WiredWX Hobby Weather ToolsLog in

 


System Security Virus

3 posters

descriptionSystem Security Virus EmptySystem Security Virus

more_horiz
I recently acquired the System Security Virus. After attempting to open Norton and failing, I got on my friends Mac and downloaded the Malwarebytes tool, put it on a flashdrive, installed it in my computer, scanned, and deleted the suspicious entries it reported. When I restarted, the virus seemed to have gone away. However, when I opened my web browser it was much slower than usual, and whenever I clicked a link in google it sent me to ad websites. I then downloaded ad aware and ran a scan, but it only found a few cookies. As I was reading the ad aware report, the system security virus popped up again. I could still open Malwarebytes so I ran another scan. It found upward of 20 entries, so I deleted those and restarted my computer. However, upon restarting, Norton continuously popped up reports that I was being attacked, and the type was HTTP Malicious PDF. I disabled my wireless and got on my friends Mac. I then went to your website and followed your instructions for the HijackThis program. Here is my log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:51:29 PM, on 7/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
F:\winlogon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ControlInstaller Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9326 bytes

Please help me! I don't know what else to do!

descriptionSystem Security Virus EmptyRe: System Security Virus

more_horiz
Hello tkdgrl513,

Welcome to Geek Police, my name is Origin and I will be helping you today. Please keep the following in mind:

  • If you do not get a reply from me or another helper within 2 days, please reply to your topic with the phrase BUMP
  • If you have any cracked/pirated software in your computer delete them or we will not help you.
  • Only follow advise from Geek Police Staff and not a regular member.
  • Do NOT run any tool without Geek Police supervision as it could hinder your system useless.


  • Open HijackThis.
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe



  • Press "Fix Checked"
  • Close Hijack This.


  • Download combofix from here
    Link 1
    Link 2
1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:

System Security Virus CF_download_FF

System Security Virus CF_download_rename

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.

descriptionSystem Security Virus EmptyRe: System Security Virus

more_horiz
As I was attempting to turn off Norton, my task manager popped up and informed me that Norton was not responding and that it had to end it. I tried to open Norton again but it wouldn't work. Then I tried to open combo fix and a notification popped up saying that this combo-fix had been compromised by a virus patch "virut" and gave me directions to download from your website again. I am currently doing so and hopefully will be able to post the file soon.

descriptionSystem Security Virus EmptyRe: System Security Virus

more_horiz
I downloaded combofix a second time and attempted to open it. It gave me the same error message, saying that it had been compromised by a virus patch "virut". I still cannot open Norton. However, a Norton "one click fix" pop up came up. I did not do anything it told me to and closed it. I attempted to get back on my web browser in order to post what happened, but it was extremely slow, and I could not access your website because it was still loading. I am currently on my friends Mac and using his internet to post this.

descriptionSystem Security Virus EmptyRe: System Security Virus

more_horiz
Do not use Combofix, Virut maybe present.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    Link 1
    Link 2
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.

descriptionSystem Security Virus EmptyRe: System Security Virus

more_horiz
Thank you. Norton has reappeared since my last post, but I haven't tried disabling it again because I'm afraid that whatever is attacking my computer will get in if I disable it. Also, Ad-Watch Live continues to inform me that it has blocked the process vrt10.tmp and that this process has been identified as Win32.Trojan.inject. Here is the dds log.

descriptionSystem Security Virus EmptyRe: System Security Virus

more_horiz
Apparently posting it all at once is too big, so I'll divide it into two posts.

DDS (Ver_09-06-26.01) - FAT32x86
Run by Shanna Hayes at 22:47:42.46 on Sat 07/25/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.435 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
SVCHOST.EXE
SVCHOST.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
SVCHOST.EXE
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Shanna Hayes\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://global.acer.com
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.0.0.135\coIEPlg.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
mRun: [LaunchApp] Alaunch
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
mRun: [SiS Windows KeyHook] c:\windows\system32\keyhook.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [PCMService] "c:\program files\arcade\PCMService.exe"
mRun: [LManager] c:\program files\launch manager\QtZgAcer.EXE
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\Monitor.exe
mRun: [WorksFUD] c:\program files\microsoft works\wkfud.exe
mRun: [Microsoft Works Portfolio] c:\program files\microsoft works\WksSb.exe /AllUsers
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [Lexmark 5200 series] "c:\program files\lexmark 5200 series\lxbtbmgr.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [LXBTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXBTtime.dll,_RunDLLEntry@16
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\utilit~1.lnk - c:\windows\system32\sistray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\common files\microsoft shared\works shared\wkcalrem.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/games/popcaploader_v6.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.0.0.135\CoIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\shanna~1\applic~1\mozilla\firefox\profiles\kqxhhf63.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-22 64160]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0300000.087\SymEFA.sys [2009-5-5 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0300000.087\BHDrvx86.sys [2009-5-5 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0300000.087\cchpx86.sys [2009-5-5 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090715.003\IDSXpx86.sys [2009-7-18 276344]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]
R2 N360;Norton 360;c:\program files\norton 360\engine\3.0.0.135\ccSvcHst.exe [2009-5-5 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-7-22 101936]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090722.035\NAVENG.SYS [2009-7-23 87888]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090722.035\NAVEX15.SYS [2009-7-23 875728]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2006-7-26 16512]
S3 MusCDriverV32;MusCDriverV32;c:\windows\system32\drivers\MusCDriverV32.sys [2007-12-16 513152]
S3 MusCVideo32;MusCVideo32;c:\windows\system32\drivers\MusCVideo32.sys [2007-12-16 3768]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-12 45132]

descriptionSystem Security Virus EmptyRe: System Security Virus

more_horiz
============== File Associations ===============

scrfile="%1" %*

=============== Created Last 30 ================

2009-07-25 17:03 0 a------- c:\windows\system32\B.tmp
2009-07-25 16:49 0 a------- c:\windows\system32\A.tmp
2009-07-24 15:24 0 a------- c:\windows\system32\9.tmp
2009-07-24 07:39 0 a------- c:\windows\system32\D.tmp
2009-07-24 07:38 0 a------- c:\windows\system32\8.tmp
2009-07-23 19:10 0 a------- c:\windows\system32\6.tmp
2009-07-23 18:04 3,989,821 a------- c:\windows\pfirewall.log.old
2009-07-23 17:14 0 a------- c:\windows\system32\7.tmp
2009-07-23 17:13 0 a------- c:\windows\system32\4.tmp
2009-07-23 17:06 0 a------- c:\windows\system32\2.tmp
2009-07-23 12:39 0 a------- c:\windows\system32\3.tmp
2009-07-23 12:16 0 a------- c:\windows\system32\5.tmp
2009-07-23 10:43 --d----- c:\docume~1\alluse~1\applic~1\19539214
2009-07-22 23:22 15,688 a------- c:\windows\system32\lsdelete.exe
2009-07-22 22:26 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-07-22 22:25 --d-h--- c:\docume~1\alluse~1\applic~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-22 22:24 --d----- c:\program files\Lavasoft
2009-07-22 13:26 --d----- c:\program files\Norton Support
2009-07-22 13:04 --d----- c:\docume~1\shanna~1\applic~1\Malwarebytes
2009-07-22 13:04 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-22 13:04 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-22 13:04 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-22 13:04 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-21 21:37 0 a------- C:\839718926
2009-07-21 21:37 149,169 a------- c:\docume~1\shanna~1\applic~1\hiyop.exe
2009-07-21 18:30 --dsh--- C:\FOUND.126
2009-07-20 18:45 --dsh--- C:\FOUND.125
2009-07-20 18:13 --dsh--- C:\FOUND.124
2009-07-20 17:12 --d----- c:\program files\iPod
2009-07-20 17:10 --d----- c:\program files\iTunes
2009-07-18 21:48 --dsh--- C:\FOUND.123
2009-07-18 18:19 --dsh--- C:\FOUND.122
2009-07-12 22:59 --dsh--- C:\FOUND.121
2009-07-09 17:20 --dsh--- C:\FOUND.120
2009-07-07 18:25 --dsh--- C:\FOUND.119
2009-07-07 11:48 --dsh--- C:\FOUND.118
2009-07-05 22:26 --dsh--- C:\FOUND.117
2009-07-05 12:22 664 a------- c:\windows\system32\d3d9caps.dat
2009-07-04 14:31 --dsh--- C:\FOUND.116
2009-07-04 14:16 --d----- c:\docume~1\shanna~1\applic~1\avidemux
2009-07-04 14:15 --d----- c:\program files\Avidemux 2.5
2009-07-02 18:44 --dsh--- C:\FOUND.115
2009-06-30 18:22 --dsh--- C:\FOUND.114
2009-06-30 10:10 --dsh--- C:\FOUND.113
2009-06-30 08:23 --dsh--- C:\FOUND.112
2009-06-29 13:55 --d----- c:\docume~1\shanna~1\applic~1\MoveFab
2009-06-29 11:06 --dsh--- C:\FOUND.111
2009-06-29 10:55 --dsh--- C:\FOUND.110
2009-06-28 21:36 --dsh--- C:\FOUND.109
2009-06-28 18:26 --dsh--- C:\FOUND.108
2009-06-28 10:08 --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-28 10:06 --d----- c:\program files\Bonjour
2009-06-28 10:04 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-06-27 19:21 --d----- c:\program files\DVDFab 6
2009-06-27 18:00 24 a--sh--- c:\windows\BEBC49F72A6857F9
2009-06-27 17:54 --d----- c:\program files\SlySoft

==================== Find3M ====================

2009-07-25 16:48 102,400 a------- c:\windows\DUMP85d9.tmp
2009-07-22 18:17 102,400 a------- c:\windows\DUMP7f13.tmp
2009-06-24 03:35 4,704 a------- c:\windows\system32\PerfStringBackup.TMP
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 10:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 10:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-11 16:33 104,512 a------- c:\windows\system32\drivers\AnyDVD.sys
2009-06-05 11:42 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-03 15:09 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll
2009-05-25 08:01 89,256 a------- c:\windows\system32\ElbyCDIO.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 11:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-05-05 20:19 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-04-29 00:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 00:56 44,544 a------- c:\windows\system32\dllcache\pngfilt.dll
2009-04-29 00:56 1,159,680 -------- c:\windows\system32\dllcache\urlmon.dll
2009-04-29 00:56 827,392 -------- c:\windows\system32\dllcache\wininet.dll
2009-04-29 00:56 671,232 -------- c:\windows\system32\dllcache\mstime.dll
2009-04-29 00:56 233,472 -------- c:\windows\system32\dllcache\webcheck.dll
2009-04-29 00:56 105,984 -------- c:\windows\system32\dllcache\url.dll
2009-04-29 00:56 102,912 -------- c:\windows\system32\dllcache\occache.dll
2009-04-29 00:56 3,596,288 -------- c:\windows\system32\dllcache\mshtml.dll
2009-04-29 00:56 477,696 -------- c:\windows\system32\dllcache\mshtmled.dll
2009-04-29 00:56 193,024 -------- c:\windows\system32\dllcache\msrating.dll
2009-04-28 05:05 91,136 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-28 05:05 34,304 -------- c:\windows\system32\dllcache\ieudinit.exe
2006-08-18 15:16 13 a--sh--- c:\windows\CNSYSDLG.SYS
2007-01-18 12:03 104 ---shr-- c:\windows\system32\A7A2ADFD41.sys
2007-01-18 12:03 3,766 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-09-23 03:08 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092320080924\index.dat

============= FINISH: 22:49:49.79 ========

descriptionSystem Security Virus EmptyRe: System Security Virus

more_horiz
Hello.

Please download the OTMoveIt by OldTimer.

  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :files
    c:\windows\system32\B.tmp
    c:\windows\system32\A.tmp
    c:\windows\system32\9.tmp
    c:\windows\system32\D.tmp
    c:\windows\system32\8.tmp
    c:\windows\system32\6.tmp
    c:\windows\system32\7.tmp
    c:\windows\system32\4.tmp
    c:\windows\system32\2.tmp
    c:\windows\system32\3.tmp
    c:\windows\system32\5.tmp
    c:\docume~1\alluse~1\applic~1\19539214
    C:\839718926
    c:\docume~1\shanna~1\applic~1\hiyop.exe
    C:\FOUND.***
    c:\windows\DUMP*.tmp


  • Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

descriptionSystem Security Virus EmptyRe: System Security Virus

more_horiz
Here is the OTMoveIt log. I hope all of those errors don't mean anything bad.

Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!

OTM by OldTimer - Version 3.0.0.5 log created on 07262009_194344

descriptionSystem Security Virus EmptyRe: System Security Virus

more_horiz
Hello.
The error are because you didn't include :files in the script.


:files
c:\windows\system32\B.tmp
c:\windows\system32\A.tmp
c:\windows\system32\9.tmp
c:\windows\system32\D.tmp
c:\windows\system32\8.tmp
c:\windows\system32\6.tmp
c:\windows\system32\7.tmp
c:\windows\system32\4.tmp
c:\windows\system32\2.tmp
c:\windows\system32\3.tmp
c:\windows\system32\5.tmp
c:\docume~1\alluse~1\applic~1\19539214
C:\839718926
c:\docume~1\shanna~1\applic~1\hiyop.exe
C:\FOUND.***
c:\windows\DUMP*.tmp

descriptionSystem Security Virus EmptyRe: System Security Virus

more_horiz
I apologize for that error. Here is the correct log.

========== FILES ==========
c:\windows\system32\B.tmp moved successfully.
c:\windows\system32\A.tmp moved successfully.
c:\windows\system32\9.tmp moved successfully.
c:\windows\system32\D.tmp moved successfully.
c:\windows\system32\8.tmp moved successfully.
c:\windows\system32\6.tmp moved successfully.
c:\windows\system32\7.tmp moved successfully.
c:\windows\system32\4.tmp moved successfully.
c:\windows\system32\2.tmp moved successfully.
c:\windows\system32\3.tmp moved successfully.
c:\windows\system32\5.tmp moved successfully.
c:\docume~1\alluse~1\applic~1\19539214 moved successfully.
C:\839718926 moved successfully.
c:\docume~1\shanna~1\applic~1\hiyop.exe moved successfully.
C:\FOUND.000 moved successfully.
C:\FOUND.001 moved successfully.
C:\FOUND.002 moved successfully.
C:\FOUND.003 moved successfully.
C:\FOUND.004 moved successfully.
C:\FOUND.005 moved successfully.
C:\FOUND.006 moved successfully.
C:\FOUND.007 moved successfully.
C:\FOUND.008 moved successfully.
C:\FOUND.009 moved successfully.
C:\FOUND.010 moved successfully.
C:\FOUND.011 moved successfully.
C:\FOUND.012 moved successfully.
C:\FOUND.013 moved successfully.
C:\FOUND.014 moved successfully.
C:\FOUND.015 moved successfully.
C:\FOUND.016 moved successfully.
C:\FOUND.017 moved successfully.
C:\FOUND.018 moved successfully.
C:\FOUND.019 moved successfully.
C:\FOUND.020 moved successfully.
C:\FOUND.021 moved successfully.
C:\FOUND.022 moved successfully.
C:\FOUND.023 moved successfully.
C:\FOUND.024 moved successfully.
C:\FOUND.025 moved successfully.
C:\FOUND.026 moved successfully.
C:\FOUND.027 moved successfully.
C:\FOUND.028 moved successfully.
C:\FOUND.029 moved successfully.
C:\FOUND.030 moved successfully.
C:\FOUND.031 moved successfully.
C:\FOUND.032 moved successfully.
C:\FOUND.033 moved successfully.
C:\FOUND.034 moved successfully.
C:\FOUND.035 moved successfully.
C:\FOUND.036 moved successfully.
C:\FOUND.037 moved successfully.
C:\FOUND.038 moved successfully.
C:\FOUND.039 moved successfully.
C:\FOUND.040 moved successfully.
C:\FOUND.041 moved successfully.
C:\FOUND.042 moved successfully.
C:\FOUND.043 moved successfully.
C:\FOUND.044 moved successfully.
C:\FOUND.045 moved successfully.
C:\FOUND.046 moved successfully.
C:\FOUND.047 moved successfully.
C:\FOUND.048 moved successfully.
C:\FOUND.049 moved successfully.
C:\FOUND.050 moved successfully.
C:\FOUND.051 moved successfully.
C:\FOUND.052 moved successfully.
C:\FOUND.053 moved successfully.
C:\FOUND.054 moved successfully.
C:\FOUND.055 moved successfully.
C:\FOUND.056 moved successfully.
C:\FOUND.057 moved successfully.
C:\FOUND.058 moved successfully.
C:\FOUND.059 moved successfully.
C:\FOUND.060 moved successfully.
C:\FOUND.061 moved successfully.
C:\FOUND.062 moved successfully.
C:\FOUND.063 moved successfully.
C:\FOUND.064 moved successfully.
C:\FOUND.065 moved successfully.
C:\FOUND.066 moved successfully.
C:\FOUND.067 moved successfully.
C:\FOUND.068 moved successfully.
C:\FOUND.069 moved successfully.
C:\FOUND.070 moved successfully.
C:\FOUND.071 moved successfully.
C:\FOUND.072 moved successfully.
C:\FOUND.073 moved successfully.
C:\FOUND.074 moved successfully.
C:\FOUND.075 moved successfully.
C:\FOUND.076 moved successfully.
C:\FOUND.077 moved successfully.
C:\FOUND.078 moved successfully.
C:\FOUND.079 moved successfully.
C:\FOUND.080 moved successfully.
C:\FOUND.081 moved successfully.
C:\FOUND.082 moved successfully.
C:\FOUND.083 moved successfully.
C:\FOUND.084 moved successfully.
C:\FOUND.085 moved successfully.
C:\FOUND.086 moved successfully.
C:\FOUND.087 moved successfully.
C:\FOUND.088 moved successfully.
C:\FOUND.089 moved successfully.
C:\FOUND.090 moved successfully.
C:\FOUND.091 moved successfully.
C:\FOUND.092 moved successfully.
C:\FOUND.093 moved successfully.
C:\FOUND.094 moved successfully.
C:\FOUND.095 moved successfully.
C:\FOUND.096 moved successfully.
C:\FOUND.097 moved successfully.
C:\FOUND.098 moved successfully.
C:\FOUND.099 moved successfully.
C:\FOUND.100 moved successfully.
C:\FOUND.101 moved successfully.
C:\FOUND.102 moved successfully.
C:\FOUND.103 moved successfully.
C:\FOUND.104 moved successfully.
C:\FOUND.105 moved successfully.
C:\FOUND.106 moved successfully.
C:\FOUND.107 moved successfully.
C:\FOUND.108 moved successfully.
C:\FOUND.109 moved successfully.
C:\FOUND.110 moved successfully.
C:\FOUND.111 moved successfully.
C:\FOUND.112 moved successfully.
C:\FOUND.113 moved successfully.
C:\FOUND.114 moved successfully.
C:\FOUND.115 moved successfully.
C:\FOUND.116 moved successfully.
C:\FOUND.117 moved successfully.
C:\FOUND.118 moved successfully.
C:\FOUND.119 moved successfully.
C:\FOUND.120 moved successfully.
C:\FOUND.121 moved successfully.
C:\FOUND.122 moved successfully.
C:\FOUND.123 moved successfully.
C:\FOUND.124 moved successfully.
C:\FOUND.125 moved successfully.
C:\FOUND.126 moved successfully.
c:\windows\DUMP7f13.tmp moved successfully.
c:\windows\DUMP85d9.tmp moved successfully.

OTM by OldTimer - Version 3.0.0.5 log created on 07272009_213425

descriptionSystem Security Virus EmptyRe: System Security Virus

more_horiz
We can remove OTMoveIt now.

  • Please double-click OTM.exe to run it again.
  • Press the green CleanUp! button.
  • Press Yes cleanup process prompt, do the same for the reboot prompt.
How is the machine running now?

descriptionSystem Security Virus EmptyRe: System Security Virus

more_horiz
Well, my web browser loaded much slower than normal, and Norton continues to pop up alerts that I'm being attacked. I attempted to access your site by google and I was re-directed to various ad websites. I think I'm going to take my machine in to a tech support facility at my campus. I sincerely appreciate your help though. I understand how busy you must be.

descriptionSystem Security Virus EmptyRe: System Security Virus

more_horiz
I didn't say I couldn't fix it. Wink

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

descriptionSystem Security Virus EmptyRe: System Security Virus

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum