1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Serious Hidden Virus Infection

Discussion in 'Virus & Other Malware Removal' started by ronbeal, Feb 8, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. ronbeal

    ronbeal Thread Starter

    Joined:
    Feb 7, 2007
    Messages:
    14
    Dear Techguy,
    Please can you help. My PC is infected with a hidden Virus program that is slowing my broadband connection speed and also appears to be seizing control of my computer.
    A few days ago I used SpyBot to quarantine the Zlob Video Active X Object virus, along with Microsoft Security Centre AntiVirus Override. News Update. Pest Trap. Spyware Bot and Wild Tangent.. I also removed a program named' Antivermins' from the Add and Remove in Control Panel. I am left with a flashing ? in the taskbar and every so often I am being warned that my PC is infected with spyware and I should download anti spyware removal tools, then the page is redirected to a Web page called AntiVermins. I have exhausted many forums trying to see if others have had similar problems, but really without too much success. Will appreciate any help you can offer before desperation finally resorts to a reformat.
    kind regards
    Ron.
    I have listed my HJL.:

    Logfile of HijackThis v1.99.1
    Scan saved at 03:05:58, on 09/02/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\devldr32.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\Explorer.EXE
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    D:\WINDOWS\system32\CTsvcCDA.EXE
    D:\WINDOWS\system32\nvsvc32.exe
    D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    D:\Program Files\A4Tech\Mouse\Amoumain.exe
    D:\WINDOWS\system32\RUNDLL32.EXE
    D:\WINDOWS\system32\DRIVERS\WtSrv.exe
    D:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    D:\WINDOWS\system32\WService.EXE
    D:\WINDOWS\system32\rundll32.exe
    D:\WINDOWS\system32\MsPMSPSv.exe
    D:\Program Files\101Clips\101clips.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    D:\WINDOWS\system32\wuauclt.exe
    D:\Program Files\Internet Explorer\iexplore.exe
    D:\Documents and Settings\Ron Beal\Desktop\My Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.blueyonder.co.uk/search/search.jsp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by blueyonder
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: DeskalertsBHO - {65E03378-E22E-4f50-BE9D-588A889B24C9} - D:\Program Files\DeskAlerts\deskbar.dll
    O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" D:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [AVG7_CC] "D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
    O4 - HKLM\..\Run: [WheelMouse] "D:\Program Files\A4Tech\Mouse\Amoumain.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SpySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKLM\..\Run: [WService] WService.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: 101clips.lnk = D:\Program Files\101Clips\101clips.exe
    O4 - Global Startup: e-phone.lnk = ?
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165439466093
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170889365671
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586-jc.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: WRNotifier - D:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
    O21 - SSODL: exemplars - {2acf3add-34a1-4f2f-99cf-cc69785d1e90} - D:\WINDOWS\system32\cwgppb.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    O23 - Service: WinTab Service (WinTabService) - Unknown owner - D:\WINDOWS\system32\DRIVERS\WtSrv.exe
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

    Please download SmitfraudFix (by S!Ri)
    Extract the content (a folder named SmitfraudFix) to your Desktop.

    Next, please reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear;
    • Select the first option, to run Windows in Safe Mode, then press "Enter".
    • Choose your usual account.
    Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
    Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

    You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

    The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

    A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new hijack log.

    The report can also be found at the root of the system drive, usually at C:\rapport.txt

    Warning: running option #2 on a non infected computer will remove your Desktop background.
    =============================

    Download Superantispyware

    http://www.superantispyware.com/superantispywarefreevspro.html

    Install it and double-click the icon on your desktop to run it.
    · It will ask if you want to update the program definitions, click Yes.
    · Under Configuration and Preferences, click the Preferences button.
    · Click the Scanning Control tab.
    · Under Scanner Options make sure the following are checked:
    o Close browsers before scanning
    o Scan for tracking cookies
    o Terminate memory threats before quarantining.
    o Please leave the others unchecked.
    o Click the Close button to leave the control center screen.
    · On the main screen, under Scan for Harmful Software click Scan your computer.
    · On the left check C:\Fixed Drive.
    · On the right, under Complete Scan, choose Perform Complete Scan.
    · Click Next to start the scan. Please be patient while it scans your computer.
    · After the scan is complete a summary box will appear. Click OK.
    · Make sure everything in the white box has a check next to it, then click Next.
    · It will quarantine what it found and if it asks if you want to reboot, click Yes.
    · To retrieve the removal information for me please do the following:
    o After reboot, double-click the SUPERAntispyware icon on your desktop.
    o Click Preferences. Click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o It will open in your default text editor (such as Notepad/Wordpad).
    o Please highlight everything in the notepad, then right-click and choose copy.
    · Click close and close again to exit the program.
    · Please paste that information here for me with a new HijackThis log.
     
  3. ronbeal

    ronbeal Thread Starter

    Joined:
    Feb 7, 2007
    Messages:
    14
    Dear MFDnSC,
    thank you very much for your kind help. I have followed your instructions to the letter, and it would appear the virus has been removed, except that my computer is still running really slow especially compared to the speed it would normally go, and bearing in mind I have a very fast setup: double core 3.06 GHz processor, 1GB Ram Nvidia graphics card, My operating system is Windows XP validated original.,and even using 10MG blueyonder broadband. I thought when all traces of the virus was eliminated, the computer would revert to full speed again, but not so. I don't know whether you can perhaps throw any light on this problem. your help is appreciated. I have enclosed copies of the three logs as suggested.
    kind regards
    Ron Beal


    Logfile of HijackThis v1.99.1
    Scan saved at 17:02:59, on 09/02/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    D:\WINDOWS\system32\CTsvcCDA.EXE
    D:\WINDOWS\system32\nvsvc32.exe
    D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    D:\WINDOWS\system32\DRIVERS\WtSrv.exe
    D:\WINDOWS\system32\MsPMSPSv.exe
    D:\WINDOWS\system32\devldr32.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\ctfmon.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    D:\Program Files\A4Tech\Mouse\Amoumain.exe
    D:\WINDOWS\system32\RUNDLL32.EXE
    D:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    D:\WINDOWS\system32\rundll32.exe
    D:\WINDOWS\system32\WService.EXE
    D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\101Clips\101clips.exe
    D:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    D:\WINDOWS\system32\wuauclt.exe
    D:\WINDOWS\system32\wuauclt.exe
    D:\Documents and Settings\Ron Beal\Desktop\My Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.blueyonder.co.uk/search/search.jsp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by blueyonder
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DeskalertsBHO - {65E03378-E22E-4f50-BE9D-588A889B24C9} - D:\Program Files\DeskAlerts\deskbar.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" D:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [AVG7_CC] "D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
    O4 - HKLM\..\Run: [WheelMouse] "D:\Program Files\A4Tech\Mouse\Amoumain.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SpySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKLM\..\Run: [WService] WService.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] "D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
    O4 - Global Startup: 101clips.lnk = D:\Program Files\101Clips\101clips.exe
    O4 - Global Startup: e-phone.lnk = ?
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165439466093
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170889365671
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586-jc.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: WRNotifier - D:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    O23 - Service: WinTab Service (WinTabService) - Unknown owner - D:\WINDOWS\system32\DRIVERS\WtSrv.exe


    SmitFraudFix v2.141

    Scan done at 15:38:59.09, 09/02/2007
    Run from D:\Documents and Settings\Ron Beal\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{2acf3add-34a1-4f2f-99cf-cc69785d1e90}"="exemplars"

    [HKEY_CLASSES_ROOT\CLSID\{2acf3add-34a1-4f2f-99cf-cc69785d1e90}\InProcServer32]
    @="D:\WINDOWS\system32\cwgppb.dll"

