Re: over 600 virus's found! ran anti-virus but still not working

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

"K.Sawyer" <KSawyer@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1DDAA1A0-8A26-4EA9-9131-01938F2308B5@xxxxxxxxxxxxxxxx
My friend bought a computer but didn't realize that she needed to
"purchase"
the anti-virus after it's trial period ran. They use cable internet
service.
There was no anti-virus or firewall protection shortly after purchasing
the
computer. Kids accessed internet and MySpace frequently. I've run Trend
Micro and it found over 615 virus's. 2 MS Dos virus's and 1 internet
worm.
I thought of formatting the drive and reinstalling everything, they have
basically nothing on the computer. They are running XP Home Edition.
Any
advice on how to clean? Should I just format and reinstall from scratch?
Below is a report from HiJackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:34:37 PM, on 9/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\acs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\system32\cba\pds.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\AOL\1127817622\ee\AOLSoftware.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\D-Link\AirPlus G Wireless Adapter Utility\AirPlus.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Nikon\PictureProject In Touch\PictureProjectInTouch.exe
c:\program files\common
files\aol\1127817622\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP
Scheduler.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\Documents and Settings\Ruby Sawyer\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://home.peoplepc.com/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.comcast.net/home.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = http://localhost
O2 - BHO: SuperAdBlockerBHO Class -
{00000000-6C30-11D8-9363-000AE6309654} -
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat
7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} -
C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Super Ad Blocker Toolbar -
{B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program
Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program
Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPSExe] C:\Program Files\McAfee.com\MPS\mscifapp.exe
/embedding
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common
Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe
SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common
Files\AOL\1127817622\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic]
"C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media
Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] C:\Program
Files\Roxio\Drag-to-Disc\DrgToDsc.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software
Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program
Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe"
/background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat
7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &
Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SuperAdBlocker] C:\Program
Files\SuperAdBlocker.com\Super
Ad Blocker\SAdBlock.exe
O4 - Startup: PictureProject In Touch.lnk = C:\Program
Files\Nikon\PictureProject In Touch\PictureProjectInTouch.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program
Files\America Online 9.0b\aoltray.exe
O4 - Global Startup: D-Link AirPlus G Wireless Utility.lnk = ?
O4 - Global Startup: D-Link REG Utility.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program
Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program
Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program
Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} -
C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar -
{4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL
Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O12 - Plugin for .html: C:\Program Files\Netscape\Netscape
Browser\PLUGINS\npTrident.dll
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) -
http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -
http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj
Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1141747084644
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175458045265
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} -
http://www.musicmatch.com/form/support/tech/diagnostics/cabs/DiagCollectionControl.cab
O20 - Winlogon Notify: !SABWinLogon - C:\Program
Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner -
C:\WINDOWS\System32\acs.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC -
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown
owner -
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology
Ltd -
C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program
Files\NavNT\defwatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program
Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common
Files\InstallShield\Driver\1050\Intel
32\IDriverT.exe
O23 - Service: Intel File Transfer - Intel® Corporation -
C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel® Corporation -
C:\WINDOWS\system32\cba\pds.exe
O23 - Service: LightScribeService Direct Disc Labeling Service
(LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common
Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) -
Unknown
owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation -
C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) -
Symantec
Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
Corporation -
C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program
Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program
Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions -
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common
Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com -
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program
Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America
Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 10794 bytes






--
K.Sawyer

In your situation, I would wipe the entire partition. Not just format it.
A restore type of install for a factory PC does this. A windows CD install,
you have to instruct it to do so at the beginning of the setup program.

But, I don't know where the 3rd party apps originated in the situation you
presented. That needs to be sourced from something. Verify existence of
same and any needed product codes/IDs. I've had one really bad problem with
AOL using same password to get online via AOL with a new install of OS and
AOL from its CD.

Tell your friend that the latest virus defintions is like knowing what to
shop for. The older definitions are no longer all in style. She might end
up putting something in the closet that will wreck her wardrobe as a result.
Dave


.

Relevant Pages

  • over 600 viruss found! ran anti-virus but still not working
    ... My friend bought a computer but didn't realize that she needed to "purchase" ... There was no anti-virus or firewall protection shortly after purchasing the ... Kids accessed internet and MySpace frequently. ...
    (microsoft.public.windowsxp.general)
  • over 600 viruses found - computer still sluggish after cleaning
    ... My friend bought a computer but didn't realize that she needed to "purchase" ... There was no anti-virus or firewall protection shortly after purchasing the ... Kids accessed internet and MySpace frequently. ...
    (microsoft.public.windowsxp.perform_maintain)
  • Re: over 600 viruses found - computer still sluggish after cleanin
    ... "Shenan Stanley" wrote: ... "purchase" the anti-virus after it's trial period ran. ... internet and MySpace frequently. ...
    (microsoft.public.windowsxp.perform_maintain)
  • Re: over 600 viruses found - computer still sluggish after cleaning
    ... "purchase" the anti-virus after it's trial period ran. ... internet and MySpace frequently. ... It is almost never *necessary* to format and install afresh. ...
    (microsoft.public.windowsxp.perform_maintain)
  • Re: Porqueddu Gilardino Studi CD
    ... something from a merchant; to not receive that product in a reasonable time, ... I happen to respect Mr. Gilardino a great deal. ... trying to purchase one of the Crirstiano Porqueddu Gilardino Studi ... I suppose you are so new at this Internet business that you never ...
    (rec.music.classical.guitar)