Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

help!


  • Please log in to reply

#1
inkyspanky

inkyspanky

    Member

  • Member
  • PipPip
  • 36 posts
hellooo... its inkyspanky again

my computer has been great since you guys helped me last summer thanks so much:) but recently things have just been reaaalllyy slllloooooowwww. no major problems or anything but if you could just take a look and see if anything is wrong...here is my hijack this log (not just the internet i meanevrything i click the start menu and it takes about 20-30 seconds to pop open and i try and click between programs on the program bar and images all mix together and freeze for a second before doing what i told it to...) k heres my log thing:

Logfile of HijackThis v1.99.1
Scan saved at 9:23:01 PM, on 8/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\System32\imapi.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM95\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [SpyBlocker] C:\Program Files\SpyBlocker Software\spyblocker.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip....pGameLoader.dll
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.shockwave...bGameLoader.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave...mjolauncher.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...0/Installer.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave...aploader_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

thanks:):whistling:

christine
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
  • 0

Advertisements


#2
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hello christine

Download and unzip BFUzip from http://www.merijn.org/files/bfu.zip
Run the program and click the Web button as shown here:
Posted Image

Use this URL to copy into the address bar of the Download script window:
http://metallica.geekstogo.com/MediaGateway.BFU

Make sure all IE windows are closed.

Execute the script by clicking the Execute button.

If you have any questions about the use of BFU please read here:
http://metallica.gee...structions.html

  • 0

#3
inkyspanky

inkyspanky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
wow youre so quick:) k i did that... do you see a lot of stuff wrong on my computer? should that thing have made it faster? well here is my log thing let me know whats up and if i should do anything else



Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\System32\imapi.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM95\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [SpyBlocker] C:\Program Files\SpyBlocker Software\spyblocker.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip....pGameLoader.dll
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.shockwave...bGameLoader.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave...mjolauncher.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...0/Installer.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave...aploader_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe



thanks so much
christine
  • 0

#4
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts

do you see a lot of stuff wrong on my computer?

Nope not a lot,

Lets run and Ewido scan, give the nachine a good cleaning and see if improves for you

Please download ewido anti-spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run ewido and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.[list]
  • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
[*]Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
[*]Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
[*]Under "Reports"
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"
Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
  • Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close ewido and reboot your system back into Normal Mode and post the results of the ewido report scan.

  • 0

#5
inkyspanky

inkyspanky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
hello.... her is the report thing:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:03:12 PM 8/6/2006

+ Scan result:



C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@com[2].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Enhance : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Popuptraffic : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Realcastmedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Tracking101 : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@webstat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@yadro[2].txt -> TrackingCookie.Yadro : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).


::Report end


then wehn i rebooted my computer i got this scary error message:

"something bad happened in the application. error diagnostic file saved to c:\program files\ewidoanti-spyware4.0\ewido.err"

er sumpin like that but it is a file type that i cannot open. alrite i dont know if you want a hjt file or not but ill hold off on that for today...let me know what to do next (things havent changed much its still a bit poky) thank you for your help


christine
  • 0

#6
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts

"something bad happened in the application. error diagnostic file saved to c:\program files\ewidoanti-spyware4.0\ewido.err"

Have seen this error a couple times over the last few days I need to look into it and see if there is a known cause for it,


Other then that nothing really showing in your log,

we can run an online scan and see if it shows us anything I m not sure that it will but wont hurt to have a look,

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
Have you addded any new hardware to the system recently ?

when was the last time you ran some basic maintenance on your system ?
  • 0

#7
inkyspanky

inkyspanky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
hi there sorry this took me so long... first to answer your questions, i have not added any software to my computer pretty much ever. i do not use my computer for very much mostly music (windows media player) and internet and aim. The only thing that i have added probably within the past year is that program for ipods to add my music to my moms ipod (but i thinki already removed the program).

maintenancewise i used to run adaware scan thing weekly but have been busy this summer. I recently started to try and do it frequently again, and just tonite i tried to download the new one i think it wokred and i did a scan and it found some different things that the old one was not...i used to use spybot search and destroy a lot but since i got adaware it never finds anything so i gave up on that.

k now about that panda thing. last summer you guys told me to try to do that scan and here is the problem, there is some setting or somthing that i cant figure out how to change in my internet options or something that doesnt allow me to click on certain buttons on webpages, the mouse icon doesnt turn into a finger or anything when it is suuposed to over certain buttons online i dont know i remember having a hard time explaining this last year haha but pretty much i cannt even begin to do the scan because i cannot click the "scan my pc" button. any other ideas>?

thanks for all your help
christine
  • 0

#8
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
For maintenance I meant like defragging your system, and such,

Lets have you try this online scan

TrendMicro™ HouseCall Java Scan
  • Please go HERE to run the Trend Micro™ HouseCall Scan.
  • Click Scan now. It's free!
  • Read and put a Check next to Yes I accept the terms of use.
  • Click the Launching HouseCall>> button.
  • Under Using Java-based HouseCall kernel click the Starting HouseCall>> button.
  • You may receive a Security Warning about the TrendMicro Java applet, click YES.
  • Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.
  • Please be patient while it installs, updates, and scans your system.
  • Once the scan is complete, it will take you to the summary page.
  • Under Cleanup options, choose clean all detected infections automatically.
  • Click the Clean now>> button.
  • If anything was found you may be prompted to run the scan again, you can just close the browser window.

  • 0

#9
inkyspanky

inkyspanky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
i havent defragmented it in a while that always scares me haha causei dont know what it means or what its doing but i will do it again soon...

k that scan thing i got as far as:

You may receive a Security Warning about the TrendMicro Java applet, click YES

but it doenst exactly say that it says:

if you want to continue you need to activate or install a java runtime environment unless it is already available. please pay attention to the note in the red box (isee no red box) click [ok] to confirm that you have completed this process

and my options are okay are cancel when i hit okay it brings me to a screen that says this may take a few seconds please wait and just sits there...and sits there...and i wait...haha and it doesnt do anything.

ha sorry im making this so difficult for you im doing my best:( what should i do differently? do i need to change something with java? err...

thanks
christine
  • 0

#10
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
No problem sorry about the delay :whistling:

Make sure your using Internet Explorer
Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

Advertisements


#11
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#12
inkyspanky

inkyspanky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
hi there im inkyspanky and i need my thingey reopened because i was moving into a new apartment and was without internet for two weeks and you colsed my account... i was speaking with don 77 the last thing he told me to do was: Kaspersky Online Scanner

i did all he said and this is what my text thing said: (it said i had like 4 problems i think)

KASPERSKY ONLINE SCANNER REPORT
Tuesday, September 05, 2006 12:15:28 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 5/09/2006
Kaspersky Anti-Virus database records: 220822


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 44911
Number of viruses found 2
Number of infected objects 4 / 0
Number of suspicious objects 0
Duration of the scan process 00:56:09

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_219.wmdb Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012006090420060905\index.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{274D2D5C-158F-43BE-B889-380873FAB6D1}\RP769\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\mscgdc.dll Infected: not-a-virus:AdWare.Win32.WebSearch.bb skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\tmp333.exe/data0002 Infected: not-a-virus:AdWare.Win32.CASClient.a skipped

C:\WINDOWS\tmp333.exe/data0003 Infected: not-a-virus:AdWare.Win32.CASClient.a skipped

C:\WINDOWS\tmp333.exe NSIS: infected - 2 skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


k hope you can reopen my discussion thing and help me some more you guys are great:)

thank you
christine
  • 0

#13
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
OK could you please open Ewido again please check it for updates and then close the program

reboot to safe mode and run a full scan with it please

when it has finsihed scanning your system right below the window showing what it has found please choose Quaratine as the action and click perform action,
Next click on save log save the log to your desk top and then reboot back to normal windows and post back the log from Ewido please
  • 0

#14
inkyspanky

inkyspanky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
thanks for reopening my discussion here is the log thing:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:08:00 PM 9/14/2006

+ Scan result:



C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Admarketplace : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@admarketplace[2].txt -> TrackingCookie.Admarketplace : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@com[1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@linkbuddies[2].txt -> TrackingCookie.Linkbuddies : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).


::Report end


thanks again:)

christine
  • 0

#15
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Did you used to have NOrton's on this sysytem ?
  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • You can click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad into this topic please,

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP