Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Me Please! Unknown Problems


  • This topic is locked This topic is locked
12 replies to this topic

#1 88Sears

88Sears

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 12 July 2007 - 06:34 PM

Greetings to everyone here!

I don't understand what is going on with my computer. All kinds of programs are popping up and I can't even access my bank account. I am writing this from another person's computer. There are too many problems to even begin describing. I doubt that you can help.
I'm thinking about livetechonline.com? Anyone heard of that? Anyway, here is my log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:14:03 PM, on 7/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Canon\MultiPASS\mpservic.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\SYSCON~1\sneconfig.exe
C:\PROGRA~1\SYSCON~1\sysdiag.exe
C:\WINDOWS\spools\services.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\spools\smss.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\joseph\Application Data\SurfAccuracy\SAcc.exe
C:\Program Files\sysconfig\Deploy.exe
C:\WINDOWS\msn64.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Program Files\YourSiteBar\ysb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MP_STATUS_MONITOR] "C:\Program Files\Canon\MultiPASS\monitr32.exe" I
O4 - HKLM\..\Run: [MPTBox] "C:\Program Files\Canon\MultiPASS\MPTBox.exe"
O4 - HKLM\..\Run: [HTTPServer] C:\PROGRA~1\SYSCON~1\sneconfig.exe
O4 - HKLM\..\Run: [System32UX] C:\PROGRA~1\SYSCON~1\sysdiag.exe
O4 - HKLM\..\Run: [OSA6432] C:\WINDOWS\spools\services.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OSA64] C:\WINDOWS\spools\smss.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [System32] C:\PROGRA~1\SYSCON~1\sysdiag.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BONZI.EXE] C:\WINDOWS\system32\BONZI.EXE
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [SurfAccuracy] C:\Documents and Settings\joseph\Application Data\SurfAccuracy\SAcc.exe
O4 - Startup: run.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.trendmicro-europe.com/ho...ivex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1174252166267
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1174345479562
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MPService - Canon Information Systems, Inc. - C:\Program Files\Canon\MultiPASS\mpservic.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 4856 bytes

BC AdBot (Login to Remove)

 


m

#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:24 AM

Posted 15 July 2007 - 01:04 PM

Hi 88Sears,

Our apologies for the delay. We have many logs backed up. :thumbsup:

If you still need help, please post a new log so I can see if anything has changed.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 88Sears

88Sears
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 15 July 2007 - 01:19 PM

Thank you for your aid,

I am, alas, unable to retrieve another log. The program closes automatically when I click it! I'm surprised I was able to get the first one. It is most puzzling! The program launches and appears for the shortest moment and then vanishes! I have so many problems. I went to run an online virus scan and that window closed too. I'm unsure of why. Strange contraptions are these computers!

~88sears

#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:24 AM

Posted 15 July 2007 - 01:23 PM

Hi 88Sears,

I need you to rename Hijackthis because I believe that you may have the an infection that prevent Hijackthis from running.
  • Please go to the folder where you saved Hijackthis.exe:
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
  • Right-click on it, then select Rename.
  • Name it something like: FlufflyBunny.exe (or whatever you want)
  • Then double-click FluffyBunny.exe to scan and then post the new logfile.

Edited by SifuMike, 15 July 2007 - 02:10 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 88Sears

88Sears
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 17 July 2007 - 10:32 PM

Greetings to you delightful few!

I have obtained another log for your dissection. Hopefully you can make sense of this nonsense.

~88Sears

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:23:36 PM, on 7/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Canon\MultiPASS\monitr32.exe
C:\Program Files\Canon\MultiPASS\MPTBox.exe
C:\PROGRA~1\SYSCON~1\sneconfig.exe
C:\PROGRA~1\SYSCON~1\sysdiag.exe
C:\WINDOWS\spools\services.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\spools\smss.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\FxRedir.EXE
C:\Program Files\sysconfig\Deploy.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Canon\MultiPASS\mpservic.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\server3.com
C:\WINDOWS\Outlook.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Documents and Settings\joseph\Desktop\scan.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Program Files\YourSiteBar\ysb.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MP_STATUS_MONITOR] "C:\Program Files\Canon\MultiPASS\monitr32.exe" I
O4 - HKLM\..\Run: [MPTBox] "C:\Program Files\Canon\MultiPASS\MPTBox.exe"
O4 - HKLM\..\Run: [HTTPServer] C:\PROGRA~1\SYSCON~1\sneconfig.exe
O4 - HKLM\..\Run: [System32UX] C:\PROGRA~1\SYSCON~1\sysdiag.exe
O4 - HKLM\..\Run: [OSA6432] C:\WINDOWS\spools\services.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [System32] C:\PROGRA~1\SYSCON~1\sysdiag.exe
O4 - HKLM\..\Run: [OSA64] C:\WINDOWS\spools\smss.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BONZI.EXE] C:\WINDOWS\system32\BONZI.EXE
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Startup: run.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1174252166267
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1174345479562
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MPService - Canon Information Systems, Inc. - C:\Program Files\Canon\MultiPASS\mpservic.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 4292 bytes

Edited by 88Sears, 17 July 2007 - 10:32 PM.


#6 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:24 AM

Posted 17 July 2007 - 11:02 PM

Hello 88Sears,

Before we start, you need to realize that you are missing one important program on that computer: An antivirus. :thumbsup:

This is somewhat suicidal in today's digital world.

You need to install an antivirus program as soon as you can and run a complete scan of the computer.

I recommend you download the free

Avast or
AntiVir or
AVG antivirus

Products from all three vendors received the Virus Bulletin's VB100% award and certification for virus detection from ICSA Labs.

Never install more than one antivirus scanner or firewall on your system! Several together can give you problems and decrease the reliability of it seriously!

Post a fresh Hijackthis log after you run the antivirus program.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 88Sears

88Sears
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 17 July 2007 - 11:10 PM

Greetings!

I am unable to install or run an AntiVirus. Same with Hijackthis. It closes as soon as it opens. I really would like to get the www.winantiviruspro.com program because I paid for it and the customer support really helped over the phone. I definitely would suggest this program. In addition, the interface is built for novices like me. I did some type of scan with another program and they got rid of www.winantiviruspro.com. They sent me an e-mail with my download link and password, but everytime I download this program or try to install it the window closes. For example, if I am to type "webroot" in the address bar, even before hitting go, the program disappears. As I said before, Strange contraptions are these computers! I think there may be some other program that is trying to stop me from downloading this because it would remove them. Thank you for your sympathetic ear! You are extracting a major thorn from my side. I apologize, but I would rather use Win instead of the options you suggested because it is easier, I already paid, and they are really helpful with the technical support on the phone. Thank you for your aid!

~88Sears

#8 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:24 AM

Posted 17 July 2007 - 11:33 PM

Hi 88Sears,

I am unable to install or run an AntiVirus. Same with Hijackthis.


I am not understanding. You posted a Hijackthis log so you must have installed and run it.

If you can install and run Hijackthis, then you can install and run an antivirus program.


It closes as soon as it opens.

What closes when it opens? Hijackthis? or the antivirus I asked you to install and run.
Tell me exactly what occurs when you try to install the antivirus program.

I really would like to get the www.winantiviruspro.com program because I paid for it and the customer support really helped over the phone. I definitely would suggest this program. In addition, the interface is built for novices like me.


We remove Winantiviruspro regularly, as it is malware. :thumbsup:
http://www.sophos.com/security/analyses/winantiviruspro.html

WinAntiVirusPro
Potentially unwanted application

Name WinAntiVirusPro
Type Adware

Side effects Displays pop-up advertising

Aliases application Winfixer


WinAntiVirusPro is a spyware detection application which may exaggerate threats on a user's computer and ask the user to buy software to remove the threat.



I apologize, but I would rather use Win instead of the options you suggested because it is easier, I already paid, and they are really helpful with the technical support on the phone.



You would rather use a malware program that makes false claims to make you buy it than run a free antivirus program? That makes no sense.

infected by WinAntiVirusPro/WinAntiSpyware 2006??
http://www.malwarecomplaints.info/viewtopic.php?t=1009



http://www.etown.edu/news.aspx?year=2006&dept=8

3/15/2006
MALWARE ALERT: WinAntiVirusPRO 2006

If you are getting pop-ups suggesting that you download WinAntiVirusPRO because your system may be infected with 'Blackworm', DO NOT DOWNLOAD the files. The programs you are prompted to download are actually malware software and will increase pop-ups on your system. If you receive this pop-up in the first place, chances are that your machine is already infected with some type of malware/spyware.


http://www.sunbelt-software.com/Press/Releases/?id=171

WinAntiVirus Pro
WinAntiVirusPro is a rogue antispyware program that purports to scan and detect malware or other problems on the computer, but which attempts to dupe or badger users into purchasing the program by presenting the user with intrusive, deceptive warnings and/or false, misleading scan results.


Well, here is something to look at. Type in winantiviruspro into Google. And this is what you will get. :flowers:

First result: Malware Complaints WinAntiVirusPro/WinAntiSpyware 2006


Second result: WinAntiVirusPro Potentially unwanted application

Edited by SifuMike, 18 July 2007 - 01:34 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 88Sears

88Sears
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 18 July 2007 - 10:54 AM

Greetings!

I was trying to say that when I initially downloaded HiJackthis it would not run. Only after I renamed it did it run. The same with Win. When I click the hijackthis icon, the program appears for about a second and then immediately disappears. Another example is with Win, it does the same thing. The virus must be stopping it. I called the WinAntiVirus technical support and showed them this forum. They said that they had never heard of such a thing and these were just marketing tactics of other companies trying to put them down. She directed me to start the computer by tapping F8 and the computer would boot to the desktop and immediately restart. A new antivirus for me? You are thoughtful. However, I think I will stick with Win for now because I used it for 3 years without a problem and they have the new 2007 version. If it is a virus, why did it work perfectly for 3 years? Anyways, right now it is irrelevant because it is impossible to install any antivirus. The computer won't let me run it. I renamed the HiJackThis to 'scan' as directed by you; that is the only reason it ran...

~88Sears

#10 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:24 AM

Posted 18 July 2007 - 04:08 PM

If it is a virus, why did it work perfectly for 3 years?

I did not say it was a virus. I said it was malware.

Since you are heavily infected, please go here download, install and run MicroSoft Windows Defender

http://www.microsoft.com/athome/security/s...re/default.mspx

Let it remove any malware it finds. If it produces a log please post it.

Edited by SifuMike, 18 July 2007 - 04:16 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 88Sears

88Sears
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 19 July 2007 - 10:38 AM

Greetings!

The same thing happens, I can't install it. I am willing to try Windows Defender for now, but later I still want the old Win. Anyways, I downloaded the icon to the desktop, and when I clicked on the file to run it, it tries to install, that is, the screen appears for about 5 seconds and disappears. I renamed the file and it did the same thing. I can't install any kind of antispyware/antivirus program. Why?

~88Sears

#12 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:24 AM

Posted 19 July 2007 - 10:56 AM

Hi 88Sears,

WinAntiviruspro is the reason you are infected now. :thumbsup:

If it was any good then you would not have this virus problem. That is the the reason everyone in that fights malware gets rid of it. It really worthless.

Have you read all the links I posted about WinAntivirusPro previously? One of the links lists thousands of disatisfied users.


Select the following with HijackThis.
With all windows (including this one!) closed (close browser/explorer windows), please select "fix."

O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Program Files\YourSiteBar\ysb.dll
O4 - HKLM\..\Run: [OSA6432] C:\WINDOWS\spools\services.exe
O4 - HKLM\..\Run: [OSA64] C:\WINDOWS\spools\smss.exe
O4 - HKCU\..\Run: [BONZI.EXE] C:\WINDOWS\system32\BONZI.EXE
O4 - Startup: run.exe







Please download the OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\spools\services.exe
    C:\WINDOWS\spools\smss.exe
    C:\WINDOWS\system32\BONZI.EXE
    C:\WINDOWS\system32\run.exe


  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


*******************************************

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post the ComboFix log and a fresh Hijackthis log in your next reply.
Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall




Finally, reboot the computer, the ComboFix log, OTMoveIt log, post a new Hijackthis log, and tell me how your computer is running.

Edited by SifuMike, 19 July 2007 - 11:00 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:24 AM

Posted 22 July 2007 - 06:34 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users