GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

AntiVirus System Pro hit me hard. Please Help!

View previous topic View next topic Go down

AntiVirus System Pro hit me hard. Please Help!

Post by chrisk on Wed Nov 04, 2009 8:54 pm

Can anyone help me get rid of this nasty virus?
I have tried malwarebytes and combofix but nothing helps. Once i reboot it comes right back.

Thank you,
Chris[right]

chrisk
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2009-11-04
OS : Vista
Points : 25877
# Likes : 0

View user profile

Back to top Go down

Re: AntiVirus System Pro hit me hard. Please Help!

Post by Belahzur on Thu Nov 05, 2009 12:48 am

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: AntiVirus System Pro hit me hard. Please Help!

Post by chrisk on Thu Nov 05, 2009 1:23 am

The virus keeps closing it when i try to run it. Should i do it while in safe mode?

Thanks again for the help and I will donate

chrisk
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2009-11-04
OS : Vista
Points : 25877
# Likes : 0

View user profile

Back to top Go down

Re: AntiVirus System Pro hit me hard. Please Help!

Post by chrisk on Thu Nov 05, 2009 2:08 am

Got the log....


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:06:16 PM, on 11/4/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Chris\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Users\Chris\AppData\Local\qffmvw\wmgqsysguard.exe
C:\Program Files\Fotki Desktop\fotki.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ykrfghli] C:\Users\Chris\AppData\Local\qffmvw\wmgqsysguard.exe
O4 - Startup: Fotki Desktop.lnk = C:\Program Files\Fotki Desktop\fotki.exe
O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Append Link Target to Existing PDF - [You must be registered and logged in to see this link.] Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - [You must be registered and logged in to see this link.] Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - [You must be registered and logged in to see this link.] Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - [You must be registered and logged in to see this link.] Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - [You must be registered and logged in to see this link.]
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - [You must be registered and logged in to see this link.]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SI Tomcat (SITomcat) - Alexandria Software Consulting - C:\Program Files\GM SPO\eSI\Apache Group\Tomcat 4.1\bin\tomcat.exe
O23 - Service: SI Transbase (SITransbase) - TransAction Software, D 81737 Munich - C:\Program Files\GM SPO\eSI\Transbase\tbmux32.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA HD DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 11125 bytes

chrisk
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2009-11-04
OS : Vista
Points : 25877
# Likes : 0

View user profile

Back to top Go down

Re: AntiVirus System Pro hit me hard. Please Help!

Post by Belahzur on Thu Nov 05, 2009 10:17 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O4 - HKCU\..\Run: [ykrfghli] C:\Users\Chris\AppData\Local\qffmvw\wmgqsysguard.exe


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: AntiVirus System Pro hit me hard. Please Help!

Post by chrisk on Fri Nov 06, 2009 1:14 am

Here is the MBAM Log...

Malwarebytes' Anti-Malware 1.41
Database version: 3109
Windows 6.0.6000

11/5/2009 7:11:22 PM
mbam-log-2009-11-05 (19-11-22).txt

Scan type: Quick Scan
Objects scanned: 93998
Time elapsed: 6 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Thanks,
Chris

chrisk
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2009-11-04
OS : Vista
Points : 25877
# Likes : 0

View user profile

Back to top Go down

Re: AntiVirus System Pro hit me hard. Please Help!

Post by Belahzur on Fri Nov 06, 2009 1:54 am

Hello.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste BOTH LOGS back here, use more than one post if needed.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: AntiVirus System Pro hit me hard. Please Help!

Post by chrisk on Fri Nov 06, 2009 2:28 am

DDS (Ver_09-10-26.01) - NTFSx86
Run by Chris at 20:27:38.24 on Thu 11/05/2009
Internet Explorer: 7.0.6000.16609
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2046.1010 [GMT -6:00]

