Virus and more

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

vr6man22

Thread Starter
Joined
Nov 28, 2005
Messages
74
friends pc with xp on it
i have been trying to fix it for over 8 hours
anyone it wont let me download anything or install anything.
tried to download ad aware and it wont let me.
here is the hjt log.

Logfile of HijackThis v1.99.1
Scan saved at 5:33:26 PM, on 11/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG7\avgwb.dat
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jaime-Lee.HOME-L9S443XBO7\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
Download Combofix to your desktop:

* Double-click combofix.exe & follow the prompts.
* When finished, it shall produce a log for you. Post that log in your next reply.


Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
 

vr6man22

Thread Starter
Joined
Nov 28, 2005
Messages
74
Fake.Wget: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1645522239-1647877149-682003330-1004\Software\Wget


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
 

vr6man22

Thread Starter
Joined
Nov 28, 2005
Messages
74
ComboFix 07-11-05.2 - Jaime-Lee 2007-11-06 18:37:47.2 - NTFSx86
Running from: C:\Documents and Settings\Jaime-Lee.HOME-L9S443XBO7\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-10-06 to 2007-11-06 )))))))))))))))))))))))))))))))
.

2007-11-06 17:16 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2007-11-06 16:51 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\AVG7
2007-11-06 16:51 <DIR> d-------- C:\Documents and Settings\Jaime-Lee.HOME-L9S443XBO7\Application Data\AVG7
2007-11-06 16:51 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2007-11-06 16:31 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avg7
2007-11-06 13:11 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-06 07:05 <DIR> d-------- C:\s
2007-11-06 07:04 <DIR> d-------- C:\sd
2007-11-06 07:00 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-06 06:57 1,156 --a------ C:\WINDOWS\mozver.dat
2007-11-05 23:24 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-05 22:49 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-05 22:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-05 22:49 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-05 22:49 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-05 22:49 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-05 22:41 1,102 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-05 19:51 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-11-05 19:50 66,048 --a------ C:\WINDOWS\ieResetIcons.exe
2007-11-05 19:26 1,290,272 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-05 19:20 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-05 18:20 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\MailFrontier
2007-11-05 18:20 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-11-05 18:19 75,248 --a------ C:\WINDOWS\zllsputility.exe
2007-11-05 18:19 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-11-05 18:17 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-10-30 15:10 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-10-30 15:10 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-10-29 19:13 <DIR> d-------- C:\Program Files\Windows Live
2007-10-29 19:13 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2007-10-29 18:01 <DIR> d-------- C:\Program Files\Full Tilt Poker.Net
2007-10-09 19:59 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-09 19:47 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-09 19:47 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-09 19:47 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-09 19:46 6,058,496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-09 19:46 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-10-09 19:46 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-09 19:46 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-09 19:46 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-06 22:16 --------- d-----w C:\Program Files\Lavasoft
2007-11-06 21:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-06 21:54 --------- d-----w C:\Program Files\Digital Line Detect
2007-11-06 19:07 15,836 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-06 19:03 --------- d-----w C:\Documents and Settings\Jaime-Lee.HOME-L9S443XBO7\Application Data\Lavasoft
2007-10-09 23:41 --------- d-----w C:\Program Files\Common Files\Kaspersky Lab
2007-09-13 22:57 --------- d-----w C:\Program Files\MSN Messenger
2007-09-06 21:14 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-13 23:54 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
2007-08-13 23:54 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
2007-08-13 23:45 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
2007-08-13 23:44 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
2007-08-13 23:39 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
2007-08-13 23:39 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
2007-08-13 23:36 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
2007-08-13 23:32 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
2007-08-13 23:01 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
2001-11-21 13:10 18,330,960 ----a-w C:\Program Files\Oxpsp1.exe
2001-11-21 01:47 3,322,880 ----a-w C:\Program Files\OWC10SP1_Admin.msp
2001-11-21 01:41 37,780,480 ----a-w C:\Program Files\MAINSP1_Admin.msp
.

((((((((((((((((((((((((((((( [email protected]_23.29.58.70 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-03 23:46:48 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2007-11-06 18:11:58 3,026,944 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2007-11-06 18:11:58 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2007-11-03 23:46:48 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2007-11-06 18:11:48 3,026,944 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2007-11-06 18:11:48 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2007-11-06 19:03:30 1,038,336 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe
+ 2007-11-06 19:03:30 178,688 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe
+ 2007-11-06 19:03:30 171,008 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B.exe
+ 2007-11-06 19:03:30 8,704 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B1.exe
- 2007-11-05 18:52:57 4,224 ----a-w C:\WINDOWS\system32\drivers\avg7rsw.sys
+ 2007-11-06 21:51:29 4,224 ----a-w C:\WINDOWS\system32\drivers\avg7rsw.sys
- 2007-11-05 18:52:57 27,776 ----a-w C:\WINDOWS\system32\drivers\avg7rsxp.sys
+ 2007-11-06 21:51:29 27,776 ----a-w C:\WINDOWS\system32\drivers\avg7rsxp.sys
- 2007-11-05 18:52:57 3,968 ----a-w C:\WINDOWS\system32\drivers\avgclean.sys
+ 2007-11-06 21:51:29 3,968 ----a-w C:\WINDOWS\system32\drivers\avgclean.sys
- 2007-11-05 18:52:57 19,904 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
+ 2007-11-06 21:51:29 19,904 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
+ 2007-07-11 19:37:26 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
+ 2007-08-07 18:58:08 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
+ 2007-08-07 18:56:58 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
+ 2007-04-13 20:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe
+ 2007-06-11 18:34:00 2,115,816 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
+ 2007-06-11 18:34:00 190,696 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-27 19:14]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 13:16]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-06 16:51]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runservices]
"Windows NetStart Service2"=winsN2SD.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Windows NetStart Service2"=winsN2SD.exe
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\filit]
C:\luxor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Service]
real.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\Updreg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows NetStart Service2]
winsN2SD.exe

R1 cdrbsvsd;cdrbsvsd;C:\WINDOWS\system32\drivers\cdrbsvsd.sys

*Newly Created Service* - AVG7ALRT
*Newly Created Service* - AVG7CORE
*Newly Created Service* - AVG7UPDSVC
*Newly Created Service* - AVGCLEAN
.
Contents of the 'Scheduled Tasks' folder
"2007-09-20 18:15:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-06 23:45:48 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-06 18:51:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-06 18:54:02
C:\ComboFix2.txt ... 2007-11-05 23:31
.
--- E O F ---
 

vr6man22

Thread Starter
Joined
Nov 28, 2005
Messages
74
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:17:18 PM 11/6/2007

+ Scan result:



C:\System Volume Information\_restore{94705AD6-909F-467B-9F9F-54ACD491790C}\RP156\A0026542.dll -> Adware.Neon : Cleaned.
C:\System Volume Information\_restore{94705AD6-909F-467B-9F9F-54ACD491790C}\RP157\A0032662.dll -> Adware.Neon : Cleaned.
C:\System Volume Information\_restore{94705AD6-909F-467B-9F9F-54ACD491790C}\RP158\A0039801.dll -> Adware.Neon : Cleaned.
C:\System Volume Information\_restore{94705AD6-909F-467B-9F9F-54ACD491790C}\RP158\A0049657.dll -> Adware.Neon : Cleaned.
C:\System Volume Information\_restore{94705AD6-909F-467B-9F9F-54ACD491790C}\RP158\A0050325.dll -> Adware.Neon : Cleaned.
C:\System Volume Information\_restore{94705AD6-909F-467B-9F9F-54ACD491790C}\RP156\A0026335.exe -> Adware.NewDotNet : Cleaned.
C:\System Volume Information\_restore{94705AD6-909F-467B-9F9F-54ACD491790C}\RP156\A0030986.exe -> Adware.NewDotNet : Cleaned.
C:\System Volume Information\_restore{94705AD6-909F-467B-9F9F-54ACD491790C}\RP156\A0030987.exe -> Adware.NewDotNet : Cleaned.
C:\System Volume Information\_restore{94705AD6-909F-467B-9F9F-54ACD491790C}\RP157\A0036054.exe -> Adware.NewDotNet : Cleaned.
C:\System Volume Information\_restore{94705AD6-909F-467B-9F9F-54ACD491790C}\RP158\A0039805.exe -> Adware.NewDotNet : Cleaned.
C:\System Volume Information\_restore{94705AD6-909F-467B-9F9F-54ACD491790C}\RP158\A0039806.exe -> Adware.NewDotNet : Cleaned.
C:\System Volume Information\_restore{94705AD6-909F-467B-9F9F-54ACD491790C}\RP158\A0049978.exe -> Adware.NewDotNet : Cleaned.
C:\System Volume Information\_restore{E8C79624-4C25-4F55-8E62-D41CA6E09BB6}\RP1030\A0593975.exe -> Adware.NewDotNet : Cleaned.
C:\System Volume Information\_restore{E8C79624-4C25-4F55-8E62-D41CA6E09BB6}\RP1030\A0593976.exe -> Adware.NewDotNet : Cleaned.
C:\System Volume Information\_restore{E8C79624-4C25-4F55-8E62-D41CA6E09BB6}\RP1032\A0606403.exe -> Adware.P2PNet : Cleaned.
C:\System Volume Information\_restore{E8C79624-4C25-4F55-8E62-D41CA6E09BB6}\RP1032\A0608776.exe -> Adware.P2PNet : Cleaned.
C:\System Volume Information\_restore{E8C79624-4C25-4F55-8E62-D41CA6E09BB6}\RP1090\A0639489.exe -> Adware.P2PNet : Cleaned.
C:\System Volume Information\_restore{E8C79624-4C25-4F55-8E62-D41CA6E09BB6}\RP1090\A0639490.exe -> Adware.P2PNet : Cleaned.
C:\SDFix\backups\backups.zip/backups/TFTP4004 -> Backdoor.Rbot.akv : Cleaned.
:mozilla.68:C:\Documents and Settings\Jaime-Lee.HOME-L9S443XBO7\Application Data\Mozilla\Firefox\Profiles\oybcmefu.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Jaime-Lee.HOME-L9S443XBO7\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.8:C:\Documents and Settings\Jaime-Lee.HOME-L9S443XBO7\Application Data\Mozilla\Firefox\Profiles\oybcmefu.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.46:C:\Documents and Settings\Jaime-Lee.HOME-L9S443XBO7\Application Data\Mozilla\Firefox\Profiles\oybcmefu.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.47:C:\Documents and Settings\Jaime-Lee.HOME-L9S443XBO7\Application Data\Mozilla\Firefox\Profiles\oybcmefu.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.51:C:\Documents and Settings\Jaime-Lee.HOME-L9S443XBO7\Application Data\Mozilla\Firefox\Profiles\oybcmefu.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.52:C:\Documents and Settings\Jaime-Lee.HOME-L9S443XBO7\Application Data\Mozilla\Firefox\Profiles\oybcmefu.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.60:C:\Documents and Settings\Jaime-Lee.HOME-L9S443XBO7\Application Data\Mozilla\Firefox\Profiles\oybcmefu.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.61:C:\Documents and Settings\Jaime-Lee.HOME-L9S443XBO7\Application Data\Mozilla\Firefox\Profiles\oybcmefu.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.62:C:\Documents and Settings\Jaime-Lee.HOME-L9S443XBO7\Application Data\Mozilla\Firefox\Profiles\oybcmefu.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.63:C:\Documents and Settings\Jaime-Lee.HOME-L9S443XBO7\Application Data\Mozilla\Firefox\Profiles\oybcmefu.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.64:C:\Documents and Settings\Jaime-Lee.HOME-L9S443XBO7\Application Data\Mozilla\Firefox\Profiles\oybcmefu.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.65:C:\Documents and Settings\Jaime-Lee.HOME-L9S443XBO7\Application Data\Mozilla\Firefox\Profiles\oybcmefu.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.79:C:\Documents and Settings\Jaime-Lee.HOME-L9S443XBO7\Application Data\Mozilla\Firefox\Profiles\oybcmefu.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.30:C:\Documents and Settings\Jaime-Lee.HOME-L9S443XBO7\Application Data\Mozilla\Firefox\Profiles\oybcmefu.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.


::Report end
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
you seem to have run sdfix

what did that show

What did Kaspersky online scan show that you have also run

download gmer rootkit detector from http://gmer.net

unzip it & double click the gmer.exe file

select rootkit tab & press scan

when it has finished press copy & post back the log it makes
 

vr6man22

Thread Starter
Joined
Nov 28, 2005
Messages
74
i cant get Some down loads to work
so kaspersky, I click on it and nothing happens. it may be on the system from 2years ago

ad aware it installs then says error.
I did avg scan No threats.
i did sdfix but dont remember what it said

gmer log http://www.mediafire.com/?22omgsmgjmv
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
Thatb is OK

Please download ATF Cleaner by Atribune
This program is designed for XP and Windows 2000 only ( it should now run on 98/ME & Vista)

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
Then:
If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Then:
If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

This will remove all files from the items that are checked so if you have some cookies you'd like to save. please move them to a different directory first.
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
then

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
    • In the Processes group click Non-Microsoft
    • In the Win32 Services group click Non-Microsoft
    • In the Driver Services group click Non-Microsoft
    • In the Registry group click ALL
    • In the Files Created Within group click 30 days Make sure Non-Microsoft only is CHECKED
    • In the Files Modified Within group select 30 days Make sure Non-Microsoft only is CHECKED
    • In the File String Search group select ALL
    in the Additional scans sections please press select all and then unselect event viewer. uncheck non-microsoft only
  • Now click the Run Scan button on the toolbar.
  • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Save that notepad file
Use the Reply button and attach the notepad file here . I will review it when it comes in
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top