ok u guys are underestimating me
im A+ certified so im not ur average computer retard
i got the computer running again
im on it now
i already had hijackthis installed
my log is at the bottom
ill run combo fix next
i manually copied explorer, ms-config, regedit, and taskmgr
because after running the trend micro scan the taskmgr was gone too
along with like everything else
the computer is running ok now
but i still cant delete the virus files
it says access denied file in use
but i canceled the program in taskmgr
and i renamed the source file to disable it
i used regedit and took it out of the startups
but i need a program to manually remove the whole key from the registry not just disable it
ok here is my log
keep in mind this is my log without a restart
after i ran the trend micro and deleted registry entries
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:38:37 PM, on 7/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKCU\..\Policies\Explorer\Run: [{049BE340-08FB-1033-0401-030505040001}] "C:\Program Files\Common Files\{049BE340-08FB-1033-0401-030505040001}\Update.exe" te-110-12-0000213
O4 - HKUS\S-1-5-21-2729244171-3309014658-2146403040-1003\..\Policies\Explorer\Run: [{049BE340-08FB-1033-0401-030505040001}] "C:\Program Files\Common Files\{049BE340-08FB-1033-0401-030505040001}\Update.exe" te-110-12-0000213 (User '?')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Pool 2 -
http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -
http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - file://C:\Program Files\gateway\helpspot\TechTools.CAB
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150164577284
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) -
http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - file://C:\Program Files\gateway\helpspot\RunExeActiveX.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) -
http://gateway.cf1live.com/eSupport/static/weblaunch/weblaunch.cab
O16 - DPF: {97BB6657-DC7F-4489-9067-51FAB9D8857E} (CWebLaunchCtl Object) -
https://support.gateway.com/eSupport/static/weblaunch/weblaunch2.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) -
https://support.gateway.com/support/serialharvest/gwCID.CAB
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) -
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} -
http://www.symantec.com/techsupp/activedata/SymAData.dll
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\WINNT\System32\alg.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINNT\system32\cisvc.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINNT\System32\imapi.exe (file missing)
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Unknown owner - C:\WINNT\System32\mnmsrvc.exe (file missing)
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINNT\System32\msdtc.exe (file missing)
O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\WINNT\System32\msiexec.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Unknown owner - C:\Program Files\Intel\NCS\Sync\NetSvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINNT\system32\nvsvc32.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINNT\system32\sessmgr.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\WINNT\System32\locator.exe (file missing)
O23 - Service: Smart Card (SCardSvr) - Unknown owner - C:\WINNT\System32\SCardSvr.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINNT\system32\spoolsv.exe (file missing)
O23 - Service: Performance Logs and Alerts (SysmonLog) - Unknown owner - C:\WINNT\system32\smlogsvc.exe (file missing)
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINNT\system32\wdfmgr.exe (file missing)
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINNT\System32\ups.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINNT\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINNT\System32\wbem\wmiapsrv.exe (file missing)
O24 - Desktop Component 0: (no name) - C:\Program Files\Common Files\cezer.html