Ok, so i am trying to help one of my friends with their computer. It seems LOADED with viruses. I was able to install malwarebytes, but it will not run. superantispyware will not install at all. All I could get was hijackthis and CCleaner to work. I have put trend micro and webroot as antivirus/antispyware software(trend is for virus, webroot for spyware). I am able to run trend micro, but webroot will not install correctly. When I run tren, it gets to 7% then freezes the comp completely. Can somebody help me out? I was able to get the hijackthis log...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:34:57 PM, on 3/22/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1197843124\ee\AOLSoftware.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\svcho.exe
C:\Documents and Settings\Lori\Application Data\cogad\cogad.exe
C:\WINDOWS\SSTEM3~1\wowexec.exe
C:\WINDOWS\system32\?icrosoft.NET\?ti2evxx.exe
C:\Program Files\GetModule\GetModule38.exe
C:\Program Files\VnrPack\VnrPack28.exe
C:\Documents and Settings\Lori\Application Data\Twain\Twain.exe
C:\Documents and Settings\Lori\Application Data\SpeedRunner\SpeedRunner.exe
C:\Documents and Settings\Lori\Application Data\Microsoft\Windows\dkmnva.exe
C:\PROGRA~1\COMMON~1\kkof\kkofm.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\COMMON~1\kkof\kkofa.exe
C:\Program Files\Common Files\AOL\1197843124\ee\AOLDesktop.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twex.exe,C:\WINDOWS\system32\sdra64.exe,
O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
O2 - BHO: CPV - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\WWShow\WWShow.dll
O2 - BHO: (no name) - {4FD7C860-25AE-2B27-8C4F-2EC002528DEA} - C:\WINDOWS\system32\jyspjpc.dll
O2 - BHO: worldadmarketplace browser enhancer - {66D4BFC9-301A-61C2-BDAB-9DB53B32654D} - C:\WINDOWS\system32\ncbhxyodcibjklm.dll
O2 - BHO: worldadmarketplace - {6decd60e-29bd-f4a7-3e43-fea37462c73f} - C:\WINDOWS\system32\nsm109.dll
O2 - BHO: Debro IE Helper - {836A4B93-6F4A-4d61-AD3D-B8225D921F42} - C:\Program Files\DebroPack\DebroPack.dll
O2 - BHO: BHO - {C9C42510-9B21-41c1-9DCD-8382A2D07C61} - C:\WINDOWS\system32\iehelper.dll
O2 - BHO: HelloWorldBHO - {D88E1558-7C2D-407A-953A-C044F5607CEA} - C:\Program Files\Jcore\Jcore2.dll
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1197843124\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16
O4 - HKLM\..\Run: [etxzuyzycqlxwezg] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\ncbhxyodcibjklm.dll"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [cogad] "C:\Documents and Settings\Lori\Application Data\cogad\cogad.exe" 61A847B5BBF72813338B2B27128065E9C084320
161C4661227A755E9C2933154389A
O4 - HKCU\..\Run: [Esmr] "C:\WINDOWS\SSTEM3~1\wowexec.exe" -vt yazb
O4 - HKCU\..\Run: [Ylcpuso] C:\WINDOWS\system32\?icrosoft.NET\?ti2evxx.exe
O4 - HKCU\..\Run: [rundll32.exe] rundll32.exe "C:\Documents and Settings\Lori\Application Data\Macromedia\Common\a14b00141.dll""
O4 - HKCU\..\Run: [autochk] rundll32.exe C:\DOCUME~1\NETWOR~1\protect.dll,_IWMPEvents@16
O4 - HKCU\..\Run: [GetModule38] C:\Program Files\GetModule\GetModule38.exe
O4 - HKCU\..\Run: [VnrPack28] "C:\Program Files\VnrPack\VnrPack28.exe"
O4 - HKCU\..\Run: [Twain] C:\Documents and Settings\Lori\Application Data\Twain\Twain.exe
O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\Lori\Application Data\SpeedRunner\SpeedRunner.exe
O4 - HKCU\..\Run: [Iy[N4l] C:\Documents and Settings\Lori\Application Data\Microsoft\Windows\dkmnva.exe
O4 - HKCU\..\Run: [kkof] C:\PROGRA~1\COMMON~1\kkof\kkofm.exe
O4 - HKCU\..\Policies\Explorer\Run: [svcho] C:\WINDOWS\svcho.exe
O4 - Startup: AOL Desktop.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe
O4 - Startup: ChkDisk.dll
O4 - Startup: ChkDisk.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) -
http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CABO16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -
http://photo.walgreens.com/WalgreensActivia.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1197841258670O20 - AppInit_DLLs: karna.dat pprefh.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
--
End of file - 6646 bytes
Also, Internet explorer doesnt work so i nstalled firefox which worked for a while, but is now not working so i am posting this from my laptop.
