Tom's Guide | Tom's Hardware | Tom's Games | PC Safety Suite
 |
 |
 |
Comment:
Ok i need help. The other day my pc started acting really slow, taking 5 mins to load IE (which never happens), so i know i have a virus. My virus scanner didnt pick it up but Kapersky and Trend-Micro's House Call did. The problem is i know exactly where the virus is BUT I CANT GET RID OF IT!!! its located in the C:\_RESTORE\TEMP files and i've tried cleaning them and deleting them, with NO success. I dont know what else to do! please help!
Here is a copy of what Kapersky found.
Thursday, April 19, 2007 4:05:02 PM
Operating System: Microsoft Windows Millennium Edition
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 19/04/2007
Kaspersky Anti-Virus database records: 281762
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
a:\
c:\
m:\
Scan Statistics
Total number of scanned objects 36355
Number of viruses found 1
Number of infected objects 63 / 0
Number of suspicious objects 0
Duration of the scan process 00:55:54Infected Object Name Virus Name Last Action
c:\WINDOWS\TEMP\ZLT0257c.TMP Object is locked skipped
c:\WINDOWS\TEMP\~DF3425.TMP Object is locked skipped
c:\WINDOWS\Cookies\index.dat Object is locked skipped
c:\WINDOWS\SYSTEM\CatRoot\SYSMAST.cbk Object is locked skipped
c:\WINDOWS\SYSTEM\CatRoot\SYSMAST.cbd Object is locked skipped
c:\WINDOWS\SYSTEM\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATMAST.cbk Object is locked skipped
c:\WINDOWS\SYSTEM\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATMAST.cbd Object is locked skipped
c:\WINDOWS\WIN386.SWP Object is locked skipped
c:\WINDOWS\SchedLog.Txt Object is locked skipped
c:\WINDOWS\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
c:\WINDOWS\Application Data\Verizon\VSP\client_gateway.log Object is locked skipped
c:\WINDOWS\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
c:\WINDOWS\History\History.IE5\index.dat Object is locked skipped
c:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
c:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
c:\WINDOWS\Internet Logs\HPPAV.ldb Object is locked skipped
c:\_RESTORE\TEMP\A0003648.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0003649.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0003650.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0003916.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0003919.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0003920.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0003989.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0003990.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0003991.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0004033.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0004034.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0004035.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0004067.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0004068.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0004069.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0004157.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0004160.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0004161.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0004206.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0004209.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0004210.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0004329.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0004330.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0004333.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0004388.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0004488.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0004489.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0004490.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0005488.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0005489.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0005492.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0005914.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0005915.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0005916.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0006913.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0006914.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0006916.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0006946.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0006947.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0006948.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0007947.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0007948.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0007949.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0007960.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0007963.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0007964.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0007973.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0007974.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0007975.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0008057.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0008058.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0008059.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0008073.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0008074.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0008075.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0008340.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0008341.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0008342.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0008365.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0008366.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0008367.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0008368.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0008369.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\LOGS\vxdsfp.log Object is locked skipped
c:\_RESTORE\LOGS\vxdalt1.log Object is locked skipped
c:\Program Files\Verizon\SmartBridge\SmartBridge.log Object is locked skipped
c:\Program Files\Verizon\SmartBridge\AlertFilter.log Object is locked skipped
c:\Program Files\Verizon\SmartBridge\log\httpclient.log Object is locked skipped
c:\Program Files\Webshots\Collections\Webshots Scenic Sampler.wbc Object is locked skipped
c:\Program Files\Webshots\Collections\Flowers & Gardens - Roses.wbc Object is locked skipped
c:\Program Files\Webshots\Collections\Community - SEPTA 4.wbc Object is locked skipped
c:\Program Files\Webshots\Collections\Specialty - Bible Verses.wbc Object is locked skipped
c:\Program Files\Webshots\Collections\Nature Scenes - Oceans.wbc Object is locked skipped
c:\Program Files\Webshots\Collections\Skylines - Philly Skyline.wbc Object is locked skipped
c:\Program Files\Webshots\Collections\People - Pics.wbc Object is locked skipped
Scan process completed.Thank you!
+1 |   |
Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe modeDownload and install AVG Anti-Spyware We will need this later in safe mode
Be sure to update AVG Anti- Spyware
Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.
Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
In Safe Mode, run AVG Anti-spyware and click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
Post the AVG log.
If you still have problems lease post a Hijack This log so that the files associated with the virus/spyware/hijacker can be identified.
Please download HJTsetup.exe from this link http://www.thespykiller.co.uk/files/HJTsetup.exe to your desktop.
Doubleclick on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click "next" in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue.
Put a check by "Create a desktop icon" then click "Next" again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click "Finish" and it will launch Hijack This.
Click on the "Do a system scan and save a logfile" button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log and post it in this thread.Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.
+1 | |
ok, i downloaded ATF, but when i went to setup AVG it saidit couldnt set up because i needed windows 2000 at least (i have ME) should i continue with the steps but omit that part?
+1 | |
ok i ran ATF in safe mode but AVG still told me that i needed windows 2000 to run setup, so instead i ran hijackthis. Here is the log from that:
Logfile of HijackThis v1.99.1
Scan saved at 5:57:29 PM, on 4/22/2007
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\SYSTEM\RESTORE\STMGR.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\WINDOWS\NOTEPAD.exe
C:\MY DOCUMENTS\HIJACKTHIS.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/b...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://verizon.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cus...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.hedge.org:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.googe.com, www.youtube.com, http://images.google.com, http://answers.yahoo.com;;localhost...
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YT.DLL
O1 - Hosts: 207.68.176.250 auto.search.msn.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YT.DLL
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\PROGRAM FILES\YAHOO!\BROWSER\YSIDEBARIEBHO.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YT.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZON\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\YAHOO!\BROWSER\ybrwicon.exe
O4 - HKLM\..\Run: [VetAlert] C:\PROGRA~1\YAHOO!\ANTIVI~1\VETMSG.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\YAHOO!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Keyboard Manager] c:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\RunServices: [CAISafe] C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\SONY\SONICS~1\SSAAD.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_11\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_11\BIN\SSV.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {869F3BBC-A812-4D13-A93B-7B3FC816DCD5} (McAfee.com Updater) - http://download.mcafee.com/molbin/c...
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/...
O16 - DPF: {84B7AC1D-9AD1-474F-B6B0-FE1641DBFDFA} (ScanFile.FileScan) - http://www.contentpurity.com/xp/Sca...
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/At...
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/pa...
+1 | |
Run Hijack This, close all windows and browser except Hijack this, place a check to the left of the following items and press "fix checked":
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cus...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...
O1 - Hosts: 207.68.176.250 auto.search.msn.com
Run this free online scan from Kaspersky http://kaspersky.com/kos/english/kavwebscan.html
Click Accept
When the updates are finished downloading, click Next, Scan Settings
Under Scan using the following antivirus database:, select extended
Make sure the Scan Archives and Scan Mail Bases options are selected as well. Click OK
Click My Computer and wait for the scan to finish
Click Save Report As. Under Save as type:, select Text file. Save this log to your Desktop and post a copy of it here.Then post a new Hijack This log please.
+1 | |
yikes! it looks like i've ended up with more then i started with. i started with 1 and now kaspersky said they found 6. I have an anti-virus AND a firewall, how do i keep getting them? i've had this pc for 7 yrs (i know i need a new one lol) and i've never had this problem before, sigh.
i do really, really appreciate all the help you are giving me, thank you! (i must admit since hijackthis deleted those files you told me too IE has been loading faster!)
Here is kaspersky latest scan:
Monday, April 23, 2007 11:25:47 PM
Operating System: Microsoft Windows Millennium Edition
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 24/04/2007
Kaspersky Anti-Virus database records: 301263
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
a:\
c:\
m:\
Scan Statistics
Total number of scanned objects 33072
Number of viruses found 6
Number of infected objects 69 / 0
Number of suspicious objects 0
Duration of the scan process 00:53:40Infected Object Name Virus Name Last Action
c:\WINDOWS\TEMP\ZLT07c83.TMP Object is locked skipped
c:\WINDOWS\TEMP\~DF85E8.TMP Object is locked skipped
c:\WINDOWS\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
c:\WINDOWS\Cookies\index.dat Object is locked skipped
c:\WINDOWS\SYSTEM\CatRoot\SYSMAST.cbk Object is locked skipped
c:\WINDOWS\SYSTEM\CatRoot\SYSMAST.cbd Object is locked skipped
c:\WINDOWS\SYSTEM\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATMAST.cbk Object is locked skipped
c:\WINDOWS\SYSTEM\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATMAST.cbd Object is locked skipped
c:\WINDOWS\SYSTEM\SBUtils\SBWebCtl.dll Infected: not-a-virus:AdWare.Win32.WindowEnhancer.c skipped
c:\WINDOWS\WIN386.SWP Object is locked skipped
c:\WINDOWS\SchedLog.Txt Object is locked skipped
c:\WINDOWS\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
c:\WINDOWS\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
c:\WINDOWS\History\History.IE5\index.dat Object is locked skipped
c:\WINDOWS\History\History.IE5\MSHist012007042320070424\index.dat Object is locked skipped
c:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
c:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
c:\WINDOWS\Internet Logs\HPPAV.ldb Object is locked skipped
c:\WINDOWS\UserData\index.dat Object is locked skipped
c:\_RESTORE\TEMP\A0003648.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0003649.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0003650.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0003916.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0003919.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0003920.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0003989.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0003990.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0003991.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0004033.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0004034.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0004035.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0004067.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0004068.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0004069.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0004157.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0004160.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0004161.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0004206.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0004209.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0004210.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0004329.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0004330.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0004333.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0004388.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0004488.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0004489.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0004490.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0005488.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0005489.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0005492.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0005914.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0005915.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0005916.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0006913.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0006914.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0006916.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0006946.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0006947.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0006948.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0007947.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0007948.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0007949.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0007960.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0007963.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0007964.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0007973.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0007974.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0007975.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0008057.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0008058.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0008059.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0008073.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0008074.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0008075.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0008340.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0008341.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0008342.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0008365.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0008366.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0008367.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0008368.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\TEMP\A0008369.CPY Infected: Virus.Win32.Fontra.c skipped
c:\_RESTORE\LOGS\vxdsfp.log Object is locked skipped
c:\_RESTORE\LOGS\vxdalt1.log Object is locked skipped
c:\Program Files\Yahoo!\YPSR\Quarantine\ppq63.TMP Infected: not-a-virus:AdWare.Win32.Cydoor skipped
c:\Program Files\Yahoo!\YPSR\Quarantine\ppq65.TMP Infected: not-a-virus:AdWare.Win32.Cydoor skipped
c:\Program Files\Yahoo!\YPSR\Quarantine\ppqA0.TMP\BSaveInst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bx skipped
c:\Program Files\Yahoo!\YPSR\Quarantine\ppqA4.TMP Infected: not-a-virus:AdWare.Win32.Altnet.o skipped
c:\Program Files\Verizon\SmartBridge\SmartBridge.log Object is locked skipped
c:\Program Files\Verizon\SmartBridge\AlertFilter.log Object is locked skipped
c:\Program Files\Verizon\SmartBridge\log\httpclient.log Object is locked skipped
Scan process completed.And here is hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 11:34:52 PM, on 4/23/2007
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.exe
C:\PROGRAM FILES\YAHOO!\ANTIVIRUS\ISAFE.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.exe
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.exe
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.exe
C:\WINDOWS\SYSTEM\RESTORE\STMGR.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\WINDOWS\SYSTEM\HPSYSDRV.exe
C:\PROGRAM FILES\MOTIVE\MOTMON.exe
C:\PROGRAM FILES\VERIZON\SMARTBRIDGE\MOTIVESB.exe
C:\PROGRAM FILES\YAHOO!\ANTIVIRUS\VETMSG.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\PROGRAM FILES\YAHOO!\ANTIVIRUS\CAVTRAY.exe
C:\PROGRAM FILES\YAHOO!\ANTIVIRUS\CAVRID.exe
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\BWDELAY.exe
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.exe
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.exe
C:\PROGRAM FILES\YAHOO!\BROWSER\YCOMMON.exe
C:\PROGRAM FILES\YAHOO!\BROWSER\YBRWICON.exe
C:\WINDOWS\EXPLORER.exe
C:\MY DOCUMENTS\HIJACKTHIS.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/b...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://verizon.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.hedge.org:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.googe.com, www.youtube.com, http://images.google.com, http://answers.yahoo.com;;localhost...
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YT.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YT.DLL
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\PROGRAM FILES\YAHOO!\BROWSER\YSIDEBARIEBHO.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YT.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZON\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\YAHOO!\BROWSER\ybrwicon.exe
O4 - HKLM\..\Run: [VetAlert] C:\PROGRA~1\YAHOO!\ANTIVI~1\VETMSG.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\YAHOO!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Keyboard Manager] c:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\RunServices: [CAISafe] C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\SONY\SONICS~1\SSAAD.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_11\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_11\BIN\SSV.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {869F3BBC-A812-4D13-A93B-7B3FC816DCD5} (McAfee.com Updater) - http://download.mcafee.com/molbin/c...
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/...
O16 - DPF: {84B7AC1D-9AD1-474F-B6B0-FE1641DBFDFA} (ScanFile.FileScan) - http://www.contentpurity.com/xp/Sca...
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/At...
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/pa...again thanks!
+1 | |
I'm a little rusty in Windows ME.
Click Start> Find> and then click Files Or Folders.
In the Named box, type "downloaded program files" without the quotes, and then click Find Now.
Double-click Downloaded Program Files, right-click this file "UWA7P_0001_N91M0809NetInstaller.exe" and then click Remove. exit the seach function.Next purge "system restore". How to purge System Restore in Windows Me.
Note: This will delete any previously created restore points.Go to Start|Settings|Control Panel.
Double-click 'System', then click on the Performance tab.
Click 'File System' then click the Troubleshooting tab.
Select 'Disable System Restore' and click 'Apply'.
This disables System Restore. You should now immediately re-enable it.Now deselect 'Disable System Restore' and click 'Apply'.
Click 'Close', then click 'Close' again.
Restart the computer.Post a new kaspersky scan.
+1 | |
Heres the newest log:
Wednesday, April 25, 2007 8:14:29 PM
Operating System: Microsoft Windows Millennium Edition
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 26/04/2007
Kaspersky Anti-Virus database records: 302303
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
a:\
c:\
m:\
Scan Statistics
Total number of scanned objects 28460
Number of viruses found 2
Number of infected objects 2 / 0
Number of suspicious objects 0
Duration of the scan process 00:50:10Infected Object Name Virus Name Last Action
c:\WINDOWS\TEMP\ZLT0609b.TMP Object is locked skipped
c:\WINDOWS\TEMP\~DF24E5.TMP Object is locked skipped
c:\WINDOWS\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
c:\WINDOWS\Cookies\index.dat Object is locked skipped
c:\WINDOWS\SYSTEM\CatRoot\SYSMAST.cbk Object is locked skipped
c:\WINDOWS\SYSTEM\CatRoot\SYSMAST.cbd Object is locked skipped
c:\WINDOWS\SYSTEM\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATMAST.cbk Object is locked skipped
c:\WINDOWS\SYSTEM\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATMAST.cbd Object is locked skipped
c:\WINDOWS\WIN386.SWP Object is locked skipped
c:\WINDOWS\SchedLog.Txt Object is locked skipped
c:\WINDOWS\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
c:\WINDOWS\Application Data\Verizon\VSP\client_gateway.log Object is locked skipped
c:\WINDOWS\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
c:\WINDOWS\History\History.IE5\index.dat Object is locked skipped
c:\WINDOWS\History\History.IE5\MSHist012007042520070426\index.dat Object is locked skipped
c:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
c:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
c:\WINDOWS\Internet Logs\HPPAV.ldb Object is locked skipped
c:\_RESTORE\LOGS\vxdsfp.log Object is locked skipped
c:\_RESTORE\LOGS\vxdalt1.log Object is locked skipped
c:\Program Files\Verizon\SmartBridge\SmartBridge.log Object is locked skipped
c:\Program Files\Verizon\SmartBridge\AlertFilter.log Object is locked skipped
c:\Program Files\Verizon\SmartBridge\log\httpclient.log Object is locked skipped
c:\Program Files\Webshots\Collections\Webshots Scenic Sampler.wbc Object is locked skipped
c:\Program Files\Webshots\Collections\Flowers & Gardens - Roses.wbc Object is locked skipped
c:\Program Files\Webshots\Collections\Specialty - Bible Verses.wbc Object is locked skipped
c:\Program Files\Webshots\Collections\Nature Scenes - Oceans.wbc Object is locked skipped
c:\Program Files\Webshots\Collections\Skylines - Philly Skyline.wbc Object is locked skipped
c:\Program Files\Webshots\Collections\People - Pics.wbc Object is locked skippedScan process completed.
I looked in downloaded program files to delete UWA7P_0001_N91M0809NetInstaller.exe but it wasnt in there, so i did a search through the system for it (i thought maybe i looked in the wrong place) but the search was empty.
+1 | |
Run Hijack This> click "open the misc. tool section"> click "open uninstall manager"> click "save list"> click "save"> click "yes"> post that log please.
Go to start>settings> control panel> folder option> view tab.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Press the Apply button and then the OK button and exit folder options.
Now your computer is configured to show all hidden files.Next, navigate to and delete this file if found:
C:\WINDOWS\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe
Go control panel>internet options:
clear history>yes
delete files>ok
delete cookies>ok
settings>view files, if there>edit>select all>file>delete.Post a new kaspersky log please.
 |
 WinAnti Virus and Other A...
|
my laptop log off itself
|
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
