Need a good excuse to tell parents!!!

S

skerty

New Member
Ive got a virus / malware thing on my laptop called "W32.Myzor.FK@yf" (thats what the warning message says it is) even though I've got Norton Internet Security, but it couldn't even find the virus. Ive posted stuff about this virus on this forum but the thing someone gave me to download (Smitfraudfix) didnt work because it runs on Windows XP or 2000 and my laptop is on Vista. So I dont know how to get rid of it.
My laptop (An Acer Aspire 5630) is only about a month old from my local PC world and Im pretty sure my mum got the monthly insurance when we got the laptop.

I know next to nothing about computers but my guess is that I picked the virus up somewhere while on a porn website but I can exactly tell my parents that so I need a good excuse about how the virus got onto my laptopthat makes it seem as if it was something that was totally harmless (Like a spam email or something).
I know how to delete my Internet history and things by right clicking on the Internet Explorer icon and going into Properties or what ever it is but my excuse has to be good enough so that if we take it back to PC world, the guy wont say its very unlikely thats how I got the virus, so it has to be very reliable.

Thanks

P.s. Ive had alot of problem with Vista with messages saying "MSN messenger has stopped working" or "Windows Explorer has stopped working" and have read alot of similar complaints so if you plan on getting Vista, wait untill all the problems have been sorted out.
 
Well, if you could talk to the guy so you parents don't hear, you could just explain it to him, or you could say that you tried downloading a game or something from an attachment.

Or just say that your friend was using your computer, you have no idea what happened. :rolleyes:
 
Usualy you pick that kind of stuff downloading porn, or downloading program hacks or somthing like that.

Kent.
 
Tell you parents you was surfing porn. if their smart they know already and dont want to admit it , if they dont know then it would be fun to see the look on their faces hahaha :D
 
Tell them that your friend sent you a link in an email. You clicked on it and it opened empty website and that was probably it because you asked about that email your friend and he said that he didn't sent you any mails recently.
You can add that he's got a virus as well.
You dirty skerty :D
 
there are thigns you can do like getting rid of norton internet security first off... Then install avg and avg anti spyware and do a scan and then run adaware and ccleaner and spybot search and destroy if those fail to get rid of it try posting a hijak this log for us to look at for you. I'm sure with a little time and effort it can be removed and i know all those programs work in vista becuase i have used them on my pc to keep it clean...
 
I agree with subtle. I would just tell them that you opened an e-mail from someone you thought you knew, and it turned out to be a virus.
 
I think this is my highjackthis log (not totally sure)

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:14:01 PM, on 5/31/2007
Platform: Windows Vista (WinNT 6.00.1904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Image ActiveX Access\iesmn.exe
C:\Program Files\Image ActiveX Access\imsmain.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Image ActiveX Access\imsmn.exe
C:\Program Files\Image ActiveX Access\iesmin.exe
C:\Windows\System32\rundll32.exe
C:\Users\Kyel\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxext.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Image ActiveX Access\iesmin.exe
C:\Program Files\Image ActiveX Access\iesmin.exe
C:\Program Files\Image ActiveX Access\iesmin.exe
C:\Program Files\Image ActiveX Access\iesmin.exe
C:\Program Files\Image ActiveX Access\iesmin.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Image ActiveX Access\iesmin.exe
C:\Program Files\Image ActiveX Access\iesmin.exe
C:\Program Files\Image ActiveX Access\iesmin.exe
C:\Program Files\Image ActiveX Access\iesmin.exe
C:\Program Files\Image ActiveX Access\iesmin.exe
C:\Program Files\Image ActiveX Access\iesmin.exe
C:\Program Files\Image ActiveX Access\iesmin.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Kyel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LYZ8LNM4\HiJackThis_v2[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B8C5186E-EC37-4889-9C2E-F73649FFB7BB} - C:\Program Files\Image ActiveX Access\iesplg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Protection Bar - {31615D5C-5126-448A-818A-A7CDFEE85A9B} - C:\Program Files\Image ActiveX Access\iesbpl.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [SpyLocked 4.0] "C:\Program Files\SpyLocked 4.0\SpyLocked 4.0.exe" /h
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [MalwareWiped 6.4] "C:\Program Files\MW\MalwareWiped 6.4\MalwareWiped 6.4.exe" /h
O4 - HKLM\..\Run: [NI.UGA6P_0001_N105M2704] "c:\users\kyel\appdata\roaming\install_en[1].exe" -nag
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Image ActiveX Access\iesmn.exe
O4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Program Files\Image ActiveX Access\imsmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O13 - Gopher Prefix:
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: equiparant - {25b7d2fd-4f71-46d1-801a-7de323e4ec82} - C:\Windows\system32\indwvm.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10407 bytes

If this isn't the right thing could someone please tell me how to get the right one Thanks

PS. Never been called dirty skerty before haha
 
I suggest you claen your system first with the spyware terminator why not ty it out, this is not a bad virus software
 
Hey evo3,

Im in the middle of a full system scan with Spyware Terminator thing,
Its already found 2 critical items.

I ran a full system scan with Norton Internet Security a few days ago and found 2 low risk items which I now got rid of, but why cant Norton find these items?

I was always under the impression that Norton was the best
 
from what ive heard norton isnt the best but i hjave never used it! some other guys might have a better idea than i do :)

hope you get it sorted :)
 
Spyware Terminator has finished.
This is my scan report:


Scan Progress (Full Scan)
Start time: 5/31/2007 1:33:07 PM
Database: 1.0.775.531

Processes Scanning
PowerProfile : C:\Windows\system32\POWRPROF.dll
Wextract : C:\Windows\system32\advpack.dll
SynTPLpr : C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
SymantecAntivirus : C:\Program Files\Common Files\Symantec Shared\ccApp.exe
IgfxTray : C:\Windows\System32\igfxtray.exe
HotKeysCmds : C:\Windows\System32\hkcmd.exe
Igfxpers : C:\Windows\System32\igfxpers.exe
NvCplDaemon : C:\Windows\system32\NvCpl.dll
Shdocvw : C:\Windows\system32\shdocvw.dll
MSNSearchToolbar : C:\Program Files\Windows Live Toolbar\msntb.dll
YahooToolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
AcroIEHelper : C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
Windows Live Sign-in Helper : C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
MSNSearchToolbar : C:\Program Files\Windows Live Toolbar\stmain.dll
Spyware Terminator : C:\Program Files\Spyware Terminator\SpywareTerminator.exe
Startup Scanning
ehTray : C:\Windows\ehome\ehTray.exe
ehTray : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ehTray.exe
MessengerService : C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
MessengerService : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MsnMsgr
user32.dll : C:\Program Files\Image ActiveX Access\iesmn.exe
rare : C:\Program Files\Image ActiveX Access\imsmain.exe
Windows Defender : C:\PROGRAM FILES\WINDOWS DEFENDER\MSASCUI.EXE
Windows Defender : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Windows Defender
NvSvc : C:\WINDOWS\SYSTEM32\NVSVC.DLL
NvCplDaemon : C:\WINDOWS\SYSTEM32\NVCPL.DLL
NvCplDaemon : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run NvCplDaemon
NvMixerTray : C:\WINDOWS\SYSTEM32\NVMCTRAY.DLL
NvMixerTray : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run NvMediaCenter
RtHDVCpl : C:\Windows\RtHDVCpl.exe
SynTPLpr : C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
SynTPLpr : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SynTPEnh
SymantecAntivirus : C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
SymantecAntivirus : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ccApp
osCheck : C:\PROGRAM FILES\NORTON INTERNET SECURITY\OSCHECK.EXE
IgfxTray : C:\Windows\system32\igfxtray.exe
IgfxTray : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run IgfxTray
HotKeysCmds : C:\Windows\system32\hkcmd.exe
HotKeysCmds : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HotKeysCmds
Igfxpers : C:\Windows\system32\igfxpers.exe
Igfxpers : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Persistence
WarReg_PopUp : C:\Acer\WR_PopUp\WarReg_PopUp.exe
LManager : C:\Program Files\Launch Manager\LManager.exe
eDataSecurity Loader : C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
Invalid Startup Items : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SpyLocked 4.0="C:\Program Files\SpyLocked 4.0\SpyLocked 4.0.exe" /h
Symantec PIF AlertEng : C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\PIF\{B8E1DD85-8582-4C61-B58F-2F227FCA9A08}\PIFSVC.EXE
Invalid Startup Items : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MalwareWiped 6.4="C:\Program Files\MW\MalwareWiped 6.4\MalwareWiped 6.4.exe" /h
NI.UGA6P_0001_N105M2704 : C:\USERS\KYEL\APPDATA\ROAMING\INSTALL_EN[1].EXE
Explorer : C:\Windows\explorer.exe
Explorer : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Shell
Toolbars Scanning
Show Norton Toolbar ( Toolbar ) : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ {90222687-F593-4738-B738-FBEE9C7B26DF}
Show Norton Toolbar ( Toolbar ) : C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
YahooToolbar : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ {EF99BD32-C1FB-11D2-892F-0090271D4F88}
YahooToolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
YahooToolbar : iexplore.exe PID: 2252
Acer eDataSecurity Management ( Toolbar ) : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ {5CBE3B7C-1E47-477e-A7DD-396DB0476E29}
Acer eDataSecurity Management ( Toolbar ) : C:\Windows\System32\eDStoolbar.dll
MSNSearchToolbar : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
MSNSearchToolbar : C:\Program Files\Windows Live Toolbar\msntb.dll
MSNSearchToolbar : iexplore.exe PID: 2252
Protection Bar ( Toolbar ) : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ {31615D5C-5126-448A-818A-A7CDFEE85A9B}
Protection Bar ( Toolbar ) : C:\Program Files\Image ActiveX Access\iesbpl.dll
YahooToolbar : HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
MSNSearchToolbar : HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
YahooToolbar : HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
MSNSearchToolbar : HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
Browser Helper Objects Scanning
YahooToolbar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
AcroIEHelper : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHelper : C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
AcroIEHelper : iexplore.exe PID: 2252
NppBHO.dll ( BHO ) : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}
NppBHO.dll ( BHO ) : C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll
{7E853D72-626A-48EC-A868-BA8D5E23E045} ( BHO ) : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}
ShowBarObj Class ( BHO ) : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}
ShowBarObj Class ( BHO ) : C:\Windows\System32\ActiveToolBand.dll
Windows Live Sign-in Helper : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}
Windows Live Sign-in Helper : C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Windows Live Sign-in Helper : iexplore.exe PID: 2252
iesplg.dll ( BHO ) : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B8C5186E-EC37-4889-9C2E-F73649FFB7BB}
iesplg.dll ( BHO ) : C:\Program Files\Image ActiveX Access\iesplg.dll
MSNSearchToolbar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
IE Explorer Bars
IE Extensions
Shdocvw : C:\Windows\system32\shdocvw.dll
NvCplDaemon : C:\Windows\system32\nvcpl.dll
Spyware Terminator : C:\Program Files\Spyware Terminator\sptcontmenu.dll
Services Scanning
Protocol filters Scanning
Protocol handlers Scanning
WinSock2 Scanning
Uninstallers Scanning
C:\PROGRAM FILES\MICROSOFT GAMES\AGE OF EMPIRES II\UNINSTAL.EXE
C:\PROGRAM FILES\MICROSOFT GAMES\AGE OF EMPIRES II\UNINSTALX.EXE
C:\PROGRAM FILES\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118\HXFSETUP.EXE
C:\WINDOWS\UNINST32.EXE
C:\WINDOWS\SYSTEM32\IGXPUN.EXE
C:\PROGRAM FILES\IMAGE ACTIVEX ACCESS\IESUNST.EXE
C:\Program Files\Image ActiveX Access\uninst.exe
C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\IDriver.exe
C:\PROGRAM FILES\IMAGE ACTIVEX ACCESS\IESBUNST.EXE
C:\Windows\system32\MSIEXEC.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\LSETUP.EXE
C:\Program Files\MW\MalwareWiped 6.4\uninst.exe
C:\PROGRAM FILES\IMAGE ACTIVEX ACCESS\IMSUNST.EXE
C:\PROGRAM FILES\OLDBLIVION\UNINSTALL.EXE
C:\WINDOWS\SYSTEM32\MACROMED\FLASH\FLASHUTIL9B.EXE
C:\Program Files\SpyLocked 4.0\uninst.exe
C:\PROGRAM FILES\SPYWARE TERMINATOR\UNINS000.EXE
Spyware Terminator : C:\PROGRAM FILES\SPYWARE TERMINATOR\UNINS000.EXE
Spyware Terminator : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Terminator_is1
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMSETUP\{5AA2CD16-706F-41F3-87C5-2B5A031F2B3B}_10_1_0_26\{5AA2CD16-706F-41F3-87C5-2B5A031F2B3B}.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNISDLL.DLL
C:\Program Files\SystemRequirementsLab\Uninstall.exe
C:\PROGRAM FILES\WINDOWS LIVE TOOLBAR\UNINSTALL.EXE
C:\USERS\KYEL\APPDATA\LOCAL\TEMP\LAFD56F.TMP
C:\Program Files\Yahoo!\common\unyt.exe
C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{1AEC7728-1640-4E98-AABC-5EBE3FB57FE4}\SETUP.EXE
C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RUNTIME\11\00\INTEL32\CTOR.DLL
C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{67ADE9AF-5CD9-4089-8825-55DE4B366799}\SETUP.EXE
C:\ACER\EMPOWERING TECHNOLOGY\EDATASECURITY\EDSNSTHELPER.EXE
C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
Start Menu Scanning
Explorer : C:\Windows\explorer.exe
Explorer : C:\Users\Kyel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
ISUSS : C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
ISUSS : C:\ProgramData\Microsoft\Windows\Start Menu\Program Updates.lnk
SynchronizationManager : C:\Windows\System32\mobsync.exe
SynchronizationManager : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk
Spyware Terminator : C:\Program Files\Spyware Terminator\SpywareTerminator.exe
Spyware Terminator : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator\Spyware Terminator.lnk
Spyware Terminator : C:\Program Files\Spyware Terminator\unins000.exe
Spyware Terminator : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator\Uninstall Spyware Terminator.lnk
Windows Defender : C:\Program Files\Windows Defender\MSASCui.exe
Windows Defender : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Defender.lnk
Desktop Scanning
Favorites Scanning
Cookies Scanning
Registry Scanning
AcroIEHelper : HKCR\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHelper : C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
AcroIEHelper : iexplore.exe PID: 2252
MSNSearchToolbar : HKCR\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
MSNSearchToolbar : C:\Program Files\Windows Live Toolbar\msntb.dll
MSNSearchToolbar : iexplore.exe PID: 2252
MSNSearchToolbar : HKCR\CLSID\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}
MSNSearchToolbar : C:\Program Files\Windows Live Toolbar\stmain.dll
MSNSearchToolbar : HKCR\CLSID\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
YahooToolbar : HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
YahooToolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
YahooToolbar : iexplore.exe PID: 2252
YahooToolbar : HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}
Windows Live Sign-in Helper : HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}
Windows Live Sign-in Helper : C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Windows Live Sign-in Helper : iexplore.exe PID: 2252
Files Scanning
Spyware Terminator : C:\Program Files\Spyware Terminator\Spywareterminatorshield.exe
Spyware Terminator : C:\Program Files\Spyware Terminator\Spywareterminator.exe
Spyware Terminator : C:\Program Files\Spyware Terminator\sptcontmenu.dll
Spyware Terminator : C:\Program Files\Spyware Terminator\unins000.exe
Spyware Terminator : C:\Documents and Settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys
MessengerService : C:\Program Files\MSN Messenger\msnmsgr.exe
NvMixerTray : C:\Windows\system32\NvMcTray.dll
Ctfmon : C:\Windows\system32\ctfmon.exe
IgfxTray : C:\Windows\system32\igfxtray.exe
SynTPLpr : C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
HotKeysCmds : C:\Windows\system32\hkcmd.exe
SymantecAntivirus : C:\Program Files\Common Files\Symantec Shared\ccApp.exe
UpdateMgr : C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
SynchronizationManager : C:\Windows\system32\mobsync.exe
MSDXM : C:\Windows\system32\msdxm.ocx
ehTray : C:\Windows\ehome\ehtray.exe
ccEvtMgr : C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
NvCplDaemon : C:\Windows\system32\NvCpl.dll
GrpConv : C:\Windows\system32\grpconv.exe
Wextract : C:\Windows\system32\advpack.dll
Explorer : C:\Windows\explorer.exe
PowerProfile : C:\Windows\system32\powrprof.dll
BluetoothControlPanel : C:\Windows\system32\bthprops.cpl
Shdocvw : C:\Windows\system32\shdocvw.dll
ISUSS : C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
ISUSS : C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
Windows Defender : C:\Program Files\WINDOWS DEFENDER\MSASCui.exe
Igfxpers : C:\Windows\system32\igfxpers.exe
Verclsid : C:\Windows\system32\verclsid.exe
Windows Live Sign-in Helper : C:\Program Files\Common Files\MICROSOFT SHARED\WINDOWS LIVE\WINDOWSLIVELOGIN.DLL
Ie4uinit : C:\Windows\system32\ie4uinit.exe
Preparing DeepFile Scan
DeepFiles Scanning
AcroIEHelper : C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
UpdateMgr : C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
ISUSS : C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
ISUSS : C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
Windows Live Sign-in Helper : C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
SymantecAntivirus : C:\Program Files\Common Files\Symantec Shared\ccApp.exe
ccEvtMgr : C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Unreadable Binary Files : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
MessengerService : C:\Program Files\MSN Messenger\msnmsgr.exe
Spyware Terminator : C:\Program Files\Spyware Terminator\sptcontmenu.dll
Spyware Terminator : C:\Program Files\Spyware Terminator\SpywareTerminator.exe
Spyware Terminator : C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe
Spyware Terminator : C:\Program Files\Spyware Terminator\unins000.exe
SynTPLpr : C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Windows Defender : C:\Program Files\Windows Defender\MSASCui.exe
MSNSearchToolbar : C:\Program Files\Windows Live Toolbar\msntb.dll
MSNSearchToolbar : C:\Program Files\Windows Live Toolbar\stmain.dll
YahooToolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
Unreadable Binary Files : C:\Users\Kyel\AppData\Local\Temp\brDBDD.exe
Explorer : C:\Windows\explorer.exe
ehTray : C:\Windows\ehome\ehtray.exe
Wextract : C:\Windows\System32\advpack.dll
BluetoothControlPanel : C:\Windows\System32\bthprops.cpl
Ctfmon : C:\Windows\System32\ctfmon.exe
GrpConv : C:\Windows\System32\grpconv.exe
HotKeysCmds : C:\Windows\System32\hkcmd.exe
Ie4uinit : C:\Windows\System32\ie4uinit.exe
Igfxpers : C:\Windows\System32\igfxpers.exe
IgfxTray : C:\Windows\System32\igfxtray.exe
SynchronizationManager : C:\Windows\System32\mobsync.exe
MSDXM : C:\Windows\System32\msdxm.ocx
NvCplDaemon : C:\Windows\System32\nvcpl.dll
NvMixerTray : C:\Windows\System32\nvmctray.dll
PowerProfile : C:\Windows\System32\powrprof.dll
Shdocvw : C:\Windows\System32\shdocvw.dll
Verclsid : C:\Windows\System32\verclsid.exe
Done

Scan Summary:

Total Scanning Time : 3070.63 s
Objects Scanned : 73,820
Objects Identified : 91
Objects Ignored : 0

Critical Objects : 2

Remove Process:

Preparing structures
Creating System Restore Point
Remove Invalid Startup Items
Deleted Registry : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SpyLocked 4.0="C:\Program Files\SpyLocked 4.0\SpyLocked 4.0.exe" /h
Deleted Registry : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MalwareWiped 6.4="C:\Program Files\MW\MalwareWiped 6.4\MalwareWiped 6.4.exe" /h
Closing System Restore Point
 
after Spyware Terminator finished and closed down, I got a Virus alert and click on the icon and a big message box came up saying:

"Virus alert: Microsoft detected the Spyware: Renos virus on your computer

This problem was caused by Spyware: Renos, a known computer virus.

A solution is available that will solve this problem.

Solution

--------------------------------------------------------------------------------


To prevent this problem from occurring again, go to Windows Live OneCare safety scanner online and click Full Service Scan"
 
You should probably get the Norton Removal tool (on their website) and get Avast - Using that to run a boot scan, before windows starts.

I would also suggest AVG, but I'm not entirely sure if it has a boot scan option.
 
Come on guys,
Could really use some help right about now!

Im having a few software problems so I could really do with getting rid of this virus then taking it back to Pc World or I need a good soundproof excuse that everyone will believe.
Either way, it needs to go to PC World to be checked.
 
You must log in or register to reply here.
Back
Top