Anti-Virus Removers get blocked b4 downloading installation

View previous topic View next topic Go down

Anti-Virus Removers get blocked b4 downloading installation is complete

Post by Tigerlilly77 on 26th July 2009, 3:05 pm

Hi all- I have been having problems with my Vista for 4 months. The issue's seem to progress day by day...it's creepy, as if there is someone sitting next to me as I type. HATE it.

I could write a novel about all of the crap I go through, but some quickies:

JAPANESE
OneNote...Japanese Word....Japanese, everything.....Japanese! There are hidden documents all over my computer in Japanese! OneNote is a program that I had never used (or heard of) until it magically appeared on my desktop one afternoon. Now I can't get rid of it. (Either could the Geek Squad) I know that OneNote is a valid Microsoft program, I just have never used it and now it won't leave me alone!

Who doesn't love the occassional floating cursor?

AntiVirus programs and downloads- EVERY time I try to download an anti-viral program something gets to the program before it has time to open and I get replicas? Does that make sense? So far within my computer- Comodo, TrendMicro,ZoneAlarm,HighJackThis,AVG and I have the actual Webroot Software. The Weboot Spyware was infected after the second week of installation- I uninstalled, reinstalled, in SafeMode, etc...no results.
My computer isn't mine anymore- any settings I choose are always altered...I'm really upset.
Anyone? Help?

Tigerlilly77
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-07-25
Gender Gender : Female
OS OS : Vista
Points Points : 27019
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Anti-Virus Removers get blocked b4 downloading installation

Post by Belahzur on 26th July 2009, 5:43 pm

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Anti-Virus Removers get blocked b4 downloading installation

Post by Tigerlilly77 on 26th July 2009, 6:57 pm

Thank you so much Belahzur!
I will follow your instructions EXACTLY...keep your fingers crossed, I may need it!

Tigerlilly

Tigerlilly77
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-07-25
Gender Gender : Female
OS OS : Vista
Points Points : 27019
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Anti-Virus Removers get blocked b4 downloading installation

Post by Tigerlilly77 on 26th July 2009, 7:06 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:04:54 PM, on 7/26/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 1627 bytes

Tigerlilly77
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-07-25
Gender Gender : Female
OS OS : Vista
Points Points : 27019
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Anti-Virus Removers get blocked b4 downloading installation

Post by Tigerlilly77 on 26th July 2009, 7:18 pm

Hi again- I did a second run on my husbands side- we seem to have different settings,issues and problems...many, MANY thanks!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:15:34 PM, on 7/26/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 1665 bytes

Tigerlilly77
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-07-25
Gender Gender : Female
OS OS : Vista
Points Points : 27019
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Anti-Virus Removers get blocked b4 downloading installation

Post by Belahzur on 26th July 2009, 8:51 pm


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Belahzur- I tried DDS.SCR- didn't work

Post by Tigerlilly77 on 26th July 2009, 9:19 pm

Hello again my kind friend,

Unfortunately it wouldn't work. The first time it froze up on me and the second time the program shut down automatically...can you believe this?

Tigerkilly

Tigerlilly77
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-07-25
Gender Gender : Female
OS OS : Vista
Points Points : 27019
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Anti-Virus Removers get blocked b4 downloading installation

Post by Belahzur on 27th July 2009, 9:24 pm


  • Download random's system information tool (RSIT) by random/random from [You must be registered and logged in to see this link.] and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<< will be maximized) and info.txt (<< will be minimized)


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Anti-Virus Removers get blocked b4 downloading installation

Post by Tigerlilly77 on 27th July 2009, 11:58 pm

Hi Belahzur- I will give this a try now...I just pray that I am not redirected again! Thanks!!!
By the way, on one of the hidden log files that contained the anti-virus removal retraction information ( I realize how horrible my computer lingo is) the authors left their names on the bottom.
(1) Patrick Y. Ng (2) Ram Cherala, both from Redmond, WA....is there anything I can do with this information?

Tigerlilly77
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-07-25
Gender Gender : Female
OS OS : Vista
Points Points : 27019
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Anti-Virus Removers get blocked b4 downloading installation

Post by Tigerlilly77 on 28th July 2009, 12:10 am

Wouldn't allow it- kept shutting down...sh*&!

Tigerlilly77
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-07-25
Gender Gender : Female
OS OS : Vista
Points Points : 27019
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Anti-Virus Removers get blocked b4 downloading installation

Post by Tigerlilly77 on 28th July 2009, 5:21 am

DDS (Ver_09-06-26.01) - NTFSx86 NETWORK
Run by Lauren at 1:11:50.25 on Tue 07/28/2009
Internet Explorer: 8.0.6001.18783
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2942.2481

[GMT -4:00]

AV: Trend Micro AntiVirus *On-access scanning enabled* (Updated) {7D2296BC-

32CC-4519-917E-52E652474AF5}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-

7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Lauren\AppData\Local\Microsoft\Windows\Temporary Internet

Files\Content.IE5\BLISWFNM\dds[1].scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uSearch Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
mDefault_Page_URL = [You must be registered and logged in to see this link.]
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
Trusted Zone: google.com\www
Trusted Zone: ic3.gov\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

[You must be registered and logged in to see this link.]
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} -

c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-7-

27 114768]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23

9968]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23

72944]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-

2C816A897A49};c:\program files\hewlett-packard\media\dvd\000.fcl [2008-9-26

59376]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-7-27 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-7-27

51792]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-7-25 50192]
S2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2009-7-25 36368]
S2 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet

security\TmProxy.exe [2009-7-25 677128]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23

7408]
S4 Norton Internet Security;Norton Internet Security;"c:\program files\norton

internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security"

/m "c:\program files\norton internet security\engine\16.0.0.125\dimaster.dll"

/prefetch:1 --> c:\program files\norton internet security\engine\16.0.0.125

\ccSvcHst.exe [?]
S4 nvrd32;NVIDIA nForce RAID Driver;c:\windows\system32\drivers\nvrd32.sys

[2008-11-10 133152]

=============== Created Last 30 ================

2009-07-27 11:03 51,792 a------- c:\windows\system32

\drivers\aswMonFlt.sys
2009-07-27 10:01 --d-----

c:\programdata\SUPERAntiSpyware.com
2009-07-27 10:01 --d----- c:\progra~2

\SUPERAntiSpyware.com
2009-07-27 10:01 --d----- c:\program

files\SUPERAntiSpyware
2009-07-27 09:59 --d----- c:\program files\common

files\Wise Installation Wizard
2009-07-27 07:35 775,168 a------- c:\windows\is-RP50F.exe
2009-07-27 07:35 10,194 a------- c:\windows\is-RP50F.msg
2009-07-27 07:35 229 a------- c:\windows\is-RP50F.lst
2009-07-27 00:29 --d----- c:\programdata\Trend Micro
2009-07-27 00:29 --d----- c:\progra~2\Trend Micro
2009-07-26 18:06 --d----- c:\windows\system32\log
2009-07-26 17:53 --d----- c:\program files\Unlocker
2009-07-25 23:59 --d----- c:\windows\system32\Service
2009-07-25 23:42 1,220,120 a------- c:\windows\system32

\drivers\vsapint.sys
2009-07-25 23:42 225,296 a------- c:\windows\system32

\drivers\tmxpflt.sys
2009-07-25 23:42 36,368 a------- c:\windows\system32

\drivers\tmpreflt.sys
2009-07-25 23:32 153,104 a------- c:\windows\system32

\drivers\tmcomm.sys
2009-07-25 23:32 80,400 a------- c:\windows\system32

\drivers\tmtdi.sys
2009-07-25 23:32 50,192 a------- c:\windows\system32

\drivers\tmevtmgr.sys
2009-07-25 23:32 50,192 a------- c:\windows\system32

\drivers\tmactmon.sys
2009-07-25 16:25 775,168 a------- c:\windows\is-HS133.exe
2009-07-25 16:25 10,194 a------- c:\windows\is-HS133.msg
2009-07-25 16:25 229 a------- c:\windows\is-HS133.lst
2009-07-25 08:18 --d----- c:\program files\Trend Micro
2009-07-24 01:30 --d-----

c:\users\lauren\appdata\roaming\Comodo
2009-07-24 01:28 --d----- c:\program files\COMODO
2009-07-23 10:17 775,168 a------- c:\windows\is-EPAM2.exe
2009-07-23 10:17 10,194 a------- c:\windows\is-EPAM2.msg
2009-07-23 10:17 250 a------- c:\windows\is-EPAM2.lst
2009-07-22 16:28 --d-----

c:\users\lauren\appdata\roaming\ComcastToolbar
2009-07-20 08:43 --d----- c:\program files\AskBarDis
2009-07-20 08:39 22,528 a------- c:\windows\system32

\netiougc.exe
2009-07-20 08:39 170,496 a------- c:\windows\system32

\tcpipcfg.dll
2009-07-20 08:38 103,816 a------- c:\windows\system32

\~GLH004f.TMP
2009-07-20 08:37 293,528 a------- c:\windows\system32

\drivers\vsdatant.sys
2009-07-20 08:35 --d----- c:\program files\Zone Labs
2009-07-20 08:34 --d----- c:\programdata\CheckPoint
2009-07-20 08:34 --d----- c:\progra~2\CheckPoint
2009-07-20 08:34 --d----- c:\windows\Internet Logs
2009-07-18 18:25 97,800 a------- c:\windows\system32

\infocardapi.dll
2009-07-18 18:25 105,016 a------- c:\windows\system32

\PresentationCFFRasterizerNative_v0300.dll
2009-07-18 18:25 37,384 a------- c:\windows\system32

\infocardcpl.cpl
2009-07-18 18:25 622,080 a------- c:\windows\system32

\icardagt.exe
2009-07-18 18:25 43,544 a------- c:\windows\system32

\PresentationHostProxy.dll
2009-07-18 18:25 11,264 a------- c:\windows\system32

\icardres.dll
2009-07-18 18:25 781,344 a------- c:\windows\system32

\PresentationNative_v0300.dll
2009-07-18 18:25 326,160 a------- c:\windows\system32

\PresentationHost.exe
2009-07-18 18:20 96,760 a------- c:\windows\system32\dfshim.dll
2009-07-18 18:20 282,112 a------- c:\windows\system32\mscoree.dll
2009-07-18 18:20 41,984 a------- c:\windows\system32

\netfxperf.dll
2009-07-18 18:20 158,720 a------- c:\windows\system32

\mscorier.dll
2009-07-18 18:20 83,968 a------- c:\windows\system32

\mscories.dll
2009-07-18 18:17 72,704 a------- c:\windows\system32

\admparse.dll
2009-07-16 17:19 524,288 a--sh--- C:\ntuser.dat{5cd854c8-7244-

11de-bb1d-00248c7d3511}.TMContainer00000000000000000002.regtrans-ms
2009-07-16 17:19 524,288 a--sh--- C:\ntuser.dat{5cd854c8-7244-

11de-bb1d-00248c7d3511}.TMContainer00000000000000000001.regtrans-ms
2009-07-16 17:19 65,536 a--sh--- C:\ntuser.dat{5cd854c8-7244-

11de-bb1d-00248c7d3511}.TM.blf
2009-07-16 17:19 5,120 a---h--- C:\ntuser.dat.LOG1
2009-07-16 17:19 0 a---h--- C:\ntuser.dat.LOG2
2009-07-16 17:19 262,144 a------- C:\ntuser.dat
2009-07-16 17:19 --d----- c:\programdata\Yahoo!
2009-07-16 17:07 --d----- c:\program files\Yahoo!
2009-07-15 06:42 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-15 06:42 156,672 a------- c:\windows\system32\t2embed.dll
2009-07-15 06:42 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-15 06:42 10,240 a------- c:\windows\system32

\dciman32.dll
2009-07-14 09:27 --d----- c:\program files\ComcastToolbar
2009-07-14 08:19 --d----- c:\program files\common

files\scanner
2009-07-14 08:19 --d----- c:\program files\CA
2009-07-14 08:19 --d----- c:\windows\Downloaded

Installations
2009-07-09 21:05 277,876,036 a------- c:\windows\MEMORY.DMP
2009-07-09 17:04 812 a-------

c:\users\lauren\appdata\roaming\wklnhst.dat
2009-07-08 16:09 --d----- c:\programdata\Malwarebytes
2009-07-08 16:09 --d----- c:\progra~2\Malwarebytes
2009-07-08 16:09 164 a------- c:\windows\install.dat
2009-07-08 15:57 0 a---h--- C:\ProgramData.LOG2
2009-07-08 15:57 0 a---h--- C:\ProgramData.LOG1
2009-07-06 19:23 --d----- c:\users\Lauren
2009-07-06 19:14 --d----- c:\programdata\HP Product

Assistant
2009-07-06 19:14 --d----- c:\program files\common

files\HP
2009-07-06 19:14 --d----- c:\program files\common

files\Hewlett-Packard
2009-07-06 19:12 165,566 a------- c:\windows\hpoins28.dat
2009-07-06 19:11 --d----- c:\programdata\HP
2009-07-06 19:11 729,088 a------- c:\windows\system32

\hpowiax7.dll
2009-07-06 19:11 581,632 a------- c:\windows\system32

\hpotscl6.dll
2009-07-06 19:11 303,104 a------- c:\windows\system32

\hpovst15.dll
2009-07-06 19:11 271,704 a------- c:\windows\system32

\hpzids01.dll
2009-07-06 19:11 118,272 a------- c:\windows\system32

\hpz3l5mu.dll
2009-07-06 19:10 372,736 a------- c:\windows\system32

\hppldcoi.dll
2009-07-06 19:10 309,760 a------- c:\windows\system32\difxapi.dll
2009-07-06 16:13 32,592 a------- c:\windows\system32

\msonpmon.dll
2009-07-06 16:12 --d----- c:\windows\PCHEALTH
2009-07-06 13:09 --d----- c:\programdata\Microsoft Help
2009-07-06 13:01 428,544 a------- c:\windows\system32\EncDec.dll
2009-07-06 13:01 293,376 a------- c:\windows\system32

\psisdecd.dll
2009-07-06 13:01 217,088 a------- c:\windows\system32\psisrndr.ax
2009-07-06 13:01 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-07-06 13:01 80,896 a------- c:\windows\system32\MSNP.ax
2009-07-06 12:49 --d----- c:\programdata\Geek Squad
2009-07-06 12:49 --d----- c:\progra~2\Geek Squad
2009-07-06 12:48 --d----- c:\program files\MSSOAP
2009-07-06 12:48 --d----- c:\program files\common

files\MSSoap
2009-07-06 12:48 --d----- c:\program files\Webroot
2009-07-06 12:46 57,856 a------- c:\windows\system32\MSDvbNP.ax
2009-07-06 12:45 1,645,568 a------- c:\windows\system32

\connect.dll
2009-07-06 12:45 241,152 a------- c:\windows\system32

\PortableDeviceApi.dll
2009-07-06 12:45 712,704 a------- c:\windows\system32

\WindowsCodecs.dll
2009-07-06 12:45 425,472 a------- c:\windows\system32

\PhotoMetadataHandler.dll
2009-07-06 12:45 347,136 a------- c:\windows\system32

\WindowsCodecsExt.dll
2009-07-06 12:45 147,456 a------- c:\windows\system32

\Faultrep.dll
2009-07-06 12:45 125,952 a------- c:\windows\system32\wersvc.dll
2009-07-06 12:44 296,960 a------- c:\windows\system32\gdi32.dll
2009-07-06 12:44 212,480 a------- c:\windows\system32

\drivers\mrxsmb10.sys
2009-07-06 12:44 4,240,384 a------- c:\windows\system32

\GameUXLegacyGDFs.dll
2009-07-06 12:44 28,672 a------- c:\windows\system32

\Apphlpdm.dll
2009-07-06 12:43 1,191,936 a------- c:\windows\system32

\msxml3.dll
2009-07-06 12:43 2,048 a------- c:\windows\system32\tzres.dll
2009-07-06 12:42 2,927,104 a------- c:\windows\explorer.exe
2009-07-06 12:42 288,768 a------- c:\windows\system32

\drivers\srv.sys
2009-07-06 12:42 996,352 a------- c:\windows\system32

\WMNetMgr.dll
2009-07-06 12:42 94,720 a------- c:\windows\system32

\logagent.exe
2009-07-06 12:42 2,868,736 a------- c:\windows\system32

\mf.dll
2009-07-06 12:42 1,334,272 a------- c:\windows\system32

\msxml6.dll
2009-07-06 12:42 443,392 a------- c:\windows\system32

\win32spl.dll
2009-07-06 12:41 1,524,736 a------- c:\windows\system32

\wucltux.dll
2009-07-06 12:41 83,456 a------- c:\windows\system32

\wudriver.dll
2009-07-06 12:41 162,064 a------- c:\windows\system32\wuwebv.dll
2009-07-06 12:41 31,232 a------- c:\windows\system32\wuapp.exe
2009-07-06 12:21 1,837 a--shr-- c:\windows\system32

\drivers\103C_HP_CPC_NC689AA-ABA

s3700y_YC_0Pavi_Q3CR914_E91NAv3PrA1_49_IAcacia_SPEGATRON

CORPORATION_V1.02_B5.19_T081017_WUH1_L409_M2942_J320_7AMD_8Athlon 64 X2 Dual

Core_92.6_#_N10DE03EF_Z14F12F20_G10DE03D0.MRK

==================== Find3M ====================

2009-07-26 15:00 143,360 a------- c:\windows\inf\infstrng.dat
2009-07-26 15:00 86,016 a------- c:\windows\inf\infstor.dat
2009-07-26 15:00 51,200 a------- c:\windows\inf\infpub.dat
2009-05-09 01:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-09 01:34 71,680 a------- c:\windows\system32\iesetup.dll
2008-11-10 01:19 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-20 22:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409

\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409

\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409

\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409

\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000

\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000

\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000

\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000

\perfc.dat
2008-11-10 01:21 8,192 a--sh---

c:\windows\users\default\NTUSER.DAT

============= FINISH: 1:12:54.02 ===============

Tigerlilly77
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-07-25
Gender Gender : Female
OS OS : Vista
Points Points : 27019
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Anti-Virus Removers get blocked b4 downloading installation

Post by Tigerlilly77 on 28th July 2009, 2:24 pm

My whole computer is crap as of this morning- even my email account is corrupted...

Tigerlilly77
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-07-25
Gender Gender : Female
OS OS : Vista
Points Points : 27019
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Anti-Virus Removers get blocked b4 downloading installation

Post by Belahzur on 28th July 2009, 5:12 pm

Hello.
We need an uninstall log.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Anti-Virus Removers get blocked b4 downloading installation

Post by Tigerlilly77 on 29th July 2009, 6:49 am

32 Bit HP CIO Components Installer
ActiveCheck component for HP Active Support Library
Adobe Flash Player ActiveX
avast! Antivirus
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite Deluxe
CyberLink DVD Suite Deluxe
Enhanced Multimedia Keyboard Solution
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
HP Active Support Library
HP Customer Participation Program 11.0
HP Demo
HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3
HP Imaging Device Functions 11.0
HP MediaSmart DVD
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart Music/Photo/Video
HP MediaSmart SmartMenu
HP Picasso Media Center Add-In
HP Recovery Manager RSS
HP Solution Center 11.0
HP Update
HPAsset component for HP Active Support Library
Java(TM) 6 Update 7
LabelPrint
LabelPrint
LightScribe System Software 1.14.25.1
LightScribe Template Labeler
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
MSXML 4.0 SP2 and SOAP Toolkit 3.0
muvee Reveal
Norton Internet Security
Power2Go
Power2Go
Python 2.5.2
Realtek High Definition Audio Driver
Soft Data Fax Modem with SmartCP
SUPERAntiSpyware Free Edition
Trend Micro AntiVirus
Unlocker 1.8.7
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC 9.0 Runtime

Tigerlilly77
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-07-25
Gender Gender : Female
OS OS : Vista
Points Points : 27019
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Anti-Virus Removers get blocked b4 downloading installation

Post by Belahzur on 29th July 2009, 4:12 pm

Hello.

You are running THREE antivirus', I see from the uninstall list you have Norton/Symantec installed, along with avast and Trend Micro. This is a bad idea as they can conflict and cause more problems. I would recommend that you remove Norton and Trend Micro to avoid conflict and other future problems.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Java(TM) 6 Update 7
    Norton Internet Security
    Trend Micro AntiVirus

Then re-run DDS and post a new DDS log.

Note: Please turn off Word Wrap this time. Under "Function" menu in Notepad, untick "Word Wrap"


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Removal

Post by Tigerlilly77 on 30th July 2009, 4:19 am

I have tried removing all of these programs...too, too many times. I actually have never downloaded or requested those 3 programs unless HighjackThis is part of TrendMicro. When I uninstall the icon disappears and the "unistall was successful" pops up but I know the programs still lurk within my computer because I run into them. Especially, TrendMicro... Sad tearing

Tigerlilly77
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-07-25
Gender Gender : Female
OS OS : Vista
Points Points : 27019
# Likes # Likes : 0

View user profile

Back to top Go down

copy and paste is blank

Post by Tigerlilly77 on 30th July 2009, 4:30 am

Does this mean anything to you?


Last edited by Belahzur on 30th July 2009, 6:33 pm; edited 2 times in total (Reason for editing : Copy/paste is blank)

Tigerlilly77
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-07-25
Gender Gender : Female
OS OS : Vista
Points Points : 27019
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Anti-Virus Removers get blocked b4 downloading installation

Post by Belahzur on 30th July 2009, 6:36 pm

The C:\Program Files\Trend Micro folder contains Hijack This, so it's safe to leave there. You can see it running from there, Hijack This shows a list of processes.

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum