Antivirus System Pro - I can not install ANYTHING, no hijack this, no malware b.

HELP!!!!

Agh!! Went to Thanksgiving dinner, came back, and this Antivirus System Pro alert is all over the place with pornography popping up as well!!! This is my work laptop - all I do is check email and casually surf the new - I can't get a log, can't get ANYTHING to work. Even tried rkill and everything listed. I am in dire need of help! Thanks in advance!!!

That makes two of us...Antivirus Pro strikes again. What's the 1-2-3 step process to escape? Appreciate it!

Its happening to me too! I don't know what brought it to my computer, but now i can't get rid of it! Every 10 or so minutes and this porn website pops up. I have younger siblings and have to ban them from the computer for the time being. How is it possible that every program that worked in the past is now useless!?!?!

I am REALLY upset. This is my work laptop, I don't even have administrative rights on it!!! This is going to make me look horrible when I go into work - all I use the laptop for is email and casual web browsing occasionally. UGH

i have been using rkill to temporarily disable it. It works, but its a pain to get working. Plus, you have to do it every time you open the computer.

i keep getting an error with it when I try to use rkill...

if you use it on firefox it works. You just open rkill, wait for it to close....close the error message. And repeat until there is no more error message or pop-ups on the task manu.

After that you can use any program including hijack, etc. From there you can additional help from a professional.

I have windows XP, i have no idea if it works on any other windows version.

I have done this fifty times...it gives me a popup and tells me it cannot include file PEV and wants to know if I want to continue. PEV is on my desktop and I have NO idea what it is and it won't let me get rid of it. Grr.

Hmm....have you tried going on your laptop in safe mode? If you use safe mode, then download & Run Malwarebytes....it should get fixed....Good luck!

This is xPeaceSellsx's topic, anyone else please start your own topic.

Please download the current version of HijackThis from HERE

• Double click and run the installer.
  
• It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  
• After installing, you should get the user agreement, press accept and Hijack This will run.
  
• Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.
  

I can't install hijack this - I keep getting the file infected popup. Ugh.

Try running this.

Please download exeHelper from one of the two links.
Link 1
Link 2

• Double-click on exeHelper.com or exeHelper.scr to run the fix.
  
• A black window should pop up, press any key to close once the fix is completed.
  
• Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
  

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

OK - I finally got this to work - somehow, it just quit being a pain, no more pop ups, no more issues - but I just ran these...

exeHelper by Raktor
exeHelper by Raktor
exeHelper by Raktor
exeHelper by Raktor
exeHelper by Raktor
Build 20091122
exeHelper by Raktor
exeHelper by Raktor
Build 20091122
exeHelper by Raktor
Build 20091122
Run at exeHelper by Raktor
Build 20091122
Run at 19:29:56 on 11/28/09
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--


DDS (Ver_09-11-24.02) - NTFSx86
Run by nikki.ogg at 19:30:26.09 on Sat 11/28/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3231.2666 [GMT -6:00]

AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Panasonic\Hotkey Appendix\HKEYAPP.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
C:\Program Files\Panasonic\WSwitch\WSwitch.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\FIDTPU\WIN2K\FTMSFLTU.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RButton.exe
C:\WINDOWS\system32\RAMAsst.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Nikki.Ogg\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://intra.mt.local
mDefault_Page_URL = hxxp://intra.mt.local
uInternet Connection Wizard,ShellNext = hxxp://intra.mt.local/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [sbyuulcy] c:\documents and settings\nikki.ogg\local settings\application data\iwgtra\vnftsysguard.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [Panasonic Hotkey Manager] c:\program files\panasonic\hotkey appendix\HKEYAPP.EXE
mRun: [PCinfo] c:\program files\panasonic\pcinfo\PcInfoUt.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PRunOnce] c:\util\prunonce\PRunOnce.exe
mRun: [B'sCLiP] c:\progra~1\b'scli~1\win2k\BSCLIP.exe
mRun: [WSwitch] c:\program files\panasonic\wswitch\WSwitch.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [FTMSFLT(USB)] c:\program files\fidtpu\win2k\FTMSFLTU.EXE
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMAsst.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [2008-6-20 17192]
R2 bgsvcg;B's Recorder GOLD General Service;c:\program files\b.h.a\common\bgsvcg.exe [2008-6-17 145504]
R2 BsUDF;BsUDF;c:\windows\system32\drivers\BsUDF.sys [2008-6-20 195616]
R2 PcInfoPi;Panasonic PC Information Viewer Service 2;c:\program files\panasonic\pcinfo\PCInfoPi.exe [2008-6-17 54632]
R2 PcInfoSV;Panasonic PC Information Viewer;c:\program files\panasonic\pcinfo\PCInfoSV.exe [2008-6-17 189800]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-6-17 244368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-10-18 102448]
R3 FIDTPU;Fujitsu Touch Panel (USB);c:\windows\system32\drivers\FIDTPU.sys [2008-6-17 27030]
R3 HOTKEY;Panasonic Hotkey Driver;c:\windows\system32\drivers\hotkey.sys [2008-6-17 19840]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2008-6-17 41216]
R3 NewMisc;Panasonic Misc Driver;c:\windows\system32\drivers\newmisc.sys [2008-6-17 50440]
S3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-6-20 84992]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 GemCCID;GemCCID;c:\windows\system32\drivers\GemCCID.sys [2008-6-17 87424]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-20 108032]
S3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [2008-6-17 47616]

=============== Created Last 30 ================

2009-11-10 02:13:20 4548 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-11-10 02:10:43 0 ----a-w- C:\tc8.1

==================== Find3M ====================

2009-09-25 05:37:11 667136 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:37:09 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-16 18:19:58 60800 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll

============= FINISH: 19:30:40.10 ===============


Thank you again for any and all help!!

Hello.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

In Internet Explorer

1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.
   

In Firefox

1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
   
2. Click the apply button and restart that computer in normal mode.
   

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Won't let me install MBAM, I do not have administrative rights on the laptop...

Is the account your on now a restricted account?

It is my work laptop - and yes, it is restricted. Even after restarting the laptop - I have not had any issues with the virus again. Yeah, I can not install anything on here...

Okay, then this should be okay.
To install MBAM you'll have to get permission from your boss due to legal reason.