I did Malwarebytes scan and this is the results of that scan:Malwarebytes' Anti-Malware 1.31
Database version: 1550
Windows 5.1.2600 Service Pack 3
12/26/2008 11:46:36 PM
mbam-log-2008-12-26 (23-46-16).txt
Scan type: Full Scan (C:\|)
Objects scanned: 148908
Time elapsed: 47 minute(s), 38 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{d5df7c9d-6069-4552-8b0c-d02a912fc889} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d5df7c9d-6069-4552-8b0c-d02a912fc889} (Trojan.FakeAlert) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\System Volume Information\_restore{F3C49B63-18E1-46C9-91F4-3660C0771E9E}\RP35\A0012084.exe (Rogue.Winweb) -> No action taken.
C:\System Volume Information\_restore{F3C49B63-18E1-46C9-91F4-3660C0771E9E}\RP35\A0012085.exe (Rogue.Winweb) -> No action taken.
C:\System Volume Information\_restore{F3C49B63-18E1-46C9-91F4-3660C0771E9E}\RP38\A0014338.exe (Rogue.Winweb) -> No action taken.
C:\System Volume Information\_restore{F3C49B63-18E1-46C9-91F4-3660C0771E9E}\RP47\A0018045.exe (Rogue.Winweb) -> No action taken.
Kaspersky REport was a bit harder. I stated this afternoon, let it run, it had scanned 2hrs and 56 minutes, was almost done and the electricity went off. !$#%@#$%!@#%$!@
Did it again this evening and see where I had put some things on my computer from old disks that are infected, I will have to get rid of them but will wait for your advise. Files scanned 76704
Threat name 7
Infected objects 16
Suspicious objects 0
Duration of the scan 01:59:36
File name Threat name Threats count
C:\Documents and Settings\Arlene Barton.SPANKYJO54\My Documents\Screen saver pictures\Dolphins\dolphinfree.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z 3
C:\Documents and Settings\Arlene Barton.SPANKYJO54\My Documents\Screen saver pictures\Dolphins\dolphinfree.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\Documents and Settings\Arlene Barton.SPANKYJO54\My Documents\Screen saver pictures\Dolphins\dolphinfree.exe Infected: not-a-virus:AdWare.Win32.WebHancer 5
C:\Documents and Settings\Arlene Barton.SPANKYJO54\My Documents\Screen saver pictures\Dolphins\dolphinfree.exe Infected: not-a-virus:Server-Proxy.Win32.MarketScore.h 1
C:\Documents and Settings\Arlene Barton.SPANKYJO54\My Documents\Screen saver pictures\Gills Themes\Jeweled Dragon\jewelledragond.exe Infected: not-a-virus:AdWare.Win32.EZula.j 1
C:\Documents and Settings\Arlene Barton.SPANKYJO54\My Documents\Screen saver pictures\Gills Themes\Jeweled Dragon\jewelledragond.exe Infected: not-a-virus:AdWare.Win32.IGetNet.a 1
C:\Documents and Settings\Arlene Barton.SPANKYJO54\My Documents\Screen saver pictures\Sea Pearls\41575.exe Infected: not-a-virus:AdWare.Win32.Gator.3103 1
C:\Documents and Settings\Arlene Barton.SPANKYJO54\My Documents\Screen saver pictures\Sea Pearls\41575.exe Infected: not-a-virus:AdWare.Win32.IGetNet.a 1
C:\Program Files\Plus!\Themes\Star Fall.exe Infected: not-a-virus:AdWare.Win32.Gator.3103 1
C:\Program Files\Plus!\Themes\Star Fall.exe Infected: not-a-virus:AdWare.Win32.IGetNet.a 1
The selected area was scanned.
And Last but not least the Hijack this log:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:15:25 PM, on 12/29/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00
(7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Cloudmark\SpamNet\OE\snoe.exe
C:\Program
Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common
Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Sunbelt
Software\VIPRE\SBAMSvc.exe
C:\Program Files\Sunbelt
Software\VIPRE\SBAMTray.exe
C:\Program Files\Trend Hijack
This\Hijackthis.exe
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
(file missing)
O2 - BHO: RealPlayer Download and Record
Plugin for Internet Explorer -
{3049C3E9-B461-4BC5-8870-4C09146192CA} -
C:\Program
Files\Real\RealPlayer\rpbrowserrecordplugin.dl
l
O2 - BHO: Java(tm) Plug-In SSV Helper -
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO -
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -
C:\Program
Files\Google\GoogleToolbarNotifier\5.0.926.345
0\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper -
{DBC80044-A445-435b-BC74-9C25C1C588A9} -
C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl -
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} -
C:\Program
Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.d
ll
O3 - Toolbar: &Google -
{2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Firefox] "C:\Program
Files\Mozilla Firefox\firefox.exe"
O4 - HKLM\..\Run: [SBAMTray] C:\Program
Files\Sunbelt Software\VIPRE\SBAMTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched]
"C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BootSkin Startup Jobs]
"C:\Program
Files\Bootskins_free.exe\BootSkin.exe"
/StartupJobs
O4 - HKLM\..\Run: [LogonStudio] "C:\Program
Files\WinCustomize\LogonStudio\logonstudio.exe
" /RANDOM
O4 - HKLM\..\Run: [C-Media Speaker
Configuration] E:\Cmi8738-6ch\Setup.exe
/SPEAKER
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe
/startup
O4 - HKLM\..\Run: [trioService]
"C:\PROGRA~1\ScreenSaver.com\Living 3D
Dolphins\trioService.exe "
O4 - HKCU\..\Run: [ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Cloudmark Desktop for
Outlook Express.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk =
C:\Program
Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to
Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/
3000
O9 - Extra button: Research -
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) -
{e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem:
@xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger
- {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O16 - DPF:
{6414512B-B978-451D-A0D8-FCFDF33E833C}
(WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1227905
199279
O16 - DPF:
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
(MUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?12279
20209140
O18 - Protocol: bwfile-8876480 -
{9462A756-7B47-47BC-8C80-C34B9B80B32B} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\GAPlugProtocol-88764
80.dll
O23 - Service: Google Updater Service (gusvc)
- Google - C:\Program
Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
O23 - Service: PIXMA Extended Survey Program
(IJPLMSVC) - Unknown owner - C:\Program
Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter
(JavaQuickStarterService) - Sun Microsystems,
Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service
(LBTServ) - Logitech, Inc. - C:\Program
Files\Common
Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: O&O Defrag - O&O Software GmbH
- C:\WINDOWS\system32\oodag.exe
O23 - Service: VIPRE Antivirus + Antispyware
(SBAMSvc) - Sunbelt Software - C:\Program
Files\Sunbelt Software\VIPRE\SBAMSvc.exe
--
End of file - 5647 bytes
Looks like a mess to me.