[SakiKitty]

Alright, just like Valk01 all of my icons disappeared and i have a thing next to my clock that says VIRUS ALERT. Thing is i did a system restore to my computer to about a week ago and its gone... but its still bugging me. Something has been up with my computer lately to where its been slowing down and random things have been downloaded. I havent downloaded anything and its just doing it itself.
Also i downloaded Kaspersky Internet Security a while back but then my key was blacklisted so i uninstalled it... but on my Windows Security it says its still in effect. I dont know how to kick it out.
Please help me!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:32:07 AM, on 6/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VentSrv\ventrilo_svc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\VentSrv\ventrilo_srv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.zpecialof...om/indexie.html
R3 - URLSearchHook: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Reactivator Class - {6C31790D-1EDF-4b05-83DC-925B3A8E2318} - C:\Program Files\FreeShield Toolbar\elertz.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Free Shield Toolbar - {0C6DD65A-F36B-4ac8-89EB-6175AEE6BB8C} - C:\Program Files\FreeShield Toolbar\elertz.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {A1D886C6-4039-4451-97A9-515F5BE5D4C2} (mkdplusCtrl Class) - http://ahnlabdownloa...cab/mkdplus.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by130fd.bay13...ex/HMAtchmt.ocx
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 5687 bytes

Sorry for double posting but i also did a Malwarebytes' Anti-Malware scan. This is what i got which should explain alot. I removed them because it told me to but i dont know what else to do.

Malwarebytes' Anti-Malware 1.17
Database version: 851

2:02:12 AM 6/28/2008
mbam-log-6-28-2008 (02-02-02).txt

Scan type: Full Scan (C:\|)
Objects scanned: 101377
Time elapsed: 16 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{FF2F2071-FA9A-4418-B833-F9E85D88AAA1}\RP34\A0008602.dll (Trojan.FalkeAlert) -> No action taken.
C:\System Volume Information\_restore{FF2F2071-FA9A-4418-B833-F9E85D88AAA1}\RP34\A0008604.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Saki.1DCGCC1\Favorites\Error Cleaner.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Saki.1DCGCC1\Favorites\Privacy Protector.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Saki.1DCGCC1\Favorites\Spyware&Malware Protection.url (Rogue.Link) -> No action taken.

pls help >.<


Reason for Edit: Merged posts.

Please don't post more than once or bump the topic as Helpers usually first look for threads with no replies.

Edited by Octagonal, 30 June 2008 - 04:02 AM.

[Advertisements]

Hi there SakiKitty let me see if I can work a bit of magic

Firstly we will get you an antivirus. Initially I will give you Avast as I know my way around it, if you do not like it we can change it later

First you have to download an antivirus. This program is basic for the security of your computer and in todays age not having one will probably lead to disaster for your computer.

Please go HERE and download avast! 4 Home Edition to your desktop. Locate the file that you just downloaded, double-click on the file to launch the installation of avast!

Click Next on the avast! Setup window and on the next window with the ReadMe File.
Now you will see the Legal Agreement, just click I agree, and then click Next to continue.

You will be prompted with Configuration window, make sure that you choose Typical configuration and then click Next. Click Next to the windows that will follow, when the installation will finish, you will be given an option to schedule a boot time scan, select No

Now you have to restart your machine, select Restart and then click Finish.

After you restart you will get a message about avast! it will give you the general "Hello and Thank you for choosing our Product." Also after you restart you will notice 2 new icons in the bottom right corner of the screen.

VERY IMPORTANT - after restarting, right click on the a in the taskbar and select Updating, then highlight and click Program.

You will get popup after its done updating. If avast! had to download anything for your computer you may get a message asking you to restart.

After you have updated avast! right click the small icon a in task bar and click Start Avast! AntiVirus

Click Program Registration and you will be taken to their website. Fill out the form and then check you e-mail. Once you get an e-mail from them (usually about 1 minute after submitting the form) copy and paste the serial they provided into the highlighted box. Then click ok.

After this, you will need to Schedule Boot-Time Scan with avast! Click on the little button placed up in the left corner, and select Schedule Boot-Time Scan. Read also this tutorial HERE it may make it easier to you to follow the steps.

Next, choose

• Scan all local disks
• scan archive files
• click on Schedule

On the next dialog Operating system restart needed select Yes
Now avast! will restart your computer and start to scan before Windows fully loads.

IMPORTANT NOTE since your system has infections on it, avast! will give you dialog box with recommended actions, and options, please make sure if this happens, to click the Move to Chest button, and not to delete any reported files.

The boot log will be located here C:\Program Files\Alwil Software\Avast4\DATA\report\AswBoot.txt


HAVING DONE THAT

We will see what is what

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Logs required : ASWBoot.txt and Both DSS logs

[Essexboy]

Hi there SakiKitty let me see if I can work a bit of magic

Firstly we will get you an antivirus. Initially I will give you Avast as I know my way around it, if you do not like it we can change it later

First you have to download an antivirus. This program is basic for the security of your computer and in todays age not having one will probably lead to disaster for your computer.

Please go HERE and download avast! 4 Home Edition to your desktop. Locate the file that you just downloaded, double-click on the file to launch the installation of avast!

Click Next on the avast! Setup window and on the next window with the ReadMe File.
Now you will see the Legal Agreement, just click I agree, and then click Next to continue.

You will be prompted with Configuration window, make sure that you choose Typical configuration and then click Next. Click Next to the windows that will follow, when the installation will finish, you will be given an option to schedule a boot time scan, select No

Now you have to restart your machine, select Restart and then click Finish.

After you restart you will get a message about avast! it will give you the general "Hello and Thank you for choosing our Product." Also after you restart you will notice 2 new icons in the bottom right corner of the screen.

VERY IMPORTANT - after restarting, right click on the a in the taskbar and select Updating, then highlight and click Program.

You will get popup after its done updating. If avast! had to download anything for your computer you may get a message asking you to restart.

After you have updated avast! right click the small icon a in task bar and click Start Avast! AntiVirus

Click Program Registration and you will be taken to their website. Fill out the form and then check you e-mail. Once you get an e-mail from them (usually about 1 minute after submitting the form) copy and paste the serial they provided into the highlighted box. Then click ok.

After this, you will need to Schedule Boot-Time Scan with avast! Click on the little button placed up in the left corner, and select Schedule Boot-Time Scan. Read also this tutorial HERE it may make it easier to you to follow the steps.

Next, choose

• Scan all local disks
• scan archive files
• click on Schedule

On the next dialog Operating system restart needed select Yes
Now avast! will restart your computer and start to scan before Windows fully loads.

IMPORTANT NOTE since your system has infections on it, avast! will give you dialog box with recommended actions, and options, please make sure if this happens, to click the Move to Chest button, and not to delete any reported files.

The boot log will be located here C:\Program Files\Alwil Software\Avast4\DATA\report\AswBoot.txt


HAVING DONE THAT

We will see what is what

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Logs required : ASWBoot.txt and Both DSS logs

[SakiKitty]

Sorry D: i deleted before you said not to... i hope it doesnt effect it much

06/29/2008 22:50
Scan of all local drives

File C:\System Volume Information\_restore{FF2F2071-FA9A-4418-B833-F9E85D88AAA1}\RP34\A0008600.dll is infected by Win32:Vapsup-EB [Adw], Deleted
Number of searched folders: 6587
Number of tested files: 57815
Number of infected files: 1

----------------------------------------

Deckard's System Scanner v20071014.68
Run by Saki on 2008-06-29 23:41:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Saki.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:42:08 PM, on 6/29/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VentSrv\ventrilo_svc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\VentSrv\ventrilo_srv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Saki.1DCGCC1\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Saki.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.zpecialof...om/indexie.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Reactivator Class - {6C31790D-1EDF-4b05-83DC-925B3A8E2318} - C:\Program Files\FreeShield Toolbar\elertz.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Free Shield Toolbar - {0C6DD65A-F36B-4ac8-89EB-6175AEE6BB8C} - C:\Program Files\FreeShield Toolbar\elertz.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {A1D886C6-4039-4451-97A9-515F5BE5D4C2} (mkdplusCtrl Class) - http://ahnlabdownloa...cab/mkdplus.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by130fd.bay13...ex/HMAtchmt.ocx
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7333 bytes

-- Files created between 2008-05-29 and 2008-06-29 -----------------------------

2008-06-29 23:35:42 0 dr-h----- C:\Documents and Settings\Saki.1DCGCC1\Recent
2008-06-29 22:49:14 0 d-------- C:\Program Files\Alwil Software
2008-06-29 16:37:58 0 d-------- C:\Program Files\Windows Live Toolbar
2008-06-29 16:37:57 0 d-------- C:\Program Files\Windows Live Favorites
2008-06-29 01:17:30 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2008-06-29 01:06:31 0 d-------- C:\Program Files\Amazon
2008-06-28 01:31:55 0 d-------- C:\Program Files\Trend Micro
2008-06-27 23:21:19 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ADSL Software Ltd
2008-06-27 23:09:45 0 d-------- C:\Documents and Settings\Saki.1DCGCC1\Application Data\zweitgeist
2008-06-27 22:35:41 0 d-------- C:\ckis
2008-06-27 22:09:30 96966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-27 22:09:30 88774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-27 22:09:01 38688 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-27 22:09:01 4200480 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-27 22:09:01 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-06-23 23:39:49 6553600 --a------ C:\Documents and Settings\Saki.1DCGCC1\ntuser.dat
2008-06-16 11:21:55 0 d-------- C:\Program Files\MP3 WAV Converter
2008-06-13 15:47:55 0 d-------- C:\Program Files\VentSrv
2008-06-12 03:34:03 0 d-------- C:\Program Files\Microsoft Silverlight
2008-06-12 03:33:05 0 d-------- C:\WINDOWS\system32\URTTEMP
2008-06-12 03:24:32 0 d-------- C:\WINDOWS\Prefetch
2008-06-12 03:20:32 0 d-------- C:\Program Files\Messenger
2008-06-12 03:20:23 0 d-------- C:\WINDOWS\system32\scripting
2008-06-12 03:20:23 0 d-------- C:\WINDOWS\system32\en
2008-06-12 03:20:23 0 d-------- C:\WINDOWS\l2schemas
2008-06-12 03:20:22 0 d-------- C:\WINDOWS\system32\bits
2008-06-12 03:19:13 0 d-------- C:\WINDOWS\ServicePackFiles
2008-06-12 03:14:38 0 d-------- C:\WINDOWS\EHome
2008-06-12 00:47:20 0 d-------- C:\Documents and Settings\Saki.1DCGCC1\Application Data\Amazon
2008-06-01 02:37:57 0 d-------- C:\Program Files\Veoh Networks


-- Find3M Report ---------------------------------------------------------------

2008-06-29 23:21:19 0 d-------- C:\Program Files\dl_Cats
2008-06-29 03:25:09 0 d-------- C:\Program Files\Windows Live
2008-06-29 01:06:48 0 d-------- C:\Documents and Settings\Saki.1DCGCC1\Application Data\Azureus
2008-06-29 01:06:47 0 d-------- C:\Program Files\Azureus
2008-06-28 01:34:48 0 d-------- C:\Program Files\Yahoo!
2008-06-28 01:18:07 0 d-------- C:\Documents and Settings\Saki.1DCGCC1\Application Data\Mozilla
2008-06-13 16:12:24 0 d-------- C:\Documents and Settings\Saki.1DCGCC1\Application Data\Ventrilo
2008-06-13 15:47:42 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-12 23:46:08 3500 --a----c- C:\WINDOWS\mozver.dat
2008-06-12 20:55:33 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-12 03:20:22 0 d-------- C:\Program Files\Movie Maker
2008-06-12 03:19:03 0 d-------- C:\Program Files\Windows NT
2008-06-03 00:31:28 0 d-------- C:\Program Files\Lavasoft
2008-06-01 02:39:07 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-25 23:38:31 0 d-------- C:\Documents and Settings\Saki.1DCGCC1\Application Data\Nexon
2008-05-25 23:37:13 0 d-------- C:\Program Files\Common Files
2008-05-25 23:37:13 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-05-21 04:33:49 0 d-------- C:\Program Files\CCleaner
2008-05-19 16:37:33 0 dr-h----- C:\Documents and Settings\Saki.1DCGCC1\Application Data\yahoo!
2008-05-19 15:21:08 0 d-------- C:\Program Files\MSN Messenger
2008-05-17 21:51:47 0 d-------- C:\Program Files\AIM6
2008-05-17 21:47:45 0 d-------- C:\Documents and Settings\Saki.1DCGCC1\Application Data\acccore
2008-05-17 21:46:35 0 d-------- C:\Program Files\Viewpoint
2008-05-17 21:45:58 0 d-------- C:\Program Files\Common Files\AOL
2008-05-13 21:27:41 0 d-------- C:\Documents and Settings\Saki.1DCGCC1\Application Data\Malwarebytes
2008-05-13 20:07:04 0 d-------- C:\Program Files\Java
2008-05-03 15:33:03 0 d-------- C:\Program Files\Messenger Plus! Live
2008-05-03 02:34:42 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-02 02:38:13 0 d-------- C:\Documents and Settings\Saki.1DCGCC1\Application Data\Windows Live Writer
2008-05-02 02:29:09 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-30 11:04:49 0 d-------- C:\Documents and Settings\Saki.1DCGCC1\Application Data\LimeWire
2008-04-29 06:05:36 0 d-------- C:\Documents and Settings\Saki.1DCGCC1\Application Data\NCH Swift Sound
2008-04-29 05:59:44 0 d-------- C:\Documents and Settings\Saki.1DCGCC1\Application Data\StanaPhone
2008-04-17 16:22:18 208896 --a------ C:\WINDOWS\system32\ConTest.dll <Not Verified; Ascentive; ConnectionTester>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [08/23/2006 02:12 PM]
"DLCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [09/08/2005 11:55 AM]
"nwiz"="nwiz.exe" [08/23/2006 02:12 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [08/23/2006 02:12 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/2008 04:19 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 05:12 PM]
"Aim6"="" []
"@"="" []
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 05:43 PM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=1 (0x1)
"NoRecentDocsMenu"=1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"SigmatelSysTrayApp"=stsystra.exe
"DLCFCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-06-29 23:44:12 ------------

And i didnt get an Extra =/

Edited by SakiKitty, 30 June 2008 - 09:49 PM.

[Essexboy]

Hi Saki that does not look to bad. I will remove the remnants of Kaspersky, you had a cracked version

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R3 - URLSearchHook: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

THEN

Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it.
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  C:\WINDOWS\system32\drivers\klin.dat
  C:\WINDOWS\system32\drivers\klick.dat
  C:\WINDOWS\system32\drivers\fidbox2.dat
  C:\WINDOWS\system32\drivers\fidbox.dat
  C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
  C:\ckis
  C:\Program Files\Kaspersky Lab
  HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-\\AVP
  Purity

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the yellow bar) and choose Paste.
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

FINALY FOR NOW

I see you have MBAM so make sure it is updated

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Logs required : OTMoveit and MBAM plus any more problems

[SakiKitty]

Just so you know, your my knight in shinning armor D; <3
------------------------------------------------------------------------------
C:\WINDOWS\system32\drivers\klin.dat moved successfully.
C:\WINDOWS\system32\drivers\klick.dat moved successfully.
C:\WINDOWS\system32\drivers\fidbox2.dat moved successfully.
C:\WINDOWS\system32\drivers\fidbox.dat moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP7\Report moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP7\PdmHist\dc8.778601C601C8D9BE.history moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP7\PdmHist\d54.F9C99D1401C8D9BE.history moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP7\PdmHist\c34.F995295801C8D9BE.history moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP7\PdmHist\c34.F992C6FE01C8D9BE.history moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP7\PdmHist\9cc.FE066B0A01C8D9BE.history moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP7\PdmHist moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP7\Dskm moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\index\6 moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\index moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\bases\upd moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\bases\rt moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\bases\pdm moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\bases\pcdb moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\bases\info moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\bases\ids\i386 moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\bases\ids moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\bases\blst moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\bases\av\klava\wa\i386 moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\bases\av\klava\wa moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\bases\av\klava\emu\i386 moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\bases\av\klava\emu moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\bases\av\klava moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\bases\av\avc\i386_u moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\bases\av\avc\i386 moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\bases\av\avc moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\bases\av moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\bases\aspy moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\bases\as\pas moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\bases\as moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\bases moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321 moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6 moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP7\Data\Updater moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP7\Data\en moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP7\Data moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP7\Bases\Stat moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP7\Bases moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP7\Backup moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP7 moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab moved successfully.
C:\ckis moved successfully.
File/Folder C:\Program Files\Kaspersky Lab not found.
< HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-\\AVP >
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-\\AVP deleted successfully.
< Purity >

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 06302008_162238

[Essexboy]

Could I have the Malwarebytes log now please and how is your computer ?

[SakiKitty]

Malwarebytes' Anti-Malware 1.19
Database version: 912
Windows 5.1.2600 Service Pack 3

4:34:13 PM 6/30/2008
mbam-log-6-30-2008 (16-34-13).txt

Scan type: Quick Scan
Objects scanned: 53270
Time elapsed: 3 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users.WINDOWS\Application Data\ADSL Software Ltd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\ADSL Software Ltd\WinSpywareProtect (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\All Users.WINDOWS\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080628002300796.log (Rogue.Multiple) -> Quarantined and deleted successfully.

Edited by SakiKitty, 01 July 2008 - 02:34 PM.

[SakiKitty]

You know, its odd.
When i first scanned my computer with it and those same 3 files came up, it said "no action taken" and i did nothing different then this time, and now it sayd they have been quarantined and deleted successfully.

Over all tho, my computer seems to be doing better.

[Essexboy]

Aye they are the remnants of a new rogue called malwarrior or something like that

But looking at the reports - what can I say my dear but ..... Do not download cracks as they cause so much grief

Now the best part of the day ----- Your log now appears clean

Double click OTMoveIt2 once again and you should see a CleanUp! button, press that button, you may get prompted by your firewall that OTMoveIt2 wants to contact the internet, allow this, a cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself

Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done

Now that you are clean, to help protect your computer in the future I recommend that you get the following free program:

• SpywareBlaster to help prevent spyware from installing in the first place.
• SuperAntispyware Run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

• Microsoft Windows Update

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?


Keep safe

[SakiKitty]

Thanks alot You always save the day for me.
Another odd thing is, my internet is being screwing like it did last time. Everytime i restart my computer the internet goes out and its been taking a while for it to start up. I think its my company but i dont know. What do you think?

[Essexboy]

Hi again What is the exact problem you are experiencing

Are you on DSL or Dialup
Do you go through a router

[SakiKitty]

I have cable internet threw Charter.

Its like, i log on my computer and nothing will start up. Not my MSN or YIM or Even a webpage.
I need to wait for like 10minutes before i can start anything up, and even that will still go in and out of signal (you could say)
Also, at 1am my net seems to completely go out for like 3 hours. I have no idea why.

Also, with this antivirus you gave me. You said if a virus has been detected (which 6 have been) i should put them in the chest and thats all... why? why not delete? cuz everytime i do the scan, they are still there so putting them in the chest doesnt do much.

Edited by SakiKitty, 03 July 2008 - 01:36 PM.

[Essexboy]

What viruses is Avast detecting and what is there location ? And yes delete they were only required to be put in the chest for the initial bootscan run

Download OTScanit to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

• Close ALL OTHER PROGRAMS.
• Open the OTScanit folder and double-click on OTScanit.exe to start the program.
• Check the box that says Scan All User Accounts
• Check the Radio buttons for Files/Folders Created Within 90 Days and Files/Folders Modified Within 90 Days
• Under Additional Scans check the following:
  • File - Additional Folder Scans
  • File - Purity Scan
• Now click the Run Scan button on the toolbar.
• Let it run unhindered until it finishes.
• When the scan is complete Notepad will open with the report file loaded in it.
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please attach the log in your next post.

To attach a file, do the following:

• Click Add Reply
• Under the reply panel is the Attachments Panel
• Browse for the attachment file you want to upload, then click the green Upload button
• Once it has uploaded, click the Manage Current Attachments drop down box
• Click on to insert the attachment into your post

[SakiKitty]

 OTScanIt.Txt   183.85KB   151 downloads

[Essexboy]

Curious as nothing showed up there, are the Avast alerts from webshield ?