# Need a good excuse to tell parents!!!



## skerty

Ive got a virus / malware thing on my laptop called "[email protected]" (thats what the warning message says it is) even though I've got Norton Internet Security, but it couldn't even find the virus. Ive posted stuff about this virus on this forum but the thing someone gave me to download (Smitfraudfix) didnt work because it runs on Windows XP or 2000 and my laptop is on Vista. So I dont know how to get rid of it.
My laptop (An Acer Aspire 5630) is only about a month old from my local PC world and Im pretty sure my mum got the monthly insurance when we got the laptop.

I know next to nothing about computers but my guess is that I picked the virus up somewhere while on a porn website but I can exactly tell my parents that so I need a good excuse about how the virus got onto my laptopthat makes it seem as if it was something that was totally harmless (Like a spam email or something).
I know how to delete my Internet history and things by right clicking on the Internet Explorer icon and going into Properties or what ever it is but my excuse has to be good enough so that if we take it back to PC world, the guy wont say its very unlikely thats how I got the virus, so it has to be very reliable.

Thanks

P.s. Ive had alot of problem with Vista with messages saying "MSN messenger has stopped working" or "Windows Explorer has stopped working" and have read alot of similar complaints so if you plan on getting Vista, wait untill all the problems have been sorted out.


----------



## PohTayToez

Well, if you could talk to the guy so you parents don't hear, you could just explain it to him, or you could say that you tried downloading a game or something from an attachment.

Or just say that your friend was using your computer, you have no idea what happened.


----------



## tomb08uk

Do a system restore.


----------



## Draco Malfoy

But it could be any website that you got the virus from, not necessarily one which had questionable content.


----------



## Tuffie

Usualy you pick that kind of stuff downloading porn, or downloading program hacks or somthing like that.

Kent.


----------



## Deepblue

Tell you parents you was surfing porn. if their smart they know already and dont want to admit it , if they dont know then it would be fun to see the look on their faces hahaha


----------



## subtle

Tell them that your friend sent you a link in an email. You clicked on it and it opened empty website and that was probably it because you asked about that email your friend and he said that he didn't sent you any mails recently.
You can add that he's got a virus as well.
You dirty skerty


----------



## codeman0013

there are thigns you can do like getting rid of norton internet security first off... Then install avg and avg anti spyware and do a scan and then run adaware and ccleaner and spybot search and destroy if those fail to get rid of it try posting a hijak this log for us to look at for you. I'm sure with a little time and effort it can be removed and i know all those programs work in vista becuase i have used them on my pc to keep it clean...


----------



## Geoff

I agree with subtle.  I would just tell them that you opened an e-mail from someone you thought you knew, and it turned out to be a virus.


----------



## Draco Malfoy

As a last resort: backup all your documents and "accidently" wipe the hard drive.


----------



## XxIlluminatorxX

wow im gonna use some of these


----------



## evo3

Try to use the Spyware Terminator. I remember I was once like you and later my fried told me to use this software to remove it, I didand manage to get rid of all the virus like Trojan Horse, etc. Below is the link

http://www.spywareterminator.com


----------



## skerty

I think this is my highjackthis log (not totally sure)

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:14:01 PM, on 5/31/2007
Platform: Windows Vista  (WinNT 6.00.1904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Image ActiveX Access\iesmn.exe
C:\Program Files\Image ActiveX Access\imsmain.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Image ActiveX Access\imsmn.exe
C:\Program Files\Image ActiveX Access\iesmin.exe
C:\Windows\System32\rundll32.exe
C:\Users\Kyel\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxext.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Image ActiveX Access\iesmin.exe
C:\Program Files\Image ActiveX Access\iesmin.exe
C:\Program Files\Image ActiveX Access\iesmin.exe
C:\Program Files\Image ActiveX Access\iesmin.exe
C:\Program Files\Image ActiveX Access\iesmin.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Image ActiveX Access\iesmin.exe
C:\Program Files\Image ActiveX Access\iesmin.exe
C:\Program Files\Image ActiveX Access\iesmin.exe
C:\Program Files\Image ActiveX Access\iesmin.exe
C:\Program Files\Image ActiveX Access\iesmin.exe
C:\Program Files\Image ActiveX Access\iesmin.exe
C:\Program Files\Image ActiveX Access\iesmin.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Kyel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LYZ8LNM4\HiJackThis_v2[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B8C5186E-EC37-4889-9C2E-F73649FFB7BB} - C:\Program Files\Image ActiveX Access\iesplg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Protection Bar - {31615D5C-5126-448A-818A-A7CDFEE85A9B} - C:\Program Files\Image ActiveX Access\iesbpl.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [SpyLocked 4.0] "C:\Program Files\SpyLocked 4.0\SpyLocked 4.0.exe" /h
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [MalwareWiped 6.4] "C:\Program Files\MW\MalwareWiped 6.4\MalwareWiped 6.4.exe" /h
O4 - HKLM\..\Run: [NI.UGA6P_0001_N105M2704] "c:\users\kyel\appdata\roaming\install_en[1].exe" -nag 
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Image ActiveX Access\iesmn.exe
O4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Program Files\Image ActiveX Access\imsmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O13 - Gopher Prefix: 
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: equiparant - {25b7d2fd-4f71-46d1-801a-7de323e4ec82} - C:\Windows\system32\indwvm.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10407 bytes

If this isn't the right thing could someone please tell me how to get the right one    Thanks

PS. Never been called dirty skerty before haha


----------



## evo3

I suggest you claen your system first with the spyware terminator why not ty it out, this is not a bad virus software


----------



## skerty

Hey evo3,

Im in the middle of a full system scan with Spyware Terminator thing,
Its already found 2 critical items.

I ran a full system scan with Norton Internet Security a few days ago and found 2 low risk items which I now got rid of, but why cant Norton find these items?

I was always under the impression that Norton was the best


----------



## JamesBart

from what ive heard norton isnt the best but i hjave never used it! some other guys might have a better idea than i do 

hope you get it sorted


----------



## skerty

Spyware Terminator has finished.
This is my scan report:


     Scan Progress (Full Scan)  
  Start time: 5/31/2007 1:33:07 PM
  Database: 1.0.775.531

  Processes Scanning 
  PowerProfile : C:\Windows\system32\POWRPROF.dll
  Wextract : C:\Windows\system32\advpack.dll
  SynTPLpr : C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  SymantecAntivirus : C:\Program Files\Common Files\Symantec Shared\ccApp.exe
  IgfxTray : C:\Windows\System32\igfxtray.exe
  HotKeysCmds : C:\Windows\System32\hkcmd.exe
  Igfxpers : C:\Windows\System32\igfxpers.exe
  NvCplDaemon : C:\Windows\system32\NvCpl.dll
  Shdocvw : C:\Windows\system32\shdocvw.dll
  MSNSearchToolbar : C:\Program Files\Windows Live Toolbar\msntb.dll
  YahooToolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
  AcroIEHelper : C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  Windows Live Sign-in Helper : C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
  MSNSearchToolbar : C:\Program Files\Windows Live Toolbar\stmain.dll
  Spyware Terminator : C:\Program Files\Spyware Terminator\SpywareTerminator.exe
  Startup Scanning 
  ehTray : C:\Windows\ehome\ehTray.exe
  ehTray : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ehTray.exe
  MessengerService : C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
  MessengerService : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MsnMsgr
  user32.dll : C:\Program Files\Image ActiveX Access\iesmn.exe
  rare : C:\Program Files\Image ActiveX Access\imsmain.exe
  Windows Defender : C:\PROGRAM FILES\WINDOWS DEFENDER\MSASCUI.EXE
  Windows Defender : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Windows Defender
  NvSvc : C:\WINDOWS\SYSTEM32\NVSVC.DLL
  NvCplDaemon : C:\WINDOWS\SYSTEM32\NVCPL.DLL
  NvCplDaemon : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run NvCplDaemon
  NvMixerTray : C:\WINDOWS\SYSTEM32\NVMCTRAY.DLL
  NvMixerTray : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run NvMediaCenter
  RtHDVCpl : C:\Windows\RtHDVCpl.exe
  SynTPLpr : C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  SynTPLpr : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SynTPEnh
  SymantecAntivirus : C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
  SymantecAntivirus : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ccApp
  osCheck : C:\PROGRAM FILES\NORTON INTERNET SECURITY\OSCHECK.EXE
  IgfxTray : C:\Windows\system32\igfxtray.exe
  IgfxTray : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run IgfxTray
  HotKeysCmds : C:\Windows\system32\hkcmd.exe
  HotKeysCmds : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HotKeysCmds
  Igfxpers : C:\Windows\system32\igfxpers.exe
  Igfxpers : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Persistence
  WarReg_PopUp : C:\Acer\WR_PopUp\WarReg_PopUp.exe
  LManager : C:\Program Files\Launch Manager\LManager.exe
  eDataSecurity Loader : C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
  Invalid Startup Items : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SpyLocked 4.0="C:\Program Files\SpyLocked 4.0\SpyLocked 4.0.exe" /h
  Symantec PIF AlertEng : C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\PIF\{B8E1DD85-8582-4C61-B58F-2F227FCA9A08}\PIFSVC.EXE
  Invalid Startup Items : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MalwareWiped 6.4="C:\Program Files\MW\MalwareWiped 6.4\MalwareWiped 6.4.exe" /h
  NI.UGA6P_0001_N105M2704 : C:\USERS\KYEL\APPDATA\ROAMING\INSTALL_EN[1].EXE
  Explorer : C:\Windows\explorer.exe
  Explorer : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Shell
  Toolbars Scanning 
  Show Norton Toolbar ( Toolbar ) : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ {90222687-F593-4738-B738-FBEE9C7B26DF}
  Show Norton Toolbar ( Toolbar ) : C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
  YahooToolbar : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ {EF99BD32-C1FB-11D2-892F-0090271D4F88}
  YahooToolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
  YahooToolbar : iexplore.exe PID: 2252
  Acer eDataSecurity Management ( Toolbar ) : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ {5CBE3B7C-1E47-477e-A7DD-396DB0476E29}
  Acer eDataSecurity Management ( Toolbar ) : C:\Windows\System32\eDStoolbar.dll
  MSNSearchToolbar : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
  MSNSearchToolbar : C:\Program Files\Windows Live Toolbar\msntb.dll
  MSNSearchToolbar : iexplore.exe PID: 2252
  Protection Bar ( Toolbar ) : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ {31615D5C-5126-448A-818A-A7CDFEE85A9B}
  Protection Bar ( Toolbar ) : C:\Program Files\Image ActiveX Access\iesbpl.dll
  YahooToolbar : HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{EF99BD32-C1FB-11D2-892F-0090271D4F88} 
  MSNSearchToolbar : HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} 
  YahooToolbar : HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\{EF99BD32-C1FB-11D2-892F-0090271D4F88} 
  MSNSearchToolbar : HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} 
  Browser Helper Objects Scanning 
  YahooToolbar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} 
  AcroIEHelper : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} 
  AcroIEHelper : C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  AcroIEHelper : iexplore.exe PID: 2252
  NppBHO.dll ( BHO ) : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75} 
  NppBHO.dll ( BHO ) : C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll
  {7E853D72-626A-48EC-A868-BA8D5E23E045} ( BHO ) : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045} 
  ShowBarObj Class ( BHO ) : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} 
  ShowBarObj Class ( BHO ) : C:\Windows\System32\ActiveToolBand.dll
  Windows Live Sign-in Helper : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6} 
  Windows Live Sign-in Helper : C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
  Windows Live Sign-in Helper : iexplore.exe PID: 2252
  iesplg.dll ( BHO ) : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B8C5186E-EC37-4889-9C2E-F73649FFB7BB} 
  iesplg.dll ( BHO ) : C:\Program Files\Image ActiveX Access\iesplg.dll
  MSNSearchToolbar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} 
  IE Explorer Bars 
  IE Extensions 
  Shdocvw : C:\Windows\system32\shdocvw.dll
  NvCplDaemon : C:\Windows\system32\nvcpl.dll
  Spyware Terminator : C:\Program Files\Spyware Terminator\sptcontmenu.dll
  Services Scanning 
  Protocol filters Scanning 
  Protocol handlers Scanning 
  WinSock2 Scanning 
  Uninstallers Scanning 
  C:\PROGRAM FILES\MICROSOFT GAMES\AGE OF EMPIRES II\UNINSTAL.EXE
  C:\PROGRAM FILES\MICROSOFT GAMES\AGE OF EMPIRES II\UNINSTALX.EXE
  C:\PROGRAM FILES\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118\HXFSETUP.EXE
  C:\WINDOWS\UNINST32.EXE
  C:\WINDOWS\SYSTEM32\IGXPUN.EXE
  C:\PROGRAM FILES\IMAGE ACTIVEX ACCESS\IESUNST.EXE
  C:\Program Files\Image ActiveX Access\uninst.exe
  C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\IDriver.exe
  C:\PROGRAM FILES\IMAGE ACTIVEX ACCESS\IESBUNST.EXE
  C:\Windows\system32\MSIEXEC.EXE
  C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\LSETUP.EXE
  C:\Program Files\MW\MalwareWiped 6.4\uninst.exe
  C:\PROGRAM FILES\IMAGE ACTIVEX ACCESS\IMSUNST.EXE
  C:\PROGRAM FILES\OLDBLIVION\UNINSTALL.EXE
  C:\WINDOWS\SYSTEM32\MACROMED\FLASH\FLASHUTIL9B.EXE
  C:\Program Files\SpyLocked 4.0\uninst.exe
  C:\PROGRAM FILES\SPYWARE TERMINATOR\UNINS000.EXE
  Spyware Terminator : C:\PROGRAM FILES\SPYWARE TERMINATOR\UNINS000.EXE
  Spyware Terminator : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Terminator_is1 
  C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMSETUP\{5AA2CD16-706F-41F3-87C5-2B5A031F2B3B}_10_1_0_26\{5AA2CD16-706F-41F3-87C5-2B5A031F2B3B}.EXE
  C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNISDLL.DLL
  C:\Program Files\SystemRequirementsLab\Uninstall.exe
  C:\PROGRAM FILES\WINDOWS LIVE TOOLBAR\UNINSTALL.EXE
  C:\USERS\KYEL\APPDATA\LOCAL\TEMP\LAFD56F.TMP
  C:\Program Files\Yahoo!\common\unyt.exe
  C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
  C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{1AEC7728-1640-4E98-AABC-5EBE3FB57FE4}\SETUP.EXE
  C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RUNTIME\11\00\INTEL32\CTOR.DLL
  C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{67ADE9AF-5CD9-4089-8825-55DE4B366799}\SETUP.EXE
  C:\ACER\EMPOWERING TECHNOLOGY\EDATASECURITY\EDSNSTHELPER.EXE
  C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
  Start Menu Scanning 
  Explorer : C:\Windows\explorer.exe
  Explorer : C:\Users\Kyel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
  ISUSS : C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
  ISUSS : C:\ProgramData\Microsoft\Windows\Start Menu\Program Updates.lnk
  SynchronizationManager : C:\Windows\System32\mobsync.exe
  SynchronizationManager : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk
  Spyware Terminator : C:\Program Files\Spyware Terminator\SpywareTerminator.exe
  Spyware Terminator : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator\Spyware Terminator.lnk
  Spyware Terminator : C:\Program Files\Spyware Terminator\unins000.exe
  Spyware Terminator : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator\Uninstall Spyware Terminator.lnk
  Windows Defender : C:\Program Files\Windows Defender\MSASCui.exe
  Windows Defender : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Defender.lnk
  Desktop Scanning 
  Favorites Scanning 
  Cookies Scanning 
  Registry Scanning 
  AcroIEHelper : HKCR\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} 
  AcroIEHelper : C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  AcroIEHelper : iexplore.exe PID: 2252
  MSNSearchToolbar : HKCR\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} 
  MSNSearchToolbar : C:\Program Files\Windows Live Toolbar\msntb.dll
  MSNSearchToolbar : iexplore.exe PID: 2252
  MSNSearchToolbar : HKCR\CLSID\{9394EDE7-C8B5-483E-8773-474BF36AF6E4} 
  MSNSearchToolbar : C:\Program Files\Windows Live Toolbar\stmain.dll
  MSNSearchToolbar : HKCR\CLSID\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} 
  YahooToolbar : HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} 
  YahooToolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
  YahooToolbar : iexplore.exe PID: 2252
  YahooToolbar : HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} 
  Windows Live Sign-in Helper : HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6} 
  Windows Live Sign-in Helper : C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
  Windows Live Sign-in Helper : iexplore.exe PID: 2252
  Files Scanning 
  Spyware Terminator : C:\Program Files\Spyware Terminator\Spywareterminatorshield.exe
  Spyware Terminator : C:\Program Files\Spyware Terminator\Spywareterminator.exe
  Spyware Terminator : C:\Program Files\Spyware Terminator\sptcontmenu.dll
  Spyware Terminator : C:\Program Files\Spyware Terminator\unins000.exe
  Spyware Terminator : C:\Documents and Settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys
  MessengerService : C:\Program Files\MSN Messenger\msnmsgr.exe
  NvMixerTray : C:\Windows\system32\NvMcTray.dll
  Ctfmon : C:\Windows\system32\ctfmon.exe
  IgfxTray : C:\Windows\system32\igfxtray.exe
  SynTPLpr : C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  HotKeysCmds : C:\Windows\system32\hkcmd.exe
  SymantecAntivirus : C:\Program Files\Common Files\Symantec Shared\ccApp.exe
  UpdateMgr : C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
  SynchronizationManager : C:\Windows\system32\mobsync.exe
  MSDXM : C:\Windows\system32\msdxm.ocx
  ehTray : C:\Windows\ehome\ehtray.exe
  ccEvtMgr : C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  NvCplDaemon : C:\Windows\system32\NvCpl.dll
  GrpConv : C:\Windows\system32\grpconv.exe
  Wextract : C:\Windows\system32\advpack.dll
  Explorer : C:\Windows\explorer.exe
  PowerProfile : C:\Windows\system32\powrprof.dll
  BluetoothControlPanel : C:\Windows\system32\bthprops.cpl
  Shdocvw : C:\Windows\system32\shdocvw.dll
  ISUSS : C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
  ISUSS : C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
  Windows Defender : C:\Program Files\WINDOWS DEFENDER\MSASCui.exe
  Igfxpers : C:\Windows\system32\igfxpers.exe
  Verclsid : C:\Windows\system32\verclsid.exe
  Windows Live Sign-in Helper : C:\Program Files\Common Files\MICROSOFT SHARED\WINDOWS LIVE\WINDOWSLIVELOGIN.DLL
  Ie4uinit : C:\Windows\system32\ie4uinit.exe
  Preparing DeepFile Scan 
  DeepFiles Scanning 
  AcroIEHelper : C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  UpdateMgr : C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
  ISUSS : C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
  ISUSS : C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
  Windows Live Sign-in Helper : C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
  SymantecAntivirus : C:\Program Files\Common Files\Symantec Shared\ccApp.exe
  ccEvtMgr : C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  Unreadable Binary Files : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
  MessengerService : C:\Program Files\MSN Messenger\msnmsgr.exe
  Spyware Terminator : C:\Program Files\Spyware Terminator\sptcontmenu.dll
  Spyware Terminator : C:\Program Files\Spyware Terminator\SpywareTerminator.exe
  Spyware Terminator : C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe
  Spyware Terminator : C:\Program Files\Spyware Terminator\unins000.exe
  SynTPLpr : C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  Windows Defender : C:\Program Files\Windows Defender\MSASCui.exe
  MSNSearchToolbar : C:\Program Files\Windows Live Toolbar\msntb.dll
  MSNSearchToolbar : C:\Program Files\Windows Live Toolbar\stmain.dll
  YahooToolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
  Unreadable Binary Files : C:\Users\Kyel\AppData\Local\Temp\brDBDD.exe
  Explorer : C:\Windows\explorer.exe
  ehTray : C:\Windows\ehome\ehtray.exe
  Wextract : C:\Windows\System32\advpack.dll
  BluetoothControlPanel : C:\Windows\System32\bthprops.cpl
  Ctfmon : C:\Windows\System32\ctfmon.exe
  GrpConv : C:\Windows\System32\grpconv.exe
  HotKeysCmds : C:\Windows\System32\hkcmd.exe
  Ie4uinit : C:\Windows\System32\ie4uinit.exe
  Igfxpers : C:\Windows\System32\igfxpers.exe
  IgfxTray : C:\Windows\System32\igfxtray.exe
  SynchronizationManager : C:\Windows\System32\mobsync.exe
  MSDXM : C:\Windows\System32\msdxm.ocx
  NvCplDaemon : C:\Windows\System32\nvcpl.dll
  NvMixerTray : C:\Windows\System32\nvmctray.dll
  PowerProfile : C:\Windows\System32\powrprof.dll
  Shdocvw : C:\Windows\System32\shdocvw.dll
  Verclsid : C:\Windows\System32\verclsid.exe
  Done 

     Scan Summary: 

  Total Scanning Time : 3070.63 s
  Objects Scanned : 73,820
  Objects Identified : 91
  Objects Ignored : 0

  Critical Objects : 2

    Remove Process: 

  Preparing structures
  Creating System Restore Point
  Remove Invalid Startup Items 
  Deleted Registry : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SpyLocked 4.0="C:\Program Files\SpyLocked 4.0\SpyLocked 4.0.exe" /h
  Deleted Registry : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MalwareWiped 6.4="C:\Program Files\MW\MalwareWiped 6.4\MalwareWiped 6.4.exe" /h
  Closing System Restore Point


----------



## skerty

after Spyware Terminator finished and closed down, I got a Virus alert and click on the icon and a big message box came up saying:

"Virus alert: Microsoft detected the Spyware: Renos virus on your computer

This problem was caused by Spyware: Renos, a known computer virus.

A solution is available that will solve this problem.

Solution

--------------------------------------------------------------------------------


To prevent this problem from occurring again, go to Windows Live OneCare safety scanner online and click Full Service Scan"


----------



## Verve

You should probably get the Norton Removal tool (on their website) and get Avast - Using that to run a boot scan, before windows starts.

I would also suggest AVG, but I'm not entirely sure if it has a boot scan option.


----------



## skerty

Come on guys, 
Could really use some help right about now!

Im having a few software problems so I could really do with getting rid of this virus then taking it back to Pc World or I need a good soundproof excuse that everyone will believe.
Either way, it needs to go to PC World to be checked.


----------



## Verve

did you try what I suggested?


----------



## skerty

Hey Starwarsman,

I downloaded Avast and let it do the boot scan. It found a few viruses, something like active X image or something.
When my laptop started back up (Im still getting the "Windows Explorer has stopped working" messages, Ive posted stuff about it in this part of the forum and the operating system part of the forum, which I thought was due to the virus), I clicked onto Internet Browser and useually I get a message saying I have the irus, and my homepage is some sort of antivirus crap even though I tried making Google my home page. This time, Google came straight up and so far ive had no pop-ups about anti-viruses or about any viruses on my laptop.

They only thing that is now happening is the Little box thing that comes from the bottem right hand side of my screen (where the volume, time and other little icons are) telling me of a virus called Renos

Thanks for your help Starwarsman, and thanks to everyone else that helped.

Now I'll try and get rid of Renos and then ive got a trip to PC World.


----------



## eric92park

http://www.norman.com/Virus/Virus_removal_tools/24789/en...
This program is suppose to fix it.. I had that before


----------



## skerty

That Norman Anti-virus says its not compatable with 95 or Vista.
Im on Vista.


----------



## Verve

Go ahead and stick with AVG or Avast, they're the two most common free programs.


----------



## skerty

YAY!

Ive got rid of Renos aswell, I just searched it in google and there was posts about it in forums and how to get rid of it so I just followed what they were saying and now im virus free.

Ive now got Norton Internet Security, Avast, Spyware Terminator and another one (cant remember what its called).

Thanks Everyone!


----------



## natatyday

*Introdusing myself*

hiya everyone!
was looking for something and i came across you guys. nice comunity u got here, I wanna be a part of it ^^


----------

