
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
    backup-20070514-160251-493
    O4 - HKLM\..\Run: [SManager] smanager.7.exe
    backup-20070514-160251-335
    O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\cuqwqcmh.dll",realset
    backup-20070514-160251-576
    O4 - HKLM\..\Run: [Secure] C:\WINDOWS\WindowsUpdates.exe

    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\B1E548EA977AFFFA.job
    C:\WINDOWS\tasks\Registration reminder 1.job
    C:\WINDOWS\tasks\Registration reminder 3.job
    C:\WINDOWS\tasks\RegistrySmart Scheduled Scan.job
    C:\WINDOWS\tasks\Symantec NetDetect.job
    C:\WINDOWS\tasks\Uniblue SpyEraser Nag.job
    C:\WINDOWS\tasks\Uniblue SpyEraser.job

    ********************************************************************

    catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-05-14 16:29:53
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    ********************************************************************

    Completion time: 2007-05-14 16:30:48 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-05-14 16:30

    ________________________________________________________________

    Here is Hijackthis log:

    Logfile of HijackThis v1.99.1
    Scan saved at 4:33:57 PM, on 5/14/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\System32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    G:\Program Files\Avast Anti-virus\aswUpdSv.exe
    G:\Program Files\Avast Anti-virus\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    G:\Program Files\Apache HTTP Server\bin\httpd.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\PROGRA~1\Iomega\System32\AppServices.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    G:\Program Files\Apache HTTP Server\bin\httpd.exe
    C:\Program Files\Network Associates\VirusScan\mcshield.exe
    C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    G:\PROGRA~1\AVASTA~1\ashDisp.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\messenger\msmsgs.exe
    G:\Program Files\Apache HTTP Server\bin\ApacheMonitor.exe
    C:\Program Files\NETGEAR\WG121 Configuration Utility\wlancfg8.exe
    C:\WINDOWS\explorer.exe
    G:\Program Files\Avast Anti-virus\ashMaiSv.exe
    G:\Program Files\Avast Anti-virus\ashWebSv.exe
    C:\WINDOWS\System32\imapi.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    G:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.dragonballz.com/"); (C:\Documents and Settings\Dustin\Application Data\Mozilla\Profiles\default\57ihib45.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\Dustin\Application Data\Mozilla\Profiles\default\57ihib45.slt\prefs.js)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [RegistrySmart] "C:\Program Files\RegistrySmart\RegistrySmart.exe" -boot
    O4 - HKLM\..\Run: [avast!] G:\PROGRA~1\AVASTA~1\ashDisp.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\messenger\msmsgs.exe" /background
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O4 - Global Startup: Monitor Apache Servers.lnk = G:\Program Files\Apache HTTP Server\bin\ApacheMonitor.exe
    O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
    O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
    O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
    O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
    O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Zan...ffce0e0ba0a8:7b1601be9f83b906d9b1a279c57bb948
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs:
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apache2 - Unknown owner - G:\Program Files\Apache HTTP Server\bin\httpd.exe" -k runservice (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - G:\Program Files\Avast Anti-virus\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - G:\Program Files\Avast Anti-virus\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - G:\Program Files\Avast Anti-virus\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - G:\Program Files\Avast Anti-virus\ashWebSv.exe" /service (file missing)
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
     
  9. skate4lifee

    skate4lifee Thread Starter

    Joined:
    May 14, 2007
    Messages:
    60
    i am preaty confident that the virus is gone but i need your word and thank you so much for all your help =D
     
  10. skate4lifee

    skate4lifee Thread Starter

    Joined:
    May 14, 2007
    Messages:
    60
    sorry to bump up my thread but could you confirm if my computer is now clean?
     
  11. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    69,445
    Sorry for the delay, I am not getting all of the replies to threads! :eek:

    Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.

      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.
    For Technical Support, double-click the e-mail address located at the bottom of each menu.




    Download and scan with SUPERAntiSpyware Free for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply with a new hijackthis log.
    • Click Close to exit the program.
     
  12. skate4lifee

    skate4lifee Thread Starter

    Joined:
    May 14, 2007
    Messages:
    60
    I also discovered a new dial up connection that i have never seen and the name was really weird i was wondering if you could help me fix that too. Here is picture
     

    Attached Files:

  13. skate4lifee

    skate4lifee Thread Starter

    Joined:
    May 14, 2007
    Messages:
    60
    the scan takes a long time =/
     
  14. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    69,445
    Yes the scan can take a while and I suggest you quit using the machine as it will keep scanning your temporary files if you don't.

    I can't say where it cam from but I would just delete/remove it.
     
  15. skate4lifee

    skate4lifee Thread Starter

    Joined:
    May 14, 2007
    Messages:
    60
    so your saying even if i shutdown my computer it will continue to scan?

    yea i was trying to find the source of the dial up connection and the SUPERAntiSpyware found a program "Dialer.Dial/Gen Variant" so i think thats what the program is. so once the scan is complete and i remove all the viruses that the scan mentioned i will make sure to check if it is still there and if it is ill just delete myself
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/573190