Anybody feel like helping a noob.

[levi]

Ok. I'll try to explain this as best I can.
A few details, first.

OS:xp-pro
Virus protection: PC-cillan
Adaware se
Spybot search and destroy
Spyware blaster
(Note: I do have HJT, but note sure how to use it)

I have run everything(protection related)... and still can't fix the problem. Actualy...some problems were fixed. Some remain.

Last night, I was downloading something. (Not sure if I can say what it was)
Anyway.... It came with a keygen. After installing what I had downloaded, I went a head and started the keygen. That's when everything went nuts. My screen filled with popups, and I lost some normal operating features. Such as right clicking, system restore, RUN, msconfig, and a few other things. I've been trying since last night to return things to normal, but can't seem to fix everything.

Here is a strange thing. My right click feature will work if I switch to Firefox. But won't work in IE.
Also...Everything works (besides restore) if I log in as a guest.

Any ideas?  

[levi]

Nobody? :-/

I'll check back when I get home from work. Thanks.

[Raptor]

Nobody? undecided
 
I'll check back when I get home from work. Thanks.

Today at 02:10:19

 Be patient...

Here is a strange thing. My right click feature will work if I switch to Firefox. But won't work in IE.  

You were using Internet Explorer to download warez? Yeah, well, what did you expect?

And why didn't you scan the keygen for viri before opening it?

If you do not understand the basics of computer security, you should not be using illegal software.

Download, install, update and run in safe mode respectively:

AVG Free
Adaware SE
Spybot S&D
Windows Defender (Genuine Windows XP only)

[unlovedwarrior]

hello and welcome
 
hi  
  
first im guessing your os is xp home.. if so is it fully updated??  
  
  
go here  
  
http://www.computerhope.com/cgi-bin/yabb/YaBB.cgi?num=1134123580  
  
  
dl  
ewido  
  
adaware  
  
spybot  
  
Ccleaner  
  
windows defender  
  
update them  
  
use Ccleaner to empty your junk from temp files just open and run scan  
  
then do full scans with ewido adaware spybot windows defender and your antivirus  in safe mode (rapidly tap f8 before windows loads go to safe mode the very top one) and with system restore turned off ( right click my computer go to properties click system restore tab check box that says turn off system restore)  
  
then reboot back into normal and report back  
  
if you dont have a firewall already then dl zonalarm free from the site i gave  
  
if your having pop up problems and this might be good to dl and install anyway
 
(for the pop up problem go here  
http://www.computerhope.com/cgi-bin/yabb/YaBB.cgi?num=1147665297 )
  
 and dl host secure  
  
  
unlovedwarrior


this is a voltinteer forum so youll have to be patient but some one will come and try to help you.

if your ever going to dl any program from an untrusted site [highlight]PLEASE SCAN IT BEFORE YOU RUN IT[/highlight][/i]

[levi]

Be patient...

Sorry, dude. I thought I had given my thread enough time before I gave it a friendly bump.

You were using Internet Explorer to download warez? Yeah, well, what did you expect?

When I said I was a noob..I meant to the forum....and downloading. I'll keep the above advice in mind. Thanks. 8-)

And why didn't you scan the keygen for viri before opening it?

I did. However. PC-cillan didn't pick anything up. I assumed I was safe. Another lesson learned....I guess.

Thanks for the reply Raptor.

_______________________________________ _______________________________________ ___________

hello and welcome  
  
hi  
  
first im guessing your os is xp home.. if so is it fully updated??

Actually, I am running XP pro, as I sated in my original post. Sorry if I wasn't clear on that.
Yes...it's up to date.
I followed all of your instructions to no avail. Actualy...I shouldn't say that. Ewido and Ccleaner fixed a bunch of crap.
I thank you for the links.
However. All of my original problems remain.

After I finished everything you asked me to do, I ran HJT...incase it proved useful. Notice the part in bold. This is what caused everything to screw up in the first place. (I assume) It also cases a runtime 75 error. (what ever that is)
If it helps....I think I can take screen shots?

I'll post the HJT results in my next post. Thanks.

[levi]

Logfile of HijackThis v1.99.1
Scan saved at 5:06:17 PM, on 10/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell AIO 810\dlcgmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Documents and Settings\johnny\Desktop\Desktop items\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: PopThis BHO - {0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} - C:\Program Files\Surfapps.com\PopThis! Free Version\PopThis.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlcgmon.exe] "C:\Program Files\Dell AIO 810\dlcgmon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [rmalt] C:\Program Files\Systems\Nero7-Keygen.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\Program Files\Surfapps.com\PopThis! Free Version\PopThis.dll
O9 - Extra 'Tools' menuitem: PopThis! Options... - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\Program Files\Surfapps.com\PopThis! Free Version\PopThis.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.putfile.com/includes/ImageUploader4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: dlcg_device -   - C:\WINDOWS\system32\dlcgcoms.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal F

[unlovedwarrior]

thats just a genertic post i use.... i knew u had pro.. and you did the scans in safe mode with system restore off..



im not real big on pc-cilin so i use AVG free

[unlovedwarrior]

O2 - BHO: PopThis BHO - {0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} - C:\Program Files\Surfapps.com\PopThis! Free Version\PopThis.dll


did you install that??\


also have you tried just removing the file you dled?? if your almost certain its the nasty...

[levi]

I did download popthis. (never caused a problem in the past) And yes.... I found the nasty file, and deleted it. But it didn't help.


EDIT:I did everything in safe mode. But deleted the nasty file after words. Perhaps I should run the scans again?

[unlovedwarrior]

run Ccleaners issues scan to clean you register up a bit but back up the register when it asks and if you want to u can rerun the scans



also did you delete the nero 7 you dled

[levi]

Ok. I'll try that.
Yes. I deleted nero7.
Here is something I noticed. When I tried to turn on restore....my pc wouldn't let me.
Here is a screen shot. You can't see it, but it says (C) is turned off. Is that normal?

[unlovedwarrior]

is the check box checked when you first go there after u restart the computer?? or is it greyed out??

do you have a windows cd with miscrosoft all over it

[levi]

Yes....The box is always checked. I un-checked it for that screen shot.

Please don't ask about the Shiny XP disk. lol. I don't want to format...if I can help it.  :-/

Here is the reason. A student friend of mine supplied me with an educational copy of XP pro. It was purchased at a local university... very cheap. It's fully functional, and legal. It comes on two disks. However...While installing XP on my old laptop (now gone in the garbage)...I left the disk in the cd tray. (stupid me) So....it's gone.  I do have disk two with the serial number.....but I'm not sure if a burned copy of XP will take the legal serial.

*censored*...I didn't want to format. Any other ideas? Or am I stuck with formating?

And before I go on....I have to take a moment to thank you/this forum for you help. It is much appreciated. Since this is the first time I have ever asked for help....you can be sure that I will recommend you on all the forums I post at.


Again...Thanks.

[unlovedwarrior]

before you go and reformat wait for other members to post their thoughts. I'm no where near an expert in viruses but i do know alot. wait for fed or GX1_man or DL65. until then ill continue to try to trouble shot the problem.

[unlovedwarrior]

did you ever find out the name of the infection?? that would help.. do you have the pc-cillin setup stuff and cd with code. if so i would uninstall it and install avg free and use that see what that picks up you can get it from the site i gave earlier in this topic