I need help with a virus i think

Volume in drive C has no label.
Volume Serial Number is 10A4-67C2

Directory of C:\Documents and Settings\tiff\Desktop

05/19/2007 03:07 PM 72,192 tasklist.exe
1 File(s) 72,192 bytes

Directory of C:\WINDOWS\system32\New Folder

05/19/2007 03:07 PM 72,192 tasklist.exe
1 File(s) 72,192 bytes

Total Files Listed:
2 File(s) 144,384 bytes
0 Dir(s) 66,949,156,864 bytes free
Parameter format not correct -
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\tiff\Application Data
CLASSPATH=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TIFFANY
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\tiff
LOGONSERVER=\\TIFFANY
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\WinSCP3\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\tiff\LOCALS~1\Temp
TMP=C:\DOCUME~1\tiff\LOCALS~1\Temp
USERDOMAIN=TIFFANY
USERNAME=tiff
USERPROFILE=C:\Documents and Settings\tiff
windir=C:\WINDOWS
Volume in drive C has no label.
Volume Serial Number is 10A4-67C2

Directory of C:\Documents and Settings\tiff\Desktop

05/19/2007 03:07 PM 72,192 tasklist.exe

Directory of C:\Documents and Settings\tiff\Desktop

05/19/2007 03:07 PM 72,192 tasklist.exe
2 File(s) 144,384 bytes

Total Files Listed:
2 File(s) 144,384 bytes
0 Dir(s) 66,949,152,768 bytes free

 

There it is

it is in c:\windows\system32\new folder

Use My Computer browse to c:\windows\system32\new folder
copy tasklist.exe

browse again to c:\windows\system32

paste Tasklist.exe there.

Bob

 

Ok Tiffany

You have done a Bodacious job.

I think we are clean.

Hopefully the Bitdefender will run to completion.

And I still want to see the tasklist.

But we are going out for a late lunch (or early dinner) and an errand, 2:30 pm here.

Perhaps 2-3 hrs.

Then I will post some final cleanups and a couple of suggestions to improve stability and performance.

But for now you can breath easy as you are now more Virus and Malware clean than most.

Use your computer as normal untill I get back.

After we finish that you can change your online passwords.

Bob

 

ok i found the file and now have it in the right place!!!! I am going to run the bitdefender and panda now and will post results for you when you get back!!!

 

Ok but the idea was when it was in the right place, to paste the following line to the run command

%SystemRoot%\system32\cmd.exe /c %windir%\system32\tasklist.exe /svc > "%USERPROFILE% "\Desktop\Tasklist.txt

and paste me the contents of the tasklist.txt file

Bob

 

Image Name PID Services
========================= ====== =============================================
System Idle Process 0 N/A
System 4 N/A
smss.exe 532 N/A
csrss.exe 596 N/A
winlogon.exe 620 N/A
services.exe 664 Eventlog, PlugPlay
lsass.exe 676 PolicyAgent, ProtectedStorage, SamSs
svchost.exe 824 DcomLaunch, TermService
svchost.exe 884 RpcSs
svchost.exe 976 AudioSrv, CryptSvc, Dhcp, ERSvc,
EventSystem, helpsvc, lanmanserver,
lanmanworkstation, Netman, Nla, RasMan,
Schedule, seclogon, SENS, SharedAccess,
ShellHWDetection, srservice, TapiSrv,
Themes, TrkWks, W32Time, winmgmt, wscsvc,
wuauserv, WZCSVC
svchost.exe 1040 Dnscache
svchost.exe 1112 LmHosts, SSDPSRV, WebClient
spoolsv.exe 1336 Spooler
explorer.exe 1608 N/A
NvMixerTray.exe 1680 N/A
jusched.exe 1692 N/A
qttask.exe 1704 N/A
avgcc.exe 1720 N/A
ArovaxAntiSpyware.exe 1728 N/A
msmsgs.exe 1736 N/A
ctfmon.exe 1816 N/A
aim6.exe 1824 N/A
MySpaceIM.exe 1844 N/A
aolsoftware.exe 1900 N/A
EasyShare.exe 1908 N/A
Kodak Software Updater.ex 1920 N/A
guard.exe 2044 AVG Anti-Spyware Guard
avgamsvr.exe 192 Avg7Alrt
avgupsvc.exe 248 Avg7UpdSvc
avgemc.exe 296 AVGEMS
MDM.EXE 372 MDM
wdfmgr.exe 460 UMWdf
Ymsgr_tray.exe 1436 N/A
svchost.exe 2200 stisvc
alg.exe 2596 ALG
firefox.exe 3192 N/A
cmd.exe 3040 N/A
cmd.exe 3160 N/A
tasklist.exe 3324 N/A
wmiprvse.exe 2356 N/A

 

the bit defender made my computer crash the first time i tried it and i have not tried again in the past 2 hours or so

 

OK the tasklist agrees with all else. Good!

Ok final cleanup.

Cleanup all downloaded installer files on Desktop, all the txt files we created

The following items will free memory and speed up in general (some)
Start-run

type or paste
services.msc

Maximize screen
find

DNS Client (will speed bootup)
Double Click
set Statup type to
Disabled
click apply then OK

Indexing Service as previous set to disabled
Machine Debug Manager Disabled
Net Logon Disabled

Uninteruptable power Supply (unless you have a UPS and it is cabled to the computer and has software installed)

If you have no wireless then
Wireless Zero configuration Disabled

Next

Download Regseeker

http://www.hoverdesk.net/dl/en/RegSeeker.zip

extract

Download EasyCleaner 20
http://personal.inet.fi/business/toniarts/files/EClea2_0.exe

Run this file to install.

Now run Enditall and killprocess as directed before

Then
start-run
type
cmd

paste the following command to the run command

"C:\Program Files\Registry Cleaners\EasyCleaner\EasyClea.exe" -delreg -delunn -ccache -chistory -ccookies -cmru -exit

it will do a temp clean and reg clean and exit back to desktop

Reboot

Again un Enditall and killprocess as directed before

Then run Regseeker
click find in registry

check all boxes except Match whole word

paste
Registrybooster
into the Search for line
click search

Select and delete all found

when finished
click Installed Applications
then Invalid Add/remove entries
click Select All
click Action
click Delete Selected items

next

Click Clean the Registry
check all blocks
click autoclean
in Passes put 4
Select all square blocks including the one under Passes
Put dot in circle all Green items
click Go

exit regseeker when finished


Reboot

Run for a few days and let us know.

Are you still lockup free in general use?

Good luck

Bob

 

Ok on the Bitdefender crash

Not to worry

But have you been using the Enditall and Killprocess before you run it?

If not, try it that way.

Otherwise forget it, as we have had several other (probably better) scans with positive opinions.

Bob

 

i can't get enditall to run??everytime i click on it it brings me through the installations process again but then nothing?????

 

Oh!

I thought you had been running Enditall and Killprocess for all scans .

Well you are running the install over and over. It only needs to be run once to install the program.

Since it is already installed go to Start-programs and run it from there.

What about Killprocess with the Killlist?

Bob

 

i got everything done!! I am cleaning the regseeker registry now!!! I have not crashed at all since yesterday morning until i ran the bitfinder....It seems fine to me!!!! I am leaving tuesday for vacation to visit my family so I will not be abck until the 30!!!! I will update you as soon as i get back!!Thank you soo much!!!!!! I can't even say thanks enough!!!!!