[geodava]

Thanks for merging my topic .....
ok here is the latest after finishing the above steps:
--------

Logfile of HijackThis v1.99.1
Scan saved at 1:22:54 PM, on 8/19/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
C:\PROGRAM FILES\MICROSOFT HOME PUBLISHING\MHPRMIND.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\MSWORKS\CALENDAR\WKCALREM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = %START_PAGE_URL%
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.../7_1/home.html"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\0h9nhowi.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\0h9nhowi.slt\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [VsEcomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\vsecomr.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - Startup: Microsoft Greetings Reminders.lnk = C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
O4 - Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra button: Dell Home - {66742CE0-4F3F-11D3-A2FD-E07146C1C6A0} - http://www.dell.com/ (file missing) (HKCU)
O12 - Plugin for .swf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\NPSWF32.dll
O12 - Plugin for .com/ovftpdfs/IDNJHKPFHBBGAK00D/fs013/ovft/live/gv003/00022707/00022707-200207000-00006: C:\Program Files\Netscape\Communicator\Program\PLUGINS\nppdf32.dll
O12 - Plugin for .avi: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npavi32.dll
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {27EB254C-C724-43B1-8DD8-F3AC9ED761B2} - http://client2.tvton...6/TVTStage1.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.thinaboom...ts/tdserver.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab

[Advertisements]

Your log is clean again.

I notice that you have 2 antivirus programs running. That is never a good idea for they can often conflict with each other.

Try this for a day or so, please download, install and use the programs I recommended.

If you have any popups, please take note of exactly what they are to give me a better idea of what we are dealing with.

Trevuren

[Trevuren]

Your log is clean again.

I notice that you have 2 antivirus programs running. That is never a good idea for they can often conflict with each other.

Try this for a day or so, please download, install and use the programs I recommended.

If you have any popups, please take note of exactly what they are to give me a better idea of what we are dealing with.

Trevuren

[geodava]

Thanks, will do.

As far as my antivirus- I have a very outdated norton and a little while back I tried to uninstall it and install a MacaFee that my school was allowing me to download updated for free. My whole system collapsed and it took me a while to get everything back. I am willing to give it another try but I feel like I cannot uninstall norton completely- do you have any idea how to check to make sure it is completely gone?

(not that you haven't done enough already)

Thanks!!!!

-Dave

[geodava]

gont another popup (system "warning"):

it says "security warning" on the header then "warning: the authenticity of this content cannot be verified, therefore it cannot be trusted.

Problem listed below:

The root certificate has not been enabled as a trusted root

Do you want to install and run {hyperlink blegins}"PLEASE CLICK YES to Install our Free Browser Enhancements. This file has been {hyperlink ends} signed on 6/10/05 1:16 AM and distributed by {hyperlink blegins}"SC{hyperlink ends}

(yes, no and more info buttons on the bottom)
(picture of a big yellow exclamation mark and a computer and keys shaded in background next to the warning)

[Trevuren]

Nother log please.


Trevuren

[geodava]

Logfile of HijackThis v1.99.1
Scan saved at 8:47:18 PM, on 8/19/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
C:\PROGRAM FILES\MICROSOFT HOME PUBLISHING\MHPRMIND.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\MSWORKS\CALENDAR\WKCALREM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = %START_PAGE_URL%
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.../7_1/home.html"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\0h9nhowi.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\0h9nhowi.slt\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [VsEcomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\vsecomr.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - Startup: Microsoft Greetings Reminders.lnk = C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
O4 - Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra button: Dell Home - {66742CE0-4F3F-11D3-A2FD-E07146C1C6A0} - http://www.dell.com/ (file missing) (HKCU)
O12 - Plugin for .swf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\NPSWF32.dll
O12 - Plugin for .com/ovftpdfs/IDNJHKPFHBBGAK00D/fs013/ovft/live/gv003/00022707/00022707-200207000-00006: C:\Program Files\Netscape\Communicator\Program\PLUGINS\nppdf32.dll
O12 - Plugin for .avi: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npavi32.dll
O14 - IERESET.INF: START_PAGE_URL=
O15 - Trusted Zone: bumc.bu.edu
O15 - Trusted Zone: *.bu.edu
O15 - Trusted Zone: *.bmc.org
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {27EB254C-C724-43B1-8DD8-F3AC9ED761B2} - http://client2.tvton...6/TVTStage1.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.thinaboom...ts/tdserver.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab

[Trevuren]

Your log is clean. Mind you that doesn't always mean your system is clean.

I need you to download MWav to a convenient location.

This scan might take around 3+ hours to finish when set to scan everything.
I need you to run MWav by double-clicking on mwav.exe. This scan only produces a report, it doesn't clean your system. I will analyze the report and recommend a course of action depending on the results.

Put a check next to the below items before scanning:

• Memory
• Startup Folders
• Drive - All Local Drives
• Folder - then click "browse" to change the directory to C: (default is C:\Windows)
• Registry
• System Folders
• Services
• Include Sub-Directory
• Scan All Files

Please make sure ALL of these are checked, then press the Scan button. This typically will take hours to complete.

**NOTE*** Sometimes MWav will pause and it appears to be finished, but it isn't done. Just let it run until it says it's complete.

On the bottom portion of the window, you will see the lower panel where MWav is listing "infected items", please highlight everything in that lower panel and copy them by holding CTRL + C then paste it here. The whole log will be extremely BIG so there is no way to post the log. I just need the infected items list.

Regards,

Trevuren

[geodava]

hi,

the scan was taking over 6 hours to finish and I had to leave for the weekend so I let it run while I was gone ... when I got back my computer screen was blank and I couldn't do anything with it so I restarted.

The scan did save the overall log- but I do not know if it is practical to go through it and cut and paste the virus files because I do not think they are all in one place on the log.

Please advise- is it worth it to do the scan again?

thanks.

[Trevuren]

Please run this one first and we will see what it turns up, if anything.


Please do an online scan with Kaspersky WebScanner

Next Click on Launch Kaspersky Anti-Virus Web Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Standard
  
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information into your next post.

Regards

Trevuren

[geodava]

Here is the log ... guess I am infected quite a bit. FYI I tried once again to install Mcafee and it keeps crashing my system every time I tried to restart the computer after the installation .... can't figure out what to do if I can't get rid of the viruses without a program ... anyway- here is my log - sorry for the delay:

--------
Infected Object Name - Virus Name
c:\WINDOWS\SYSTEM\Loader.dll Infected: Trojan-Downloader.Win32.Agent.li
c:\WINDOWS\SYSTEM\AUNPS2.dll Infected: Trojan-Clicker.Win32.Small.ez
c:\WINDOWS\TEMP\b.com Infected: Trojan-Dropper.Win32.Agent.pb
c:\WINDOWS\TEMP\cfgC390.TMPcfgmgr52\bbi2.exe Infected: Trojan-Downloader.Win32.Adload.a
c:\WINDOWS\TEMP\ICD2.tmp\installer_MARKETING11.exe Infected: Trojan-Downloader.Win32.Adload.a
c:\WINDOWS\Application Data\Identities\{EAEF6300-4F3E-11D3-A2FD-9210EBB9F13C}\Microsoft\Outlook Express\Journal.dbx/[From "<Unknown>"][Date Sat, 27 Oct 2001 10:49:55 -0500]/UMINN_~1.DOC Infected: Virus.MSWord.Marker.o
c:\WINDOWS\Application Data\Identities\{EAEF6300-4F3E-11D3-A2FD-9210EBB9F13C}\Microsoft\Outlook Express\Journal.dbx Infected: Virus.MSWord.Marker.o
c:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BlazeFindBridge1.zip/a.exe Suspicious: Password-protected-EXE
c:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BlazeFindBridge1.zip Suspicious: Password-protected-EXE
c:\WINDOWS\Temporary Internet Files\Content.IE5\C9U7OXU7\AppWrap[1].exe Infected: Trojan-Dropper.Win32.Agent.pb
c:\WINDOWS\Temporary Internet Files\Content.IE5\CT6FG9AV\yyy105[1].htm Infected: Trojan-Clicker.JS.Linker.n
c:\WINDOWS\Downloaded Program Files\CONFLICT.1\varieactive.exe Infected: Trojan.Win32.Dialer.e
c:\WINDOWS\Downloaded Program Files\CONFLICT.1\604485.exe Infected: Trojan.Win32.Dialer.q
c:\WINDOWS\Downloaded Program Files\CONFLICT.1\507321.exe Infected: Trojan.Win32.Dialer.ki
c:\WINDOWS\Downloaded Program Files\CONFLICT.1\rdgUS165.exe Infected: Trojan.Win32.Dialer.ht
c:\WINDOWS\Downloaded Program Files\CONFLICT.1\installer_MARKETING11.exe Infected: Trojan-Downloader.Win32.Adload.a
c:\WINDOWS\Downloaded Program Files\CONFLICT.2\604485.exe Infected: Trojan.Win32.Dialer.q
c:\WINDOWS\Downloaded Program Files\wzsex10x.exe Infected: Trojan.Win32.Dialer.a
c:\WINDOWS\Downloaded Program Files\CONFLICT.7\604485.exe Infected: Trojan.Win32.Dialer.q
c:\WINDOWS\Downloaded Program Files\rdgUS217.exe Infected: Trojan.Win32.Dialer.ay
c:\WINDOWS\Downloaded Program Files\varieactive.exe Infected: Trojan.Win32.Dialer.e
c:\WINDOWS\Downloaded Program Files\507321.exe Infected: Trojan.Win32.Dialer.ki
c:\WINDOWS\Downloaded Program Files\CONFLICT.3\604485.exe Infected: Trojan.Win32.Dialer.q
c:\WINDOWS\Downloaded Program Files\wzdesk6x.exe Infected: Trojan.Win32.Dialer.a
c:\WINDOWS\Downloaded Program Files\CONFLICT.4\604485.exe Infected: Trojan.Win32.Dialer.q
c:\WINDOWS\Downloaded Program Files\CONFLICT.5\604485.exe Infected: Trojan.Win32.Dialer.q
c:\WINDOWS\Downloaded Program Files\CONFLICT.6\604485.exe Infected: Trojan.Win32.Dialer.q
c:\WINDOWS\Downloaded Program Files\604485.exe Infected: Trojan.Win32.Dialer.q
c:\WINDOWS\Downloaded Program Files\rdgUS165.exe Infected: Trojan.Win32.Dialer.ay
c:\WINDOWS\Downloaded Program Files\installer_MARKETING11.exe Infected: Trojan-Downloader.Win32.Adload.a
c:\WINDOWS\mm21.ocx Infected: Trojan-Downloader.Win32.VB.ez
c:\WINDOWS\e2g25.exe Infected: Trojan-Downloader.Win32.Small.adu
c:\Program Files\Norton AntiVirus\Quarantine\494360FB.htm Infected: Exploit.HTML.Mht
c:\Program Files\Norton AntiVirus\Quarantine\51F3116C.htm Infected: Exploit.HTML.Mht
c:\Program Files\Norton AntiVirus\Quarantine\34981805.htm Infected: Exploit.HTML.Mht
c:\Program Files\Norton AntiVirus\Quarantine\1C956C26.chm/main.htm Infected: Trojan-Downloader.JS.Miner
c:\Program Files\Norton AntiVirus\Quarantine\1C956C26.chm Infected: Trojan-Downloader.JS.Miner
c:\Program Files\Norton AntiVirus\Quarantine\16B565B3.htm Infected: Exploit.HTML.Mht
c:\Program Files\Norton AntiVirus\Quarantine\41A76A64.exe Infected: Trojan-Downloader.Win32.Small.eg
c:\Program Files\Norton AntiVirus\Quarantine\29876E15.chm/main.htm Infected: Trojan-Downloader.JS.Miner
c:\Program Files\Norton AntiVirus\Quarantine\29876E15.chm Infected: Trojan-Downloader.JS.Miner
c:\Program Files\Norton AntiVirus\Quarantine\71E56871.htm Infected: Exploit.HTML.Mht
c:\Program Files\Norton AntiVirus\Quarantine\0894344D.HTM Suspicious: Exploit.HTML.DialogArg
c:\Program Files\Norton AntiVirus\Quarantine\4B3E4765.htm Infected: Trojan-Downloader.JS.Small.d
c:\Program Files\Norton AntiVirus\Quarantine\29DC4CCB.htm Infected: Exploit.HTML.Mht
c:\Program Files\Norton AntiVirus\Quarantine\604A27AF.htm Infected: Exploit.HTML.Mht
c:\Program Files\Norton AntiVirus\Quarantine\0B262F93.htm Infected: Exploit.HTML.Mht
c:\Program Files\Norton AntiVirus\Quarantine\0B67774B.htm Infected: Exploit.HTML.Mht
c:\Program Files\Norton AntiVirus\Quarantine\157A68CA.class Infected: Exploit.Java.Bytverify
c:\shopinst.exe Infected: Trojan-Downloader.Win32.Small.apm
c:\!Submit\gx9fzj83m9.exe Infected: Trojan-Downloader.Win32.Small.sg
c:\!Submit\sskb5.exe Infected: Trojan-Dropper.Win32.SurfSide.a
c:\!Submit\eliteerror32.dat Infected: Trojan.Win32.StartPage.nk
c:\!Submit\supdate.dll Infected: Trojan-Downloader.Win32.Qoologic.p
c:\!Submit\AUNPS2.dll Infected: Trojan-Clicker.Win32.Small.ez

[Trevuren]

OK, we have very little choice.


1. In the mean time, download, install, update and run :

.

Please download the 30-day free trial of Kaspersky anti virus

. Install the program
. Run the definition update module.
. Scan your whole system and let the program remove anything it wants.
. When finished, REBOOT your system

2. You must UNINSTALL Norton Antivirus. I know it won't uninstall properly. You will have to follow all the instructions provided by Symantec on your system from their website. By that I mean, your version of Norton on your system. The instructions are specific.

3. This is very time consuming but you should be cleaned by Kaspersky.

4. Send me a new log please, when completed


Trevuren

[geodava]

I am unable to download the trial- the links they sent are all invalid- one of them is actually just an aol link. Do you have any other ideas?

Thanks

[Trevuren]

1. Download the following Zip file and run the program. CWSSearch.SmartKiller Removal Tool

2. Follow all instructions.

3. Then try the Kaspersky link.

Trevuren

[geodava]

it just says "coolwebsearch" was not found on your system.

Also- the kapersky link still doesn't work- although the link was different this time.

[geodava]

...actually I got the link to work- I just went one directory higher and found it- it was a typo. Will post details soon.

Thanks