GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

Im infected BADLY with Antivirus System Pro... cannnot click anything hardly

View previous topic View next topic Go down

Im infected BADLY with Antivirus System Pro... cannnot click anything hardly

Post by StillTIPPIN187 on Tue Jun 30, 2009 7:18 am

ok well this virus thing is preventing me from going online and from having that malwarebytes' anti malware load up after i click the desktop icon... so i decided to do this hijack stuff.. but i cannot download the java stuff like i was supposed to (although i believe my computer is updated) nor that other one you wanted(i think thats up to date as well) but i did manage to get that hijack stuff to work( barely) with a flash drive.. but i the notebad would not load up either so i have no idea if word wrap is on..

so heres that file stuff... hope you guys can solve my problem... considering i just got this computer.. thanks much

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:10:24 AM, on 6/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\sysguard.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
E:\Hijack%28GP%29This.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: ::1 localhost
O1 - Hosts: 209.44.111.62 safesystem.microsoft.com
O1 - Hosts: 209.44.111.62 antiviraprof.com
O1 - Hosts: 209.44.111.62 [You must be registered and logged in to see this link.]
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyStartUp] C:\Program Files\Microsoft Money\System\Money Startup.exe
O4 - HKCU\..\Run: [LowRiskFileTypes] C:\WINDOWS\sysguard.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9579 bytes

StillTIPPIN187
Novice
Novice

Status :
Online
Offline

Posts : 46
Joined : 2009-06-30
Gender : Male
OS : XP
Points : 27380
# Likes : 0

View user profile

Back to top Go down

Re: Im infected BADLY with Antivirus System Pro... cannnot click anything hardly

Post by Belahzur on Tue Jun 30, 2009 9:01 am

Hello.

  • Open HijackThis.
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 209.44.111.62 safesystem.microsoft.com
    O1 - Hosts: 209.44.111.62 antiviraprof.com
    O1 - Hosts: 209.44.111.62 [You must be registered and logged in to see this link.]
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (file missing)
    O4 - HKCU\..\Run: [LowRiskFileTypes] C:\WINDOWS\sysguard.exe


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Im infected BADLY with Antivirus System Pro... cannnot click anything hardly

Post by StillTIPPIN187 on Tue Jun 30, 2009 5:30 pm

its workin good again... heres the log fro MWAM

Malwarebytes' Anti-Malware 1.38
Database version: 2356
Windows 5.1.2600 Service Pack 3

6/30/2009 1:22:12 PM
mbam-log-2009-06-30 (13-22-12).txt

Scan type: Quick Scan
Objects scanned: 104076
Time elapsed: 9 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 18

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\AvScan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\CLSID\{7998DC37-D3FE-487C-A60A-7701FCC70CC6}\InprocServer32\(default) (Hijack.Repdrvfs) -> Bad: (\\?\globalroot\systemroot\installer\d469bf.msi) Good: (repdrvfs.dll) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\ld11.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wbem\proquota.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\chfyosn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\oxyyxwn.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Billy\local settings\Temp\~TMFB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Billy\local settings\temporary internet files\Content.IE5\4VBSNT7D\installb[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Billy\local settings\temporary internet files\Content.IE5\ETM345QF\oheefst[1].txt (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Billy\local settings\temporary internet files\Content.IE5\HJ82WVH1\agpdd[2].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Billy\local settings\temporary internet files\Content.IE5\SHMNGXAR\qjkxpcp[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Billy\local settings\temporary internet files\Content.IE5\SHMNGXAR\qwtkll[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Billy\local settings\temporary internet files\Content.IE5\SHMNGXAR\lakkl[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Billy\local settings\temporary internet files\Content.IE5\SHMNGXAR\ouuivaan[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Billy\local settings\temporary internet files\Content.IE5\W5IBWPUF\oheefst[1].txt (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Billy\local settings\temporary internet files\Content.IE5\W5Q74TU7\atnaa[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Billy\local settings\temporary internet files\Content.IE5\WRI17YLK\atnaa[2].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Billy\local settings\temporary internet files\Content.IE5\WRI17YLK\lakkl[2].htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\sysguard.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iehelper.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

StillTIPPIN187
Novice
Novice

Status :
Online
Offline

Posts : 46
Joined : 2009-06-30
Gender : Male
OS : XP
Points : 27380
# Likes : 0

View user profile

Back to top Go down

Re: Im infected BADLY with Antivirus System Pro... cannnot click anything hardly

Post by Belahzur on Tue Jun 30, 2009 5:33 pm

Hello.
MBAM has found more than I expected it to, so I want to go deeper.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Im infected BADLY with Antivirus System Pro... cannnot click anything hardly

Post by StillTIPPIN187 on Tue Jun 30, 2009 5:43 pm

hey its says the message is too big with that dds message posted in it

StillTIPPIN187
Novice
Novice

Status :
Online
Offline

Posts : 46
Joined : 2009-06-30
Gender : Male
OS : XP
Points : 27380
# Likes : 0

View user profile

Back to top Go down

Re: Im infected BADLY with Antivirus System Pro... cannnot click anything hardly

Post by Belahzur on Tue Jun 30, 2009 5:44 pm

Split it up into more than one post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Im infected BADLY with Antivirus System Pro... cannnot click anything hardly

Post by StillTIPPIN187 on Tue Jun 30, 2009 5:46 pm

well duh lol.. sorry im slow... but thanks for your help from the beginning... and i think this is the one you wanted..

DDS (Ver_09-06-26.01) - NTFSx86
Run by Billy at 13:37:00.92 on Tue 06/30/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.357 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Billy\My Documents\dds.pif

============== Pseudo HJT Report ===============

uSearch Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
uDefault_Page_URL = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mSearchAssistant = [You must be registered and logged in to see this link.]
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\googleafe\GoogleAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MoneyStartUp] c:\program files\microsoft money\system\Money Startup.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: []
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [WorksFUD] c:\program files\microsoft works\wkfud.exe
mRun: [Microsoft Works Portfolio] c:\program files\microsoft works\WksSb.exe /AllUsers
mRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\extend~1.lnk - c:\windows\ehome\RMSysTry.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\common files\microsoft shared\works shared\wkcalrem.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

StillTIPPIN187
Novice
Novice

Status :
Online
Offline

Posts : 46
Joined : 2009-06-30
Gender : Male
OS : XP
Points : 27380
# Likes : 0

View user profile

Back to top Go down

Re: Im infected BADLY with Antivirus System Pro... cannnot click anything hardly

Post by StillTIPPIN187 on Tue Jun 30, 2009 5:46 pm

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-29 327688]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-6-29 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-29 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-6-29 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-29 298776]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-6-28 55152]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]

=============== Created Last 30 ================

2009-06-30 13:10 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-30 13:09 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-30 13:09 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-30 01:55 --d----- c:\docume~1\billy\applic~1\Malwarebytes
2009-06-30 01:55 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-29 23:31 --d-h--- C:\$AVG8.VAULT$
2009-06-29 23:20 --dsh--- c:\windows\System Volume Information
2009-06-29 23:12 --dsh--- c:\documents and settings\billy\PrivacIE
2009-06-29 19:32 8,192 a------- c:\windows\system32\wshirda.dll
2009-06-29 19:32 8,192 a------- c:\windows\system32\dllcache\wshirda.dll
2009-06-29 19:32 28,160 a------- c:\windows\system32\irmon.dll
2009-06-29 19:32 28,160 a------- c:\windows\system32\dllcache\irmon.dll
2009-06-29 19:32 151,552 a------- c:\windows\system32\irftp.exe
2009-06-29 19:32 151,552 a------- c:\windows\system32\dllcache\irftp.exe
2009-06-29 19:16 --d----- c:\windows\system32\scripting
2009-06-29 19:16 --d----- c:\windows\l2schemas
2009-06-29 19:16 --d----- c:\windows\system32\en
2009-06-29 19:16 --d----- c:\windows\system32\bits
2009-06-29 19:11 --d----- c:\windows\ServicePackFiles
2009-06-29 19:06 4,128 a------- C:\INFCACHE.1
2009-06-29 18:13 --d-h--- c:\windows\PIF
2009-06-29 18:01 --dsh--- c:\documents and settings\billy\IETldCache
2009-06-29 17:55 -cd-h--- c:\windows\ie8
2009-06-29 17:29 268,648 a------- c:\windows\system32\mucltui.dll
2009-06-29 17:29 208,744 a------- c:\windows\system32\muweb.dll
2009-06-29 17:29 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-06-29 01:14 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-06-29 01:14 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-29 01:14 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-29 01:14 --d----- c:\windows\system32\drivers\Avg
2009-06-29 01:14 --d----- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-06-29 01:13 --d----- c:\program files\AVG
2009-06-29 01:13 --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-06-28 20:54 298 a------- c:\windows\CDPlayer.ini
2009-06-28 20:42 22,912 a------- c:\windows\system32\drivers\lgusbmodem.sys
2009-06-28 20:42 21,248 a------- c:\windows\system32\drivers\lgusbdiag.sys
2009-06-28 20:42 12,672 a------- c:\windows\system32\drivers\lgusbbus.sys
2009-06-28 20:42 --d----- c:\program files\LG Electronics
2009-06-28 19:52 295,424 -------- c:\windows\system32\dllcache\termsrv.dll
2009-06-28 19:40 --d----- c:\program files\ANPARK
2009-06-28 19:25 --d----- c:\documents and settings\billy\Tracing
2009-06-28 19:17 0 a------- c:\windows\tosOBEX.INI
2009-06-28 19:12 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-06-28 19:12 12,160 a------- c:\windows\system32\dllcache\mouhid.sys
2009-06-28 19:05 --d----- c:\docume~1\billy\applic~1\FrostWire
2009-06-28 19:04 --d----- c:\program files\FrostWire
2009-06-28 18:34 --d----- c:\docume~1\billy\applic~1\LimeWire
2009-06-28 18:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-28 18:33 73,728 a------- c:\windows\system32\javacpl.cpl
2009-06-28 18:32 --d----- c:\program files\LimeWire
2009-06-28 18:24 55,152 a------- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-06-28 18:22 3,426,072 a------- c:\windows\system32\d3dx9_32.dll
2009-06-28 18:22 --d----- c:\program files\Microsoft SQL Server Compact Edition
2009-06-28 18:21 --d----- c:\program files\Microsoft
2009-06-28 18:20 --d----- c:\program files\Windows Live SkyDrive
2009-06-28 18:20 --d----- c:\program files\BitPim
2009-06-28 18:16 --d----- c:\program files\MediaMonkey
2009-06-28 18:15 --d----- c:\program files\common files\Windows Live
2009-06-28 18:12 --d----- c:\docume~1\billy\applic~1\MSNInstaller
2009-06-28 17:43 --d----- c:\docume~1\billy\applic~1\Windows Search
2009-06-28 17:25 --d----- c:\program files\Microsoft Picture It! 9
2009-06-28 17:25 --d----- c:\program files\Design Science

==================== Find3M ====================

2009-06-29 19:20 88,859 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-25 00:24 350,208 -------- c:\windows\system32\mssph.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 11:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-29 00:55 133,120 -------- c:\windows\system32\dllcache\extmgr.dll
2009-04-28 05:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 08:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 10:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll

============= FINISH: 13:37:23.87 ===============

StillTIPPIN187
Novice
Novice

Status :
Online
Offline

Posts : 46
Joined : 2009-06-30
Gender : Male
OS : XP
Points : 27380
# Likes : 0

View user profile

Back to top Go down

Re: Im infected BADLY with Antivirus System Pro... cannnot click anything hardly

Post by Belahzur on Tue Jun 30, 2009 5:50 pm

Hello.
Can you post attach.txt, I want to uninstall a few things.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Im infected BADLY with Antivirus System Pro... cannnot click anything hardly

Post by StillTIPPIN187 on Tue Jun 30, 2009 5:52 pm

sorry is the post attach one of the 2 things i saved to my desktop? sorry im not a computer tech person lol

StillTIPPIN187
Novice
Novice

Status :
Online
Offline

Posts : 46
Joined : 2009-06-30
Gender : Male
OS : XP
Points : 27380
# Likes : 0

View user profile

Back to top Go down

Re: Im infected BADLY with Antivirus System Pro... cannnot click anything hardly

Post by Belahzur on Tue Jun 30, 2009 5:53 pm

Yes, DDS makes two logs. DDS.txt and attach.txt.

You posted DDS.txt, so post attach.txt now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Im infected BADLY with Antivirus System Pro... cannnot click anything hardly

Post by StillTIPPIN187 on Tue Jun 30, 2009 5:55 pm

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 4/8/2009 2:03:48 PM
System Uptime: 6/30/2009 1:24:00 PM (0 hours ago)

Motherboard: Dell Inc. | | 0HC416
Processor: Intel(R) Pentium(R) M processor 1.73GHz | Microprocessor | 1728/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 68 GiB total, 53.378 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth Personal Area Network from TOSHIBA
Device ID: BLUETOOTH\0004&0007\0000
Manufacturer: Toshiba
Name: Bluetooth Personal Area Network from TOSHIBA
PNP Device ID: BLUETOOTH\0004&0007\0000
Service: tosrfnds

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 440x 10/100 Integrated Controller
Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01B51028&REV_02\4&2FA23535&0&00F0
Manufacturer: Broadcom
Name: Broadcom 440x 10/100 Integrated Controller
PNP Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01B51028&REV_02\4&2FA23535&0&00F0
Service: bcm4sbxp

==== System Restore Points ===================

RP1: 4/8/2009 2:03:53 PM - System Checkpoint
RP2: 4/8/2009 12:15:06 PM - Removed Trend Micro PC-cillin Internet Security 12
RP3: 4/8/2009 12:15:54 PM - Removed TMASOEDL
RP4: 4/8/2009 12:16:01 PM - Removed TMASOLDL
RP5: 4/8/2009 12:24:06 PM - Software Distribution Service 3.0
RP6: 4/8/2009 12:30:49 PM - Installed Paint Shop Pro 7
RP7: 4/8/2009 12:39:03 PM - Removed Dell Support 3.1
RP8: 4/8/2009 12:56:56 PM - Software Distribution Service 3.0
RP9: 4/8/2009 1:38:46 PM - Removed Corel Paint Shop Pro X
RP10: 4/8/2009 1:42:23 PM - Removed Corel Photo Album 6
RP11: 4/8/2009 2:16:41 PM - Installed Works Suite OS Pack
RP12: 4/8/2009 2:18:42 PM - Installed Microsoft Works 6.0
RP13: 4/8/2009 2:20:46 PM - Installed Microsoft Money 2001
RP14: 4/8/2009 2:30:04 PM - Removed WordPerfect Office 12
RP15: 4/8/2009 2:43:58 PM - Software Distribution Service 3.0
RP16: 4/10/2009 3:05:46 PM - Software Distribution Service 3.0
RP17: 4/11/2009 3:43:47 PM - Software Distribution Service 3.0
RP18: 4/12/2009 12:32:32 PM - Software Distribution Service 3.0
RP19: 4/30/2009 4:51:17 PM - Software Distribution Service 3.0
RP20: 5/2/2009 12:58:23 PM - Software Distribution Service 3.0
RP21: 5/3/2009 4:42:41 PM - Software Distribution Service 3.0
RP22: 5/6/2009 9:38:32 AM - Software Distribution Service 3.0
RP23: 5/8/2009 4:35:34 PM - Software Distribution Service 3.0
RP24: 5/11/2009 9:49:23 AM - Software Distribution Service 3.0
RP25: 5/13/2009 9:30:36 AM - Software Distribution Service 3.0
RP26: 5/21/2009 4:26:45 PM - Software Distribution Service 3.0
RP27: 5/26/2009 3:44:18 PM - Software Distribution Service 3.0
RP28: 5/28/2009 4:56:18 PM - Software Distribution Service 3.0
RP29: 6/8/2009 4:55:56 PM - Software Distribution Service 3.0
RP30: 6/15/2009 4:37:10 PM - Software Distribution Service 3.0
RP31: 6/28/2009 5:28:29 PM - Removed NetZeroInstallers
RP32: 6/28/2009 6:02:38 PM - Software Distribution Service 3.0
RP33: 6/28/2009 6:22:33 PM - Installed Windows XP KB954708.
RP34: 6/28/2009 6:22:52 PM - Installed DirectX
RP35: 6/28/2009 7:10:59 PM - Installed Java(TM) 6 Update 13
RP36: 6/28/2009 7:12:42 PM - Unsigned driver install
RP37: 6/28/2009 7:16:53 PM - Unsigned driver install
RP38: 6/28/2009 7:40:46 PM - Installed MCEBrowser
RP39: 6/28/2009 7:53:08 PM - Installed Windows XP KB895961-v4.
RP40: 6/28/2009 7:57:06 PM - Installed Windows XP Media Center Edition 2005 KB905589.
RP41: 6/28/2009 8:42:52 PM - Installed LG USB Modem driver
RP42: 6/28/2009 8:52:44 PM - Installed QuickTime
RP43: 6/29/2009 1:13:51 AM - Installed AVG Free 8.5
RP44: 6/29/2009 5:52:02 PM - Software Distribution Service 3.0
RP45: 6/29/2009 6:05:50 PM - Removed NetWaiting
RP46: 6/29/2009 6:06:56 PM - Removed Musicmatch for Windows Media Player
RP47: 6/29/2009 6:34:46 PM - Software Distribution Service 3.0
RP48: 6/29/2009 6:36:04 PM - Software Distribution Service 3.0
RP49: 6/29/2009 6:54:22 PM - Software Distribution Service 3.0
RP50: 6/29/2009 7:37:39 PM - Software Distribution Service 3.0
RP51: 6/30/2009 3:00:18 AM - Software Distribution Service 3.0

==== Installed Programs ======================

Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 6.0.1
AOLIcon
Apple Software Update
AVG Free 8.5
Banctec Service Agreement
BitPim 1.0.6
Bluetooth Stack for Windows by Toshiba
Broadcom Management Programs
Choice Guard
Conexant HDA D110 MDC V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell ResourceCD
Dell System Restore
DellSupport
Digital Line Detect
DIGOpt
DIGReqEx
EarthLink setup files
ELIcon
FrostWire 4.18.0
GemMaster Mystic
Get High Speed Internet!
Google
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB895961-v4)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Intel(R) Graphics Media Accelerator Driver for Mobile
Intel(R) PROSet/Wireless Software
Internal Network Card Power Management
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 13
Junk Mail filter update
Learn2 Player (Uninstall Only)
LG USB Modem driver
Malwarebytes' Anti-Malware
MathPlayer
MCEBrowser
mCore
mDrWiFi
Media Center Extender
MediaMonkey 3.1
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2001
Microsoft National Language Support Downlevel APIs
Microsoft Picture It! Express 9
Microsoft Picture It! Library 9
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 6.0
Microsoft Works and Money 2001 Setup Launcher
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
mPfMgr
mPfWiz
mProSafe
MSN
MSN Encarta Plus Support Files
mSSO
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
mToolkit
mWlsSafe
mXML
mZConfig
Paint Shop Pro 7
QuickSet
QuickTime
RealPlayer Basic
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Segoe UI
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
Viewpoint Media Player
WebCyberCoach 3.2 Dell
WebFldrs XP
WildTangent Web Driver
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Search 4.0
Windows XP Media Center Edition 2005 KB905589
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
Works Suite OS Pack

==== Event Viewer Messages From Past Week ========

6/30/2009 3:01:05 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0xd0000156: Update for Windows XP (KB967715).
6/30/2009 1:25:20 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
6/30/2009 1:24:33 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
6/29/2009 6:36:26 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f0f4: Windows XP Service Pack 3 (KB936929).
6/29/2009 11:26:23 PM, error: BTHUSB [17] - The local Bluetooth radio has failed in an undetermined manner and will be unloaded.
6/28/2009 8:26:12 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
6/28/2009 7:10:43 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
6/28/2009 6:21:59 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
6/28/2009 6:21:59 PM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/28/2009 6:21:59 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/28/2009 5:16:35 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the crd service to connect.
6/28/2009 5:16:35 PM, error: Service Control Manager [7000] - The crd service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================

StillTIPPIN187
Novice
Novice

Status :
Online
Offline

Posts : 46
Joined : 2009-06-30
Gender : Male
OS : XP
Points : 27380
# Likes : 0

View user profile

Back to top Go down

Re: Im infected BADLY with Antivirus System Pro... cannnot click anything hardly

Post by StillTIPPIN187 on Tue Jun 30, 2009 5:57 pm

did i do it right?

StillTIPPIN187
Novice
Novice

Status :
Online
Offline

Posts : 46
Joined : 2009-06-30
Gender : Male
OS : XP
Points : 27380
# Likes : 0

View user profile

Back to top Go down

Re: Im infected BADLY with Antivirus System Pro... cannnot click anything hardly

Post by Belahzur on Tue Jun 30, 2009 6:01 pm

Hello.

I see that you are running Frostwire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

If Frostwire is not removed, then I won't help you.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Adobe Reader 6.0.1
    FrostWire 4.18.0
    Java 2 Runtime Environment, SE v1.4.2_03
    Java(TM) 6 Update 13
    Viewpoint Media Player

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    c:\docume~1\billy\applic~1\FrostWire
    c:\docume~1\billy\applic~1\LimeWire
    c:\program files\FrostWire
    c:\program files\LimeWire
    C:\Documents and Settings\Billy\My Documents\dds.pif


  • Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Im infected BADLY with Antivirus System Pro... cannnot click anything hardly

Post by StillTIPPIN187 on Tue Jun 30, 2009 6:18 pm

========== FILES ==========
c:\docume~1\billy\applic~1\FrostWire\xml\data moved successfully.
c:\docume~1\billy\applic~1\FrostWire\xml moved successfully.
c:\docume~1\billy\applic~1\FrostWire\themes\frostwirePro_theme moved successfully.
c:\docume~1\billy\applic~1\FrostWire\themes moved successfully.
c:\docume~1\billy\applic~1\FrostWire\overlays moved successfully.
c:\docume~1\billy\applic~1\FrostWire\.NetworkShare\Incomplete moved successfully.
c:\docume~1\billy\applic~1\FrostWire\.NetworkShare moved successfully.
c:\docume~1\billy\applic~1\FrostWire\.AppSpecialShare moved successfully.
c:\docume~1\billy\applic~1\FrostWire moved successfully.
c:\docume~1\billy\applic~1\LimeWire\xml\data moved successfully.
c:\docume~1\billy\applic~1\LimeWire\xml moved successfully.
c:\docume~1\billy\applic~1\LimeWire\promotion moved successfully.
c:\docume~1\billy\applic~1\LimeWire\mozilla-profile\updates\0 moved successfully.
c:\docume~1\billy\applic~1\LimeWire\mozilla-profile\updates moved successfully.
c:\docume~1\billy\applic~1\LimeWire\mozilla-profile\extensions moved successfully.
c:\docume~1\billy\applic~1\LimeWire\mozilla-profile\Cache moved successfully.
c:\docume~1\billy\applic~1\LimeWire\mozilla-profile moved successfully.
c:\docume~1\billy\applic~1\LimeWire\browser\xulrunner\res\html moved successfully.
c:\docume~1\billy\applic~1\LimeWire\browser\xulrunner\res\fonts moved successfully.
c:\docume~1\billy\applic~1\LimeWire\browser\xulrunner\res\entityTables moved successfully.
c:\docume~1\billy\applic~1\LimeWire\browser\xulrunner\res\dtd moved successfully.
c:\docume~1\billy\applic~1\LimeWire\browser\xulrunner\res moved successfully.
c:\docume~1\billy\applic~1\LimeWire\browser\xulrunner\plugins moved successfully.
c:\docume~1\billy\applic~1\LimeWire\browser\xulrunner\modules moved successfully.
c:\docume~1\billy\applic~1\LimeWire\browser\xulrunner\greprefs moved successfully.
c:\docume~1\billy\applic~1\LimeWire\browser\xulrunner\dictionaries moved successfully.
c:\docume~1\billy\applic~1\LimeWire\browser\xulrunner\defaults\profile\US\chrome moved successfully.
c:\docume~1\billy\applic~1\LimeWire\browser\xulrunner\defaults\profile\US moved successfully.
c:\docume~1\billy\applic~1\LimeWire\browser\xulrunner\defaults\profile\chrome moved successfully.
c:\docume~1\billy\applic~1\LimeWire\browser\xulrunner\defaults\profile moved successfully.
c:\docume~1\billy\applic~1\LimeWire\browser\xulrunner\defaults\pref moved successfully.
c:\docume~1\billy\applic~1\LimeWire\browser\xulrunner\defaults\autoconfig moved successfully.
c:\docume~1\billy\applic~1\LimeWire\browser\xulrunner\defaults moved successfully.
c:\docume~1\billy\applic~1\LimeWire\browser\xulrunner\components moved successfully.
c:\docume~1\billy\applic~1\LimeWire\browser\xulrunner\chrome moved successfully.
c:\docume~1\billy\applic~1\LimeWire\browser\xulrunner moved successfully.
c:\docume~1\billy\applic~1\LimeWire\browser moved successfully.
c:\docume~1\billy\applic~1\LimeWire\.AppSpecialShare moved successfully.
c:\docume~1\billy\applic~1\LimeWire moved successfully.
File/Folder c:\program files\FrostWire not found.
c:\program files\LimeWire\lib moved successfully.
c:\program files\LimeWire moved successfully.
C:\Documents and Settings\Billy\My Documents\dds.pif moved successfully.

OTM by OldTimer - Version 3.0.0.2 log created on 06302009_141705

StillTIPPIN187
Novice
Novice

Status :
Online
Offline

Posts : 46
Joined : 2009-06-30
Gender : Male
OS : XP
Points : 27380
# Likes : 0

View user profile

Back to top Go down

Re: Im infected BADLY with Antivirus System Pro... cannnot click anything hardly

Post by Belahzur on Tue Jun 30, 2009 6:23 pm

We can remove OTMoveIt now.

  • Please double-click OTM.exe to run it again.
  • Press the green CleanUp! button.
  • Press Yes cleanup process prompt, do the same for the reboot prompt.
How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Im infected BADLY with Antivirus System Pro... cannnot click anything hardly

Post by StillTIPPIN187 on Tue Jun 30, 2009 6:31 pm

much bettter!! thank alot!

but i do have a couple more questions... how do i remove programs and things from running at start up?

everytime i turn my computer on i get this window from microsoft that contains a file called search enhancements or something of that name... can i remove it or something?

and how do i change the the registered user? i bought this comp from a friend about a week ago and all the files i sent you i saw the name "billy" in alot of them.. and he isn't the owner anymore.

StillTIPPIN187
Novice
Novice

Status :
Online
Offline

Posts : 46
Joined : 2009-06-30
Gender : Male
OS : XP
Points : 27380
# Likes : 0

View user profile

Back to top Go down

Re: Im infected BADLY with Antivirus System Pro... cannnot click anything hardly

Post by Belahzur on Tue Jun 30, 2009 6:42 pm

Hello.
You may need to create a new user profile, not sure if you can rename current profile names or not...

As for startup items, we can do that, so please post a new Hijack This log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Im infected BADLY with Antivirus System Pro... cannnot click anything hardly

Post by StillTIPPIN187 on Wed Jul 01, 2009 12:32 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:31:12 PM, on 6/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Hijack%28GP%29This.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyStartUp] C:\Program Files\Microsoft Money\System\Money Startup.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8557 bytes

StillTIPPIN187
Novice
Novice

Status :
Online
Offline

Posts : 46
Joined : 2009-06-30
Gender : Male
OS : XP
Points : 27380
# Likes : 0

View user profile

Back to top Go down

Re: Im infected BADLY with Antivirus System Pro... cannnot click anything hardly

Post by StillTIPPIN187 on Wed Jul 01, 2009 12:34 am

i want nothing to come on at start up.. if you can help that'd be great

StillTIPPIN187
Novice
Novice

Status :
Online
Offline

Posts : 46
Joined : 2009-06-30
Gender : Male
OS : XP
Points : 27380
# Likes : 0

View user profile

Back to top Go down

Re: Im infected BADLY with Antivirus System Pro... cannnot click anything hardly

Post by Belahzur on Wed Jul 01, 2009 2:25 pm

Hello.
A few things need to run at startup, because they are part of your hardware, otherwise some parts will fail to work.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MoneyStartUp] C:\Program Files\Microsoft Money\System\Money Startup.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe


  • Press "Fix Checked"
  • Close Hijack This.

Reboot normally.
It should be somewhat faster now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Im infected BADLY with Antivirus System Pro... cannnot click anything hardly

Post by StillTIPPIN187 on Wed Jul 01, 2009 5:48 pm

THANKS!! its much faster now! especially at start-up! YOUR A HERO!! lol..

StillTIPPIN187
Novice
Novice

Status :
Online
Offline

Posts : 46
Joined : 2009-06-30
Gender : Male
OS : XP
Points : 27380
# Likes : 0

View user profile

Back to top Go down

Re: Im infected BADLY with Antivirus System Pro... cannnot click anything hardly

Post by StillTIPPIN187 on Wed Jul 01, 2009 5:51 pm

O and one more question... what do you think is the best anti-virus software? i currently have AVG free because i heard it was the best.. but it didn't do much in notifying me of that virus i had recently.

StillTIPPIN187
Novice
Novice

Status :
Online
Offline

Posts : 46
Joined : 2009-06-30
Gender : Male
OS : XP
Points : 27380
# Likes : 0

View user profile

Back to top Go down

Re: Im infected BADLY with Antivirus System Pro... cannnot click anything hardly

Post by Belahzur on Wed Jul 01, 2009 6:20 pm

Hello.
I much prefer Avira compared to AVG.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    AVG 8 Free

Please install Avira antivirus otherwise you won't be protected.

1) [You must be registered and logged in to see this link.]
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Im infected BADLY with Antivirus System Pro... cannnot click anything hardly

Post by StillTIPPIN187 on Wed Jul 01, 2009 9:49 pm

ok. thanks again! you really helped alot! Thank You!

StillTIPPIN187
Novice
Novice

Status :
Online
Offline

Posts : 46
Joined : 2009-06-30
Gender : Male
OS : XP
Points : 27380
# Likes : 0

View user profile

Back to top Go down

Re: Im infected BADLY with Antivirus System Pro... cannnot click anything hardly

Post by StillTIPPIN187 on Thu Nov 12, 2009 6:31 pm

well.. i need some help again..

antivirus system pro has installed inself onto my computer again....

can someone help me again?? =]

StillTIPPIN187
Novice
Novice

Status :
Online
Offline

Posts : 46
Joined : 2009-06-30
Gender : Male
OS : XP
Points : 27380
# Likes : 0

View user profile

Back to top Go down

Re: Im infected BADLY with Antivirus System Pro... cannnot click anything hardly

Post by Belahzur on Thu Nov 12, 2009 8:22 pm

Please open a new topic, this one is a few months old.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum