Need help please(I may have a virus/adware)

[cohen]

Please wait for Cohen to give his standard bullshit reply

I laughed so hard but since he isn't online... i'll do the honors.
Buzz why don't you just simply give him a ComboFix script anyways? You are able to aren't you?

Run A Kaspersky Online Scan
Using Internet Explorer Go to http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html and click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

• Read the Requirements and limitations before you click Accept.
• Allow the ActiveX download if necessary.
• Once the database has downloaded, click Next.
• Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
• Click on "My Computer" and then put the kettle on!
• When the scan has completed, click Save Report As...
• Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
• Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

Copy and paste the report into your next reply along with a fresh HJT log and a description of how your PC is behaving.

That is what i would've done.

Yes, but I won't while he's still around

We can call it "cohen's cock-up" !

by the way - you guys are nuts, and buzz you give the most stupidiest replies, at least i do something helpful

 

[Buzz1927]

Please don't make me get nasty..

 

[MBGraphics]

Wow, this scan takes FOREVER!!
I'm at an hour and 40 mins and it says it's only at 40%

 

[Respital]

Wow, this scan takes FOREVER!!
I'm at an hour and 40 mins and it says it's only at 40%

It's very thorough.
Better to be long and thorough and detect everything then be short and detect nothing.

 

[MBGraphics]

I had to cancel it, It was pushing past 2 hours and still only at 45% and it was already around 12:00 at night.

I'll put it on again today and let it run.

 

[Respital]

I had to cancel it, It was pushing past 2 hours and still only at 45% and it was already around 12:00 at night.

I'll put it on again today and let it run.

That's fine but just make sure it finishes, you could leave it on overnight but you don't really have to monitor it.

 

[MBGraphics]

Ok, finaly done, Here is the Kaspersky scan log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, September 21, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, September 21, 2008 19:39:57
Records in database: 1248376
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
H:\

Scan statistics:
Files scanned: 213128
Threat name: 29
Infected objects: 75
Suspicious objects: 0
Duration of the scan: 03:41:38


File name / Threat name / Threats count
C:\Documents and Settings\chevy\Incomplete\T-3545425-boats hoes.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\chevy\Incomplete\T-3545425-true sound basshunter.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\chevy\Incomplete\T-3545425-we dont give ****.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\chevy\Incomplete\T-5745425-boats hoes.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\chevy\Incomplete\T-5745425-nex episode snoop dog.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\chevy\Incomplete\T-5745425-Skee Lo -i wish.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\chevy\Local Settings\Application Data\Opera\Opera\profile\cache4\temporary_download\Antivirus_Protection_Setup.exe Infected: not-a-virus:FraudTool.Win32.Agent.r 2
C:\Documents and Settings\chevy\Local Settings\Temporary Internet Files\Content.IE5\BW1UOR46\x12c[1].htm Infected: Exploit.JS.Agent.vj 1
C:\Documents and Settings\chevy\Local Settings\Temporary Internet Files\Content.IE5\BW1UOR46\x7b[1].xml Infected: Exploit.Multi.Qtp.g 1
C:\Documents and Settings\chevy\My Documents\vista2\Vista 2.4\LS Patch\LSPatch.exe Infected: not-a-virus:RiskTool.Win32.CloseApp.a 1
C:\Documents and Settings\chevy\Shared\eminem - Sing for the Moment.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\chevy\Shared\souljah boy hardcore cute girl has orgasm on webcam.mp3 Infected: Trojan-Downloader.WMA.Wimad.o 1
C:\Program Files\Freeze.com Toolbar\freeze_int.dll Infected: not-a-virus:AdWare.Win32.Mostofate.bn 1
C:\Program Files\Seagate\Utilities\pkill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101 1
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080213-184402-306.dll Infected: not-a-virus:AdWare.Win32.MyWay.v 1
C:\QooBox\Quarantine\C\WINDOWS\Fonts\a.zip.vir Infected: Trojan.Win32.Agent.cmn 1
C:\QooBox\Quarantine\C\WINDOWS\Fonts\Crack.exe.vir Infected: Trojan.Win32.Agent.cmn 1
C:\QooBox\Quarantine\C\WINDOWS\Fonts\svchost.exe.vir Infected: Trojan.Win32.Agent.cmn 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\bhlhbjde.dll.vir Infected: Trojan.Win32.Monder.psh 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\bvtivuaf.dll.vir Infected: Trojan.Win32.Monder.psh 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\byXnKcBu.dll.vir Infected: Trojan.Win32.Monder.pfy 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\byXPHaWp.dll.vir Infected: Trojan.Win32.Monder.pqs 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\cbXQheEv.dll.vir Infected: Trojan.Win32.Monder.pqs 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\cbXQhGvw.dll.vir Infected: Trojan.Win32.Monder.pqs 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\cgvadhej.dll.vir Infected: Trojan.Win32.Monder.psh 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\dfhnhc.dll.vir Infected: Trojan.Win32.Monder.pse 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\efcBtSkI.dll.vir Infected: Trojan.Win32.Monder.psh 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\efcYOifF.dll.vir Infected: Trojan.Win32.Monder.psf 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\fcccyVlL.dll.vir Infected: Trojan.Win32.Monder.pqs 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\fccdaaBU.dll.vir Infected: Trojan.Win32.Monder.psf 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\fogximhf.dll.vir Infected: Trojan.Win32.Monder.pse 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\guknksmh.dll.vir Infected: Trojan.Win32.Monder.png 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\gxnotq.dll.vir Infected: Trojan.Win32.Monder.png 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\jkkLETNf.dll.vir Infected: Trojan.Win32.Monder.pph 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\mlJYPhee.dll.vir Infected: Trojan.Win32.Monder.pqs 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\nnnmnLfd.dll.vir Infected: Trojan.Win32.Monder.pmb 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\otsdyhpk.dll.vir Infected: Trojan.Win32.Monder.psh 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\pmnmlkiG.dll.vir Infected: Trojan.Win32.Monder.pqs 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\rqRJArPh.dll.vir Infected: Trojan.Win32.Monder.psf 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\rqRKCvTJ.dll.vir Infected: Trojan.Win32.Monder.pph 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\tdssadw.dll.vir Infected: Rootkit.Win32.Clbd.jy 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\tdssl.dll.vir Infected: Backdoor.Win32.UltimateDefender.gen 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\tdsslog.dll.vir Infected: Backdoor.Win32.Agent.rfv 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\tdssmain.dll.vir Infected: Backdoor.Win32.Agent.rfw 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\tdssserf.dll.vir Infected: Trojan-Downloader.Win32.FraudLoad.vbxt 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\vtUoPgda.dll.vir Infected: Trojan.Win32.Monder.psf 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\yayvTmmL.dll.vir Infected: Trojan.Win32.Monder.pph 1
C:\QooBox\Quarantine\catchme2008-09-20_180932.51.zip Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\SYSTEM32\CloseApp.exe Infected: not-a-virus:RiskTool.Win32.CloseApp.a 1
C:\WINDOWS\SYSTEM32\filekiller.dll Infected: not-a-virus:FraudTool.Win32.Agent.r 1
C:\WINDOWS\SYSTEM32\mC02\mC022328.exe Infected: Trojan-Downloader.Win32.VB.hpv 1
C:\WINDOWS\SYSTEM32\RES\comec130t.exe Infected: not-a-virus:AdWare.Win32.WebHancer.f 1
C:\WINDOWS\SYSTEM32\RES\comec130t.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 1
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Desktop\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3545425-anthum 2.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3545425-full throttle.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3545425-sleepin all day stayin up.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3545425-sleepin all day.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3545425-souljah boy hardcore.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3566386-06 Track 6 (hardcore).wma Infected: Trojan-Downloader.WMA.Wimad.l 1
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-460090-solja boy harcore version cute girl has orgasm on webcam.mp3 Infected: Trojan-Downloader.WMA.Wimad.o 1
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-460090-solja boy harcore version cute girl has orgasm on webcam@2008-03-17T22;12;06.mp3 Infected: Trojan-Downloader.WMA.Wimad.o 1
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-5745425-full throttle.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-1932750-Wicked Remix.wma Infected: Trojan-Downloader.WMA.Wimad.l 1
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-3545425-full throttle.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-3545425-full throttle@2008-06-19T06;11;20.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-3545425-nizlopi.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-3545425-souljah boy hardcore.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-3566386-06 Track 6 (hardcore).wma Infected: Trojan-Downloader.WMA.Wimad.l 1
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-460090-solja boy harcore version cute girl has orgasm on webcam.mp3 Infected: Trojan-Downloader.WMA.Wimad.o 1
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\My Documents\vista2\Vista 2.4\LS Patch\LSPatch.exe Infected: not-a-virus:RiskTool.Win32.CloseApp.a 1
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Shared\eminem - Sing for the Moment.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Shared\souljah boy hardcore cute girl has orgasm on webcam.mp3 Infected: Trojan-Downloader.WMA.Wimad.o 1

The selected area was scanned.

 

[MBGraphics]

And here is the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:00:56 PM, on 9/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Memeo\AutoBackup\MemeoService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://members.freewebs.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: bambanner browser enhancer - {18a44c72-d267-d443-1461-db8338bae54e} - C:\WINDOWS\system32\dcftwsccwjivny.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BJCFD] "C:\Program Files\BroadJump\Client Foundation\CFD.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [YOP] "C:\PROGRA~1\Yahoo!\YOP\yop.exe" /autostart
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [{88263159-d7ea-a00a-302d-778d20c39157}] "C:\WINDOWS\System32\Rundll32.exe" "C:\WINDOWS\system32\dcftwsccwjivny.dll" DllStub
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Rainlendar2] "C:\Program Files\Rainlendar2\Rainlendar2.exe"
O4 - Startup: AutoBackup Launcher.lnk = C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: UltraMon.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136011116468
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/45/install/gtdownls.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.114.44 85.255.112.180
O20 - AppInit_DLLs: xwvexa.dll gxnotq.dll dfhnhc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AutoBackup (BMUService) - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

--
End of file - 11990 bytes

 

[Buzz1927]

and buzz you give the most stupidiest replies, at least i do something helpful

You don't do shit, feckwit!

 

[mep916]

by the way - you guys are nuts, and buzz you give the most stupidiest replies, at least i do something helpful

You do realize that insulting a moderator can get you banned, right? Replying with canned responses is not always helpful, BTW. Stop being lazy and get training at SWI.

If you insult any of the moderator or administrator team, your account will be instantly banned

 

[MBGraphics]

Are you guys going to finish helping me or try to kill each other?

As far as computer behavior, it seems normal so far. Somtimes still a bit slow but nothing like it was.

Thanks for the help so far, it has worked great

 

[cohen]

Are you guys going to finish helping me or try to kill each other?

As far as computer behavior, it seems normal so far. Somtimes still a bit slow but nothing like it was.

Thanks for the help so far, it has worked great

Well there are a few things there, that might need to be fixed. I haven't seen ceewi1 on for ages!!! So not sure what is happening there....

But maybe Respital might be able to help.... depending on his training.

Mep - Yeah i will do my training in another term, over the 2 month Christmas break i have

 

[Respital]

Well there are a few things there, that might need to be fixed. I haven't seen ceewi1 on for ages!!! So not sure what is happening there....

But maybe Respital might be able to help.... depending on his training...

Well i'll do my best that's for sure.
Ceewi1 is working cohen like 15 hour days so don't expect him to help out to much, like come on he's working his ass off.

@ OP

: Download and Run DSS :

Download Deckard's System Scanner (DSS) to your Desktop. You must be logged onto an account with administrator privileges.

• Close all applications and windows.
• Double-click on dss.exe to run it, and follow the prompts.
• When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<- this one will be minimized.
• Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your reply.

 

[MBGraphics]

Wont follow link, it says "page not found"

 

[cohen]

Well i'll do my best that's for sure.
Ceewi1 is working cohen like 15 hour days so don't expect him to help out to much, like come on he's working his ass off.

Right, i understand, i might start my training now then

 

[Respital]

Wont follow link, it says "page not found"

I apologize it seems the link is out of date.
Unfortunately i have to go do my homework i apologize but I'm sure Buzz would be able to help you if he has a moment.

 

[MBGraphics]

Thats fine Respital
I'll get whatever help I can get whenever I can get it. My computer is at least in working condition now

 

[Buzz1927]

Boot into safemode and delete all the files Kaspersky found.

The Malwarebytes link is down at the minute..

 

[nobbly niblets]

A CF script will be able to clean out 99% of the files Kespersky found.
The problem is there is a rootkit present which could protect or repopulate an infection.
Some of the infections found already have been fixed with ComboFix and HJT, and are quarantined or in a back-up folder.

Here's the CF Script I came up with.

File::

C:\Documents and Settings\chevy\Incomplete\T-3545425-boats hoes.mp3
C:\Documents and Settings\chevy\Incomplete\T-3545425-true sound basshunter.mp3
C:\Documents and Settings\chevy\Incomplete\T-3545425-we dont give ****.mp3
C:\Documents and Settings\chevy\Incomplete\T-5745425-boats hoes.mp3
C:\Documents and Settings\chevy\Incomplete\T-5745425-nex episode snoop dog.mp3
C:\Documents and Settings\chevy\Incomplete\T-5745425-Skee Lo -i wish.mp3
C:\Documents and Settings\chevy\Local Settings\Application Data\Opera\Opera\profile\cache4\temporary_download \Antivirus_Protection_Setup.exe
C:\Documents and Settings\chevy\Local Settings\Temporary Internet Files\Content.IE5\BW1UOR46\x12c[1].htm
C:\Documents and Settings\chevy\Local Settings\Temporary Internet Files\Content.IE5\BW1UOR46\x7b[1].xml
C:\Documents and Settings\chevy\Shared\eminem - Sing for the Moment.mp3
C:\Documents and Settings\chevy\Shared\souljah boy hardcore cute girl has orgasm on webcam.mp3
C:\WINDOWS\SYSTEM32\mC02\mC022328.exe
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3545425-anthum 2.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3545425-full throttle.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3545425-sleepin all day stayin up.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3545425-sleepin all day.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3545425-souljah boy hardcore.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-3566386-06 Track 6 (hardcore).wma
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-460090-solja boy harcore version cute girl has orgasm on webcam.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-460090-solja boy harcore version cute girl has orgasm on webcam@2008-03-17T22;12;06.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\Preview-T-5745425-full throttle.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-1932750-Wicked Remix.wma
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-3545425-full throttle.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-3545425-full throttle@2008-06-19T06;11;20.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-3545425-nizlopi.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-3545425-souljah boy hardcore.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-3566386-06 Track 6 (hardcore).wma
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Incomplete\T-460090-solja boy harcore version cute girl has orgasm on webcam.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Shared\eminem - Sing for the Moment.mp3
H:\Memeo\chevy's Backup\C_\Documents and Settings\chevy\Shared\souljah boy hardcore cute girl has orgasm on webcam.mp3

If the H drive is an external device that will need to be connected while the script runs.

 

[mep916]

Pls create your own thread in the same section.

Let Buzz handle it, Cohen.