    [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2acf3add-34a1-4f2f-99cf-cc69785d1e90}\InProcServer32]
    @="D:\WINDOWS\system32\cwgppb.dll"


    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    D:\WINDOWS\system32\cwgppb.dll -> Hoax.Win32.Renos.gen.i
    D:\WINDOWS\system32\cwgppb.dll -> Deleted


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    D:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
    D:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
    D:\DOCUME~1\RONBEA~1\FAVORI~1\Online Security Test.url Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End



    SUPERAntiSpyware Scan Log
    Generated 02/09/2007 at 04:47 PM

    Application Version : 3.5.1016

    Core Rules Database Version : 3181
    Trace Rules Database Version: 1191

    Scan type : Complete Scan
    Total Scan Time : 00:50:28

    Memory items scanned : 382
    Memory threats detected : 0
    Registry items scanned : 6346
    Registry threats detected : 0
    File items scanned : 59476
    File threats detected : 28

    Adware.Tracking Cookie
    D:\Documents and Settings\Ron Beal\Cookies\[email protected][2].txt
    D:\Documents and Settings\Ron Beal\Cookies\[email protected][3].txt
    D:\Documents and Settings\Ron Beal\Cookies\[email protected][3].txt
    D:\Documents and Settings\Ron Beal\Cookies\[email protected][2].txt
    D:\Documents and Settings\Ron Beal\Cookies\[email protected][2].txt
    D:\Documents and Settings\Ron Beal\Cookies\[email protected][2].txt
    C:\Documents and Settings\Ron Beal\Cookies\ron beal[email protected][1].txt
    C:\Documents and Settings\Ron Beal\Cookies\ron [email protected][1].txt
    C:\Documents and Settings\Ron Beal\Cookies\ron [email protected][2].txt
    C:\Documents and Settings\Ron Beal\Cookies\ron [email protected][1].txt
    C:\Documents and Settings\Ron Beal\Cookies\ron [email protected][1].txt
    C:\Documents and Settings\Ron Beal\Cookies\ron [email protected][2].txt
    C:\Documents and Settings\Ron Beal\Cookies\ron [email protected][1].txt
    C:\Documents and Settings\Ron Beal\Cookies\ron [email protected][1].txt
    C:\Documents and Settings\Ron Beal\Local Settings\Temp\Cookies\ron [email protected][2].txt
    D:\Documents and Settings\Ron Beal\Cookies\[email protected][1].txt
    D:\Documents and Settings\Ron Beal\Cookies\[email protected][1].txt
    D:\Documents and Settings\Ron Beal\Cookies\[email protected][2].txt
    D:\Documents and Settings\Ron Beal\Cookies\[email protected][1].txt
    D:\Documents and Settings\Ron Beal\Cookies\[email protected][1].txt
    D:\Documents and Settings\Ron Beal\Cookies\[email protected][1].txt

    Adware.Casino Games (Golden Palace Casino)
    D:\PROGRAM FILES\ZONE.COM DELUXE GAMES\HARD ROCK CASINO DELUXE\CASINO.EXE
    C:\DOCUMENTS AND SETTINGS\RON BEAL\DESKTOP\GAMES\HARD ROCK CASINO DELUXE.LNK
    C:\PROGRAM FILES\ZONE.COM DELUXE GAMES\HARD ROCK CASINO DELUXE\CASINO.EXE
    D:\DOCUMENTS AND SETTINGS\RON BEAL\DESKTOP\PROGRAMS 1\GAMES\HARD ROCK CASINO DELUXE.LNK

    Adware.180solutions/Seekmo
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP32\A0004866.DLL

    Malware.SpywareBot
    D:\DOCUMENTS AND SETTINGS\RON BEAL\DESKTOP\MY DOWNLOADS\SPYWAREBOT.EXE

    Trojan Downloader-SystemAlert.Process
    D:\SYSTEM VOLUME INFORMATION\_RESTORE{0111E087-EF1C-4B01-96EE-B82E0D0BBC3B}\RP107\A0019950.DLL
     
  4. ronbeal

    ronbeal Thread Starter

    Joined:
    Feb 7, 2007
    Messages:
    14
    I've been thinking that perhaps I should have mentioned that I have two operating systems which I have had for quite some time now and until this virus situation a few days ago all has been well with both systems. I have partitioned my hard drive and have XP pro on the C drive which is a student free copy which is used soley by my son for his studies. and XP home on the D drive which is used soley by me. I make quite certain nothing is saved into the C drive when I'm using the D drive and vise-versa just so there could be no conflicts. between the two operating systems. XP pro on the C drives still goes like lightening. also we have a laptop connected by netgear wireless router which doesn't appear to be compromised either.
     
  5. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    IE - Block Third party cookies
    1. Click on the Tools button on the Internet Explorer tool bar.
    2. Highlight and click on Internet options at the bottom of the Tools menu.
    3. Select the Privacy Tab of the Internet Options menu.
    4. Select the Advanced... button at the bottom of the screen.
    5. Select override automatic cookie handling button.
    6. To block third party cookies select block under "Third-party cookies".
    7. Select "always allow session cookies".
    8. Click on the OK button at the bottom of the screen.
    ====================
    DownLoad EasyCleaner http://www.majorgeeks.com/download414.html

    Use the clear files and Unnecessary files buttons – I do not recommend
    using the Duplicates files button
    as many dupes are there on purpose.

    Not all files will delete – that is normal.

    In the unnecessary button I check the top 4 entries
    ===========================
    Go ahead and remove SuperAntiSpy since you have SpySweeper

    =================
    Clean [​IMG]
    If you feel its is fixed mark it solved via Thread Tools above

    Turn off restore points, boot, turn them back on – here’s how

    http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam
     
  6. ronbeal

    ronbeal Thread Starter

    Joined:
    Feb 7, 2007
    Messages:
    14
    The helpful advice provided by 'MFDnSC' in eliminating the infections has been so very much appreciated. 'Thank you so very much. The last piece of advice has positively helped my PC run considerable faster but still nowhere near what it was. To give you an idea,: I click on the Google Web page and it is still taking around 20 seconds before it opens. once open some sites will connect faster than others. but realising I have a 10Mg connection. then something is still amiss somewhere, and it has only slowed since my PC became infected.
    regards
    ronbeal
     
  7. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    I missed one

    You may want to print this or save it to notepad as we will go to safe mode.

    Fix these with HiJackThis – mark them, close IE, click fix checked

    O4 - HKLM\..\Run: [WService] WService.EXE

    DownLoad http://www.downloads.subratam.org/KillBox.zip or
    http://www.thespykiller.co.uk/files/killbox.exe

    Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

    D:\WINDOWS\system32\WService.EXE

    Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

    START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

    Not all temp files will delete and that is normal
    Empty the recycle bin
    Boot

    Run ActiveScan online virus scan

    http://www.pandasoftware.com/products/activescan.htm

    When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

    Post a new HiJackThis log along with the results from ActiveScan


    Please give feedback on what worked/didn’t work and the current status of your system
     
  8. ronbeal

    ronbeal Thread Starter

    Joined:
    Feb 7, 2007
    Messages:
    14
    hello again, I 'm a little unsure on these latest instructions, in that first you suggested I should fix 'THESE' with Hyjack this.I assume you meant just to fix the one line :O4 - HKLM\..\Run: [WService] WService.EXE...then you went on to say that in safe mode opening the program Killbox I am to delete: D:\WINDOWS\system32\WService.EXE after pasting it into the "full path of file to delete" box but then you say I should continue with the same procedure until I have copied and pasted all of these. I don't understand what is meant by this, I only see the one file to delete, which is :D:\WINDOWS\system32\WService.EXE.....I then went on to press 'START – RUN – type in %temp% - OK - Edit – Select all – File – Delete still in safe mode. I restarted the Pc then tried to get back to you to verify the instructions, and found that what I had done so far was making it even more difficult to access the net. Up to this point I've not yet run the ative scan.
    regards
    ronbeal
     
  9. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Yes the script is set for multiple entries and you only had one - sorry

    Keep going
     
  10. ronbeal

    ronbeal Thread Starter

    Joined:
    Feb 7, 2007
    Messages:
    14
    Hi it's me again. I have completed the Panda online scan which incidentlally, took nearly two hours to complete. I am totally amazed at the fast number of infected files it found in the C Drive, these would appear to be system files which has been identified as viruses, so I'm unsure about them. My Pc is running just as slow as before with little or no improvement on brousing speed. The Hyjack log and Panda log is as follows.
    regards
    ronbeal

    Logfile of HijackThis v1.99.1
    Scan saved at 02:25:30, on 12/02/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    D:\WINDOWS\system32\CTsvcCDA.EXE
    D:\WINDOWS\system32\nvsvc32.exe
    D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    D:\WINDOWS\system32\MsPMSPSv.exe
    D:\WINDOWS\system32\devldr32.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\ctfmon.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    D:\Program Files\A4Tech\Mouse\Amoumain.exe
    D:\WINDOWS\system32\RUNDLL32.EXE
    D:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    D:\WINDOWS\system32\rundll32.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\101Clips\101clips.exe
    D:\WINDOWS\system32\wscntfy.exe
    D:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    D:\Documents and Settings\Ron Beal\Desktop\Programs 1\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.blueyonder.co.uk/search/search.jsp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by blueyonder
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DeskalertsBHO - {65E03378-E22E-4f50-BE9D-588A889B24C9} - D:\Program Files\DeskAlerts\deskbar.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" D:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [AVG7_CC] "D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
    O4 - HKLM\..\Run: [WheelMouse] "D:\Program Files\A4Tech\Mouse\Amoumain.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SpySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] "D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
    O4 - Global Startup: 101clips.lnk = D:\Program Files\101Clips\101clips.exe
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165439466093
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170889365671
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586-jc.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: WRNotifier - D:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
     
  11. ronbeal

    ronbeal Thread Starter

    Joined:
    Feb 7, 2007
    Messages:
    14
    Panda log much too long for post, so I have had to post it in two parts.

    Incident Status Location

    Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Ron Beal\Cookies\ron [email protected][2].txt
    Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Ron Beal\Cookies\ron [email protected][1].txt
    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Ron Beal\Local Settings\Temp\Cookies\ron [email protected][1].txt
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP2\A0000058.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP2\A0000061.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP2\A0000073.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP2\A0000089.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP2\A0000093.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP2\A0000094.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP2\A0000099.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP2\A0000100.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP2\A0000108.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP2\A0000109.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP2\A0000113.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP2\A0000114.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP2\A0000116.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP2\A0000134.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP2\A0000136.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP2\A0000140.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP2\A0000166.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP2\A0000172.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP2\A0000180.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP2\A0000184.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP2\A0000187.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP2\A0000190.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP2\A0000191.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP2\A0000192.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP2\A0000193.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP2\A0000194.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP2\A0000195.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP2\A0000196.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP2\A0000197.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP2\A0000198.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP2\A0000199.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP2\A0000200.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP2\A0000201.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP2\A0000202.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP2\A0000203.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP2\A0000204.EXE
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP2\A0000205.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP2\A0000206.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000208.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000209.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000210.EXE
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000211.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000212.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000213.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000214.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000215.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000216.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000217.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000218.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000219.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000220.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000221.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000222.exe
     
  12. ronbeal

    ronbeal Thread Starter

    Joined:
    Feb 7, 2007
    Messages:
    14
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000224.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000225.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000226.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000227.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000228.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000229.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000230.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000231.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000232.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000233.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000234.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000235.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000236.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000242.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000244.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000245.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000246.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000247.EXE
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000248.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000254.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000282.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000293.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000307.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000309.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000310.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000311.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000312.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000313.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000314.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000315.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000316.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000318.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000326.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000327.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000328.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000329.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000330.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000331.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000332.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000333.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000351.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000355.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000358.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000359.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000360.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000361.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000362.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000363.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000364.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000365.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000366.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000367.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000439.exe
    Virus:W32/Virutas.B Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP3\A0000446.exe
    Adware:Adware/PurityScan Not disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP31\A0004836.exe[YazzleBundle-1461.exe]
    Adware:Adware/PurityScan Not disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP31\A0004836.exe[YazzleBundle-1461.exe][¦++\Yazzle1461OinAdmin.exe]
    Adware:Adware/PurityScan Not disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP31\A0004837.exe[YazzleBundle-1461.exe]
    Adware:Adware/PurityScan Not disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP31\A0004837.exe[YazzleBundle-1461.exe][¦++\Yazzle1461OinAdmin.exe]
    Adware:Adware/PurityScan Not disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP31\A0004838.exe[YazzleBundle-1461.exe]
    Adware:Adware/PurityScan Not disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP31\A0004838.exe[YazzleBundle-1461.exe][¦++\Yazzle1461OinAdmin.exe]
    Virus:Trj/Lineage.BSJ Disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP31\A0004859.exe
    Adware:Adware/Zango Not disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP32\A0004865.exe
    Adware:Adware/Seekmo Not disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP32\A0004867.exe
    Adware:Adware/Zango Not disinfected C:\System Volume Information\_restore{6A70C330-E551-4DE7-9057-858E79AD50E3}\RP32\A0004871.dll
    Spyware:Cookie/YieldManager Not disinfected D:\Documents and Settings\Ron Beal\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-09-2007 - 16-55-17\{D92FB38F-A6CE-491A-A8F7-44E08EAA3DA3}
    Potentially unwanted tool:Application/Processor Not disinfected D:\Documents and Settings\Ron Beal\Desktop\Programs 1\Protection Software\SmitfraudFix\Process.exe
    Potentially unwanted tool:Application/Processor Not disinfected D:\WINDOWS\system32\Process.exe
     
  13. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Fix this

    O2 - BHO: DeskalertsBHO - {65E03378-E22E-4f50-BE9D-588A889B24C9} - D:\Program Files\DeskAlerts\deskbar.dll

    delete this folder

    D:\Program Files\DeskAlerts
    =================
    Turn off restore points, boot, turn them back on – here’s how

    http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam
    ====================
    DownLoad EasyCleaner http://www.majorgeeks.com/download414.html

    Use the clear files and Unnecessary files buttons – I do not recommend
    using the Duplicates files button
    as many dupes are there on purpose.

    Not all files will delete – that is normal.

    In the unnecessary button I check the top 4 entries
     
  14. ronbeal

    ronbeal Thread Starter

    Joined:
    Feb 7, 2007
    Messages:
    14
    I am grateful for your help. You have exercised such patience trying to fix my PC. Indeed you are most kind. Unfortunately no matter what I try at the moment nothing seems to be improving the speed. If you can of course think of anything else that may have been missed which could be causing this rediculous problem, I will of be very grateful to follow further instructions. I realise by now you are probably completely fed up with me and likely be glad to see the back of me. Regrettably I am somewhat reluctant to resort to a re-format of the system, mainly because there's so much important data and programs that I didn't keep copies of, and would now very likely get over-looked trying to back up the system before a re-format.
    kind regards
    ronbeal
     
  15. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Run panda again and post its log and a new hijack log - make sure you did the restore point thing before running panda as most of what it found was in restore points
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Solved Serious Hidden
  1. buttkiss
    Replies:
    12
    Views:
    1,573
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/542495

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice