XP Antivirus

[hunt3rshadow]

Ok so I know theres another thread about it but I don't whats the case with mine. Earlier I downloaded something and somehow something popped up with Antivirus XP. I didn't install it and then my background automatically changed to this: 

(I cant seem to upload pics rite now because it says network error. NOTE: My internet is seriously acting like *censored* right now)

Description:
It a box in the background that says adware detected. Install blah blah to get rid of it. ( Im pretty sure its the work of Antivirus XP)



Then when I'm on google and do a search, and click on any result, it redirects me to some other website, most likely a strange search engine.

I've scanned with Super(didn't find any trojans just adware etc.) and Im currently scanning with malwarebytes.

Super Log:

[hunt3rshadow]

Okay gog this dam virus is not letting me attach,upload,post or even search. This is my 7th time posting if by god this gets through then someone help me

[sodbuster2x]

I had same problem if you to sodbuster2x forum and do as they had me it possibly may work for you too.  Good luck

[Carbon Dudeoxide]

Start here.
http://www.computerhope.com/forum/index.php/topic,46313.0.html

[hunt3rshadow]

Carbon I would do those and I have the logs  BUT I can't seem to copy and paste or email or attach. Anybody know what I should do?

[Carbon Dudeoxide]

If you cannot upload the logs, attach the logs, copy and paste the logs, I would try doing this in Safe Mode With Networking.

More info here:
http://www.computerhope.com/issues/chsafe.htm
(Instead of choosing Safe Mode, choose the next option down)

Hopefully this will allow you to post the logs. 

[hunt3rshadow]

Thanks Ill try this now

[hunt3rshadow]

I still can't post my logs attach etc. with my logs even in safe mode with networking.

[kpac]

What exactly can't you do?

Can you view the forum in your browser? Or can you not go online at all?

[hunt3rshadow]

I can't post my logs or attach them. So how is anyone supppose to help me?

[evilfantasy]

Try uploading them online. http://savefile.com/ You don't have to sign up to use the service, just post the links to them back here.

[hunt3rshadow]

I tried. It just freezes when it says uploading. I've tried it twice. Should I just try to type the logs. I can proabbly type out the MBAM log but not the hijack or super log

[hunt3rshadow]

 Malwarebytes' Anti-Malware 1.17
Database version: 856

7:00:29 PM 8/21/2008
mbam-log-8-21-2008 (19-00-29).txt

Scan type: Full Scan (C:\|J:\|)
Objects scanned: 141750
Time elapsed: 1 hour(s), 46 minute(s), 53 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
C:\WINDOWS\system32\drivers\svchost.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\svchost.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Richard\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

[hunt3rshadow]

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/21/2008 at 01:14 AM

Application Version : 4.15.1000

Core Rules Database Version : 3448
Trace Rules Database Version: 1440

Scan type       : Complete Scan
Total Scan Time : 02:34:34

Memory items scanned      : 431
Memory threats detected   : 0
Registry items scanned    : 6708
Registry threats detected : 0
File items scanned        : 102720
File threats detected     : 229

Adware.Tracking Cookie
    C:\Documents and Settings\Richard\Cookies\[email protected][1].txt
    C:\Documents and Settings\Richard\Cookies\richard@insightexpressai[2].txt
    C:\Documents and Settings\Richard\Cookies\richard@casalemedia[1].txt
    C:\Documents and Settings\Richard\Cookies\richard@serving-sys[2].txt
    C:\Documents and Settings\Richard\Cookies\[email protected][1].txt
    C:\Documents and Settings\Richard\Cookies\[email protected][1].txt
    C:\Documents and Settings\Richard\Cookies\richard@adserver[1].txt
    C:\Documents and Settings\Richard\Cookies\richard@247realmedia[2].txt
    C:\Documents and Settings\Richard\Cookies\richard@doubleclick[1].txt
C:\Documents and Settings\Richard\Cookies\richard@advertising[2].txt
    C:\Documents and Settings\Richard\Cookies\richard@bluestreak[2].txt
    C:\Documents and Settings\Richard\Cookies\[email protected][1].txt
    C:\Documents and Settings\Richard\Cookies\[email protected][1].txt
    C:\Documents and Settings\Richard\Cookies\richard@cgi-bin[6].txt
    C:\Documents and Settings\Richard\Cookies\richard@tribalfusion[1].txt
    C:\Documents and Settings\Richard\Cookies\richard@revsci[1].txt
    C:\Documents and Settings\Richard\Cookies\richard@2o7[2].txt
    C:\Documents and Settings\Richard\Cookies\[email protected][1].txt
    C:\Documents and Settings\Richard\Cookies\richard@specificclick[1].txt
    C:\Documents and Settings\Richard\Cookies\richard@atdmt[2].txt
    C:\Documents and Settings\Richard\Cookies\richard@clicksense[2].txt
    C:\Documents and Settings\Richard\Cookies\richard@tradedoubler[2].txt
    C:\Documents and Settings\Richard\Cookies\richard@toplist[1].txt
    C:\Documents and Settings\Richard\Cookies\[email protected][1].txt
    C:\Documents and Settings\Richard\Cookies\richard@pcstats[1].txt
    C:\Documents and Settings\Richard\Cookies\[email protected][2].txt
    C:\Documents and Settings\Richard\Cookies\[email protected][2].txt
    C:\Documents and Settings\Richard\Cookies\richard@adcentriconline[1].txt
    C:\Documents and Settings\Richard\Cookies\richard@adultfriendfinder[1].txt

BTW Im posting these logs in seperate posts cuz thats the only way they'll let me do it. Again I'm sorry about that. The Super log posts will be coming in the rest of the posts. Also ignore the adult content lol

[hunt3rshadow]

C:\Documents and Settings\Richard\Cookies\[email protected][1].txt
    C:\Documents and Settings\Richard\Cookies\richard@kontera[1].txt
    C:\Documents and Settings\Richard\Cookies\[email protected][2].txt
    C:\Documents and Settings\Richard\Cookies\richard@dealtime[2].txt
    C:\Documents and Settings\Richard\Cookies\richard@chitika[2].txt
    C:\Documents and Settings\Richard\Cookies\richard@zedo[2].txt
    C:\Documents and Settings\Richard\Cookies\richard@AdRotator[2].txt
    C:\Documents and Settings\Richard\Cookies\richard@4[2].txt
    C:\Documents and Settings\Richard\Cookies\richard@hornyjo[1].txt
    C:\Documents and Settings\Richard\Cookies\[email protected][3].txt
    C:\Documents and Settings\Richard\Cookies\richard@freexxxpornosex[1].txt
    C:\Documents and Settings\Richard\Cookies\[email protected][1].txt
    C:\Documents and Settings\Richard\Cookies\richard@virus-detection-scanner[1].txt
    C:\Documents and Settings\Richard\Cookies\richard@sex-superstore[2].txt
    C:\Documents and Settings\Richard\Cookies\richard@gigxteen[2].txt
    C:\Documents and Settings\Richard\Cookies\richard@14[3].txt
    C:\Documents and Settings\Richard\Cookies\richard@14[4].txt
    C:\Documents and Settings\Richard\Cookies\[email protected][1].txt
    C:\Documents and Settings\Richard\Cookies\richard@pcprivacytool[2].txt
    C:\Documents and Settings\Richard\Cookies\[email protected][2].txt
    C:\Documents and Settings\Richard\Cookies\[email protected][1].txt
    C:\Documents and Settings\Richard\Cookies\richard@14[2].txt
    C:\Documents and Settings\Richard\Cookies\[email protected][2].txt
    C:\Documents and Settings\Richard\Cookies\richard@14[1].txt
    C:\Documents and Settings\Richard\Cookies\richard@media6degrees[1].txt
    C:\Documents and Settings\Richard\Cookies\richard@epochstats[1].txt
    C:\Documents and Settings\Richard\Cookies\[email protected][2].txt
    C:\Documents and Settings\Richard\Cookies\richard@sexxyclub[1].txt
    C:\Documents and Settings\Richard\Cookies\richard@st[44].txt
    C:\Documents and Settings\Richard\Cookies\[email protected][2].txt
    C:\Documents and Settings\Richard\Cookies\[email protected][1].txt
    C:\Documents and Settings\Richard\Cookies\[email protected][1].txt
    C:\Documents and Settings\Richard\Cookies\[email protected][2].txt
    C:\Documents and Settings\Richard\Cookies\[email protected][1].txt
    C:\Documents and Settings\Richard\Cookies\[email protected][1].txt
    C:\Documents and Settings\Richard\Cookies\richard@porngoto[1].txt
    C:\Documents and Settings\Richard\Cookies\richard@screwingporn[2].txt
    C:\Documents and Settings\Richard\Cookies\[email protected][1].txt
    C:\Documents and Settings\Richard\Cookies\richard@naked-collegegirls[1].txt
    C:\Documents and Settings\Richard\Cookies\[email protected][1].txt
    C:\Documents and Settings\Richard\Cookies\[email protected][2].txt
    C:\Documents and Settings\Richard\Cookies\[email protected][1].txt
    C:\Documents and Settings\Richard\Cookies\[email protected][2].txt
    C:\Documents and Settings\Richard\Cookies\[email protected][1].txt
    C:\Documents and Settings\Richard\Cookies\[email protected][1].txt
    C:\Documents and Settings\Richard\Cookies\richard@afrotits.*censored*-private[1].txt
    C:\Documents and Settings\Richard\Cookies\richard@cgi-bin[9].txt
    C:\Documents and Settings\Richard\Cookies\[email protected][1].txt
    C:\Documents and Settings\Richard\Cookies\richard@list[2].txt
    C:\Documents and Settings\Richard\Cookies\[email protected][2].txt
    C:\Documents and Settings\Richard\Cookies\[email protected][1].txt
    C:\Documents and Settings\Richard\Cookies\[email protected][2].txt
    C:\Documents and Settings\Richard\Cookies\richard@gall85teen[1].txt
    C:\Documents and Settings\Richard\Cookies\richard@*censored*-galleries[2].txt
    C:\Documents and Settings\Richard\Cookies\richard@freesex99[1].txt
    C:\Documents and Settings\Richard\Cookies\[email protected][2].txt
    C:\Documents and Settings\Richard\Cookies\richard@st[33].txt
    C:\Documents and Settings\Richard\Cookies\[email protected][1].txt
    C:\Documents and Settings\Richard\Cookies\[email protected][2].txt
    C:\Documents and Settings\Richard\Cookies\[email protected][2].txt
    C:\Documents and Settings\Richard\Cookies\richard@*censored*-girls-sex.com[2].txt
    C:\Documents and Settings\Richard\Cookies\richard@2steen[1].txt
    C:\Documents and Settings\Richard\Cookies\richard@homegirl-sex[2].txt
    C:\Documents and Settings\Richard\Cookies\richard@fuckteenpussy[1].txt
    C:\Documents and Settings\Richard\Cookies\richard@malepornxxx[1].txt
    C:\Documents and Settings\Richard\Cookies\[email protected][1].txt
    C:\Documents and Settings\Richard\Cookies\richard@stats[3].txt
    C:\Documents and Settings\Richard\Cookies\[email protected][1].txt
    C:\Documents and Settings\Richard\Cookies\richard@amateursex[1].txt
    C:\Documents and Settings\Richard\Cookies\[email protected][1].txt
    C:\Documents and Settings\Richard\Cookies\[email protected][1].txt
    C:\Documents and Settings\Richard\Cookies\richard@videospornolargos[1].txt
    C:\Documents and Settings\Richard\Cookies\[email protected][2].txt
    C:\Documents and Settings\Richard\Cookies\richard@youpornztube[1].txt
    C:\Documents and Settings\Richard\Cookies\richard@cgi-bin[1].txt
    C:\Documents and Settings\Richard\Cookies\richard@sexpicsfree[2].txt
    C:\Documents and Settings\Richard\Cookies\[email protected][1].txt
    C:\Documents and Settings\Richard\Cookies\[email protected][1].txt

[kpac]

Woah....

Download CCleaner and clear all cookies for all browsers...

[hunt3rshadow]

Okay Will do. BTW about that homepage question, you never asked? Thanks for the reply. Does this mean I have to keep posting my Super Log because I'm not done yet.

[kpac]

Yes, unfortunately, you should continue posting the log, because there might be more...

It's better to be sure.

Sorry about the homepage thing... I got mixed up with another topic...

[hunt3rshadow]

EDIT: I finished the cleaner. What do I do now?

[hunt3rshadow]

C:\Documents and Settings\Richard\Cookies\richard@movies[3].txt
   C:\Documents and Settings\Richard\Cookies\richard@sex-hot-pics[2].txt
   C:\Documents and Settings\Richard\Cookies\[email protected][2].txt
   C:\Documents and Settings\Richard\Cookies\[email protected][1].txt
   C:\Documents and Settings\Richard\Cookies\richard@photo[1].txt
   C:\Documents and Settings\Richard\Cookies\richard@lookmycunt[1].txt
   C:\Documents and Settings\Richard\Cookies\richard@dtr[20].txt
   C:\Documents and Settings\Richard\Cookies\[email protected][1].txt
   C:\Documents and Settings\Richard\Cookies\[email protected][1].txt
   C:\Documents and Settings\Richard\Cookies\richard@bdsm-boy[1].txt
   C:\Documents and Settings\Richard\Cookies\richard@myroitracking[1].txt
   C:\Documents and Settings\Richard\Cookies\[email protected][2].txt
   C:\Documents and Settings\Richard\Cookies\[email protected][1].txt
   C:\Documents and Settings\Richard\Cookies\richard@st[43].txt
   C:\Documents and Settings\Richard\Cookies\richard@sexmoviesfree[1].txt
   C:\Documents and Settings\Richard\Cookies\richard@ero-advertising[2].txt
   C:\Documents and Settings\Richard\Cookies\richard@sexycoolwink[1].txt
   C:\Documents and Settings\Richard\Cookies\[email protected][2].txt
   C:\Documents and Settings\Richard\Cookies\richard@cgi-bin[12].txt
   C:\Documents and Settings\Richard\Cookies\richard@pornwebring[1].txt
   C:\Documents and Settings\LocalService\Cookies\system@3animalsex[1].txt
   C:\Documents and Settings\LocalService\Cookies\system@adbrite[1].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
   C:\Documents and Settings\LocalService\Cookies\system@adultfriendfinder[2].txt
   C:\Documents and Settings\LocalService\Cookies\system@bisex_dvd[1].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
   C:\Documents and Settings\LocalService\Cookies\system@clickintext[1].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
   C:\Documents and Settings\LocalService\Cookies\system@crazyxxx3dworld[1].txt
   C:\Documents and Settings\LocalService\Cookies\system@duoteen[2].txt
   C:\Documents and Settings\LocalService\Cookies\system@family-porn-album[1].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
   C:\Documents and Settings\LocalService\Cookies\system@footsexforall[1].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
   C:\Documents and Settings\LocalService\Cookies\system@freehqsex[1].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
   C:\Documents and Settings\LocalService\Cookies\system@gaypornaccess[2].txt
   C:\Documents and Settings\LocalService\Cookies\system@gofuckworld[1].txt
   C:\Documents and Settings\LocalService\Cookies\system@hotsexygalls[1].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
   C:\Documents and Settings\LocalService\Cookies\system@just-a-porn[1].txt
   C:\Documents and Settings\LocalService\Cookies\system@mefuckyoulongtime[1].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
   C:\Documents and Settings\LocalService\Cookies\system@paycounter[1].txt
   C:\Documents and Settings\LocalService\Cookies\system@pornaccess[1].txt
   C:\Documents and Settings\LocalService\Cookies\system@pornknight[1].txt
   C:\Documents and Settings\LocalService\Cookies\system@*censored*-girls-sex.com[2].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
   C:\Documents and Settings\LocalService\Cookies\system@sellgaytraffic[2].txt
   C:\Documents and Settings\LocalService\Cookies\system@sex-hot-pics[2].txt
   C:\Documents and Settings\LocalService\Cookies\system@sex-hot-teens[2].txt
   C:\Documents and Settings\LocalService\Cookies\system@sex-young-virgin-movies[2].txt
   C:\Documents and Settings\LocalService\Cookies\system@sexitall[1].txt
   C:\Documents and Settings\LocalService\Cookies\system@sexlist[1].txt

[kpac]

I would also recommend you downloading Spybot Search and Destroy, and doing a full scan.

When it is finished, make sure all items (if any) are checked, and click "Fix selected problems".

Before you download Spybot S&D, restart your computer.

[kpac]

EDIT: I finished the cleaner. What do I do now?

I would also recommend you downloading Spybot Search and Destroy, and doing a full scan.

When it is finished, make sure all items (if any) are checked, and click "Fix selected problems".

Before you download Spybot S&D, restart your computer.

Just in case you missed it....

[evilfantasy]

kpac???


Unfortunately Spybot is not as powerful a tool as it used to be which is why we don't use it in the removal instructions.....

Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note:  It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
 
Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

[kpac]

Sorry Evil...

I guess I should have left it to you guys in the first place...

[evilfantasy]

Your OK, it wouldn't cause any harm and might help some. It's just we need to use tools that create logs. Without logs it's all speculation as to if things are in order or not.

[hunt3rshadow]

Okay I'll continues to post my super log. Thanks for the help kpac and evil. So Combofix it is.

[evilfantasy]

Just do the ComboFix instructions please.

[hunt3rshadow]

Okay sorry if im being an idiot. The links arent working.

[evilfantasy]

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

[hunt3rshadow]

Still wont let me. It gives me an error.

[evilfantasy]

What is the error?

[hunt3rshadow]

It says connection has been reset. when I click the link. This is also the same error I get when I try copy+pasting logs and attaching logs

[evilfantasy]

I'm beginning to think that the problem is deeper then just malware. (no I don't know what)

Try this.

Run this online scan. Requires Internet Explorer

Use the ESET Nod32 Online Scanner

1. Check the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the activex control to install
4. Click Start
5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked.
6. Click Scan
7. Wait for the scan to finish
8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply

[hunt3rshadow]

I think im in deep *censored*. I cant access that website either.

[kpac]

What browser are you using? IE?

[hunt3rshadow]

I tried IE and Firefox

[kpac]

Out of that list of cookies... How many of those sites did you actually download videos/pictures etc.?

[hunt3rshadow]

Didn't download any. Merely just streaming videos

[evilfantasy]

Reset settings for Internet Explorer 6

Open Internet Explorer. Click Tools in the menu and then Options to enter the Internet Options window.

In the General Tab, in the Home page section, click Use Default to change the home page to its default, MSN home. In the Temporary Internet Files section click Delete Cookies and Delete Files -confirm Delete all offline content in the popup-. In the History section the default number of days to keep pages in history is 20 and click Clear History.

Reset Settings in Internet Explorer 7

1. Click the Tools menu, and then click Internet Options.
2. On the Advanced tab, click Reset.
3. In the Reset Internet Explorer Settings dialog box, click Reset.
4. When Internet Explorer 7 finishes restoring the default settings, click Close, and then click OK two times.
5. Close Internet Explorer 7. The changes take effect the next time that you open Internet Explorer 7.

----------

Click Start > Run and copy and paste the following line into the run box:
regsvr32 urlmon.dll
Press OK
Once it is completed you will get this message DllRegisterServer in urlmon.dll succeeded, repeat the above steps, but replace regsvr32 urlmon.dll with the following: (enter each line one at a time selecting OK after each)

• regsvr32 actxprxy.dll
  
• regsvr32 shdocvw.dll
  
• regsvr32 mshtml.dll
  
• regsvr32 browseui.dll
  
• regsvr32 jscript.dll
  
• regsvr32 vbscript.dll
  
• regsvr32 oleaut32.dll

When finished restart your computer.

----------

Go to download the program HostsXpert

• Unzip HostXpert to your Desktop
  
• Open up the HostXpert program.
  
• Make sure that the "Make Hosts Writable?" button in the upper right corner is enabled.
  
• Click Create Back Up
  
• Then click on Restore Microsoft's Host Files
  
• Close the HostXpert program

Note: if you use SpywareBlaster, Spybot and/or IE-SPYAD, it will be necessary to re-install the protection they afford. For SpywareBlaster, run the program and select Enable all protection. For Spybot run the program and select Immunize. For IE-SPYAD, run the batch file and reinstall the protection.



Now try to access the Internet.

[kpac]

I don't think, but I'm not sure, that a virus could do all this.... But maybe I'm wrong.

[evilfantasy]

There have been some lately that have basically rendered the PC useless. Each step taken to remove the virus(s) just makes things worse. This may be one of those cases.

Do you have an XP CD or a way to borrow one?

[hunt3rshadow]

You mean the XP CD I used to install Windows on my PC correct?

[hunt3rshadow]

Unfortunatley that hostExperts thing doesnt work either. I did what  your instructions stated but no luck. Is there any last ditch effort to save some important files on my computer?

[evilfantasy]

Try this first. It will detect and repair any damaged system/windows files it finds.

Place your XP CD in your CD ROM drive and follow the instructions below:

• Click on Start > Run and type sfc /scannow then press Enter (note the space between scf and /scannow)
  • Let this run undisturbed until the window with the blue  progress bar goes away

SFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.

[hunt3rshadow]

Oop I think you misunderstood my post about the windows XP CD. I don't have it. Is there anything else I could try. If not could you tell me anyway to save some of my programs/files?

[evilfantasy]

The program files can be backed up onto a CD or flash drive.

Try to download and run this.

Download Dial-a-Fix by djlizard, save it to the desktop then extract it to it's own folder.

• Open the folder and run Dial-a-fix.exe
• 2 windows will open. Close the one in the background labeled Restrictive Policies
• On the main window, check the box in section 4, labeled SSL/HTTPS/Cryptography. The 4 boxes under it should be pre-checked
• Check all boxes in Section 5, labeled Registration Center.
• Click Go
• OK any error messages if received, but write them down and post them here.
• Restart the computer when done

Let me know if IE behaves properly.

[hunt3rshadow]

IE is still the same wont let me access those links you posted and it gives me strange google searches

[evilfantasy]

Try booting into Safe Mode and running a Full system scan with MalwareBytes.

[hunt3rshadow]

Alrite that'll take me about more then an hour. So ill see you then

[mcxeb52!]

if you're using xp or vista and have system restore points, I'd have just restored to an earlier date. However .... first complete the fixes that are already in place 

[kpac]

if you're using xp or vista and have system restore points, I'd have just restored to an earlier date. However .... first complete the fixes that are already in place 

It's best to follow the instuctions evilfantasy gave.

[hunt3rshadow]

Malwarebytes' Anti-Malware 1.17
Database version: 856

6:32:19 PM 8/22/2008
mbam-log-8-22-2008 (18-32-19).txt

Scan type: Full Scan (C:\|J:\|)
Objects scanned: 118149
Time elapsed: 1 hour(s), 17 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Richard\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

Done.

[kpac]

Have you got a Hijack This log at all? Or is it that you had to type it out?

I think it will be needed.

[evilfantasy]

Agreed, if we could get a HJT log at some point it would be a huge help.

This scan can only be run in Safe Mode.

Download SDFix by AndyManchesta and save it to your desktop.

When using this tool, you must use the Administrator's account or an account with Administrative rights

• Double click SDFix.exe and it will extract the files to %systemdrive%
  
• (this is the drive that contains the Windows Directory, typically C:\SDFix).
  
• DO NOT use it just yet.

Reboot your computer in Safe Mode using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Open the SDFix folder and double click RunThis.bat to start the script.

• Type Y to begin the cleanup process.
  
• It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
  
• When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
  
• Copy and paste the contents of the results file Report.txt in your next reply along with a new HijackThis log.

[hunt3rshadow]

Yes very well, I will do as you stated BTW I cant download HJT it wont let me with the links being stupid.  Also now I know that I have indeed been effected by AntiVirus Xp 2008 when I downloaded a audio codec. I've been doing a little research and I found this:

http://www.windowsvistaplace.com/xp-antivirus-2008-removal-instructions-xp-antivirus-2008/spyware-removal

EDIT: I cant download SDdFix. Link is being stupid

[mcxeb52!]

if you're using xp or vista and have system restore points, I'd have just restored to an earlier date. However .... first complete the fixes that are already in place 

It's best to follow the instuctions evilfantasy gave.

Yeah. isn't that what I said? I'd fix it a certain way that has helped me many times but evilfantasy is already taken him so far so why stop at this point?

[kpac]

Yes very well, I will do as you stated BTW I cant download HJT it wont let me with the links being stupid.

What can you do with this PC?

Can you go to another computer and download all these tools? If you can, do that, and copy them to a flash drive or CD or something, and run them on the infected PC.

[hunt3rshadow]

Thanks to everyone's help. I just got rid of this cursed thing by running MBAM multiple times then cleaning my registry. My computer's running fine so far and the background has changed back to normal.

[kpac]

It may seem fine, but the virus might be still on your computer.

I recommend you continue with posting the logs/following our instructions etc.

[mcxeb52!]

It may seem fine, but the virus might be still on your computer.

I recommend you continue with posting the logs/following our instructions etc.

At least for now, I'd post a new HiJackThis Log and have evilfantasy review it one more time to be sure it's clean.

You don't want to have traces of diseases still lingering in your body that might potentially open up another problem even though you are now feeling fine and life appears to be going on normally.