i got back from europe and my computer has this message with killvbs.vbs script that pops up when it is turned on. i was told that formating would help, but i have a ton of pictures from germany i don't want to lose. i don't have really any experience on how to fix a computer.
Hi Shisha20 Even though the Killvbs malware is one of the tough ones to get rid of, fomatting is definitely not necessary or in any way will help. Please note that formatting is only a last resort to get a computer clean of the toughest malware. Here, please do the following in order: Download both Superantispyware Free and Combofix. With Combofix, at the download window, please rename it to Combo-fix before downloading it. Install Superantispyware Free and update it fully. Next, boot your computer into safe mode which you can do by repeatedly typing the F8 key after you press the power button. Scan your computer with Superantispyware. Quarantine all detected items, and post the scan log here. After that, right click on the Superantispyware icon in your task bar, and click on Exit. Please run Combofix and follow the prompts. Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later. Do not click on the Comobofix window, as it may cause it to stall. If it asks for a reboot, do it. Post the log, which is located at C:\ComboFix.txt, here. Now, boot back into normal mode and download HijackThis. Run a system scan, and post a log here without fixing anything. Best Regards
um...had a little problem with the superanti thing in that i couldnot copy down anything that it had found, but all the things in the quarantine say the same thing, there are about 160 of them. C:\Documents and Settings\Gallafray\Application Data\Mozilla\Firefox\Profiles\25hvy5xt.default/cookies.txt and here is the Combo fix: ComboFix 08-07-31.06 - Gallafray 2008-08-01 12:49:24.1 - NTFSx86 MINIMAL Running from: C:\Documents and Settings\Gallafray\Desktop\Combo-fix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Gallafray\Application Data\macromedia\Flash Player\#SharedObjects\8XY9F5M5\interclick.com C:\Documents and Settings\Gallafray\Application Data\macromedia\Flash Player\#SharedObjects\8XY9F5M5\interclick.com\ud.sol C:\Documents and Settings\Gallafray\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com C:\Documents and Settings\Gallafray\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol . ((((((((((((((((((((((((( Files Created from 2008-07-01 to 2008-08-01 ))))))))))))))))))))))))))))))) . 2008-08-01 10:56 . 2008-08-01 10:56 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-08-01 10:56 . 2008-08-01 10:56 <DIR> d-------- C:\Documents and Settings\Gallafray\Application Data\SUPERAntiSpyware.com 2008-08-01 10:56 . 2008-08-01 10:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-08-01 10:55 . 2008-08-01 10:55 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-08-01 02:38 . 2008-08-01 11:12 462,344 --a------ C:\WINDOWS\system32\PerfStringBackup.INI 2008-08-01 02:36 . 2008-08-01 02:36 3,268 --a------ C:\WINDOWS\system32\tmp.reg 2008-08-01 02:29 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-08-01 02:29 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-08-01 02:29 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-08-01 02:29 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe 2008-08-01 02:29 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe 2008-08-01 02:29 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-08-01 02:29 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-08-01 02:29 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-07-31 23:40 . 2008-07-31 23:40 <DIR> d-------- C:\Program Files\Trend Micro 2008-07-28 07:08 . 2008-08-01 03:09 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-07-28 01:52 . 2008-07-28 01:52 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys 2008-07-28 01:52 . 2008-07-28 01:52 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll 2008-07-28 01:51 . 2008-08-01 10:47 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg 2008-07-28 01:51 . 2008-07-28 01:51 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-07-28 01:41 . 2008-07-28 01:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8 2008-07-26 18:09 . 2008-07-26 18:09 <DIR> d-------- C:\Program Files\iPod 2008-07-26 18:08 . 2008-07-26 18:10 <DIR> d-------- C:\Program Files\iTunes 2008-07-26 18:03 . 2008-07-26 18:05 <DIR> d-------- C:\Program Files\QuickTime 2008-07-25 12:28 . 2008-07-25 12:28 <DIR> d-------- C:\Program Files\Apple Software Update 2008-07-20 15:41 . 2008-07-31 21:07 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment 2008-07-11 21:20 . 2008-07-25 19:18 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-07-11 21:20 . 2008-07-11 21:20 1,409 --a------ C:\WINDOWS\QTFont.for 2008-07-11 14:23 . 2008-07-11 14:23 <DIR> d-------- C:\Program Files\AVG . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-01 14:46 --------- d-----w C:\Documents and Settings\Gallafray\Application Data\OpenOffice.org2 2008-07-28 20:46 --------- d-----w C:\Documents and Settings\Gallafray\Application Data\LimeWire 2008-07-28 20:27 --------- d-----w C:\Program Files\Incomplete 2008-07-28 20:25 --------- d-----w C:\Program Files\LimeWire 2008-07-20 19:25 --------- d-----w C:\Program Files\Common Files\AOL 2008-07-20 19:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL 2008-07-20 19:23 --------- d-----w C:\Documents and Settings\Gallafray\Application Data\uTorrent 2008-07-20 18:49 --------- d-----w C:\Program Files\The Rosetta Stone 2008-07-19 05:48 --------- d-----w C:\Program Files\Java 2008-07-12 01:34 --------- d-----w C:\Program Files\Dell 2008-07-09 01:36 --------- d-----w C:\Documents and Settings\Gallafray\Application Data\Move Networks 2008-06-24 12:28 --------- d-----w C:\Program Files\InterActual 2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll 2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll 2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll 2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll 2008-05-09 03:51 601,303 ----a-w C:\WINDOWS\doctor_who.exe 2008-05-09 03:51 365,024 ----a-w C:\WINDOWS\doctor_who.scr 2008-05-09 03:51 29,696 ----a-w C:\WINDOWS\mickey32.dll 2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe 2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe 2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll . ------- Sigcheck ------- 2004-08-04 06:00 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe 2008-04-13 20:12 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 C:\WINDOWS\ServicePackFiles\i386\svchost.exe 2008-04-13 20:12 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 C:\WINDOWS\system32\svchost.exe 2005-03-02 14:19 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll 2007-03-08 11:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll 2007-03-08 11:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\$NtServicePackUninstall$\user32.dll 2004-08-04 06:00 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\$NtUninstallKB890859$\user32.dll 2005-03-02 14:09 577024 de2db164bbb35db061af0997e4499054 C:\WINDOWS\$NtUninstallKB925902$\user32.dll 2008-04-13 20:12 578560 b26b135ff1b9f60c9388b4a7d16f600b C:\WINDOWS\ServicePackFiles\i386\user32.dll 2008-04-13 20:12 578560 b26b135ff1b9f60c9388b4a7d16f600b C:\WINDOWS\system32\user32.dll 2004-08-04 06:00 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll 2008-04-13 20:12 82432 2ccc474eb85ceaa3e1fa1726580a3e5a C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll 2008-04-13 20:12 82432 2ccc474eb85ceaa3e1fa1726580a3e5a C:\WINDOWS\system32\ws2_32.dll 2006-03-03 23:58 663552 c0845ecbf4f9164e618ee381b79c9032 C:\WINDOWS\$hf_mig$\KB912812\SP2QFE\wininet.dll 2007-06-26 10:35 665600 e1a3dd68b5380b360a7310a64d9bb188 C:\WINDOWS\$hf_mig$\KB937143\SP2QFE\wininet.dll 2007-08-22 08:55 665600 a1bc17eb3758d73c3938b2318820f5b4 C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\wininet.dll 2007-10-11 01:57 666112 80d660a49e0d118144423099b2a9f5da C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\wininet.dll 2007-10-10 19:47 825344 0e5d918f87efa7d2424d66b499c7eb04 C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll 2007-12-06 20:44 666112 085a7c37f9c6ede1ba870b7dbec06399 C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\wininet.dll 2007-12-06 22:01 825344 b5b411bb229ae6ead7652a32ed47bfb9 C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll 2008-03-01 09:03 827392 6316c2f0c61271c8abdff7429174879e C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll 2008-04-22 23:35 827392 41546b396a526918da7995a02ea04e51 C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll 2006-03-03 23:33 658432 1c0979c7a489bee573cd0bf4ad94bb06 C:\WINDOWS\$NtUninstallKB937143$\wininet.dll 2007-06-26 10:09 658944 184e47c8f7b331025e6dc92740db188f C:\WINDOWS\$NtUninstallKB939653$\wininet.dll 2007-08-22 09:12 658944 1901ad51da8be9f8b38d5d526e5d1788 C:\WINDOWS\$NtUninstallKB942615$\wininet.dll 2007-10-11 02:13 659456 2005ad86a22aee68e21ee59f9ccb77f2 C:\WINDOWS\$NtUninstallKB944533$\wininet.dll 2007-12-06 21:07 659456 57d1b5150cf6331fac6b3e04c1fcb966 C:\WINDOWS\ie7\wininet.dll 2007-08-13 21:54 818688 a4a0fc92358f39538a6494c42ef99fe9 C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll 2007-10-10 19:56 824832 30c1e0f34ad2972c72a01db5c74ab065 C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll 2007-12-06 22:21 824832 806d274c9a6c3aaea5eae8e4af841e04 C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll 2008-03-01 09:06 826368 ad21461aef8244edec2ef18e55e1dcf3 C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll 2008-04-13 20:12 666112 7a4f775abb2f1c97def3e73afa2faedd C:\WINDOWS\ServicePackFiles\i386\wininet.dll 2007-10-10 19:56 824832 30c1e0f34ad2972c72a01db5c74ab065 C:\WINDOWS\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2GDR\wininet.dll 2007-10-10 19:47 825344 0e5d918f87efa7d2424d66b499c7eb04 C:\WINDOWS\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2QFE\wininet.dll 2007-12-06 22:21 824832 806d274c9a6c3aaea5eae8e4af841e04 C:\WINDOWS\SoftwareDistribution\Download\e5a204b08ee9dd0f7a20547e61486b27\SP2GDR\wininet.dll 2007-12-06 22:01 825344 b5b411bb229ae6ead7652a32ed47bfb9 C:\WINDOWS\SoftwareDistribution\Download\e5a204b08ee9dd0f7a20547e61486b27\SP2QFE\wininet.dll 2008-04-23 00:16 826368 f6589be784647cfdbc22ea51ccb1a57a C:\WINDOWS\system32\wininet.dll 2008-04-23 00:16 826368 f6589be784647cfdbc22ea51ccb1a57a C:\WINDOWS\system32\dllcache\wininet.dll 2006-04-20 08:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys 2007-10-30 12:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys 2008-06-20 07:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys 2007-10-30 13:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys 2004-08-04 06:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys 2006-04-20 07:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys 2008-04-13 15:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys 2008-04-13 15:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys 2008-06-20 07:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\system32\dllcache\tcpip.sys 2008-06-20 07:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\system32\drivers\tcpip.sys 2004-08-04 06:00 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe 2008-04-13 20:12 507904 ed0ef0a136dec83df69f04118870003e C:\WINDOWS\ServicePackFiles\i386\winlogon.exe 2008-04-13 20:12 507904 ed0ef0a136dec83df69f04118870003e C:\WINDOWS\system32\winlogon.exe 2004-08-04 06:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\$NtServicePackUninstall$\ndis.sys 2008-04-13 15:20 182656 1df7f42665c94b825322fae71721130d C:\WINDOWS\ServicePackFiles\i386\ndis.sys 2008-04-13 15:20 182656 1df7f42665c94b825322fae71721130d C:\WINDOWS\system32\drivers\ndis.sys 2004-08-04 06:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\$NtServicePackUninstall$\ip6fw.sys 2008-04-13 14:53 36608 3bb22519a194418d5fec05d800a19ad0 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys 2008-04-13 14:53 36608 3bb22519a194418d5fec05d800a19ad0 C:\WINDOWS\system32\drivers\ip6fw.sys 2005-03-01 20:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe 2007-02-28 05:15 2017280 2dfb215e291e3d9b1cf9a6739b3bf16c C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe 2005-03-29 21:01 2015232 02fe8020c3a758fe2a8c45cbf4fd17cb C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe 2008-04-13 14:31 2065792 109f8e3e3c82e337bb71b6bc9b895d61 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe 2008-04-13 14:31 2023936 7f653a89f6e89e3ae0d49830eece35d4 C:\WINDOWS\system32\ntkrnlpa.exe 2005-03-01 21:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe 2007-02-28 05:53 2137600 e6679c3023b17d8b78946bc5df53fa20 C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe 2005-03-29 21:21 2135552 d5b44ceb743886f36222928ce2536c44 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe 2008-04-13 15:27 2188928 0c89243c7c3ee199b96fcc16990e0679 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe 2008-04-13 15:24 2145280 40f8880122a030a7e9e1fedea833b33d C:\WINDOWS\system32\ntoskrnl.exe 2008-04-13 20:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 C:\WINDOWS\explorer.exe 2007-06-13 07:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe 2007-06-13 06:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe 2004-08-04 06:00 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe 2008-04-13 20:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 C:\WINDOWS\ServicePackFiles\i386\explorer.exe 2004-08-04 06:00 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\$NtServicePackUninstall$\services.exe 2008-04-13 20:12 108544 0e776ed5f7cc9f94299e70461b7b8185 C:\WINDOWS\ServicePackFiles\i386\services.exe 2008-04-13 20:12 108544 0e776ed5f7cc9f94299e70461b7b8185 C:\WINDOWS\system32\services.exe 2004-08-04 06:00 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe 2008-04-13 20:12 13312 bf2466b3e18e970d8a976fb95fc1ca85 C:\WINDOWS\ServicePackFiles\i386\lsass.exe 2008-04-13 20:12 13312 bf2466b3e18e970d8a976fb95fc1ca85 C:\WINDOWS\system32\lsass.exe 2004-08-04 06:00 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe 2008-04-13 20:12 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe 2008-04-13 20:12 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 C:\WINDOWS\system32\ctfmon.exe 2005-06-10 20:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe 2005-06-10 19:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe 2004-08-04 06:00 57856 7435b108b935e42ea92ca94f59c8e717 C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe 2008-04-13 20:12 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe 2008-04-13 20:12 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b C:\WINDOWS\system32\spoolsv.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 14:55 667718] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 14:56 602182] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-30 19:56 185896] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 21:44 98304] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 20:41 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 20:45 118784] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 18:13 176128] "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 03:08 1347584] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 01:16 39792] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-09 22:27 144784] "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 03:47 116040] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 04:50 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 04:51 289064] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-28 01:51 1232152] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 20:30 282624 C:\WINDOWS\stsystra.exe] C:\Documents and Settings\Gallafray\Start Menu\Programs\Startup\ OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 18:41:28 393216] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoStartMenuPinnedList"= 0 (0x0) "NoStartMenuMFUprogramsList"= 0 (0x0) "NoUserNameInStartMenu"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) "NoCommonGroups"= 0 (0x0) "NoPrinterTabs"= 0 (0x0) "NoDeletePrinter"= 0 (0x0) "NoAddPrinter"= 0 (0x0) "NoPrinters"= 0 (0x0) "NoFavoritesMenu"= 0 (0x0) "NoRecentDocsNetHood"= 0 (0x0) "NoChangeAnimation"= 0 (0x0) "NoChangeKeyboardNavigationIndicators"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background "Aim6"= "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 S1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-28 01:51] S2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-28 01:51] S2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-28 01:51] S2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-28 01:52] S3 NWADI;NWADI Bus Enumerator;C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2005-12-09 20:39] S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 14:47] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2bfd47f8-9c85-11dc-9258-0015c5a51361}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47a2171a-b3df-11dc-9287-0015c5a51361}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76f32c12-709f-11dc-91dd-0015c5a51361}] \Shell\AutoRun\command - E:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76f32c13-709f-11dc-91dd-0015c5a51361}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{846683e3-6106-11dc-919d-001302a9b988}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b58ef79-9c98-11dc-9259-0015c5a51361}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{accabf79-a202-11dc-9262-0015c5a51361}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf9a7b20-6020-11dc-9199-001302a9b988}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcd71dec-71f4-11dc-91e1-0015c5a51361}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs *Newly Created Service* - CATCHME *Newly Created Service* - MDMXSDK *Newly Created Service* - PARPORT . Contents of the 'Scheduled Tasks' folder 2008-07-25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 11:57] . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Gallafray\Application Data\Mozilla\Firefox\Profiles\25hvy5xt.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://myasu.appstate.edu/ ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-01 12:52:48 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-08-01 12:55:37 ComboFix-quarantined-files.txt 2008-08-01 16:55:11 Pre-Run: 39,119,515,648 bytes free Post-Run: 39,295,995,904 bytes free 290 --- E O F --- 2008-07-11 17:51:12
Sorry, here is the HJT and thank you very much for helping me, and im sorry that this will take a good while for you to go through. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:27:02, on 8/1/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\stsystra.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Apoint\HidFind.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\killVBS.vbs O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing) O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 7699 bytes
Hey Shisha20 Sorry for the very late reply: got a virus (a real one, not a computer virus), and needed time to rest. Unless you have paid for AVG, I would like you to uninstall it. Antivir is a far superior antivirus to AVG, and is free as well. If your version of AVG is the paid one, then leave it alone. Download these two tools: Flash Disinfector and Avira Antivir Free First, disable AVG's protection. Then install Antivir, and then update it fully. If the integrated automatic update is too slow, then you can choose to download the update manually from this page: http://www.softpedia.com/get/Others...ra-Antivir-Virus-Definition-File-Update.shtml . Make sure to do another update via Antivir itself after you have manually updated. Second, right click on the Antivir icon in your task bar, and click on Configure Antivir. Make sure Expert Mode is checked, and then expand Scan, and then click on Action for concerning files. Check Automatic, and set primary action to quarantine. Next, click on Heuristic, and check High detection level. Third, boot into safe mode which you can do by repeatedly pressing the F8 key after you press the power button. Then, open Antivir and do a full scan of your computer. Wait until it is done, and then make sure you know where the scan log is. I will need it later. Now, restart your computer into normal mode. Fourth, run Flash Disinfector. Do not worry if your desktop disappears during the scan, because it is normal. Lastly, post the Antivir scan log here, and tell me if your problem still persists. Best Regards
i am sorry but i am having troubles uninstalling AVG, this message keeps coming up:Local machine: installation failed Installation: Error: Action failed for registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: creating registry key.... Error 0x80070005 This happens once you click the next button after it ask if you want your personal settings and the virus vault gotten rid of.
Hey Shisha20 Please do the following to solve your problem with AVG: First, run regedit: * -->Start-up Menu --> Run * Enter "regedit" and hit the "Open" button Then in regedit, navigate to the entry below: * --> My Computer--> HKEY_LOCAL_MACHINE--> SOFTWARE--> Classes--> AvgDiagFile With the AvgDiagFile folder selected (highlighted), go to the top menu selection * Edit --> Permissions Set the permissions of the user name (eg:Administrator) that you are using by checking the box under "allow" for "Full Control" ("Read" will also be checked automatically when you do this), and then hit the "Apply" or "OK" button. Then proceed to reboot, and then uninstall AVG. Best Regards
good to here that you are feeling better from a real virus. in your instructions, there is another problem, there is no AvgDiagFile, the only things under the classes are AVG.AvgKernel, AVG.AvgKernel7, AVG.Office, und AVG.Office8. and under software there was a file that says AVG. so there was no way to uninstall AVG. I am sorry for being such a burden upon you, and i want to thank you for all your help. And just out of curiosity, what exactly is killvbs and how big of a threat is it?
Hey Shisha20 I think that we should ignore the uninstallation of AVG first. Go ahead with the procedures I told you to, and just make sure AVG is disabled (eg: disabled protection, does not start at computer startup). You're welcome, and I think that you deserve the help. As for info about killvbs, look here: http://www.bleepingcomputer.com/startups/killVBS.vbs-22292.html Best Regards Edit: If after scans, your killvbs problem is still there, please download Killvbs Remover. Using Winrar to unzip it (you may have to download Winrar), boot into safe mode again and run it. Follow the instructions. Then restart back into normal mode.
thank you very much, the vbs is gone, i had to unzip and use the vbsremover though, after everything else, but thanks for all your help. Here is the report file from the antivir: Avira AntiVir Personal Report file date: Saturday, August 09, 2008 01:54 Scanning for 1542139 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 3) [5.1.2600] Boot mode: Save mode Username: Gallafray Computer name: DAN Version information: BUILD.DAT : 8.1.0.326 16933 Bytes 7/11/2008 12:57:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 6/26/2008 14:57:53 AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 13:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 18:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 13:58:52 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 16:33:34 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 6/24/2008 19:54:15 ANTIVIR2.VDF : 7.0.5.207 2316800 Bytes 8/4/2008 05:44:38 ANTIVIR3.VDF : 7.0.5.234 160256 Bytes 8/8/2008 05:44:40 Engineversion : 8.1.1.19 AEVDF.DLL : 8.1.0.5 102772 Bytes 7/9/2008 14:46:50 AESCRIPT.DLL : 8.1.0.63 311673 Bytes 8/9/2008 05:45:02 AESCN.DLL : 8.1.0.23 119156 Bytes 8/9/2008 05:44:59 AERDL.DLL : 8.1.0.20 418165 Bytes 7/9/2008 14:46:50 AEPACK.DLL : 8.1.2.1 364917 Bytes 8/9/2008 05:44:58 AEOFFICE.DLL : 8.1.0.21 192891 Bytes 8/9/2008 05:44:56 AEHEUR.DLL : 8.1.0.47 1368437 Bytes 8/9/2008 05:44:54 AEHELP.DLL : 8.1.0.15 115063 Bytes 7/9/2008 14:46:50 AEGEN.DLL : 8.1.0.35 315764 Bytes 8/9/2008 05:44:48 AEEMU.DLL : 8.1.0.7 430452 Bytes 8/9/2008 05:44:45 AECORE.DLL : 8.1.1.8 172406 Bytes 8/9/2008 05:44:43 AEBB.DLL : 8.1.0.1 53617 Bytes 4/24/2008 14:50:42 AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 14:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 15:28:01 AVREP.DLL : 8.0.0.2 98344 Bytes 8/9/2008 05:44:41 AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 17:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 14:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 18:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 23:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 18:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 18:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 19:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 19:34:37 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: quarantine Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: Saturday, August 09, 2008 01:54 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 12 processes with 12 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Starting to scan the registry. The registry was scanned ( '62' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! End of the scan: Saturday, August 09, 2008 03:12 Used time: 1:18:14 Hour(s) The scan has been done completely. 4919 Scanning directories 199680 Files were scanned 0 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 199679 Files not concerned 1477 Archives were scanned 1 Warnings 0 Notes also the antivir is awesome thank you, is there anything else i should do or is that all.
