Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1]   Go Down

Author Topic: help! cannot open any programs. keep getting virus alerts  (Read 5308 times)

0 Members and 1 Guest are viewing this topic.

danielle909xx

    Topic Starter


    Greenhorn

    help! cannot open any programs. keep getting virus alerts
    « on: February 01, 2010, 04:09:00 PM »
    out of nowhere today my computer kept getting popups telling me i have a virus. it won't let me open any programs other than firefox. i've been reading posts with other people who had this problem but nothing seems to work. it's called antivirus soft. please help me.
    forgot to post the msg that comes up everytime i open anything. 'Security Warning  -  Application cannot be executed. The file .....exe is infected. Do you want to activate your antivirus software now?'

    thanks
    « Last Edit: February 01, 2010, 04:26:45 PM by danielle909xx »
    Logged

    Dr Jay

    • Malware Removal Specialist


      • Specialist
    • Moderator emeritus
      • Thanked: 119
    • Experience: Guru
    • OS: Windows 10
    Re: help! cannot open any programs. keep getting virus alerts
    « Reply #1 on: February 01, 2010, 10:13:11 PM »
    Please download ComboFix from BleepingComputer.com

    Alternate link: GeeksToGo.com

    Alternate link: Forospyware.com

    Rename ComboFix.exe to commy.exe before you save it to your Desktop
    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
    • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


    • Click on Yes, to continue scanning for malware.
    • When finished, it shall produce a log for you.  Please include the contents of C:\ComboFix.txt in your next reply.
    Logged
    ~Dr Jay

    danielle909xx

      Topic Starter


      Greenhorn

      Re: help! cannot open any programs. keep getting virus alerts
      « Reply #2 on: February 02, 2010, 07:08:48 AM »
      i've done that and the pop ups seemed to have gone away now. thanks!
      here's the log


      ComboFix 10-02-01.02 - User Account 02/02/2010   6:29.1.2 - x86
      Microsoft Windows XP Home Edition  5.1.2600.3.1252.2.1033.18.479.91 [GMT -4:00]
      Running from: c:\documents and settings\User Account\desktop\commy.exe
      AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
      .

      (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
      c:\documents and settings\User Account\Application Data\inst.exe
      C:\Install.exe
      c:\program files\INSTALL.LOG
      c:\recycler\S-1-5-21-299502267-1715567821-839522115-1003
      c:\windows\EventSystem.log
      c:\windows\system32\Thumbs.db
      c:\windows\system32\trial icon - .ico

      .
      (((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      -------\Legacy_SSHNAS


      (((((((((((((((((((((((((   Files Created from 2010-01-02 to 2010-02-02  )))))))))))))))))))))))))))))))
      .

      2010-02-02 04:20 . 2010-02-02 04:20   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
      2010-02-02 04:16 . 2010-02-02 04:16   --------   d-----w-   c:\program files\SUPERAntiSpyware
      2010-02-02 04:16 . 2010-02-02 04:16   --------   d-----w-   c:\documents and settings\User Account\Application Data\SUPERAntiSpyware.com
      2010-02-02 03:24 . 2010-02-02 03:24   --------   d-sh--w-   c:\documents and settings\Administrator\PrivacIE
      2010-02-02 00:15 . 2010-02-02 00:15   --------   d-----w-   c:\windows\LMI5C.tmp
      2010-02-02 00:05 . 2010-02-02 00:05   --------   d-----w-   c:\program files\LogMeIn Rescue
      2010-02-01 21:22 . 2010-02-01 21:22   --------   d-----w-   c:\program files\Trend Micro
      2010-02-01 21:15 . 2010-02-01 21:15   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
      2010-02-01 20:34 . 2010-02-01 20:34   --------   d-----w-   c:\documents and settings\User Account\Application Data\Malwarebytes
      2010-02-01 20:33 . 2010-01-07 20:07   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
      2010-02-01 20:33 . 2010-02-01 20:33   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
      2010-02-01 20:33 . 2010-02-02 04:01   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
      2010-02-01 20:33 . 2010-01-07 20:07   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
      2010-02-01 18:29 . 2010-02-02 10:20   --------   d-----w-   c:\documents and settings\User Account\Local Settings\Application Data\fngmom
      2010-01-23 13:53 . 2007-03-19 00:37   65602   ----a-w-   c:\windows\system32\cook3260.dll
      2010-01-19 14:37 . 2010-01-31 01:30   --------   d-----w-   c:\documents and settings\User Account\Application Data\Vso
      2010-01-19 14:36 . 2010-01-23 13:53   --------   d-----w-   c:\program files\VSO
      2010-01-19 14:24 . 2010-01-19 14:24   --------   d-----w-   c:\program files\Haali

      .
      ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2010-02-02 10:06 . 2010-02-02 04:21   117760   ----a-w-   c:\documents and settings\User Account\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
      2010-02-02 04:21 . 2010-02-02 04:21   52224   ----a-w-   c:\documents and settings\User Account\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
      2010-02-01 19:52 . 2008-05-12 01:43   --------   d-----w-   c:\documents and settings\User Account\Application Data\Azureus
      2010-01-23 13:53 . 2010-01-19 14:37   47360   ----a-w-   c:\windows\system32\drivers\pcouffin.sys
      2010-01-23 13:53 . 2010-01-19 14:37   47360   ----a-w-   c:\documents and settings\User Account\Application Data\pcouffin.sys
      2010-01-23 13:53 . 2010-01-19 14:37   47360   ----a-w-   c:\documents and settings\User Account\Application Data\pcouffin.sys
      2010-01-23 13:44 . 2010-01-23 12:58   --------   d-----w-   c:\program files\Common Files\AVSMedia
      2010-01-23 13:44 . 2010-01-23 12:58   --------   d-----w-   c:\program files\AVS4YOU
      2010-01-23 13:01 . 2010-01-23 13:01   --------   d-----w-   c:\documents and settings\User Account\Application Data\AVS4YOU
      2010-01-23 13:01 . 2010-01-23 13:01   --------   d-----w-   c:\documents and settings\All Users\Application Data\AVS4YOU
      2010-01-22 19:34 . 2010-02-02 00:04   177568   ----a-w-   c:\documents and settings\User Account\Application Data\Mozilla\Firefox\Profiles\h9aemmb4.default\extensions\[email protected]\platform\WINNT\plugins\rahook.dll
      2010-01-22 19:34 . 2010-02-02 00:05   6116752   ----a-w-   c:\documents and settings\User Account\Application Data\Mozilla\Firefox\Profiles\h9aemmb4.default\extensions\[email protected]\platform\WINNT\plugins\npRescue.dll
      2010-01-22 19:34 . 2010-02-02 00:05   959904   ----a-w-   c:\documents and settings\User Account\Application Data\Mozilla\Firefox\Profiles\h9aemmb4.default\extensions\[email protected]\platform\WINNT\components\npRescuePostInstallProcedure.exe
      2010-01-22 19:34 . 2010-02-02 00:05   1803680   ----a-w-   c:\documents and settings\User Account\Application Data\Mozilla\Firefox\Profiles\h9aemmb4.default\extensions\[email protected]\platform\WINNT\plugins\LMIRSrv.dll
      2010-01-20 13:00 . 2009-10-03 16:06   --------   d-----w-   c:\program files\Microsoft Silverlight
      2010-01-19 23:29 . 2010-01-19 15:55   --------   d-----w-   c:\documents and settings\All Users\Application Data\vsosdk
      2010-01-19 14:24 . 2009-11-17 04:35   --------   d-----w-   c:\program files\AviSynth 2.5
      2010-01-18 13:07 . 2010-01-26 15:45   1260800   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
      2010-01-18 13:07 . 2010-01-26 15:45   3777280   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
      2010-01-07 01:11 . 2008-10-26 22:41   --------   d-----w-   c:\program files\Vuze
      2009-12-21 19:14 . 2004-08-10 21:51   916480   ----a-w-   c:\windows\system32\wininet.dll
      2009-12-17 01:20 . 2009-12-17 01:19   --------   d-----w-   c:\documents and settings\All Users\Application Data\AVG Security Toolbar
      2009-12-17 01:19 . 2009-12-17 01:19   360584   ----a-w-   c:\windows\system32\drivers\avgtdix.sys
      2009-12-17 01:19 . 2009-12-17 01:19   12464   ----a-w-   c:\windows\system32\avgrsstx.dll
      2009-12-17 01:19 . 2009-12-17 01:19   333192   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
      2009-12-17 01:19 . 2009-12-17 01:19   28424   ----a-w-   c:\windows\system32\drivers\avgmfx86.sys
      2009-12-17 01:18 . 2009-12-17 01:18   --------   d-----w-   c:\documents and settings\All Users\Application Data\avg9
      2009-12-17 01:18 . 2009-06-21 18:01   --------   d-----w-   c:\program files\AVG
      2009-11-27 16:54 . 2009-07-16 23:45   61664   -c-ha-w-   c:\windows\system32\mlfcache.dat
      2009-11-21 15:51 . 2004-08-10 21:49   471552   ----a-w-   c:\windows\AppPatch\aclayers.dll
      2009-11-10 03:20 . 2009-11-10 03:20   15884   ----a-w-   c:\documents and settings\User Account\Application Data\Azureus\plugins\azitunes\libProcessAccess.dll
      2009-11-10 03:20 . 2009-11-10 03:20   102400   ----a-w-   c:\documents and settings\User Account\Application Data\Azureus\plugins\azitunes\jacob-1.14.3-x86.dll
      2009-11-10 03:20 . 2009-11-10 03:20   4141117   ----a-w-   c:\documents and settings\User Account\Application Data\Azureus\plugins\vuzexcode\mediainfo.exe
      2009-11-10 03:20 . 2009-11-10 03:20   6516755   ----a-w-   c:\documents and settings\User Account\Application Data\Azureus\plugins\vuzexcode\ffmpeg.exe
      .

      (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
      "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

      [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
      "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

      [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

      [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
      [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
      "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
      "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

      [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

      [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
      [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
      "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
      "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-05 2002160]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
      "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
      "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
      "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
      "D-Link Wireless G WUA-1340"="c:\program files\D-Link\Wireless G WUA-1340\AirGCFG.exe" [2007-08-27 1662976]
      "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

      c:\documents and settings\All Users\Start Menu\Programs\Startup\
      HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
      MBCameraMonitor.lnk - c:\program files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe [2009-9-5 541976]

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
      "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
      2009-09-03 18:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
      2009-12-17 01:19   12464   ----a-w-   c:\windows\system32\avgrsstx.dll

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
      path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
      backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
      path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
      backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
      path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
      backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
      path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
      backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
      2008-10-15 05:04   39792   ----a-w-   c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
      2008-04-14 00:12   15360   ------w-   c:\windows\system32\ctfmon.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
      2006-02-19 05:41   49152   ----a-w-   c:\program files\HP\HP Software Update\hpwuSchd2.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
      2009-10-29 00:21   141600   ----a-w-   c:\program files\iTunes\iTunesHelper.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Location Finder]
      2005-08-25 02:25   101080   -c--a-w-   c:\program files\Microsoft Location Finder\LocationFinder.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
      2009-07-26 19:44   3883856   ----a-w-   c:\program files\Windows Live\Messenger\msnmsgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
      2001-07-09 19:50   155648   -c--a-w-   c:\windows\system32\NeroCheck.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
      2005-04-27 19:03   5898240   ----a-w-   c:\windows\system32\nvcpl.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
      2005-04-27 19:03   86016   -c--a-w-   c:\windows\system32\nvmctray.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
      2005-04-27 19:03   1519616   -c--a-w-   c:\windows\system32\nwiz.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
      2009-09-05 04:54   417792   ----a-w-   c:\program files\QuickTime\QTTask.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
      2005-01-21 04:04   77824   -c--a-w-   c:\windows\SOUNDMAN.EXE

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
      2008-02-22 07:25   144784   -c--a-w-   c:\program files\Java\jre1.6.0_05\bin\jusched.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusOverride"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
      "c:\\Program Files\\Messenger\\msmsgs.exe"=
      "c:\\StubInstaller.exe"=
      "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\Program Files\\Ares\\Ares.exe"=
      "c:\\Program Files\\Vuze\\Azureus.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
      "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
      "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
      "c:\\Program Files\\iTunes\\iTunes.exe"=
      "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
      "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
      "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

      R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26/05/2008 1:10 AM 715248]
      R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [16/12/2009 9:19 PM 333192]
      R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [16/12/2009 9:19 PM 360584]
      R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05/01/2010 7:56 AM 9968]
      R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/01/2010 7:56 AM 74480]
      R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [03/10/2009 8:25 AM 464264]
      R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [03/10/2009 8:25 AM 234888]
      R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [16/12/2009 9:18 PM 906520]
      R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [16/12/2009 9:18 PM 285392]
      R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/01/2010 7:56 AM 7408]
      S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [21/09/2009 11:15 AM 133104]
      .
      Contents of the 'Scheduled Tasks' folder

      2010-01-23 c:\windows\Tasks\AppleSoftwareUpdate.job
      - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

      2010-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-21 15:15]

      2010-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-21 15:15]
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://www.google.ca/
      uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
      IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
      DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
      DPF: {8F4213B4-A970-4B3C-820D-343C693D5BF0} - hxxp://dsp02.eastlink.ca/SelfProvisioning.cab
      FF - ProfilePath - c:\documents and settings\User Account\Application Data\Mozilla\Firefox\Profiles\h9aemmb4.default\
      FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
      FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
      FF - prefs.js: keyword.URL - hxxp://ca.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_ca&p=
      FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
      FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
      FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
      FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
      FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
      FF - plugin: c:\documents and settings\User Account\Application Data\Mozilla\Firefox\Profiles\h9aemmb4.default\extensions\[email protected]\platform\WINNT\plugins\npRescue.dll
      FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
      FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
      FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
      .
      - - - - ORPHANS REMOVED - - - -

      URLSearchHooks-CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
      MSConfigStartUp-!AVG Anti-Spyware - c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      MSConfigStartUp-AlcoholAutomount - c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe
      MSConfigStartUp-avast! - c:\progra~1\ALWILS~1\Avast4\ashDisp.exe
      MSConfigStartUp-DbWinEn - c:\windows\system32\ypgfqvuz.exe
      MSConfigStartUp-IMprocess - c:\program files\Instant Messenger Names\IM-svr.EXE
      MSConfigStartUp-MSFox - c:\docume~1\USERAC~1\LOCALS~1\Temp\a.exe
      MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe



      **************************************************************************

      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2010-02-02 06:42
      Windows 5.1.2600 Service Pack 3 NTFS

      scanning hidden processes ... 

      scanning hidden autostart entries ...

      scanning hidden files ... 

      scan completed successfully
      hidden files: 0

      **************************************************************************

      Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

      device: opened successfully
      user: MBR read successfully
      called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys spvw.sys hal.dll >>UNKNOWN [0x8598F944]<<
      kernel: MBR read successfully
      detected MBR rootkit hooks:
      \Driver\Disk -> CLASSPNP.SYS @ 0xf75b9f28
      \Driver\ACPI -> ACPI.sys @ 0xf7326cb8
      \Driver\atapi -> atapi.sys @ 0xf72e1b40
      IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
       ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
      \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
       ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
      NDIS: SiS 900-Based PCI Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf71ecb0a
       PacketIndicateHandler -> NDIS.sys @ 0xf71f7a21
       SendHandler -> NDIS.sys @ 0xf71ec949
      user & kernel MBR OK

      **************************************************************************
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------

      [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
      @DACL=(02 0000)
      "Installed"="1"
      @=""

      [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
      @DACL=(02 0000)
      "NoChange"="1"
      "Installed"="1"
      @=""

      [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
      @DACL=(02 0000)
      "Installed"="1"
      @=""
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------

      - - - - - - - > 'winlogon.exe'(532)
      c:\program files\SUPERAntiSpyware\SASWINLO.dll
      c:\windows\system32\WININET.dll

      - - - - - - - > 'explorer.exe'(856)
      c:\windows\system32\WININET.dll
      c:\windows\system32\ieframe.dll
      c:\windows\system32\webcheck.dll
      c:\windows\system32\WPDShServiceObj.dll
      c:\windows\system32\PortableDeviceTypes.dll
      c:\windows\system32\PortableDeviceApi.dll
      .
      ------------------------ Other Running Processes ------------------------
      .
      c:\program files\AVG\AVG9\avgchsvx.exe
      c:\program files\AVG\AVG9\avgrsx.exe
      c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      c:\program files\AVG\AVG9\avgcsrvx.exe
      c:\program files\Bonjour\mDNSResponder.exe
      c:\windows\system32\slserv.exe
      c:\program files\AVG\AVG9\avgnsx.exe
      c:\program files\Windows Media Player\WMPNetwk.exe
      c:\program files\AVG\AVG9\avgcsrvx.exe
      c:\program files\iPod\bin\iPodService.exe
      c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
      .
      **************************************************************************
      .
      Completion time: 2010-02-02  06:52:15 - machine was rebooted
      ComboFix-quarantined-files.txt  2010-02-02 10:52

      Pre-Run: 33,711,702,016 bytes free
      Post-Run: 33,722,482,688 bytes free

      WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
      [boot loader]
      timeout=2
      default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
      [operating systems]
      c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
      multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

      - - End Of File - - E8010BFE5BE0C42DCE93EBC246EAED95
      Logged

      Dr Jay

      • Malware Removal Specialist


        • Specialist
      • Moderator emeritus
        • Thanked: 119
      • Experience: Guru
      • OS: Windows 10
      Re: help! cannot open any programs. keep getting virus alerts
      « Reply #3 on: February 02, 2010, 08:25:12 AM »
      Hi again. Please do these steps in order.

      1. Please download TFC by OldTimer to your desktop
      • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
      • It will close all programs when run, so make sure you have saved all your work before you begin.
      • Click the Start
        button to begin the process. Depending on how often you clean temp
        files, execution time should be anywhere from a few seconds to a minute
        or two. Let it run uninterrupted to completion.
      • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
      2. Please download Malwarebytes Anti-Malware from Malwarebytes.org.
      Alternate link: BleepingComputer.com.
      (Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

      Double Click mbam-setup.exe to install the application.

      (Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)
      • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
      • If an update is found, it will download and install the latest version.
      • Once the program has loaded, select "Perform Full Scan", then click Scan.
      • The scan may take some time to finish,so please be patient.
      • When the scan is complete, click OK, then Show Results to view the results.
      • Make sure that everything is checked, and click Remove Selected.
      • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
      • Please save the log to a location you will remember.
      • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
      • Copy and paste the entire report in your next reply.
      Extra Note:

      If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

      3. Please visit this webpage for instructions for downloading and running SUPERAntiSpyware (SAS) to scan and remove malware from your computer:

      http://www.bleepingcomputer.com/virus-removal/how-to-use-superantispyware-tutorial

      Post the log from SUPERAntiSpyware when you've accomplished that.

      4. Please run a free online scan with the ESET Online Scanner
      • Tick the box next to YES, I accept the Terms of Use
      • Click Start
      • When asked, allow the ActiveX control to install
      • Click Start
      • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
      • Click Scan (This scan can take several hours, so please be patient)
      • Once the scan is completed, you may close the window
      • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
      • Copy and paste that log as a reply to this topic

      5. Post the following in your next reply:
      • MBAM log
      • SAS log
      • ESET log
      And, please tell me how your computer is doing.
      Logged
      ~Dr Jay

      danielle909xx

        Topic Starter


        Greenhorn

        Re: help! cannot open any programs. keep getting virus alerts
        « Reply #4 on: February 02, 2010, 04:20:46 PM »
        Here are my logs.

        MALWARE BYTES

        Malwarebytes' Anti-Malware 1.43
        Database version: 3458
        Windows 5.1.2600 Service Pack 3 (Safe Mode)
        Internet Explorer 8.0.6001.18702

        01/02/2010 4:57:20 PM
        mbam-log-2010-02-01 (16-57-20).txt

        Scan type: Quick Scan
        Objects scanned: 118882
        Time elapsed: 13 minute(s), 43 second(s)

        Memory Processes Infected: 0
        Memory Modules Infected: 0
        Registry Keys Infected: 37
        Registry Values Infected: 5
        Registry Data Items Infected: 0
        Folders Infected: 3
        Files Infected: 62

        Memory Processes Infected:
        (No malicious items detected)

        Memory Modules Infected:
        (No malicious items detected)

        Registry Keys Infected:
        HKEY_CLASSES_ROOT\xml.xml (Worm.Allaple) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\xml.xml.1 (Worm.Allaple) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\Typelib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\IMAdvertiser (Adware.SearchTwo) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslAgent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\System\CurrentControlSet\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\System\CurrentControlSet\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

        Registry Values Infected:
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\turbonet (Trojan.FakeAlert) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\systemcheck2 (Trojan.Agent) -> Quarantined and deleted successfully.

        Registry Data Items Infected:
        (No malicious items detected)

        Folders Infected:
        C:\Program Files\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        C:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.

        Files Infected:
        C:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        C:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        C:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        C:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
        C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
        C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
        C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
        C:\RECYCLER\ADAPT_Installer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\awtoolb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\Winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\winSystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
        C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        C:\WINDOWS\winSystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        Logged

        danielle909xx

          Topic Starter


          Greenhorn

          Re: help! cannot open any programs. keep getting virus alerts
          « Reply #5 on: February 02, 2010, 04:23:45 PM »
          SUPERANTI SPYWARE
          SUPERAntiSpyware Scan Log
          http://www.superantispyware.com

          Generated 02/02/2010 at 05:58 PM

          Application Version : 4.33.1000

          Core Rules Database Version : 4548
          Trace Rules Database Version: 2360

          Scan type       : Quick Scan
          Total Scan Time : 00:27:28

          Memory items scanned      : 541
          Memory threats detected   : 0
          Registry items scanned    : 554
          Registry threats detected : 0
          File items scanned        : 16130
          File threats detected     : 12

          Adware.Tracking Cookie
             C:\Documents and Settings\User Account\Cookies\[email protected][2].txt
             C:\Documents and Settings\User Account\Cookies\user_account@mediaplex[1].txt
             C:\Documents and Settings\User Account\Cookies\[email protected][2].txt
             C:\Documents and Settings\User Account\Cookies\[email protected][1].txt
             C:\Documents and Settings\User Account\Cookies\user_account@atdmt[2].txt
             C:\Documents and Settings\User Account\Cookies\[email protected][2].txt
             C:\Documents and Settings\User Account\Cookies\user_account@casalemedia[1].txt
             C:\Documents and Settings\User Account\Cookies\[email protected][2].txt
             C:\Documents and Settings\User Account\Cookies\user_account@advertising[2].txt
             C:\Documents and Settings\User Account\Cookies\user_account@burstbeacon[1].txt
             C:\Documents and Settings\User Account\Cookies\user_account@kontera[1].txt
             C:\Documents and Settings\User Account\Cookies\user_account@yadro[2].txt
          Logged

          danielle909xx

            Topic Starter


            Greenhorn

            Re: help! cannot open any programs. keep getting virus alerts
            « Reply #6 on: February 02, 2010, 04:24:39 PM »
            ESET

            ESETSmartInstaller@High as downloader log:
            all ok
            # version=7
            # OnlineScannerApp.exe=1.0.0.1
            # OnlineScanner.ocx=1.0.0.6211
            # api_version=3.0.2
            # EOSSerial=dfe16a8708cf9d489892f4e80efe9c4b
            # end=finished
            # remove_checked=true
            # archives_checked=false
            # unwanted_checked=true
            # unsafe_checked=false
            # antistealth_checked=true
            # utc_time=2010-02-02 11:07:46
            # local_time=2010-02-02 07:07:46 (-0400, Atlantic Standard Time)
            # country="Canada"
            # lang=1033
            # osver=5.1.2600 NT Service Pack 3
            # compatibility_mode=512 16777215 100 0 6861 6861 0 0
            # compatibility_mode=768 16777215 100 0 41122462 41122462 0 0
            # compatibility_mode=1024 16777175 100 0 3218276 3218276 0 0
            # compatibility_mode=8192 67108863 100 0 0 0 0 0
            # scanned=78970
            # found=0
            # cleaned=0
            # scan_time=3071
            Logged

            Dr Jay

            • Malware Removal Specialist


              • Specialist
            • Moderator emeritus
              • Thanked: 119
            • Experience: Guru
            • OS: Windows 10
            Re: help! cannot open any programs. keep getting virus alerts
            « Reply #7 on: February 03, 2010, 09:04:50 AM »
            Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
            • Select Start > All Programs > Accessories > System tools > System Restore.
            • On the dialogue box that appears select Create a Restore Point
            • Click NEXT
            • Enter a name e.g. Clean
            • Click CREATE
            You now have a clean restore point, to get rid of the bad ones:
            • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
            • In the Drop down box that appears select your main drive e.g. C
            • Click OK
            • The System will do some calculation and the display a dialogue box with TABS
            • Select the More Options Tab.
            • At the bottom will be a system restore box with a CLEANUP button click this
            • Accept the Warning and select OK again, the program will close and you are done
            To remove all of the tools we used and the files and folders they created, please do the following:
            Please download OTC.exe by OldTimer:
            • Save it to your Desktop.
            • Double click OTC.exe.
            • Click the CleanUp! button.
            • If you are prompted to Reboot during the cleanup, select Yes.
            • The tool will delete itself once it finishes.
            Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

            ==

            Please download TFC by OldTimer to your desktop
            • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
            • It will close all programs when run, so make sure you have saved all your work before you begin.
            • Click the Start
              button to begin the process. Depending on how often you clean temp
              files, execution time should be anywhere from a few seconds to a minute
              or two. Let it run uninterrupted to completion.
            • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
            ==

            Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
            • Save it to your Desktop.
            • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
            • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
            Logged
            ~Dr Jay
            Pages: [1]   Go Up
            « previous next »