Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

msn photo album virus

Comments

  • #2
    Ruu_Old
    Closed Accounts Posts: 36,634 ✭✭✭✭Ruu_Old


    Try performing those steps in Safe Mode.


  • #3
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Please download the self-extracting version of HijackThis from here:

    HijackThis_sfx download

    Save HijackThis_sfx to your desktop.

    Double-click the file then click the Unzip button. Then close the Self-Extractor window.

    Using My Computer/Windows Explorer, navigate to C:\Program Files\HijackThis and double click on HijackThis.exe to run it. If you would like to make a shortcut for your Desktop so it's more easily accessable, right click HijackThis.exe and choose Send To > Desktop (create shortcut).

    Please run the extracted HijackThis.exe from now on. Delete any copies of HijackThis.zip that you have saved.

    Open HijackThis and click Do a system scan and save a log file. Copy the entire contents of that log and post it here


  • #4
    trip_my_wire
    Closed Accounts Posts: 10 trip_my_wire


    Logfile of HijackThis v1.99.1
    Scan saved at 19:31:37, on 14/04/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
    C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    C:\Program Files\CASIO\Photo Loader\Plauto.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/ie/enu/gen/default.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.eircom.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
    O4 - HKLM\..\Run: [MPSExe] C:\Program Files\McAfee.com\MPS\mscifapp.exe /embedding
    O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://www.eircom.net
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\Autodesk Architectural Desktop 3\AcDcToday.ocx
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\Autodesk Architectural Desktop 3\InstBanr.ocx
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
    O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\Autodesk Architectural Desktop 3\InstFred.ocx
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\Autodesk Architectural Desktop 3\AcPreview.ocx
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe


  • #5
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    cant see anything wrong with your pc. few small things we should do.

    To delete the file thats giving you trouble, run HijackThis, click open the misc tools section, click Delete a file on reboot, find the file and click open, click yes, and reboot your pc.

    Run HijackThis again, click "Run a system scan only" and check these entries :

    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll (file missing)
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)

    Close all windows except for HijackThis and click Fix checked.


    You now need to update your Java and remove your older versions.
    Please follow these steps to remove older version Java components.

    * Click Start > Control Panel.
    * Click Add/Remove Programs.
    * Check any item with Java Runtime Environment (JRE) in the name.
    * Click the Remove or Change/Remove button.

    Download the latest version of Java Runtime Environment (JRE) 6, and install it to your computer.
    http://java.sun.com/javase/downloads/index.jsp
    Download Java Runtime Environment (JRE) 6u1 > Accept License Agreement > Download Windows Offline Installation, Multi-language jre-6u1-windows-i586-p.exe 13.16 MB


  • #6
    trip_my_wire
    Closed Accounts Posts: 10 trip_my_wire


    how and where do i go to get into system32? when i went to delete file on reboot i couldnt find a way to get into it. the way i was getting in before was by typing "system32" into "Run".


  • Advertisement
  • #7
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    sorry this is how you do it
    Follow this C:\WINDOWS\system32 then find the folder/file you want to delete


  • #8
    trip_my_wire
    Closed Accounts Posts: 10 trip_my_wire


    okay i got into system32 but how do i delete that file with Hijackthis on reboot? if i write click it i can delete it normally but it appears again immeadiately.

    as you can see, im not the best with computers! lol


  • #9
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    no problem mate, we all were comp newbies @ one stage :)

    To delete the file thats giving you trouble, run HijackThis, click open the misc tools section, click Delete a file on reboot, find the file by navigating to C:\WINDOWS\system32 , click on the file you want to delete and click open, click yes, and reboot your pc.

    Tell me if you have any trouble with that


  • #10
    trip_my_wire
    Closed Accounts Posts: 10 trip_my_wire


    okay, i did exactally what you said but when the computer restarted it was still there.


  • #11
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    1. Please download Killbox.
    2. Unzip it to the desktop but do NOT run it yet.
    3. Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.
    4. Once in Safe Mode, please run Killbox.
    5. Click "Delete on Reboot".
    6. Paste the following into the top "Full Path of File to Delete" box.
      • C:\WINDOWS\System32\whatever the files name is
    7. Click the red-and-white "Delete File".
    8. Click "Yes" at the Delete on Reboot prompt.
    9. Click "No" at the Pending Operations prompt.


  • Advertisement
  • #12
    trip_my_wire
    Closed Accounts Posts: 10 trip_my_wire


    i cant stress enough my thanks to you so far.

    i followed your last instructions very carefully. i had 2 related viruses "rdchost.dll" and "rdshost". when i deleted the first one without reboot it did not reappear but when I rebooted it for the second one it did reappear. however i went back and deleted it without reboot.

    do you think its safe to do that? or will it come back?


  • #13
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    the rdchost.dll in these locations are safe (c:\ being the install drive of your OS)

    c:\windows\system32\dllcache\rdchost.dll
    rdchost.dll 5.1.2600.1106 Trust B31E7DC16776FC00488F16C68C6543A2

    c:\windows\servicepackfiles\i386\rdchost.dll
    rdchost.dll 5.1.2600.2180 Trust 1A3CF5C90BC2351BCC5B575BD4023788

    c:\windows\servicepackfiles\i386\rdchost.dll

    So be careful. rdihost.dll is the bad one you want to delete. Do not delete rdshost.exe or the other ones(rdchost.dll) above.

    Please do these steps for me :

    Please download CCleaner from here:
    http://www.ccleaner.com
    Install(uncheck the option to install Yahoo toolbar unless you want Yahoo toolbar) and run it, and clean out your Temporary and Temporary Internet Files (as well as anything else you may want to clean out.)

    Please download, install, update and scan your system with the free version of AVG Anti - Spyware. :
    1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    2. When you run AVG Anti - Spyware for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
    3. From the main AVG Anti - Spyware screen, click on update in the left menu, then click the Start update button.
    4. After the update finishes (the status bar at the bottom will display "Update successful"), exit AVG Anti - Spyware and boot into safe mode :

    Restart your computer, and begin tapping the F8 key on your keyboard. Continue to do so until the Windows Advanced Options menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
    Using the arrow keys on the keyboard, scroll to and select the Safe mode menu item, and then press Enter.


    Now open AVG Anti - Spyware, click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run, so time to go get a drink and a snack....
    If AVG Anti - Spyware finds anything, it will pop up a notification. You can select "Remove" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
    When the scan finishes, click on "Save Report". This will create a text file. Please restart normally, then paste the contents of the text file to this thread.

    Once you do these steps your pc will be fine. If you got any questions just ask!!


  • #14
    trip_my_wire
    Closed Accounts Posts: 10 trip_my_wire


    + Created at: 19:14:20 15/04/2007

    + Scan result:



    C:\Program Files\DriveCleaner 2006 Free(2)\Activate.dat -> Adware.DriveCleaner : Ignored.
    C:\Program Files\DriveCleaner 2006 Free(2)\lapv.dat -> Adware.DriveCleaner : Ignored.
    C:\Program Files\DriveCleaner 2006 Free(2)\up.dat -> Adware.DriveCleaner : Ignored.
    C:\Program Files\DriveCleaner 2006 Free(2)\vbpv.dat -> Adware.DriveCleaner : Ignored.
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP479\A0319046.DLL -> Adware.MyWaySpeed : Ignored.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Ignored.
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP546\A0359871.dll -> Backdoor.IRCBot.aaq : Ignored.
    C:\WINDOWS\ehigsvc.exe -> Dropper.Agent.mu : Ignored.
    C:\WINDOWS\qmbtsvc.exe -> Dropper.Agent.mu : Ignored.
    C:\Documents and Settings\FRANK\Local Settings\Temporary Internet Files\Content.IE5\MHW2SWAM\count[3].htm -> Not-A-Virus.Exploit.HTML.IframeBof : Ignored.
    C:\Documents and Settings\FRANK\Local Settings\Temporary Internet Files\Content.IE5\MHW2SWAM\1[1].ani -> Not-A-Virus.Exploit.Win32.IMGANI.l : Ignored.
    C:\Documents and Settings\FRANK\Local Settings\Temporary Internet Files\Content.IE5\P357F7VD\2[1].ani -> Not-A-Virus.Exploit.Win32.IMGANI.m : Ignored.
    C:\Documents and Settings\FRANK\Cookies\frank@adbrite[2].txt -> TrackingCookie.Adbrite : Ignored.
    C:\Documents and Settings\KENNETH\Cookies\kenneth@adbrite[2].txt -> TrackingCookie.Adbrite : Ignored.
    C:\Documents and Settings\FRANK\Cookies\frank@www.adobe[2].txt -> TrackingCookie.Adobe : Ignored.
    C:\Documents and Settings\FRANK\Cookies\frank@czgde.adocean[1].txt -> TrackingCookie.Adocean : Ignored.
    C:\Documents and Settings\FRANK\Cookies\frank@clickbank[1].txt -> TrackingCookie.Clickbank : Ignored.
    C:\Documents and Settings\FRANK\Cookies\frank@ads.cnn[1].txt -> TrackingCookie.Cnn : Ignored.
    C:\Documents and Settings\FRANK\Cookies\frank@counter.cnw[1].txt -> TrackingCookie.Cnw : Ignored.
    C:\Documents and Settings\FRANK\Cookies\frank@ads.guardian.co[1].txt -> TrackingCookie.Co : Ignored.
    C:\Documents and Settings\KENNETH\Cookies\kenneth@ads.guardian.co[1].txt -> TrackingCookie.Co : Ignored.
    C:\Documents and Settings\ALL\Cookies\all@connextra[2].txt -> TrackingCookie.Connextra : Ignored.
    C:\Documents and Settings\FRANK\Cookies\frank@connextra[2].txt -> TrackingCookie.Connextra : Ignored.
    C:\Documents and Settings\KENNETH\Cookies\kenneth@connextra[4].txt -> TrackingCookie.Connextra : Ignored.
    C:\Documents and Settings\KENNETH\Cookies\kenneth@e-2dj6wfkyqlczklp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.
    C:\Documents and Settings\FRANK\Cookies\frank@www.etracker[2].txt -> TrackingCookie.Etracker : Ignored.
    C:\Documents and Settings\FRANK\Cookies\frank@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Ignored.
    C:\Documents and Settings\KENNETH\Cookies\kenneth@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Ignored.
    C:\Documents and Settings\FRANK\Cookies\frank@findwhat[1].txt -> TrackingCookie.Findwhat : Ignored.
    C:\Documents and Settings\FRANK\Cookies\frank@hypertracker[1].txt -> TrackingCookie.Hypertracker : Ignored.
    C:\Documents and Settings\KENNETH\Cookies\kenneth@searchportal.information[1].txt -> TrackingCookie.Information : Ignored.
    C:\Documents and Settings\FRANK\Cookies\frank@image.masterstats[2].txt -> TrackingCookie.Masterstats : Ignored.
    C:\Documents and Settings\ALL\Cookies\all@search.msn[1].txt -> TrackingCookie.Msn : Ignored.
    C:\Documents and Settings\FRANK\Cookies\frank@search.msn[2].txt -> TrackingCookie.Msn : Ignored.
    C:\Documents and Settings\FRANK\Cookies\frank@navrcholu[2].txt -> TrackingCookie.Navrcholu : Ignored.
    C:\Documents and Settings\FRANK\Cookies\frank@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Ignored.
    C:\Documents and Settings\KENNETH\Cookies\kenneth@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Ignored.
    C:\Documents and Settings\KENNETH\Cookies\kenneth@www.paypal[1].txt -> TrackingCookie.Paypal : Ignored.
    C:\Documents and Settings\FRANK\Cookies\frank@pro-market[2].txt -> TrackingCookie.Pro-market : Ignored.
    C:\Documents and Settings\ALL\Cookies\all@real[1].txt -> TrackingCookie.Real : Ignored.
    C:\Documents and Settings\ALL\Cookies\all@realguide.real[1].txt -> TrackingCookie.Real : Ignored.
    C:\Documents and Settings\ALL\Cookies\all@www.real[1].txt -> TrackingCookie.Real : Ignored.
    C:\Documents and Settings\FRANK\Cookies\frank@revsci[2].txt -> TrackingCookie.Revsci : Ignored.
    C:\Documents and Settings\KENNETH\Cookies\kenneth@revsci[1].txt -> TrackingCookie.Revsci : Ignored.
    C:\Documents and Settings\FRANK\Cookies\frank@secure.skype[1].txt -> TrackingCookie.Skype : Ignored.
    C:\Documents and Settings\FRANK\Cookies\frank@site.skype[1].txt -> TrackingCookie.Skype : Ignored.
    C:\Documents and Settings\FRANK\Cookies\frank@skype[1].txt -> TrackingCookie.Skype : Ignored.
    C:\Documents and Settings\FRANK\Cookies\frank@skype[3].txt -> TrackingCookie.Skype : Ignored.
    C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\system@skype[1].txt -> TrackingCookie.Skype : Ignored.
    C:\Documents and Settings\FRANK\Cookies\frank@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Ignored.
    C:\Documents and Settings\FRANK\Cookies\frank@specificclick[2].txt -> TrackingCookie.Specificclick : Ignored.
    C:\Documents and Settings\FRANK\Cookies\frank@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Ignored.
    C:\Documents and Settings\FRANK\Cookies\frank@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Ignored.
    C:\Documents and Settings\FRANK\Cookies\frank@tacoda[1].txt -> TrackingCookie.Tacoda : Ignored.
    C:\Documents and Settings\KENNETH\Cookies\kenneth@tacoda[1].txt -> TrackingCookie.Tacoda : Ignored.
    C:\Documents and Settings\FRANK\Cookies\frank@ad.text.tbn[1].txt -> TrackingCookie.Texttbnru : Ignored.
    C:\Documents and Settings\FRANK\Cookies\frank@toplist[7].txt -> TrackingCookie.Toplist : Ignored.
    C:\Documents and Settings\KENNETH\Cookies\kenneth@webstat[1].txt -> TrackingCookie.Web-stat : Ignored.
    C:\Documents and Settings\FRANK\Cookies\frank@weborama[1].txt -> TrackingCookie.Weborama : Ignored.
    C:\Documents and Settings\ALL\Cookies\all@count.xhit[1].txt -> TrackingCookie.Xhit : Ignored.
    C:\Documents and Settings\FRANK\Cookies\frank@count.xhit[1].txt -> TrackingCookie.Xhit : Ignored.
    C:\Documents and Settings\ANDREW\Complete\4X4 Evolution.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\AAA Logo 1.21.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\Acronis True Image 8.0.937.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\Age Of Mythology - Titans Expansion.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\Age Of Mythology.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\AntiVir PersonalEdition Classic Versi.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\Apollo DVD Copy 4.5.3.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\Arial Audio Converter 2.3.8.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\Autodesk Land Desktop 2006.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\BSplayer Pro 1.35.823.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\Balearica Mediterranean Fresh Cuts.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\BitSpirit 3.1.0.077.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\Citrix MetaFrame XP Presentation Server.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\Colin McRae Rally 2005.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\CyberLink PowerDVD 6.0.0.1424.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\CyberLink PowerDirector 5.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\DJ Studio Pro 2.6.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\DVD-Cloner 2.62.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\FTP Now 2.6.22.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\Flas Game - Orgasm Girl.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\Flash Game - Eva & Adan.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\Flash Game - Galaxy Angel Sim Date.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\Flash Game - Ganguro Girls.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\Flash Game - Heli Attack 3.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\Flash Game - Love Hina Sim Date.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\Flash Game - Sexy DressUp.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\Flash Game - Ski Trip.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\Flash Game - Snow Trooper.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\Game Collector 1.83.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\Grandmas Boy (2006) Kvcd.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\Hardcore 100% Hits volume 3.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\Hide IP Platinum 1.74.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\Hitman 2 Silent Assassin.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\Hitman Codename 47.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\ISOpen 4.0.356.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\ImTOO CD Ripper 1.0.33.922.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\Kaspersky Antivirus Personal Pro 5.0.3.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\Language Engineering Power Translator.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\MegaView 8.03.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\Moto GP 3 Ultimate Racing Technology.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\Movie Collector 4.73.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\NHL 2006.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\Nero Media Player 1.4.0.35.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\Norton Personal Firewall 2005.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\Omen IV The Awakening.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\PhotoRescue Pro v 3.5.136.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\Power Video Converter 1.4.11.3.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\Rapidshare & Megaupload Killer All In On.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\ReGet Deluxe 4.2 Build 262 RC.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\Recomposit 1.1 (photo masking).zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\RegSupreme Pro 1.2.0.35.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\Rise Of Nations.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\Rumble Cube Deluxe.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\SaveFlash 3.0.61.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\Secura Backup Professional 2.13.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\Sim City 4 Deluxe.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\Sirus Basic Ops - Its Because I Love You.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\Smart Undelete 2.3.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\Snappy Invoice System 4.0.2.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\Solitaire fans.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\Super Text Search 2.82.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\Sweet MIDI Player 2.18.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\Terminator 3 war of machines.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\The Chroncls Of Narnia The Lion, the.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\The Weather Man (2005).zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\Trackmania Sunrise.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\TuneUp Utilities 2006.5.0.2331.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\Universal Share Downloader 1.3.3.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\Vital Desktop Video 1.3.8.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\Voxengo Soniformer VST 2.4.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\Webroot Spy Sweeper 4.0.4.458.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\Where the Truth Lies (2005).zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\WinAVI Video Converter 7.1.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\WinRAR Crystal Special.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\Winamp Pro 5.13.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\X2 X-Men United DvD.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\Xchat 2.4.5d.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\ZoneAlarm Pro 6.0.667.0.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\mIRC 6.16.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\ANDREW\Complete\nVidia PureVideo Decoder 1.02.150.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\FRANK\Local Settings\Temp\1324_zip_dump.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\FRANK\Local Settings\Temp\1880_zip_dump.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\FRANK\Local Settings\Temp\3100_zip_dump.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\FRANK\Local Settings\Temp\380_zip_dump.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\FRANK\Local Settings\Temp\3908_zip_dump.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\FRANK\Local Settings\Temp\3928_zip_dump.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\FRANK\Local Settings\Temp\3972_zip_dump.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\FRANK\Local Settings\Temp\3992_zip_dump.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\FRANK\Local Settings\Temp\552_zip_dump.exe -> Worm.VB.an : Ignored.
    C:\Documents and Settings\FRANK\Local Settings\Temp\616_zip_dump.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\4X4 Evolution.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\AAA Logo 1.21.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\Acronis True Image 8.0.937.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\Age Of Mythology - Titans Expansion.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\Age Of Mythology.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\AntiVir PersonalEdition Classic Versi.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\Apollo DVD Copy 4.5.3.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\Arial Audio Converter 2.3.8.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\Autodesk Land Desktop 2006.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\BSplayer Pro 1.35.823.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\Balearica Mediterranean Fresh Cuts.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\BitSpirit 3.1.0.077.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\Citrix MetaFrame XP Presentation Server.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\Colin McRae Rally 2005.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\CyberLink PowerDVD 6.0.0.1424.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\CyberLink PowerDirector 5.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\DJ Studio Pro 2.6.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\DVD-Cloner 2.62.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\FTP Now 2.6.22.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\Flas Game - Orgasm Girl.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\Flash Game - Eva & Adan.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\Flash Game - Galaxy Angel Sim Date.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\Flash Game - Ganguro Girls.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\Flash Game - Heli Attack 3.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\Flash Game - Love Hina Sim Date.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\Flash Game - Sexy DressUp.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\Flash Game - Ski Trip.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\Flash Game - Snow Trooper.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\Game Collector 1.83.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\Grandmas Boy (2006) Kvcd.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\Hardcore 100% Hits volume 3.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\Hide IP Platinum 1.74.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\Hitman 2 Silent Assassin.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\Hitman Codename 47.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\ISOpen 4.0.356.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\ImTOO CD Ripper 1.0.33.922.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\Kaspersky Antivirus Personal Pro 5.0.3.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\Language Engineering Power Translator.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\MegaView 8.03.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\Moto GP 3 Ultimate Racing Technology.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\Movie Collector 4.73.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\NHL 2006.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\Nero Media Player 1.4.0.35.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\Norton Personal Firewall 2005.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\Omen IV The Awakening.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\PhotoRescue Pro v 3.5.136.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\Power Video Converter 1.4.11.3.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\Rapidshare & Megaupload Killer All In On.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\ReGet Deluxe 4.2 Build 262 RC.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\Recomposit 1.1 (photo masking).zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\RegSupreme Pro 1.2.0.35.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\Rise Of Nations.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\Rumble Cube Deluxe.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\SaveFlash 3.0.61.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\Secura Backup Professional 2.13.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\Sim City 4 Deluxe.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\Sirus Basic Ops - Its Because I Love You.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\Smart Undelete 2.3.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\Snappy Invoice System 4.0.2.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\Solitaire fans.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\Super Text Search 2.82.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\Sweet MIDI Player 2.18.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\Terminator 3 war of machines.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\The Chroncls Of Narnia The Lion, the.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\The Weather Man (2005).zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\Trackmania Sunrise.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\TuneUp Utilities 2006.5.0.2331.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\Universal Share Downloader 1.3.3.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\Vital Desktop Video 1.3.8.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\Voxengo Soniformer VST 2.4.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\Webroot Spy Sweeper 4.0.4.458.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\Where the Truth Lies (2005).zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\WinAVI Video Converter 7.1.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\WinRAR Crystal Special.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\Winamp Pro 5.13.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\X2 X-Men United DvD.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\Xchat 2.4.5d.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\ZoneAlarm Pro 6.0.667.0.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\mIRC 6.16.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\Kazaa\My Shared Folder\nVidia PureVideo Decoder 1.02.150.zip/Setup.exe -> Worm.VB.an : Ignored.
    C:\Program Files\winupdates\a.zip/Setup.exe -> Worm.VB.an : Ignored.


    ::Report end


    what do you make of it?

    when the scan was finished i couldnt figure out to delete the viruses!


  • #15
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    A few nasty things in there, did you not click "Apply actions" or whatever it said to fix all those? You should fix all those with AVG, if you exited it then run a scan later and search how to apply the actions.

    Do this for me please, Open HijackThis, click Open the misc tools section, click Open uninstall manager, you should see "Save list" on the right, click that and save the list somewhere, post that list here in your next reply.

    1. Download this file - combofix.exe
    2. Double click combofix.exe & follow the prompts.
    3. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall


  • #16
    Ruu_Old
    Closed Accounts Posts: 36,634 ✭✭✭✭Ruu_Old


    Yeesh, get rid of Kazaa also. No wonder you are riddled with viruses.


  • #17
    trip_my_wire
    Closed Accounts Posts: 10 trip_my_wire


    Adobe Flash Player 9 ActiveX
    Adobe Photoshop CS
    Adobe Reader 8
    Adobe® Photoshop® Album Starter Edition 3.0
    Apple Software Update
    ATI Display Driver
    AutoCAD 2007 - English
    Autodesk Architectural Desktop 3.3
    Autodesk DWF Viewer
    AVG Anti-Spyware 7.5
    BBC News alerts (remove only)
    Broadcom Advanced Control Suite 2
    CCleaner (remove only)
    CD-DVD Printing Kit
    DELG Driver Theory Test
    Dell Media Experience
    Dell Photo AIO Printer 922
    DivX Codec
    DivX Content Uploader
    DivX Converter
    DivX Player
    DivX Web Player
    Encyclopaedia Britannica Concise Edition CD
    G5a922EN
    GeoVision MPEG4
    Google Desktop TimeWarp Plugin
    Google Earth
    Google Photos Screensaver
    Google Toolbar for Firefox
    Google Toolbar for Internet Explorer
    Google Toolbar for Internet Explorer
    Google Updater
    HijackThis 1.99.1
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows XP (KB914440)
    Hotfix for Windows XP (KB915865)
    Hotfix for Windows XP (KB926239)
    Intel Application Accelerator
    Intel(R) 537EP V9x DF PCI Modem
    iPod for Windows 2005-06-26
    iPod for Windows 2005-09-06
    iPod for Windows 2006-03-23
    iPod Updater 2004-11-15
    iTunes
    iTunes
    Java(TM) SE Development Kit 6 Update 1
    Java(TM) SE Runtime Environment 6 Update 1
    Kodak EasyShare software
    LG GSM PC Components
    LG USB Modem Driver
    LimeWire 4.12.11
    Macromedia Shockwave Player
    McAfee Personal Firewall Plus
    McAfee Privacy Service
    McAfee SecurityCenter
    McAfee VirusScan
    Mercora IMRadio v5.1.0.101
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB886903)
    Microsoft .NET Framework 2.0
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Encarta 96 Encyclopedia
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office PowerPoint Viewer 2003
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Works 7.0
    Modem Event Monitor
    Modem Helper
    Modem On Hold
    MSXML 4.0 SP2 (KB927978)
    Napster Burn Engine
    Nokia Connectivity Adapter Cable DKU-5
    Nokia Connectivity Cable Driver
    Nokia PC Suite 6.1
    Photo Loader 2.1E
    PowerDVD 5.1
    QuickTime
    SAMSUNG Mobile USB Modem 1.0 Software
    Samsung PC Studio
    Samsung PC Studio 3 USB Driver Installer
    SCRABBLE®
    Security Update for Microsoft .NET Framework 2.0 (KB917283)
    Security Update for Microsoft .NET Framework 2.0 (KB922770)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB883939)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB896688)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899588)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901190)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB903235)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB905915)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB908531)
    Security Update for Windows XP (KB911280)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912812)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913446)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB916281)
    Security Update for Windows XP (KB917159)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB918899)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920214)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921883)
    Security Update for Windows XP (KB922616)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923694)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925486)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Skype 3.1
    Skype Plugin Manager
    Spyware Doctor 5.0
    U.S. Robotics USB Phone
    Uniblue RegistryBooster2
    Update for Windows XP (KB894391)
    Update for Windows XP (KB896727)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB904942)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB929338)
    Update for Windows XP (KB931836)
    Volo View Express
    Winamp (remove only)
    Windows Genuine Advantage v1.3.0254.0
    Windows Installer 3.1 (KB893803)
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player 11
    Windows XP Hotfix - KB834707
    Windows XP Hotfix - KB867282
    Windows XP Hotfix - KB873333
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890047
    Windows XP Hotfix - KB890175
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB890923
    Windows XP Hotfix - KB891781
    Windows XP Hotfix - KB893066
    Windows XP Hotfix - KB893086
    Yahoo! Address AutoComplete
    Yahoo! Anti-Spy
    Yahoo! extras
    Yahoo! Install Manager
    Yahoo! Internet Mail
    Yahoo! Messenger with BT Communicator
    Yahoo! Toolbar


  • #18
    trip_my_wire
    Closed Accounts Posts: 10 trip_my_wire


    "ANDREW" - 07-04-16 20:09:36 Service Pack 2
    ComboFix 07-04-16.3.V - Running from: C:\Documents and Settings\ANDREW\My Documents\


    ((((((((((((((((((((((((((((((( Files Created from 2007-03-16 to 2007-04-16 ))))))))))))))))))))))))))))))))))


    2007-04-15 18:24 664 --a
    C:\WINDOWS\SYSTEM32\d3d9caps.dat
    2007-04-15 18:06 3,968 --a
    C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
    2007-04-15 17:54 <DIR> d
    C:\Program Files\CCleaner
    2007-04-15 17:40 <DIR> d
    C:\Program Files\Common Files\Java
    2007-04-15 16:38 <DIR> d
    C:\!KillBox
    2007-04-14 20:29 <DIR> d
    C:\DOCUME~1\ANDREW\APPLIC~1\Uniblue
    2007-04-14 20:28 <DIR> d
    C:\Program Files\Uniblue
    2007-04-12 22:41 <DIR> d
    C:\WINDOWS\pss
    2007-04-11 16:15 <DIR> d
    C:\Program Files\Common Files\Skype
    2007-04-10 10:37 <DIR> d
    C:\WINDOWS\SYSTEM32\runtime
    2007-04-10 10:36 83,536 --a
    C:\WINDOWS\SYSTEM32\DRIVERS\iksyssec.sys
    2007-04-10 10:36 59,984 --a
    C:\WINDOWS\SYSTEM32\DRIVERS\iksysflt.sys
    2007-04-10 10:36 52,304 --a
    C:\WINDOWS\SYSTEM32\DRIVERS\ikfilesec.sys
    2007-04-10 10:36 39,248 --a
    C:\WINDOWS\SYSTEM32\DRIVERS\ikfileflt.sys
    2007-04-10 10:36 26,064 --a
    C:\WINDOWS\SYSTEM32\DRIVERS\kcom.sys
    2007-04-05 12:22 <DIR> d
    C:\Program Files\Spyware Doctor
    2007-04-05 10:19 626,688 --a
    C:\WINDOWS\SYSTEM32\msvcr80.dll
    2007-03-24 12:52 <DIR> d
    C:\Program Files\Windows Media Connect 2
    2007-03-24 12:48 <DIR> d
    C:\WINDOWS\SYSTEM32\LogFiles
    2007-03-24 12:48 <DIR> d
    C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
    2007-03-23 14:29 2,784,264 --a
    C:\WINDOWS\SYSTEM32\GPhotos.scr


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-04-15 17:47
    d
    C:\Program Files\java
    2007-04-15 09:41
    d
    C:\Program Files\limewire
    2007-04-11 18:45
    d
    C:\DOCUME~1\ANDREW\APPLIC~1\skype
    2007-04-11 16:14
    d
    C:\Program Files\skype
    2007-04-10 10:37
    d
    C:\Program Files\google
    2007-03-17 14:43 292864 --a
    C:\WINDOWS\SYSTEM32\winsrv.dll
    2007-03-08 16:36 577536 --a
    C:\WINDOWS\SYSTEM32\user32.dll
    2007-03-08 16:36 40960 --a
    C:\WINDOWS\SYSTEM32\mf3216.dll
    2007-03-08 16:36 281600 --a
    C:\WINDOWS\SYSTEM32\gdi32.dll
    2007-03-08 14:47 1843584 --a
    C:\WINDOWS\SYSTEM32\win32k.sys
    2007-02-23 22:16
    d
    C:\DOCUME~1\ANDREW\APPLIC~1\mcafee.com personal firewall
    2007-02-05 21:17 185344 --a
    C:\WINDOWS\SYSTEM32\upnphost.dll
    2007-01-23 16:22 21 --a
    C:\WINDOWS\lupd.dat
    2007-01-23 15:21 9 --a
    C:\WINDOWS\tfxnm.dat


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} c:\program files\mcafee.com\mps\mcbrhlpr.dll
    {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll [x]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    {AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar2.dll
    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll
    {B56A7D7D-6927-48C8-A975-17DF180C71AC} C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll [x]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "IAAnotif"="C:\\Program Files\\Intel\\Intel Application Accelerator\\iaanotif.exe"
    "PCMService"="\"C:\\Program Files\\Dell\\Media Experience\\PCMService.exe\""
    "DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
    "IntelMeM"="C:\\Program Files\\Intel\\Modem Event Monitor\\IntelMEM.exe"
    "VSOCheckTask"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcmnhdlr.exe\" /checktask"
    "MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
    "MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
    "VirusScan Online"="c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe"
    "MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
    "Dell Photo AIO Printer 922"="\"C:\\Program Files\\Dell Photo AIO Printer 922\\dlbtbmgr.exe\""
    "MPSExe"="C:\\Program Files\\McAfee.com\\MPS\\mscifapp.exe /embedding"
    "DataLayer"="C:\\PROGRA~1\\COMMON~1\\PCSuite\\DATALA~1\\DATALA~1.EXE"
    "PCSuiteTrayApplication"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\TRAYAP~1.EXE"
    @=&quot;"
    "Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
    "SDTray"="\"C:\\Program Files\\Spyware Doctor\\SDTrayApp.exe\""
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
    "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
    "Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
    "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "Uniblue Registry Booster2"="C:\\Program Files\\Uniblue\\RegistryBooster2\\RegistryBooster.exe /S"


  • #19
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    any problems with your pc? it should be fine


  • #20
    trip_my_wire
    Closed Accounts Posts: 10 trip_my_wire


    honestly, the internet and the computer itself seems to be very slow. also, in my favourites in internet explorer,the icons have gone weird. im going to reinstall MSN soon and see if the virus is still sending to everyone in my contact list. its the only way ill find out.


  • #21
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    well you do have loads of start up programs which you could disable, would speed up your pc a good bit. And a few BHO(browser helper objects) that might be slowing ur browser.

    I could tell you which ones are safe to disable if you want. Im not sure about the msn virus thing, it should be gone, we ran some pretty strong stuff and HJT is not showing up anything.

    Maybe go find those files rdihost.dll and scan them with an anti-virus, run AVG anti-spyware in safe mode again and apply the actions. Send me a new HJT log if you want me to disable start up entries to speed up your pc.


  • Advertisement
Advertisement