1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Virus and more

Discussion in 'Virus & Other Malware Removal' started by vr6man22, Nov 6, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. vr6man22

    vr6man22 Thread Starter

    Joined:
    Nov 28, 2005
    Messages:
    74
    friends pc with xp on it
    i have been trying to fix it for over 8 hours
    anyone it wont let me download anything or install anything.
    tried to download ad aware and it wont let me.
    here is the hjt log.

    Logfile of HijackThis v1.99.1
    Scan saved at 5:33:26 PM, on 11/6/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Grisoft\AVG7\avgwb.dat
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Jaime-Lee.HOME-L9S443XBO7\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
     
  2. vr6man22

    vr6man22 Thread Starter

    Joined:
    Nov 28, 2005
    Messages:
    74
    avg virus scan says no threats.
    will do a spybot scan again.
     
  3. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,272
    First Name:
    Derek
    Download Combofix to your desktop:

    * Double-click combofix.exe & follow the prompts.
    * When finished, it shall produce a log for you. Post that log in your next reply.


    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
     
  4. vr6man22

    vr6man22 Thread Starter

    Joined:
    Nov 28, 2005
    Messages:
    74
    Fake.Wget: Settings (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-1645522239-1647877149-682003330-1004\Software\Wget


    --- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
     
  5. vr6man22

    vr6man22 Thread Starter

    Joined:
    Nov 28, 2005
    Messages:
    74
    ComboFix 07-11-05.2 - Jaime-Lee 2007-11-06 18:37:47.2 - NTFSx86
    Running from: C:\Documents and Settings\Jaime-Lee.HOME-L9S443XBO7\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((( Files Created from 2007-10-06 to 2007-11-06 )))))))))))))))))))))))))))))))
    .

    2007-11-06 17:16 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
    2007-11-06 16:51 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\AVG7
    2007-11-06 16:51 <DIR> d-------- C:\Documents and Settings\Jaime-Lee.HOME-L9S443XBO7\Application Data\AVG7
    2007-11-06 16:51 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
    2007-11-06 16:31 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avg7
    2007-11-06 13:11 <DIR> d-------- C:\WINDOWS\ERUNT
    2007-11-06 07:05 <DIR> d-------- C:\s
    2007-11-06 07:04 <DIR> d-------- C:\sd
    2007-11-06 07:00 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-11-06 06:57 1,156 --a------ C:\WINDOWS\mozver.dat
    2007-11-05 23:24 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-11-05 22:49 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2007-11-05 22:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-11-05 22:49 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2007-11-05 22:49 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-11-05 22:49 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2007-11-05 22:41 1,102 --a------ C:\WINDOWS\system32\tmp.reg
    2007-11-05 19:51 <DIR> d-------- C:\Program Files\SpywareBlaster
    2007-11-05 19:50 66,048 --a------ C:\WINDOWS\ieResetIcons.exe
    2007-11-05 19:26 1,290,272 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2007-11-05 19:20 0 --a------ C:\WINDOWS\nsreg.dat
    2007-11-05 18:20 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\MailFrontier
    2007-11-05 18:20 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
    2007-11-05 18:19 75,248 --a------ C:\WINDOWS\zllsputility.exe
    2007-11-05 18:19 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
    2007-11-05 18:17 <DIR> d-------- C:\WINDOWS\Internet Logs
    2007-10-30 15:10 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
    2007-10-30 15:10 207,736 --a------ C:\WINDOWS\system32\muweb.dll
    2007-10-29 19:13 <DIR> d-------- C:\Program Files\Windows Live
    2007-10-29 19:13 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
    2007-10-29 18:01 <DIR> d-------- C:\Program Files\Full Tilt Poker.Net
    2007-10-09 19:59 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2007-10-09 19:47 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
    2007-10-09 19:47 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
    2007-10-09 19:47 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2007-10-09 19:46 6,058,496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
    2007-10-09 19:46 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
    2007-10-09 19:46 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2007-10-09 19:46 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
    2007-10-09 19:46 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-06 22:16 --------- d-----w C:\Program Files\Lavasoft
    2007-11-06 21:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-11-06 21:54 --------- d-----w C:\Program Files\Digital Line Detect
    2007-11-06 19:07 15,836 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
    2007-11-06 19:03 --------- d-----w C:\Documents and Settings\Jaime-Lee.HOME-L9S443XBO7\Application Data\Lavasoft
    2007-10-09 23:41 --------- d-----w C:\Program Files\Common Files\Kaspersky Lab
    2007-09-13 22:57 --------- d-----w C:\Program Files\MSN Messenger
    2007-09-06 21:14 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
    2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-08-13 23:54 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
    2007-08-13 23:54 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
    2007-08-13 23:45 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
    2007-08-13 23:44 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
    2007-08-13 23:39 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
    2007-08-13 23:39 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
    2007-08-13 23:36 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
    2007-08-13 23:32 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
    2007-08-13 23:01 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
    2001-11-21 13:10 18,330,960 ----a-w C:\Program Files\Oxpsp1.exe
    2001-11-21 01:47 3,322,880 ----a-w C:\Program Files\OWC10SP1_Admin.msp
    2001-11-21 01:41 37,780,480 ----a-w C:\Program Files\MAINSP1_Admin.msp
    .

    ((((((((((((((((((((((((((((( [email protected]_23.29.58.70 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-11-03 23:46:48 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
    + 2007-11-06 18:11:58 3,026,944 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
    + 2007-11-06 18:11:58 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
    + 2007-11-03 23:46:48 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
    + 2007-11-06 18:11:48 3,026,944 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
    + 2007-11-06 18:11:48 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
    + 2007-11-06 19:03:30 1,038,336 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe
    + 2007-11-06 19:03:30 178,688 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe
    + 2007-11-06 19:03:30 171,008 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B.exe
    + 2007-11-06 19:03:30 8,704 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B1.exe
    - 2007-11-05 18:52:57 4,224 ----a-w C:\WINDOWS\system32\drivers\avg7rsw.sys
    + 2007-11-06 21:51:29 4,224 ----a-w C:\WINDOWS\system32\drivers\avg7rsw.sys
    - 2007-11-05 18:52:57 27,776 ----a-w C:\WINDOWS\system32\drivers\avg7rsxp.sys
    + 2007-11-06 21:51:29 27,776 ----a-w C:\WINDOWS\system32\drivers\avg7rsxp.sys
    - 2007-11-05 18:52:57 3,968 ----a-w C:\WINDOWS\system32\drivers\avgclean.sys
    + 2007-11-06 21:51:29 3,968 ----a-w C:\WINDOWS\system32\drivers\avgclean.sys
    - 2007-11-05 18:52:57 19,904 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
    + 2007-11-06 21:51:29 19,904 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
    + 2007-07-11 19:37:26 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
    + 2007-08-07 18:58:08 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
    + 2007-08-07 18:56:58 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
    + 2007-04-13 20:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe
    + 2007-06-11 18:34:00 2,115,816 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    + 2007-06-11 18:34:00 190,696 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-27 19:14]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 13:16]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-06 16:51]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runservices]
    "Windows NetStart Service2"=winsN2SD.exe

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Windows NetStart Service2"=winsN2SD.exe
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    @=

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\filit]
    C:\luxor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    nwiz.exe /install

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Service]
    real.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
    C:\WINDOWS\Updreg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows NetStart Service2]
    winsN2SD.exe

    R1 cdrbsvsd;cdrbsvsd;C:\WINDOWS\system32\drivers\cdrbsvsd.sys

    *Newly Created Service* - AVG7ALRT
    *Newly Created Service* - AVG7CORE
    *Newly Created Service* - AVG7UPDSVC
    *Newly Created Service* - AVGCLEAN
    .
    Contents of the 'Scheduled Tasks' folder
    "2007-09-20 18:15:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2007-11-06 23:45:48 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-06 18:51:16
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-06 18:54:02
    C:\ComboFix2.txt ... 2007-11-05 23:31
    .
    --- E O F ---
     
  6. vr6man22

    vr6man22 Thread Starter

    Joined:
    Nov 28, 2005
    Messages:
    74
    doing a anti-spyware scan now
     
  7. vr6man22

    vr6man22 Thread Starter

    Joined:
    Nov 28, 2005
    Messages:
    74
    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 10:17:18 PM 11/6/2007

    + Scan result:



    C:\System Volume Information\_restore{94705AD6-909F-467B-9F9F-54ACD491790C}\RP156\A0026542.dll -> Adware.Neon : Cleaned.
    C:\System Volume Information\_restore{94705AD6-909F-467B-9F9F-54ACD491790C}\RP157\A0032662.dll -> Adware.Neon : Cleaned.
    C:\System Volume Information\_restore{94705AD6-909F-467B-9F9F-54ACD491790C}\RP158\A0039801.dll -> Adware.Neon : Cleaned.
    C:\System Volume Information\_restore{94705AD6-909F-467B-9F9F-54ACD491790C}\RP158\A0049657.dll -> Adware.Neon : Cleaned.
    C:\System Volume Information\_restore{94705AD6-909F-467B-9F9F-54ACD491790C}\RP158\A0050325.dll -> Adware.Neon : Cleaned.
    C:\System Volume Information\_restore{94705AD6-909F-467B-9F9F-54ACD491790C}\RP156\A0026335.exe -> Adware.NewDotNet : Cleaned.
    C:\System Volume Information\_restore{94705AD6-909F-467B-9F9F-54ACD491790C}\RP156\A0030986.exe -> Adware.NewDotNet : Cleaned.
    C:\System Volume Information\_restore{94705AD6-909F-467B-9F9F-54ACD491790C}\RP156\A0030987.exe -> Adware.NewDotNet : Cleaned.
    C:\System Volume Information\_restore{94705AD6-909F-467B-9F9F-54ACD491790C}\RP157\A0036054.exe -> Adware.NewDotNet : Cleaned.
    C:\System Volume Information\_restore{94705AD6-909F-467B-9F9F-54ACD491790C}\RP158\A0039805.exe -> Adware.NewDotNet : Cleaned.
    C:\System Volume Information\_restore{94705AD6-909F-467B-9F9F-54ACD491790C}\RP158\A0039806.exe -> Adware.NewDotNet : Cleaned.
    C:\System Volume Information\_restore{94705AD6-909F-467B-9F9F-54ACD491790C}\RP158\A0049978.exe -> Adware.NewDotNet : Cleaned.
    C:\System Volume Information\_restore{E8C79624-4C25-4F55-8E62-D41CA6E09BB6}\RP1030\A0593975.exe -> Adware.NewDotNet : Cleaned.
    C:\System Volume Information\_restore{E8C79624-4C25-4F55-8E62-D41CA6E09BB6}\RP1030\A0593976.exe -> Adware.NewDotNet : Cleaned.
    C:\System Volume Information\_restore{E8C79624-4C25-4F55-8E62-D41CA6E09BB6}\RP1032\A0606403.exe -> Adware.P2PNet : Cleaned.
    C:\System Volume Information\_restore{E8C79624-4C25-4F55-8E62-D41CA6E09BB6}\RP1032\A0608776.exe -> Adware.P2PNet : Cleaned.
    C:\System Volume Information\_restore{E8C79624-4C25-4F55-8E62-D41CA6E09BB6}\RP1090\A0639489.exe -> Adware.P2PNet : Cleaned.
    C:\System Volume Information\_restore{E8C79624-4C25-4F55-8E62-D41CA6E09BB6}\RP1090\A0639490.exe -> Adware.P2PNet : Cleaned.
    C:\SDFix\backups\backups.zip/backups/TFTP4004 -> Backdoor.Rbot.akv : Cleaned.
    :mozilla.68:C:\Documents and Settings\Jaime-Lee.HOME-L9S443XBO7\Application Data\Mozilla\Firefox\Profiles\oybcmefu.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
    C:\Documents and Settings\Jaime-Lee.HOME-L9S443XBO7\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.8:C:\Documents and Settings\Jaime-Lee.HOME-L9S443XBO7\Application Data\Mozilla\Firefox\Profiles\oybcmefu.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
    :mozilla.46:C:\Documents and Settings\Jaime-Lee.HOME-L9S443XBO7\Application Data\Mozilla\Firefox\Profiles\oybcmefu.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
    :mozilla.47:C:\Documents and Settings\Jaime-Lee.HOME-L9S443XBO7\Application Data\Mozilla\Firefox\Profiles\oybcmefu.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
    :mozilla.51:C:\Documents and Settings\Jaime-Lee.HOME-L9S443XBO7\Application Data\Mozilla\Firefox\Profiles\oybcmefu.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
    :mozilla.52:C:\Documents and Settings\Jaime-Lee.HOME-L9S443XBO7\Application Data\Mozilla\Firefox\Profiles\oybcmefu.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
    :mozilla.60:C:\Documents and Settings\Jaime-Lee.HOME-L9S443XBO7\Application Data\Mozilla\Firefox\Profiles\oybcmefu.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.61:C:\Documents and Settings\Jaime-Lee.HOME-L9S443XBO7\Application Data\Mozilla\Firefox\Profiles\oybcmefu.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.62:C:\Documents and Settings\Jaime-Lee.HOME-L9S443XBO7\Application Data\Mozilla\Firefox\Profiles\oybcmefu.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.63:C:\Documents and Settings\Jaime-Lee.HOME-L9S443XBO7\Application Data\Mozilla\Firefox\Profiles\oybcmefu.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.64:C:\Documents and Settings\Jaime-Lee.HOME-L9S443XBO7\Application Data\Mozilla\Firefox\Profiles\oybcmefu.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.65:C:\Documents and Settings\Jaime-Lee.HOME-L9S443XBO7\Application Data\Mozilla\Firefox\Profiles\oybcmefu.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.79:C:\Documents and Settings\Jaime-Lee.HOME-L9S443XBO7\Application Data\Mozilla\Firefox\Profiles\oybcmefu.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.30:C:\Documents and Settings\Jaime-Lee.HOME-L9S443XBO7\Application Data\Mozilla\Firefox\Profiles\oybcmefu.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.


    ::Report end
     
  8. vr6man22

    vr6man22 Thread Starter

    Joined:
    Nov 28, 2005
    Messages:
    74
  9. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,272
    First Name:
    Derek
    you seem to have run sdfix

    what did that show

    What did Kaspersky online scan show that you have also run

    download gmer rootkit detector from http://gmer.net

    unzip it & double click the gmer.exe file

    select rootkit tab & press scan

    when it has finished press copy & post back the log it makes
     
  10. vr6man22

    vr6man22 Thread Starter

    Joined:
    Nov 28, 2005
    Messages:
    74
    i cant get Some down loads to work
    so kaspersky, I click on it and nothing happens. it may be on the system from 2years ago

    ad aware it installs then says error.
    I did avg scan No threats.
    i did sdfix but dont remember what it said

    gmer log http://www.mediafire.com/?22omgsmgjmv
     
  11. vr6man22

    vr6man22 Thread Starter

    Joined:
    Nov 28, 2005
    Messages:
    74
    up we go
     
  12. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,272
    First Name:
    Derek
    Thatb is OK

    Please download ATF Cleaner by Atribune
    This program is designed for XP and Windows 2000 only ( it should now run on 98/ME & Vista)

    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
    Then:
    If you use Firefox browser

    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Then:
    If you use Opera browser

    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    Click Exit on the Main menu to close the program.
    For Technical Support, double-click the e-mail address located at the bottom of each menu.

    This will remove all files from the items that are checked so if you have some cookies you'd like to save. please move them to a different directory first.
     
  13. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,272
    First Name:
    Derek
    then

    Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
    • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
      • In the Processes group click Non-Microsoft
      • In the Win32 Services group click Non-Microsoft
      • In the Driver Services group click Non-Microsoft
      • In the Registry group click ALL
      • In the Files Created Within group click 30 days Make sure Non-Microsoft only is CHECKED
      • In the Files Modified Within group select 30 days Make sure Non-Microsoft only is CHECKED
      • In the File String Search group select ALL
      in the Additional scans sections please press select all and then unselect event viewer. uncheck non-microsoft only
    • Now click the Run Scan button on the toolbar.
    • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
    • When the scan is complete Notepad will open with the report file loaded in it.
    • Save that notepad file
    Use the Reply button and attach the notepad file here . I will review it when it comes in
     
  14. vr6man22

    vr6man22 Thread Starter

    Joined:
    Nov 28, 2005
    Messages:
    74
  15. vr6man22

    vr6man22 Thread Starter

    Joined:
    Nov 28, 2005
    Messages:
    74
    man this is getting frustrating.
    I think i'm gonna format it.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/648673

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice