The virus was one that kept saying my computer was infected and I needed to buy Registry Defender. Also, IE windows kept opening up on their own with websites I didn't type in (nothing bad, just odd sites, well, odd to me, like the Jacksonville News, etc.)
I downloaded TFC by Old Timer and Malwarebytes' Anti-Malware, ran them both, saw they found some bad stuff, removed everything and rebooted my computer. Everything seemed to work fine, but I still get random IE windows opening (about 1 every 2-3 hours) and I get an error message (also about every 2-3 hours) saying something like "generic host process for win32 reporting" error.
I have enabled PC Doctor, ran a full scan, deleted some minor items, reran TFC and Malwarebytes', but I'm still getting the same popup windows and error report.
One last bit of info - I don't know if this is related in any way, but the fan in my CPU is running a lot in the past day or so. The box doesn't feel warm, but it sounds like it's about to explode! I turned my computer off for a little bit, but it still sounds like it is running hot, or at the least, working overtime!
Thanks for any help I get.
Everytime I ran TFC, it automatically rebooted my computer when it was finished. There weren't any logs. When I've ran Malwarebytes', there are logs. I've ran it several times since Sunday and here are the logs:
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Database version: 5359
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
12/19/2010 6:21:39 PM
mbam-log-2010-12-19 (18-21-39).txt
Scan type: Quick scan
Objects scanned: 139246
Time elapsed: 8 minute(s), 52 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0ED403E8-470A-4A8A-85A4-D7688CFE39A3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F02FABCB-92DD-475A-98AF-14217BD50746} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RapportMgmtService.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RapportService.exe (Security.Hijack) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\huojjdgg (Rogue.AntivirusSuite.Gen) -> Value: huojjdgg -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{21646710-A5E8-C4AA-2EA7-6BBB062D1011} (Trojan.ZbotR.Gen) -> Value: {21646710-A5E8-C4AA-2EA7-6BBB062D1011} -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\documents and settings\Owner\application data\Adobe\plugs\kb278916906.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\application data\Adobe\plugs\kb278969421.exe (Trojan.Agent) -> Quarantined and deleted successfully.
-------------------------------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Database version: 5360
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
12/20/2010 8:50:32 AM
mbam-log-2010-12-20 (08-50-32).txt
Scan type: Full scan (C:\|)
Objects scanned: 215377
Time elapsed: 1 hour(s), 31 minute(s), 24 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\documents and settings\all users\application data\iokmh06501\iokmh06501.exe (Rogue.SystemTool) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\Desktop\backup other computers\DELL PC\my documents\Desktop.exe (Joke.Stressreducer) -> Quarantined and deleted successfully.
-------------------------------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Database version: 5360
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
12/21/2010 1:04:23 AM
mbam-log-2010-12-21 (01-04-23).txt
Scan type: Full scan (C:\|)
Objects scanned: 203291
Time elapsed: 1 hour(s), 38 minute(s), 51 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)