AV: McAfee VirusScan *On-access scanning enabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
SP: McAfee VirusScan *enabled* (Outdated) {C78B3C70-4777-4742-BB91-9D615CC575E6}
SP: Spyware Doctor *enabled* (Updated) {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Protector Suite QL\upeksvr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k nȯne
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fotki Desktop\fotki.exe
C:\Users\Chris\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Toshiba\IVP\ISM\pinger.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\GM SPO\eSI\Apache Group\Tomcat 4.1\bin\tomcat.exe
C:\Program Files\GM SPO\eSI\Transbase\tbmux32.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\RealVNC\VNC4\winvnc4.exe
C:\Program Files\GM SPO\eSI\Transbase\tbkern32.exe
C:\Program Files\GM SPO\eSI\Transbase\tbkern32.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehRecvr.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Chris\Desktop\dds.pif
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\chris\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\chris\appdata\roaming\micros~1\windows\startm~1\programs\startup\fotkid~1.lnk - c:\program files\fotki desktop\fotki.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\colorv~1.lnk - c:\program files\colorvision\utility\ColorVisionStartup.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: turbotax.com
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - [You must be registered and logged in to see this link.]
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - [You must be registered and logged in to see this link.]
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - [You must be registered and logged in to see this link.]
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - [You must be registered and logged in to see this link.]
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: psfus - c:\windows\system32\psqlpwd.dll
LSA: Notification Packages = scecli psqlpwd

================= FIREFOX ===================

FF - ProfilePath - c:\users\chris\appdata\roaming\mozilla\firefox\profiles\0kz3p2ho.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]

============= SERVICES / DRIVERS ===============

R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
R2 SITomcat;SI Tomcat;c:\program files\gm spo\esi\apache group\tomcat 4.1\bin\tomcat.exe [2003-10-27 65536]
R2 SITransbase;SI Transbase;c:\program files\gm spo\esi\transbase\tbmux32.exe [2001-11-20 165376]
R3 iTurns;iTurns;c:\windows\system32\drivers\iTurnsDriver.sys [2008-11-28 10704]
S3 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\adobe\photoshop elements 6.0\PhotoshopElementsFileAgent.exe [2007-9-11 124832]
S3 hcw85bda;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2008-1-27 622080]

=============== Created Last 30 ================

2009-11-06 01:20:33 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-11-05 02:05:25 0 d-----w- c:\program files\Trend Micro
2009-11-04 17:20:35 0 d-----w- c:\users\chris\appdata\roaming\AccurateRip
2009-11-04 17:20:33 33846 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.bmp
2009-11-04 17:20:33 15341 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2009-11-04 17:20:32 5640880 ----a-w- c:\windows\system32\SpoonUninstall.exe
2009-11-04 17:20:23 0 d-----w- c:\program files\Illustrate
2009-11-04 16:06:18 0 d-----w- C:\Combo-Fix
2009-11-04 15:56:23 0 d--h--w- c:\windows\PIF
2009-11-04 15:32:40 98816 ----a-w- c:\windows\sed.exe
2009-11-04 15:32:40 77312 ----a-w- c:\windows\MBR.exe
2009-11-04 15:32:40 236544 ----a-w- c:\windows\PEV.exe
2009-11-04 15:32:40 161792 ----a-w- c:\windows\SWREG.exe
2009-11-04 15:32:35 0 d-----w- C:\ComboFix
2009-11-04 03:29:21 0 d-----w- c:\users\chris\appdata\roaming\Malwarebytes
2009-11-04 03:29:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-04 03:29:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-04 03:29:13 0 d-----w- c:\programdata\Malwarebytes
2009-11-04 03:29:13 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-04 03:13:01 0 d-----w- c:\users\chris\Queensryche - The Best Of Queensryche Sign Of The Times
2009-11-04 00:57:02 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-11-04 00:56:40 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-11-04 00:56:24 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-11-04 00:56:24 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-11-03 03:18:58 45392 ----a-r- c:\windows\system32\AdobePDF.dll
2009-11-03 03:18:58 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2009-11-03 02:47:36 0 d-----w- c:\program files\Topaz Labs
2009-11-03 02:43:26 0 d-----w- c:\programdata\ddisoftware
2009-10-22 22:44:54 0 d-----w- c:\users\chris\x910bt
2009-10-21 00:50:26 1642312227 ----a-w- c:\users\chris\x910bt.zip
2009-10-21 00:41:32 40266 ----a-w- c:\users\chris\[isoHunt]_Pioneer_Update_3.0.zip.torrent

==================== Find3M ====================

2009-11-06 01:28:32 27335 ----a-w- c:\users\chris\appdata\roaming\nvModes.dat
2009-11-04 20:12:27 3148 ----a-w- c:\windows\system32\tmp.reg
2009-11-03 03:19:24 86016 ----a-w- c:\windows\inf\infstor.dat
2009-11-03 03:19:24 51200 ----a-w- c:\windows\inf\infpub.dat
2009-11-03 03:19:24 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-09-10 16:21:44 8520 ----a-w- c:\windows\system32\ractrlkeyhook.dll
2009-08-29 00:42:52 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2008-02-23 21:27:39 665600 ----a-w- c:\windows\inf\drvindex.dat
2007-12-23 23:26:10 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 20:28:07.97 ===============

chrisk
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2009-11-04
OS : Vista
Points : 25877
# Likes : 0

View user profile

Back to top Go down

Re: AntiVirus System Pro hit me hard. Please Help!

Post by chrisk on Fri Nov 06, 2009 2:29 am

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 9/29/2007 9:03:56 PM
System Uptime: 11/5/2009 8:27:01 PM (0 hours ago)

Motherboard: TOSHIBA | | ISRAA
Processor: Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz | U2E1 | 1000/mhz

==== Disk Partitions =========================

C: is fȋxed (NTFS) - 110 GiB total, 8.973 GiB free.
D: is fȋxed (NTFS) - 112 GiB total, 77.131 GiB free.
E: is CDROM (UDF)
F: is CDROM ()
H: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP239: 10/22/2009 12:00:01 AM - Scheduled Checkpoint
RP240: 11/2/2009 8:21:02 PM - Device Driver Package Install: Hewlett-Packard Imaging devices
RP241: 11/2/2009 9:47:16 PM - Installed Topaz Adjust 3
RP242: 11/2/2009 10:05:26 PM - Installed Adobe Acrobat 9 Pro Extended - English, Français, Deutsch.
RP243: 11/3/2009 7:55:43 PM - Windows Update
RP244: 11/3/2009 8:14:59 PM - Installed Topaz Clean 2
RP245: 11/3/2009 8:19:41 PM - Installed Topaz Detail
RP246: 11/3/2009 8:22:40 PM - Installed Topaz Denoise 3
RP247: 11/3/2009 8:32:08 PM - Installed Topaz Simplify 2
RP249: 11/5/2009 8:20:11 PM - Windows Update

==== Installed Programs ======================


µTorrent
1Click DVDTOIPOD 1.1.9.0
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware 2007
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop Elements 6.0
Adobe Reader 8
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Album Cover Art Downloader 1.6.6
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AudibleManager
Audit Support Center 1.0
AVerMedia USB Hybrid Capture Device 1.3.0.67
AVIC FEEDS
BayGenie eBay Auction Sniper Pro Edition 3.1.6.0
BenVista PhotoZoom Pro 2.2.6
Bluetooth Stack for Windows by Toshiba
Bonjour
Brownstone Equation Editor 5
C-Com WP XFI
Camera Assistant Software for Toshiba
Camera Control Pro 2
Capture NX
CD/DVD Drive Acoustic Silencer
Chameleon
Coloriage
ConvertHelper 2.1
CraigsPalFree version 3.05
CuteFTP 8 Home
dBpoweramp Music Converter
Deal or No Deal
Decorator
Dell Photo AIO Printer 924
Disney's Mickey Mouse Preschool
DVD Flick 1.3.0.6
DVD MovieFactory for TOSHIBA
Dynamic-Photo HDR 2.3
Enhancer
EPSON Printer Software
Feed Viewer for Windows SideShow
File Splitter v1.0
FileZilla Client 3.2.2.1
FixerBundle
Fotki Desktop
Frame Suite
Genuine Fractals 5.0
Glossy Paper ICC Profiles
Google Chrome
Google Desktop
Google Photos Screensaver
Google Talk (remove only)
Google Toolbar for Internet Explorer
Google Updater
Hauppauge MCE XP/Vista Software Encoder (2.0.24341)
HijackThis 2.0.2
Installation of Digital Video Recorder System
Intel(R) PROSet/Wireless Software
Intellisync for Sidekick
iPhoneBrowser
iTunes
iTurns 2.0.4.1
Java(TM) SE Runtime Environment 6
Lightroom
LightShop
LimeWire PRO 4.18.6
Logitech Harmony Remote Software 7
Magic ISO Maker v5.4 (build 0251)
MagicDisc 2.6.85
Malwarebytes' Anti-Malware
mCore
mHelp
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft XML Parser
mMHouse
MobileMe Control Panel
Mozilla Firefox (3.5.3)
mPfMgr
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
Nero 8
Nero PhotoShow Deluxe 4
neroxml
Network Stumbler 0.4.0 (remove only)
nik Sharpener Pro 2.0 Complete
Noise Buster
Noiseware Professional Plug-in
Norton Security Scan
NVIDIA Drivers
oggcodecs 0.71.0946
Option Profit Calculator
PDF Settings
PhotoKit Color 2 Plug-In Module
PhotoKit Plug-in Module
PhotoKit Sharpener Plug-in Module
Photomatix Pro version 2.5.4
Picture Control Utility
Polar Bowler
Polar Golfer
Portrait Professional Max 6.3
Portraiture Plug-in
Power Retouche Pro
Private Shell 3.0
Protector Suite QL 5.6
PTGui Pro 7.2
PuTTY version 0.60
QuadToneRIP
QuickTime
RapidShare Manager
RapidShare Manager - 1
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
Remote Control USB Driver
Retoucher
SI Data SIen v2004.19
SI Stand-alone application
SI Tiff Viewer Plugin v4
Sketch
Skype™ 3.6
SmartFTP Client
Spyder2
Stamp
Synaptics Pointing Device Driver
TD AMERITRADE StrategyDesk 3.2
TD AMERITRADE StrategyDesk 3.3_2 (C:\Program Files\TD AMERITRADE\StrategyDesk)
Texas Instruments PCIxx21/x515/xx12 drivers.
TightVNC 1.3.9
TIPCI
Topaz Adjust 3
Topaz Clean 2
Topaz Denoise 3
Topaz Detail
Topaz Simplify 2
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Flash Cards Support Utility
TOSHIBA Game Console
TOSHIBA Hardware Setup
TOSHIBA HD DVD PLAYER
TOSHIBA Media Center Game Console
TOSHIBA Music
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TunerPro RT v4.14
TurboTax 2008
TurboTax 2008 wiliper
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax Premier 2007
Tutor
TweakVI
TweetDeck
Update for Office 2007 (KB934528)
Update for Office System 2007 Setup (KB929722)
Utility Common Driver
VCRedistSetup
Vegas Movie Studio Platinum 9.0
Velvia Vision
VideoLAN VLC media player 0.8.6d
Virtual Earth 3D (Beta)
VNC Enterprise Edition E4.3.1
VNC Mirror Driver 1.7
webcamXP Lite
Windows Media Encoder 9 Series
winpwn
WinRAR archiver
WinSCP 4.1.6
Xilisoft iPod Video Converter
Xubuntu

==== Event Viewer Messages From Past Week ========

11/4/2009 8:36:50 PM, Error: Service Control Manager [7034] - The Google Software Updater service terminated unexpectedly. It has done this 3 time(s).
11/4/2009 8:17:33 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.104 for the Network Card with network address 0013E8CA4391 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
11/4/2009 3:10:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service lltdsvc with arguments "" in order to run the server: {5BF9AA75-D7FF-4AEE-AA2C-96810586456D}
11/4/2009 3:03:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wcncsvc with arguments "" in order to run the server: {375FF000-DD27-11D9-8F9C-0002B3988E81}
11/4/2009 3:03:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
11/4/2009 3:01:55 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: spldr Wanarpv6
11/4/2009 3:01:55 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
11/4/2009 2:53:53 PM, Error: PlugPlayManager [10] - Error writing to server side install pipe
11/4/2009 12:11:56 AM, Error: Service Control Manager [7031] - The Google Software Updater service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 900000 milliseconds: Restart the service.
11/4/2009 11:07:35 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the PEVSystemStart service to connect.
11/4/2009 11:07:34 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
11/4/2009 10:56:55 AM, Error: Service Control Manager [7034] - The VNC Server Version 4 service terminated unexpectedly. It has done this 1 time(s).
11/4/2009 10:56:55 AM, Error: Service Control Manager [7034] - The SI Transbase service terminated unexpectedly. It has done this 1 time(s).
11/4/2009 10:32:46 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
11/4/2009 10:26:01 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.106 for the Network Card with network address 0013E8CA4391 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
11/4/2009 10:25:34 AM, Error: EventLog [6008] - The previous system shutdown at 9:21:24 AM on 11/4/2009 was unexpected.
11/3/2009 7:58:11 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-tw-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
11/3/2009 7:58:11 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-hk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
11/3/2009 7:58:11 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-cn-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
11/3/2009 7:58:11 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-uk-ua-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
11/3/2009 7:58:11 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-tr-tr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
11/3/2009 7:58:11 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-th-th-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
11/3/2009 7:58:11 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sv-se-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
11/3/2009 7:58:11 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sr-latn-cs-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
11/3/2009 7:58:11 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sl-si-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
11/3/2009 7:58:11 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sk-sk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
11/3/2009 7:58:11 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ru-ru-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
11/3/2009 7:58:11 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ro-ro-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
11/3/2009 7:58:11 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pt-pt-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
11/3/2009 7:58:11 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pt-br-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
11/3/2009 7:58:11 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ps-ps-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
11/3/2009 7:58:11 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pl-pl-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
11/3/2009 7:58:11 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-nl-nl-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
11/3/2009 7:58:11 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-Neutral from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state
11/3/2009 7:58:11 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-nb-no-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
11/3/2009 7:58:11 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-lv-lv-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
11/3/2009 7:58:11 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-lt-lt-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
11/3/2009 7:58:11 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ko-kr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
11/3/2009 7:58:11 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ja-jp-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
11/3/2009 7:58:11 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-it-it-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
11/3/2009 7:58:11 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-hu-hu-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
11/3/2009 7:58:11 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-hr-hr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
11/3/2009 7:58:11 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-he-il-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
11/3/2009 7:58:11 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-fr-fr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
11/3/2009 7:58:11 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-fi-fi-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
11/3/2009 7:58:11 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-et-ee-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
11/3/2009 7:58:11 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-es-es-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
11/3/2009 7:58:11 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-en-us-LP from package WUClient-SelfUpdate-Aux-Package-en-us-MiniLP(Feature Pack) into Staged(Staged) state
11/3/2009 7:58:11 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-en-us-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state
11/3/2009 7:58:11 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-el-gr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
11/3/2009 7:58:11 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-de-de-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
11/3/2009 7:58:11 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-da-dk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
11/3/2009 7:58:11 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-cs-cz-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
11/3/2009 7:58:11 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-bg-bg-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
11/3/2009 7:58:11 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ar-sa-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
11/3/2009 7:58:11 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update AuxResourcesLP from package WindowsUpdateClient-SelfUpdate-Aux-Package(Language Pack) into Staged(Staged) state
11/3/2009 7:58:11 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update AuxComp from package WindowsUpdateClient-SelfUpdate-Aux-Package(Update) into Staged(Staged) state
11/3/2009 7:58:11 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Aux from package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package_en-US(Language Pack) into Staged(Staged) state
11/3/2009 7:58:11 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Aux from package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package(Update) into Staged(Staged) state
11/3/2009 7:58:11 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WUClient-SelfUpdate-Aux-Package-en-us-MiniLP (Feature Pack) into Install Requested(Install Requested) state
11/3/2009 7:58:11 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-Package (Update) into Install Requested(Install Requested) state
11/3/2009 7:58:11 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-Package (Language Pack) into Install Requested(Install Requested) state
11/3/2009 7:58:11 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package_en-US (Language Pack) into Install Requested(Install Requested) state
11/3/2009 7:58:11 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package (Update) into Install Requested(Install Requested) state
11/3/2009 7:58:11 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KBWUClient-SelfUpdate-Aux (Feature Pack) into Install Requested(Install Requested) state
11/3/2009 11:53:41 PM, Error: EventLog [6008] - The previous system shutdown at 10:51:09 PM on 11/3/2009 was unexpected.
11/3/2009 11:28:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
11/3/2009 11:23:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/3/2009 11:23:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/3/2009 11:23:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
11/3/2009 11:23:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/3/2009 11:23:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/3/2009 11:22:31 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
11/3/2009 11:22:07 PM, Error: EventLog [6008] - The previous system shutdown at 10:19:45 PM on 11/3/2009 was unexpected.
11/3/2009 10:54:04 PM, Error: Service Control Manager [7031] - The Google Software Updater service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 900000 milliseconds: Restart the service.
11/3/2009 10:44:51 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intuit Update Service service to connect.
11/3/2009 10:44:51 PM, Error: Service Control Manager [7000] - The Intuit Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/3/2009 10:44:47 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Software Updater service to connect.
11/3/2009 10:25:08 PM, Error: Service Control Manager [7034] - The Volume Shadow Copy service terminated unexpectedly. It has done this 2 time(s).
11/3/2009 10:25:08 PM, Error: Service Control Manager [7034] - The Microsoft Software Shadow Copy Provider service terminated unexpectedly. It has done this 1 time(s).
11/3/2009 10:25:05 PM, Error: Service Control Manager [7034] - The Volume Shadow Copy service terminated unexpectedly. It has done this 1 time(s).
11/2/2009 11:49:07 PM, Error: EventLog [6008] - The previous system shutdown at 10:43:30 PM on 11/2/2009 was unexpected.
11/2/2009 10:24:22 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/31/2009 10:37:51 PM, Error: Microsoft-Windows-SpoolerWin32SPL [3] - The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-21-1447820160-2493841258-3609815417-1000\Printers\Connections\S-1-5-21-1447820160-2493841258-3609815417-1000\Printers\Connections. This can occur if the key name or values are malformed or missing.

==== End Of File ===========================

chrisk
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2009-11-04
OS : Vista
Points : 25877
# Likes : 0

View user profile

Back to top Go down

Re: AntiVirus System Pro hit me hard. Please Help!

Post by Dr Jay on Fri Nov 06, 2009 2:37 pm

Hello, are you having problems with Windows Update?

It is time to fix the damages due to malware, and to secure your computer to help prevent re-infection.
Please download [You must be registered and logged in to see this link.] by DragonMaster Jay, and save it to your Desktop. Right click and Extract All, and save the files to your Desktop.
  • Please disable realtime protection. (If any)
  • Double-click RunFirst.vbs. Follow the prompts and make sure it completes. It will confirm the Restore Point was added.
  • Double-click DragonFix.reg, and follow the prompt(s).
  • Please reboot your computer.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144830
# Likes : 10

View user profile

Back to top Go down

Re: AntiVirus System Pro hit me hard. Please Help!

Post by chrisk on Fri Nov 06, 2009 10:37 pm

OK I ran dragon fix. but i never got a message saying it completed. But it seemed like the computer stopped working after a while so i then ran the second part.

Everything seems ok but i cant change my desktop background. Its just black.

chrisk
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2009-11-04
OS : Vista
Points : 25877
# Likes : 0

View user profile

Back to top Go down

Re: AntiVirus System Pro hit me hard. Please Help!

Post by Dr Jay on Sat Nov 07, 2009 1:10 am

Please navigate to this webpage: [You must be registered and logged in to see this link.] and see the section "Fix it for me" and click the Microsoft Fix-It button. This will download a fix utility to repair the security settings on your computer, due to damages of malware or other harmful system changes. Install the file after download.

==

Please run a free online scan with the [You must be registered and logged in to see this link.]
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144830
# Likes : 10

View user profile

Back to top Go down

Re: AntiVirus System Pro hit me hard. Please Help!

Post by chrisk on Sat Nov 07, 2009 5:54 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=b619ed157475a34f94de7ece07fbc528
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-11-07 05:30:35
# local_time=2009-11-06 11:30:35 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 0 94175049 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=230441
# found=10
# cleaned=10
# scan_time=4314
C:\Program Files\Adobe\Adobe Photoshop CS3\Plug-Ins\Imagenomic\patch.exe a variant of Win32/HackTool.Patcher.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Imagenomic\Noiseware Professional Plug-in\patch.exe a variant of Win32/HackTool.Patcher.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\SmartFTP Client\Patch.exe a variant of Win32/HackTool.Patcher.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Chris\AppData\Local\qffmvw\wmgqsysguard.exe Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Chris\Desktop\topaz\New Folder\SmitfraudFix.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Chris\Desktop\topaz\New Folder\SmitfraudFix\SmitfraudFix\Process.exe Win32/PrcView application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Chris\Desktop\topaz\New Folder\SmitfraudFix\SmitfraudFix\restart.exe Win32/Shutdown.NAA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Chris\Desktop\topaz\TOPAZ.MOMENT.PRODUCTION.EDITION.v3.5-GRB\GRB\tltmpro35.dll probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Chris\Desktop\topaz\TOPAZ.MOMENT.v3.5-GRB\TOPAZ.MOMENT.v3.5-GRB\GRB\tltmnt35.dll probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Windows\System32\Process.exe Win32/PrcView application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

chrisk
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2009-11-04
OS : Vista
Points : 25877
# Likes : 0

View user profile

Back to top Go down

Re: AntiVirus System Pro hit me hard. Please Help!

Post by Dr Jay on Sat Nov 07, 2009 7:54 pm

Please download CKScanner by askey127 from [You must be registered and logged in to see this link.]

Save it to your desktop.

  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144830
# Likes : 10

View user profile

Back to top Go down

Re: AntiVirus System Pro hit me hard. Please Help!

Post by chrisk on Sun Nov 08, 2009 7:32 pm

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\nero\nero photoshow 4\data\app\simplestar\data\shared\music\rock\crackthesky_mind.swf
c:\program files\nero\nero photoshow 4\data\app\simplestar\data\shared\music\rock\crackthesky_mind_image.swf
c:\program files\xilisoft\ipod video converter\script\crack.js
c:\programdata\adobe\photoshop elements\6.0\locale\en_us\photo creations metadata\backgrounds\cracked paint.xml
c:\programdata\adobe\photoshop elements\6.0\photo creations\backgrounds\cracked paint.jpg
c:\programdata\microsoft\windows\start menu\programs\rar password cracker\license agreement.lnk
c:\programdata\microsoft\windows\start menu\programs\rar password cracker\rar password cracker registration.lnk
c:\programdata\microsoft\windows\start menu\programs\rar password cracker\rar password cracker wizard.lnk
c:\programdata\microsoft\windows\start menu\programs\rar password cracker\rar password cracker.lnk
c:\programdata\microsoft\windows\start menu\programs\rar password cracker\readme.lnk
c:\programdata\microsoft\windows\start menu\programs\rar password cracker\uninstall.lnk
c:\programdata\microsoft\windows\start menu\programs\rar password cracker\Äëÿ ðóññêèõ.lnk
c:\users\chris\actions for photoshop\noiseware.professional.v4.1.1.0.for.adobe.photoshop.cracked-ssg.rar
c:\users\chris\appdata\roaming\macromedia\flash player\#sharedobjects\ml4vwb4e\[You must be registered and logged in to see this link.]
c:\users\chris\appdata\roaming\macromedia\flash player\#sharedobjects\ml4vwb4e\[You must be registered and logged in to see this link.]
c:\users\chris\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\#[You must be registered and logged in to see this link.]
c:\users\chris\desktop\iphone\apps\rulerphonecracked.ipa
c:\users\chris\desktop\nikon d80 programs\nikon.capture.nx.v1.3.0.crack.only-lama\facade.dll
c:\users\chris\desktop\nikon d80 programs\nikon.capture.nx.v1.3.0.crack.only-lama\lama.nfo
c:\users\chris\desktop\nikon d80 programs\nikon.capture.nx.v1.3.0.crack.only-lama\[You must be registered and logged in to see this link.]
c:\users\chris\desktop\nikon d80 programs\nikoncameracontrolprov2.0\crack\ncontrolpro.exe
c:\users\chris\desktop\topaz\topaz clean2 win32x64\crack\info.txt
c:\users\chris\desktop\topaz\topaz clean2 win32x64\crack\tlclean2.8bf
c:\users\chris\music\itunes\new folder\rulerphonecracked.ipa
scanner sequence 3.ZZ.11
----- EOF -----

chrisk
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2009-11-04
OS : Vista
Points : 25877
# Likes : 0

View user profile

Back to top Go down

Re: AntiVirus System Pro hit me hard. Please Help!

Post by Dr Jay on Sun Nov 08, 2009 11:25 pm

Your computer has keygens, which is a form of software piracy. What is so bad about Cracks, Hacks, Pirated software, warez, or Keygens?

Most popular cracks or keygens I see, are for Adobe CS3, a lot of different games, Nero, Kaspersky antivirus, and much more. All of these cracks and keygens have what is called "cloaked malware." Most hacks for games that come in the form of a program or installer, will also be infected. It is the opportunity for attackers to present a seemingly safe situation where the opportunity to steal something is in play, while the malware infects your system in the process. Yes, it will install what you were looking for, but also allow malware to potentially take control of your computer.

Lastly, it is illegal. I will counsel you that we do not report such incidents. However, it is not good practice to pirate software.

==

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144830
# Likes : 10

View user profile

Back to top Go down

Re: AntiVirus System Pro hit me hard. Please Help!

Post by chrisk on Mon Nov 09, 2009 12:40 am

Malwarebytes' Anti-Malware 1.41
Database version: 3130
Windows 6.0.6000

11/8/2009 6:39:24 PM
mbam-log-2009-11-08 (18-39-24).txt

Scan type: Quick Scan
Objects scanned: 94372
Time elapsed: 5 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

chrisk
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2009-11-04
OS : Vista
Points : 25877
# Likes : 0

View user profile

Back to top Go down

Re: AntiVirus System Pro hit me hard. Please Help!

Post by Dr Jay on Mon Nov 09, 2009 1:52 am

Download Security Check by screen317 from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144830
# Likes : 10

View user profile

Back to top Go down

Re: AntiVirus System Pro hit me hard. Please Help!

Post by chrisk on Mon Nov 09, 2009 3:08 am

Results of screen317's Security Check version 0.99.0
Windows Vista (UAC is disabled!)
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
ESET Online Scanner v3
Antivirus out of date!
``````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Spyder2
HijackThis 2.0.2
Java(TM) SE Runtime Environment 6
Adobe Flash Player 10
Adobe Reader 8
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe is disabled!
``````````````````````````````
DNS Vulnerability Check:

Unknown. This method cannot test your vulnerability to DNS cache poisoning.

`````````End of Log```````````

chrisk
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2009-11-04
OS : Vista
Points : 25877
# Likes : 0

View user profile

Back to top Go down

Re: AntiVirus System Pro hit me hard. Please Help!

Post by chrisk on Tue Nov 10, 2009 12:09 am

Should I update my service pack?
Also how can I change my background? When I try to change it nothing happens.

Thanks again!

chrisk
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2009-11-04
OS : Vista
Points : 25877
# Likes : 0

View user profile

Back to top Go down

Re: AntiVirus System Pro hit me hard. Please Help!

Post by Dr Jay on Tue Nov 10, 2009 1:53 am

Restore Permissions for explorer.exe

Please download [You must be registered and logged in to see this link.] by sUBs

  1. Drag and drop explorer.exe onto Inherit
  2. This shall restore permissions to the application
  3. The application should now run normally
Please indicate in your next post if this was successful.

==

Please consider updating to Windows Vista Service Pack 1 & 2.
Windows Vista Service Pack 1 & 2 contains all the updates released since SP1 plus support for new types of hardware and emerging hardware standards.
They are available via [You must be registered and logged in to see this link.] or as a standalone installation [You must be registered and logged in to see this link.].

==

Please download the newest version of Adobe Acrobat Reader from [You must be registered and logged in to see this link.]

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

==

You aren't running Anti Virus Software

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network.
Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software (for personal use), from one these excellent vendors NOW:

1) [You must be registered and logged in to see this link.]
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.
2) [You must be registered and logged in to see this link.]
-Anti-virus program for Windows.
-The home edition is freeware for noncommercial user.
3) [You must be registered and logged in to see this link.]
- Free edition of the AVG anti-virus program for Windows.
- Available for single computer use for home and non commercial use.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.

==

Please tell me how the updates went, and if you were able to change the background of your Desktop. This is important, because any problems in updating or other strange activity can be a sign of more malware.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144830
# Likes : 10

View user profile

Back to top Go down

Re: AntiVirus System Pro hit me hard. Please Help!

Post by chrisk on Tue Nov 10, 2009 1:59 am

Inherit was successful.

chrisk
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2009-11-04
OS : Vista
Points : 25877
# Likes : 0

View user profile

Back to top Go down

Re: AntiVirus System Pro hit me hard. Please Help!

Post by Dr Jay on Tue Nov 10, 2009 2:04 am

You can now change the background?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144830
# Likes : 10

View user profile

Back to top Go down

Re: AntiVirus System Pro hit me hard. Please Help!

Post by chrisk on Tue Nov 10, 2009 2:15 am

Still cant. Also when I open a folder or drive all the icons do not show up. Just the name of the folder or icon shows

chrisk
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2009-11-04
OS : Vista
Points : 25877
# Likes : 0

View user profile

Back to top Go down

Re: AntiVirus System Pro hit me hard. Please Help!

Post by Dr Jay on Tue Nov 10, 2009 2:55 am

Please navigate to this webpage: [You must be registered and logged in to see this link.] and see the section "Fix it for me" and click the Microsoft Fix-It button. This will download a fix utility to repair the security settings on your computer, due to damages of malware or other harmful system changes. Install the file after download.

Then, try the background change again.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144830
# Likes : 10

View user profile

Back to top Go down

Re: AntiVirus System Pro hit me hard. Please Help!

Post by chrisk on Wed Nov 11, 2009 2:28 am

OK I updated vista and ran the fix it utility but i still cant change wallpaper and still no icons.

chrisk
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2009-11-04
OS : Vista
Points : 25877
# Likes : 0

View user profile

Back to top Go down

Re: AntiVirus System Pro hit me hard. Please Help!

Post by Dr Jay on Wed Nov 11, 2009 8:10 pm

Right-click on your Desktop, and hover your mouse cursor over View >

and select Show Desktop Icons.

There will be a checkmark next to it once activated.

Does this fix the issue?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144830
# Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum