Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1] 2 3  All   Go Down

Author Topic: i think my computer has a virus  (Read 17161 times)

0 Members and 1 Guest are viewing this topic.

876543219

    Topic Starter


    Beginner

    Thanked: 3
    i think my computer has a virus
    « on: August 31, 2009, 12:43:28 AM »
    My computer is alot slower than it was yesterday i looked in my add and remove programs and saw alot of programs i didn't dowload that was dowloaded today and i'm not sure if it isn't just automatic updates that happends everytime i shut my computer down it doesn't look like the automatic updates i being getting saying  update for windowsxp and windows xp software updates and they all have the windows xp logo and today i looked and got about 30 others that don't have the windows xp logo and some of these say stuff like microsoft be framework 3.0 service pack -------- dr watson------- microsoft net framework service pack 2 -----netframe work------------ and alot of short 3 are 4 letter words like xps  wpf-other-32          wf-32       i'm not sure what all this is if it's a virus are what it is it doesn't let me delete none of  these  most say this update can't be deleted a couple that i tried to delete microsoft net framework 2.0 service pack  2 can't be uninstalled because it will affect other applications that are installed and when i installed a free trial of narton commant prompt poped up for just a second i'm not sure why it did that and i file poped up before nortan was done downloading that sas nwse i'm not sure why it did that so i deleted nortan in add and remove programs it deleted the nortan but the file was still there and when i rebooted my computer is said deleting some kind of file i'm not sure what it was it said it one time then 2 then it quickly filled up the hole computer screen then it said deleting orphan file and started to almost fill up the screen again so i turned off my computer turned it back  didn't do it again  i'm not sure what's going on  plz help ::)
    « Last Edit: August 31, 2009, 03:07:49 AM by 876543219 »
    Logged
    Believe half of what you see and none of what you hear                     microsoft windows xp professional  version 2002 service pack 3 celeron 2.80ghz 20gb hardrive 504mb ram

    kmmhasan



      Newbie

      Thanked: 1
      Re: i think my computer has a virus
      « Reply #1 on: August 31, 2009, 02:47:54 AM »
      Hmm. i think you pc is attacked by spyware. No general antivirus can detect spyware. You have use some anti spyware software.

      Sometimes, program loads from registry, what you have to look in to the registry dlete delete their values.

      if you are not a expert user, you better touch with a computer expert to help you.

      Thanks

      Mahmud Hasan
      <link removed>
      « Last Edit: August 31, 2009, 07:01:40 PM by evilfantasy »
      Logged

      harry 48



        Egghead

      • lay back , relax and chill out
        • Thanked: 129
        • Yes
        • Yes
        • Yes
        • Dribbling Pensioner
      • Certifications: List
      • Experience: Familiar
      • OS: Windows 7
      Re: i think my computer has a virus
      « Reply #2 on: August 31, 2009, 01:43:56 PM »
      http://www.computerhope.com/forum/index.php/topic,46313.0.html

      go to above , complete , post the 3 logs here an expert will see them

      do not touch your registry , the things you download kept they are for spyware and malware

      also to keep your pc clean , wait for an expert
      Logged

      876543219

        Topic Starter


        Beginner

        Thanked: 3
        Re: i think my computer has a virus
        « Reply #3 on: September 02, 2009, 07:43:23 AM »
        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 8:24:34 AM, on 9/2/2009
        Platform: Windows XP SP3 (WinNT 5.01.2600)
        MSIE: Internet Explorer v8.00 (8.00.6001.18702)
        Boot mode: Normal

        here's the hijack log

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        C:\Program Files\Bonjour\mDNSResponder.exe
        C:\Program Files\Java\jre6\bin\jqs.exe
        C:\Program Files\Google\Update\GoogleUpdate.exe
        C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\igfxpers.exe
        C:\WINDOWS\system32\hkcmd.exe
        C:\WINDOWS\system32\igfxtray.exe
        C:\WINDOWS\RTHDCPL.EXE
        C:\Program Files\Winamp\winampa.exe
        C:\Program Files\Common Files\Real\Update_OB\realsched.exe
        C:\Program Files\iTunes\iTunesHelper.exe
        C:\Program Files\Messenger\msmsgs.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
        C:\Program Files\iPod\bin\iPodService.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
        C:\Program Files\Avira\AntiVir Desktop\avguard.exe
        C:\Program Files\Avira\AntiVir Desktop\sched.exe
        C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
        C:\Program Files\Avira\AntiVir Desktop\avscan.exe
        C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
        R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
        O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
        O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
        O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
        O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\IPSBHO.DLL
        O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
        O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
        O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
        O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
        O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
        O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
        O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
        O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
        O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
        O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
        O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
        O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
        O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
        O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
        O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
        O4 - HKCU\..\Run: [RegTool] C:\Program Files\RegTool\RegTool.exe -boot
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
        O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
        O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
        O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
        O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
        O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
        O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
        O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
        O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
        O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
        O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
        O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
        O20 - AppInit_DLLs: prio.dll
        O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
        O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
        O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
        O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
        O23 - Service: Google Update Service (gupdate1c9c1374ac7f430) (gupdate1c9c1374ac7f430) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
        O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
        O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
        O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
        O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe

        --
        End of file - 8092 bytes


        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 8:24:34 AM, on 9/2/2009
        Platform: Windows XP SP3 (WinNT 5.01.2600)
        MSIE: Internet Explorer v8.00 (8.00.6001.18702)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        C:\Program Files\Bonjour\mDNSResponder.exe
        C:\Program Files\Java\jre6\bin\jqs.exe
        C:\Program Files\Google\Update\GoogleUpdate.exe
        C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\igfxpers.exe
        C:\WINDOWS\system32\hkcmd.exe
        C:\WINDOWS\system32\igfxtray.exe
        C:\WINDOWS\RTHDCPL.EXE
        C:\Program Files\Winamp\winampa.exe
        C:\Program Files\Common Files\Real\Update_OB\realsched.exe
        C:\Program Files\iTunes\iTunesHelper.exe
        C:\Program Files\Messenger\msmsgs.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
        C:\Program Files\iPod\bin\iPodService.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
        C:\Program Files\Avira\AntiVir Desktop\avguard.exe
        C:\Program Files\Avira\AntiVir Desktop\sched.exe
        C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
        C:\Program Files\Avira\AntiVir Desktop\avscan.exe
        C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
        R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
        O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
        O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
        O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
        O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\IPSBHO.DLL
        O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
        O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
        O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
        O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
        O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
        O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
        O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
        O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
        O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
        O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
        O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
        O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
        O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
        O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
        O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
        O4 - HKCU\..\Run: [RegTool] C:\Program Files\RegTool\RegTool.exe -boot
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
        O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
        O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
        O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
        O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
        O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
        O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
        O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
        O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
        O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
        O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
        O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
        O20 - AppInit_DLLs: prio.dll
        O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
        O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
        O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
        O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
        O23 - Service: Google Update Service (gupdate1c9c1374ac7f430) (gupdate1c9c1374ac7f430) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
        O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
        O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
        O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
        O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe

        --
        End of file - 8092 bytes
        Logged
        Believe half of what you see and none of what you hear                     microsoft windows xp professional  version 2002 service pack 3 celeron 2.80ghz 20gb hardrive 504mb ram

        Karnac



          Specialist

          Thanked: 211
          Re: i think my computer has a virus
          « Reply #4 on: September 02, 2009, 07:49:51 AM »
          Here is the result of your HJT log using the CH process tool.

          http://www.computerhope.com/cgi-bin/process.pl?o=264659

          Follow the directions for cleaning, and run Mbam afterwards.
          Logged


          Never argue with a stupid person, they'll drag you down to their level and beat you with experience.

          harry 48



            Egghead

          • lay back , relax and chill out
            • Thanked: 129
            • Yes
            • Yes
            • Yes
            • Dribbling Pensioner
          • Certifications: List
          • Experience: Familiar
          • OS: Windows 7
          Re: i think my computer has a virus
          « Reply #5 on: September 02, 2009, 12:21:40 PM »
          KARNAC , i hate to disagree with you  :'(  but do you think 876543219 should do the cleaning or wait for an

          expert , i think a few of these are needed for the pc when you read them

          the only thing i would say is , 876543219 has 2 anti-virus in , there should only be 1 in the pc i believe , and

          also Uniblue RegistryBooster , i think this is a bad program and should not mess with the registry

          876543219 , remove 1 of your hjt logs and did you do the other logs
          Logged

          Karnac



            Specialist

            Thanked: 211
            Re: i think my computer has a virus
            « Reply #6 on: September 02, 2009, 01:50:14 PM »
            HARRY48,

            Then don't disagree with me ..... I provide an option for people who have problems and want their computers up and running....If there is a problem with the advice I give, I can be certain one of the Malware experts will be quick to correct me.....The tool is there to be used, and as you can see the past couple of months with Evils' absence it has provided an alternative to those who require help...the majority of people sent there with problems don't return to the forum afterwards.....In a discussion with CBMatt, he advised me that the process tool willl solve the majority of problems, it's just a matter of getting people to use it....therefore I suggest it at any opportunity I can.....the majority of issues are solved and Evil gets a well deserved break. Granted, Uniblue is a less than stellar program and we don't recommend registry cleaners, but I am not a malware expert and other than "Run the 3 scans and use the process tool" you won't find me giving any other instructions contrary to the rules ...... I do however respond to people who PM me when they can't get help in the forum for which they are most grateful, especially when their PC won't respond.

            Logged


            Never argue with a stupid person, they'll drag you down to their level and beat you with experience.

            evilfantasy

            • Malware Removal Specialist
            • Moderator


              • Genius
            • Calm like a bomb
              • Thanked: 493
            • Experience: Experienced
            • OS: Windows 11
            Re: i think my computer has a virus
            « Reply #7 on: September 02, 2009, 01:59:04 PM »
            Quote from: Karnac on September 02, 2009, 01:50:14 PM
            I can be certain one of the Malware experts will be quick to correct me.....

            We don't reply much, not enough time in the day, but I/we read almost all of the topics in this forum.

            Just be careful and don't give advice you don't know how to reverse if something goes wrong.

            @ Karnac - Check your PM's.
            Logged

            harry 48



              Egghead

            • lay back , relax and chill out
              • Thanked: 129
              • Yes
              • Yes
              • Yes
              • Dribbling Pensioner
            • Certifications: List
            • Experience: Familiar
            • OS: Windows 7
            Re: i think my computer has a virus
            « Reply #8 on: September 02, 2009, 02:07:24 PM »
            i have read a lot of hjt logs in the tool  ( trying to learn ) and if the person takes some of them out they are needed by the pc , that is why i might send them there but never tell them to remove them

            and as evil says if they take them out it cannot be reversed

            and as you said , an expert will tell me if i  did wrong
            Logged

            SuperDave

            • Malware Removal Specialist
            • Moderator


              • Genius
              • Thanked: 1020
            • Certifications: List
            • Experience: Expert
            • OS: Windows 10
            Re: i think my computer has a virus
            « Reply #9 on: September 02, 2009, 06:42:25 PM »
            Quote
            and as evil says if they take them out it cannot be reversed.
            That is not what evil said.
            Quote
            Just be careful and don't give advice you don't know how to reverse if something goes wrong.
            If you examine the HJT tool you will see a button for restore. That's why it's so important that the HJT program is installed on the C drive and not in a temp. folder or on the desktop.
            Logged
            Windows 8 and Windows 10 dual boot with two SSD's

            evilfantasy

            • Malware Removal Specialist
            • Moderator


              • Genius
            • Calm like a bomb
              • Thanked: 493
            • Experience: Experienced
            • OS: Windows 11
            Re: i think my computer has a virus
            « Reply #10 on: September 02, 2009, 07:08:38 PM »
            Quote from: SuperDave on September 02, 2009, 06:42:25 PM
            That's why it's so important that the HJT program is installed on the C drive and not in a temp. folder or on the desktop.

            Logged

            876543219

              Topic Starter


              Beginner

              Thanked: 3
              Re: i think my computer has a virus
              « Reply #11 on: September 02, 2009, 08:54:29 PM »
              Here's there malwarebytes log i couldn't figure out how to save the superantispyware log
              it sas 157 infected haven't deleted any of these yet i wanted to hear what you all think if there's some i should save I also ran avira it didn't find any thing also ran ccleaner

              To answer harry i only deleted o3 o6 o6 and 023

              Malwarebytes' Anti-Malware 1.40
              Database version: 2729
              Windows 5.1.2600 Service Pack 3

              9/2/2009 9:48:01 PM
              mbam-log-2009-09-02 (21-47-54).txt

              Scan type: Full Scan (C:\|)
              Objects scanned: 140878
              Time elapsed: 1 hour(s), 20 minute(s), 25 second(s)

              Memory Processes Infected: 0
              Memory Modules Infected: 0
              Registry Keys Infected: 4
              Registry Values Infected: 2
              Registry Data Items Infected: 4
              Folders Infected: 10
              Files Infected: 177

              Memory Processes Infected:
              (No malicious items detected)

              Memory Modules Infected:
              (No malicious items detected)

              Registry Keys Infected:
              HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
              HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> No action taken.
              HKEY_CURRENT_USER\SOFTWARE\RegTool (Rogue.RegTool) -> No action taken.
              HKEY_LOCAL_MACHINE\SOFTWARE\RegTool (Rogue.RegTool) -> No action taken.

              Registry Values Infected:
              HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> No action taken.
              HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RegTool (Rogue.RegTool) -> No action taken.

              Registry Data Items Infected:
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
              HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

              Folders Infected:
              C:\Documents and Settings\Administrator\Application Data\RegTool (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\Logs (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130 (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\Results (Rogue.RegTool) -> No action taken.
              C:\Program Files\Adware Professional (Rogue.AdwarePro) -> No action taken.
              C:\Documents and Settings\Administrator\Local Settings\Application Data\DoubleD (Adware.DoubleD) -> No action taken.
              C:\Documents and Settings\Administrator\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> No action taken.
              C:\Documents and Settings\Administrator\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290 (Adware.DoubleD) -> No action taken.
              C:\Documents and Settings\Administrator\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\bin (Adware.DoubleD) -> No action taken.

              Files Infected:
              C:\Documents and Settings\Administrator\Application Data\RegTool\spy_ignore.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\Logs\2009-06-08 07-18-530.log (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\Logs\2009-06-08 07-19-170.log (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\filelist.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-0.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-1.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-10.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-100.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-101.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-102.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-103.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-104.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-105.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-106.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-107.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-108.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-109.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-11.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-110.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-111.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-112.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-113.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-114.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-115.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-116.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-117.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-118.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-119.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-12.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-120.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-121.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-122.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-123.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-124.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-125.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-126.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-127.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-128.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-129.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-13.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-130.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-131.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-132.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-133.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-134.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-135.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-136.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-137.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-138.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-139.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-14.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-140.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-141.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-142.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-143.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-144.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-145.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-146.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-147.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-148.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-149.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-15.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-150.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-151.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-152.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-153.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-154.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-155.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-156.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-157.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-158.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-159.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-16.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-160.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-161.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-162.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-163.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-164.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-165.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-17.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-18.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-19.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-2.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-20.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-21.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-22.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-23.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-24.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-25.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-26.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-27.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-28.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-29.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-3.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-30.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-31.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-32.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-33.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-34.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-35.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-36.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-37.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-38.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-39.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-4.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-40.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-41.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-42.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-43.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-44.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-45.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-46.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-47.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-48.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-49.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-5.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-50.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-51.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-52.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-53.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-54.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-55.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-56.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-57.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-58.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-59.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-6.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-60.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-61.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-62.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-63.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-64.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-65.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-66.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-67.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-68.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-69.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-7.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-70.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-71.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-72.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-73.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-74.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-75.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-76.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-77.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-78.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-79.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-8.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-80.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-81.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-82.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-83.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-84.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-85.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-86.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-87.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-88.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-89.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-9.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-90.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-91.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-92.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-93.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-94.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-95.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-96.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-97.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-98.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\QuarantineW\2009-06-08 07-23-130\regb-99.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\Results\Evidence.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\Results\Junk.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\Results\Registry.db (Rogue.RegTool) -> No action taken.
              C:\Documents and Settings\Administrator\Application Data\RegTool\Results\Update.db (Rogue.RegTool) -> No action taken.
              C:\Program Files\Adware Professional\noadware4_060709.na (Rogue.AdwarePro) -> No action taken.
              C:\Program Files\Adware Professional\nutilities.dll (Rogue.AdwarePro) -> No action taken.
              C:\Documents and Settings\Administrator\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\bin\stbup.exe (Adware.DoubleD) -> No action taken.
              « Last Edit: September 02, 2009, 09:18:37 PM by 876543219 »
              Logged
              Believe half of what you see and none of what you hear                     microsoft windows xp professional  version 2002 service pack 3 celeron 2.80ghz 20gb hardrive 504mb ram

              evilfantasy

              • Malware Removal Specialist
              • Moderator


                • Genius
              • Calm like a bomb
                • Thanked: 493
              • Experience: Experienced
              • OS: Windows 11
              Re: i think my computer has a virus
              « Reply #12 on: September 02, 2009, 08:57:39 PM »
              Quote
              No action taken.

              You have to let MBAM and SAS fix everything they find.

              Locate the SUPERAntiSpyware log as follows:

              * Click: Preferences
              * Click the Statistics/Logs tab
              * Under Scanner Logs, double-click SUPERAntiSpyware Scan Log
              * The log will open in your default text editor (such as Notepad)
              * Post the SUPERAntiSpyware log in your reply.

              Logged

              876543219

                Topic Starter


                Beginner

                Thanked: 3
                Re: i think my computer has a virus
                « Reply #13 on: September 02, 2009, 10:43:07 PM »
                here is the super spyware log

                And also everytime i open internet explorer is sas internet explorer can't display this webpage but when i click on refresh it Does. I din't think nothing of it at first i seen it every now and then but it does it every time now  it doesn't do this on firefox are google chrome


                I also posted what my control panel shows at the bottum of this post




                SUPERAntiSpyware Scan Log
                http://www.superantispyware.com

                Generated 09/02/2009 at 11:25 PM

                Application Version : 4.27.1002

                Core Rules Database Version : 4040
                Trace Rules Database Version: 1980

                Scan type       : Complete Scan
                Total Scan Time : 01:23:37

                Memory items scanned      : 546
                Memory threats detected   : 0
                Registry items scanned    : 4375
                Registry threats detected : 1
                File items scanned        : 13023
                File threats detected     : 109

                Adware.Tracking Cookie
                   C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
                   C:\Documents and Settings\Administrator\Cookies\administrator@specificclick[3].txt
                   C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[3].txt
                   C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
                   C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[3].txt
                   C:\Documents and Settings\Administrator\Cookies\administrator@advertising[1].txt
                   C:\Documents and Settings\Administrator\Cookies\administrator@zedo[1].txt
                   C:\Documents and Settings\Administrator\Cookies\[email protected][3].txt
                   C:\Documents and Settings\Administrator\Cookies\administrator@tacoda[1].txt
                   C:\Documents and Settings\Administrator\Cookies\administrator@insightexpressai[3].txt
                   C:\Documents and Settings\Administrator\Cookies\administrator@247realmedia[2].txt
                   C:\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txt
                   C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
                   C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
                   C:\Documents and Settings\Administrator\Cookies\administrator@adbrite[2].txt
                   C:\Documents and Settings\Administrator\Cookies\administrator@adecn[1].txt
                   C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
                   C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
                   C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
                   C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
                   C:\Documents and Settings\Administrator\Cookies\administrator@apmebf[1].txt
                   C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt
                   C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
                   C:\Documents and Settings\Administrator\Cookies\administrator@burstbeacon[2].txt
                   C:\Documents and Settings\Administrator\Cookies\administrator@burstnet[1].txt
                   C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
                   C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
                   C:\Documents and Settings\Administrator\Cookies\administrator@collective-media[1].txt
                   C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
                   C:\Documents and Settings\Administrator\Cookies\[email protected][3].txt
                   C:\Documents and Settings\Administrator\Cookies\administrator@crackle[2].txt
                   C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[2].txt
                   C:\Documents and Settings\Administrator\Cookies\administrator@insightexpressai[2].txt
                   C:\Documents and Settings\Administrator\Cookies\administrator@media6degrees[2].txt
                   C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[2].txt
                   C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
                   C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
                   C:\Documents and Settings\Administrator\Cookies\administrator@overture[2].txt
                   C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
                   C:\Documents and Settings\Administrator\Cookies\administrator@portobanner569[1].txt
                   C:\Documents and Settings\Administrator\Cookies\administrator@poweredbanner[1].txt
                   C:\Documents and Settings\Administrator\Cookies\administrator@realmedia[2].txt
                   C:\Documents and Settings\Administrator\Cookies\administrator@revsci[1].txt
                   C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[1].txt
                   C:\Documents and Settings\Administrator\Cookies\administrator@specificclick[1].txt
                   C:\Documents and Settings\Administrator\Cookies\administrator@specificmedia[1].txt
                   C:\Documents and Settings\Administrator\Cookies\administrator@statcounter[2].txt
                   C:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[1].txt
                   C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[1].txt
                   C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
                   C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
                   C:\Documents and Settings\Administrator\Cookies\administrator@zedo[2].txt
                   C:\Documents and Settings\dalton\Cookies\dalton@2o7[2].txt
                   C:\Documents and Settings\dalton\Cookies\[email protected][1].txt
                   C:\Documents and Settings\dalton\Cookies\[email protected][2].txt
                   C:\Documents and Settings\dalton\Cookies\dalton@adbrite[1].txt
                   C:\Documents and Settings\dalton\Cookies\dalton@adlegend[2].txt
                   C:\Documents and Settings\dalton\Cookies\[email protected][1].txt
                   C:\Documents and Settings\dalton\Cookies\[email protected][2].txt
                   C:\Documents and Settings\dalton\Cookies\dalton@advertising[2].txt
                   C:\Documents and Settings\dalton\Cookies\dalton@apmebf[2].txt
                   C:\Documents and Settings\dalton\Cookies\dalton@atdmt[2].txt
                   C:\Documents and Settings\dalton\Cookies\[email protected][1].txt
                   C:\Documents and Settings\dalton\Cookies\[email protected][2].txt
                   C:\Documents and Settings\dalton\Cookies\dalton@doubleclick[1].txt
                   C:\Documents and Settings\dalton\Cookies\[email protected][1].txt
                   C:\Documents and Settings\dalton\Cookies\dalton@fastclick[2].txt
                   C:\Documents and Settings\dalton\Cookies\dalton@imrworldwide[2].txt
                   C:\Documents and Settings\dalton\Cookies\dalton@interclick[2].txt
                   C:\Documents and Settings\dalton\Cookies\[email protected][2].txt
                   C:\Documents and Settings\dalton\Cookies\[email protected][2].txt
                   C:\Documents and Settings\dalton\Cookies\dalton@mediaplex[1].txt
                   C:\Documents and Settings\dalton\Cookies\dalton@overture[2].txt
                   C:\Documents and Settings\dalton\Cookies\dalton@questionmarket[2].txt
                   C:\Documents and Settings\dalton\Cookies\dalton@realmedia[1].txt
                   C:\Documents and Settings\dalton\Cookies\dalton@revsci[1].txt
                   C:\Documents and Settings\dalton\Cookies\[email protected][2].txt
                   C:\Documents and Settings\dalton\Cookies\dalton@serving-sys[2].txt
                   C:\Documents and Settings\dalton\Cookies\dalton@specificclick[1].txt
                   C:\Documents and Settings\dalton\Cookies\dalton@specificmedia[1].txt
                   C:\Documents and Settings\dalton\Cookies\[email protected][1].txt
                   C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
                   C:\Documents and Settings\Guest\Cookies\guest@adbrite[2].txt
                   C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
                   C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
                   C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
                   C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
                   C:\Documents and Settings\Guest\Cookies\guest@advertising[1].txt
                   C:\Documents and Settings\Guest\Cookies\guest@apmebf[2].txt
                   C:\Documents and Settings\Guest\Cookies\guest@atdmt[2].txt
                   C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
                   C:\Documents and Settings\Guest\Cookies\guest@casalemedia[1].txt
                   C:\Documents and Settings\Guest\Cookies\guest@chitika[1].txt
                   C:\Documents and Settings\Guest\Cookies\guest@collective-media[1].txt
                   C:\Documents and Settings\Guest\Cookies\guest@doubleclick[2].txt
                   C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
                   C:\Documents and Settings\Guest\Cookies\guest@imrworldwide[2].txt
                   C:\Documents and Settings\Guest\Cookies\guest@intermundomedia[2].txt
                   C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
                   C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
                   C:\Documents and Settings\Guest\Cookies\guest@realmedia[1].txt
                   C:\Documents and Settings\Guest\Cookies\guest@revsci[1].txt
                   C:\Documents and Settings\Guest\Cookies\guest@serving-sys[2].txt
                   C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

                Adware.MyWebSearch/FunWebProducts
                   HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}

                Adware.DoubleD
                   C:\Documents and Settings\Administrator\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\bin\stbup.exe
                   C:\Documents and Settings\Administrator\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\bin
                   C:\Documents and Settings\Administrator\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290
                   C:\Documents and Settings\Administrator\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar
                   C:\Documents and Settings\Administrator\Local Settings\Application Data\DoubleD


                [attachment deleted by admin]
                « Last Edit: September 03, 2009, 12:16:01 AM by 876543219 »
                Logged
                Believe half of what you see and none of what you hear                     microsoft windows xp professional  version 2002 service pack 3 celeron 2.80ghz 20gb hardrive 504mb ram

                evilfantasy

                • Malware Removal Specialist
                • Moderator


                  • Genius
                • Calm like a bomb
                  • Thanked: 493
                • Experience: Experienced
                • OS: Windows 11
                Re: i think my computer has a virus
                « Reply #14 on: September 02, 2009, 11:32:59 PM »
                If you already have ComboFix be sure to delete it and download a new copy.

                Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

                Link #1
                Link #2

                **Note:  It is important that it is saved directly to your Desktop

                Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

                Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
                 
                Double click combofix.exe & follow the prompts.
                Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)
                When finished ComboFix will produce a log for you.
                Post the ComboFix log in your next reply.

                Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

                Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

                If you have problems with ComboFix usage, see How to use ComboFix
                Logged
                Pages: [1] 2 3  All   Go Up
                « previous next »