Not sure of what Virus I have but I cannot browse internet

I have Avast anti virus, malware and spyware but got something I didn't want! I had a pop up window on my desk top saying I may be infected and all my icons were outlined in red. I ran all the scans from the above three protectors and the pop up windows and the red outline went away, BUT, cannot get any pages on the internet. I call my local provider and we went thru all the test and check marks and then they gave me someone that said they could remove my virus for $79.95. I have been digging on the internet from work and then going home and trying, but can't get anywhere. I do see where others are being told to restart computer in safe mode, IF i can do this...then what? Thank you soooo much in advance.

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix when you've accomplished that.

I was unable to start my computer in safe mode. I reset it back to Jan 1 when I know it was ok. I was able to get on the internet at this point. I went ahead and download AVG and Zone?.... I figure the virus is still there, so what should I do? Should I go ahead and do what you wanted me to do if I had gotten into the safe mode?

Thanks.

Go ahead and do ComboFix.

I did the combofix BUT when it was trying to make a Report at the end...it never did. I had the little hour glas for over an hour and I couldn't do anything. I finally had to manually shut down my computer. Sorry...

Now what? Leave you alone?

Please download the Kaspersky AVP Tool from Kaspersky-labs.com.

• Save it to your desktop.
  
• Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).
  
• Double click the setup file to run it.
  
• Click Next to continue.
  
• It will by default install it to your desktop folder.Click Next.
  
• Hit ok at the prompt for scanning in Safe Mode.
  
• It will then open a box There will be a tab that says Automatic scan.
  
• Under Automatic scan make sure these are checked:
  
  
  • System Memory
    
  • Startup Objects
    
  • Disk Boot Sectors.
    
  • My Computer.
    
  • Also any other drives (Removable that you may have)

After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

• Then click on Scan at the to right hand Corner.
  
• It will automatically Neutralize any objects found.
  
• If some objects are left un-neutralized then click the button that says Neutralize all
  
• If it says it cannot be Neutralized then chooose The delete option when prompted.
  
• After that is done click on the reports button at the bottom and save it to file name it Kas.
  
• Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

I will try this tonight when I get home. I could get my computer to say Safe Mode in blue at the bottom, but then I would have two more options...
Windows XP home edition or Windows Recovery ?... When I highlighted one of them and hit enter...there would be a bunch of stuff scroll, quickly and then it would open to normal setting. I will look for the set up file...i must have missed it. Thank you.

DragonMaster Jay, I didn't realize how computer ignorant I am and I am sooo sorry. I went on the Kaspersky website but can't find what I am suppose to download. Can you give me more detail?

I am on the verge of giving up, cause I feel REALLY stupid!

This link should have gave you the download automatically: http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/

Here is the log. I ended up having to run it 2 times. The first time the everything deleted while I was trying to save the report, anyway here it is. Thank you.

Could you also recommend the best (free) protection I should get for my computer.....

Thanks a billion.


Autoscan: completed <1 minute ago (events: 10, objects: 368155, time: 08:50:25)
1/30/2010 5:39:00 AM Task started
1/30/2010 11:58:44 AM Detected: not-a-virus:AdWare.Win32.SearchIt.t C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP290\A0073768.EXE/WiseSFXDropper/WISE0015.BIN
1/30/2010 11:58:44 AM Untreated: not-a-virus:AdWare.Win32.SearchIt.t C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP290\A0073768.EXE/WiseSFXDropper/WISE0015.BIN Postponed
1/30/2010 1:42:01 PM Detected: not-a-virus:AdWare.Win32.MyWay.j D:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP290\A0073769.exe/WiseSFXDropper/WISE0016.BIN
1/30/2010 1:42:02 PM Untreated: not-a-virus:AdWare.Win32.MyWay.j D:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP290\A0073769.exe/WiseSFXDropper/WISE0016.BIN Postponed
1/30/2010 1:42:12 PM Detected: not-a-virus:AdWare.Win32.SearchIt.t C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP290\A0073768.EXE/WiseSFXDropper/WISE0015.BIN
1/30/2010 2:29:19 PM Deleted: not-a-virus:AdWare.Win32.SearchIt.t C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP290\A0073768.EXE
1/30/2010 2:29:24 PM Detected: not-a-virus:AdWare.Win32.MyWay.j D:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP290\A0073769.exe/WiseSFXDropper/WISE0016.BIN
1/30/2010 2:29:26 PM Deleted: not-a-virus:AdWare.Win32.MyWay.j D:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP290\A0073769.exe
1/30/2010 2:29:26 PM Task completed

After your computer is clean, I will recommend protection.

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

Here is the log from the above scan.

Did I get the virus from the songs I downloaded.


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.16981 (vista_gdr.091215-2244)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=c0447ccf0ec19f4bb267f6b0fe3fab4e
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2010-01-31 10:23:47
# local_time=2010-01-31 02:23:47 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=769 16775125 100 97 0 200335814 1812274 0
# compatibility_mode=1024 16777175 100 0 339238 339238 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=9217 16777214 75 70 336310 5954014 0 0
# scanned=169243
# found=8
# cleaned=8
# scan_time=7605
C:\Documents and Settings\Compaq_Owner\Shared\i saw mommy kissing.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 0D60CB31BEDB410C4C3D1FC5E79CC2CC C
C:\Documents and Settings\Compaq_Owner\Shared\jingle bells.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) C178AA76410D1C863D3BF90F36171C95 C
C:\Documents and Settings\Compaq_Owner\Shared\mistletoe kiss peggi speers.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 6BC871619148D844C4F13D9F37F3CCBF C
C:\Documents and Settings\Compaq_Owner\Shared\mistletoe kiss.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) AC195824F930B7D152884710ABC85387 C
C:\Documents and Settings\Compaq_Owner\Shared\The Ronettes - I saw mommy kissing Santa.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 8CF02A6648D11E873DD1606D5BC885A2 C
C:\Documents and Settings\Compaq_Owner\Shared\Toby Keith - Blame It On The Mistletoe.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) EBBD881DB03BD57F1D84F02A995726F8 C
C:\Documents and Settings\Compaq_Owner\Shared\where are you christmas.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) F4EE7935F70A5B042126B921708E8891 C
C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL Win32/Toolbar.AskSBar application (cleaned by deleting - quarantined) 2F19F535F88BEE3AF522BD28478C019E C

Please download CKScanner by askey127 from here

Save it to your desktop.

• Doubleclick CKScanner.exe and click Search For Files.
  
• After a very short time, when the cursor hourglass disappears, click Save List To File.
  
• A message box will verify that the file is saved.
  
• Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
  

==

Please download Cheetah-Anti-Rogue, and save to your Desktop.

• Double-click on Cheetah-Anti-Rogue.zip, and extract the file to your Desktop.
  
• Double-click on Cheetah-Anti-Rogue.cmd to start.
  
• It will finish quickly and launch a log.
  
• Post the contents of it in your next reply.

I will do this tonight after I get home from work.

Thank you.

ok