I can only view the internet in "safe mode"

[Jon88]

Where are you from Jon88?

Maybe there is a Zone Member close by that could help you out?

Shreveport, Louisiana. I don't know of anyone close by, but that's a good idea.

Google tells me that Quickheal is a real company, so how can they legally get away with infecting people's computers? I mean, if Microsoft planted a virus on your system which forced you to purchase their products in order to remedy it, there'd be hell to pay. So why is Quickheal still in business?

I was thinking about a class action lawsuit against these people. It's ridiculous.

 

[xWraithx]

Shreveport, Louisiana. I don't know of anyone close by, but that's a good idea.



I was thinking about a class action lawsuit against these people. It's ridiculous.

instead of a class action lawsuit, how about a Last Action Hero?

 

[JohnnyHopkins]

A lot of these rogue malware programs masquerade as legitimate software. It wouldn't surprise me if this was one of them, but taking it a step further and using a real application name.

Regardless, this is definitely not something you want on your computer.

Download this hijackthis

Save it to your C: drive and run it. Do a scan, save the log. You can paste the log in here.

Good call, that saved my computer a couple of times.

 

[Yeagermeister]

Shreveport, Louisiana. I don't know of anyone close by, but that's a good idea.



I was thinking about a class action lawsuit against these people. It's ridiculous.

I'll send DE over. He's not doing anything productive. :laugh2:

 

[ajk23az]

Try a system restore 1st before you start over.

I second this.

Someone could also try doing Remote assistance and go into the registry to remove QuickHeal. I've used it quite a few times to help my buddies out. Idk if it works in safe mode though.

 

[bbgun]

Could be a wiring issue.

http://img21.*************/img21/8300/begladyoudontworkinit.jpg

 

[Jon88]

A lot of these rogue malware programs masquerade as legitimate software. It wouldn't surprise me if this was one of them, but taking it a step further and using a real application name.

Regardless, this is definitely not something you want on your computer.

Download this hijackthis

Save it to your C: drive and run it. Do a scan, save the log. You can paste the log in here.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:53:27 PM, on 7/21/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Jon\Downloads\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.abcnews.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Email Protection] C:\PROGRA~1\QUICKH~1\QUICKH~1\EMLPROUI.EXE
O4 - HKLM\..\Run: [Scanner Reminder] C:\PROGRA~1\QUICKH~1\QUICKH~1\remind.exe
O4 - HKLM\..\Run: [Update Scheduler] C:\PROGRA~1\QUICKH~1\QUICKH~1\UPSCHD.EXE /CHECK
O4 - HKLM\..\Run: [On-Line Protection] C:\PROGRA~1\QUICKH~1\QUICKH~1\CATEYE.EXE
O4 - HKLM\..\Run: [Messenger] C:\PROGRA~1\QUICKH~1\QUICKH~1\SCANMSG.EXE
O4 - HKLM\..\Run: [Quick Heal Monitor] C:\PROGRA~1\QUICKH~1\QUICKH~2\op_mon.exe /tray /noservice
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: &Search - ?p=ZKxdm021YYUS
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O13 - Gopher Prefix:
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (******* Uploader Control) - http://lads.*******.com/upload/*******Uploader1006.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC9CDE6E-EAD8-4056-A37D-E56FDD165397}: NameServer = 10.0.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{BC9CDE6E-EAD8-4056-A37D-E56FDD165397}: NameServer = 10.0.0.1
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: c:\progra~1\quickh~1\quickh~2\wl_hook.dll c:\progra~1\google\google~2\goec62~1.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll (file missing)
O23 - Service: Quick Heal Client Security Service (acssrv) - Quick Heal Technologies (P) Ltd. - C:\PROGRA~1\QUICKH~1\QUICKH~2\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Online Protection System - Quick Heal Technologies (P) Ltd. - C:\PROGRA~1\QUICKH~1\QUICKH~1\opssvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Quick Heal Helper Service WSC (ScanWscS) - Quick Heal Technologies (P) Ltd. - C:\PROGRA~1\QUICKH~1\QUICKH~1\scanwscs.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9017 bytes

 

[Kilyin]

Check these and click 'fix checked' (probably need to reboot after)

O23 - Service: Quick Heal Client Security Service (acssrv) - Quick Heal Technologies (P) Ltd. - C:\PROGRA~1\QUICKH~1\QUICKH~2\acs.exe

O20 - AppInit_DLLs: c:\progra~1\quickh~1\quickh~2\wl_hook.dll c:\progra~1\google\google~2\goec62~1.dll

O4 - HKLM\..\Run: [Email Protection] C:\PROGRA~1\QUICKH~1\QUICKH~1\EMLPROUI.EXE

O4 - HKLM\..\Run: [Scanner Reminder] C:\PROGRA~1\QUICKH~1\QUICKH~1\remind.exe

O4 - HKLM\..\Run: [Update Scheduler] C:\PROGRA~1\QUICKH~1\QUICKH~1\UPSCHD.EXE /CHECK

O4 - HKLM\..\Run: [On-Line Protection] C:\PROGRA~1\QUICKH~1\QUICKH~1\CATEYE.EXE

O4 - HKLM\..\Run: [Messenger] C:\PROGRA~1\QUICKH~1\QUICKH~1\SCANMSG.EXE

O4 - HKLM\..\Run: [Quick Heal Monitor] C:\PROGRA~1\QUICKH~1\QUICKH~2\op_mon.exe /tray /noservice


After you reboot -

Then open My Computer. Go to C:\Program Files\QuickHeal

Delete the whole folder or drag to recycle bin and empty.

After doing that, scan and paste another log with hijackthis.

 

[Jon88]

Thanks, I'll try that.

 

[Jon88]

Access Denied. When I tried to delete it in the C folder it said I needed permission.

 

[Kilyin]

Check pm.

 

[bbgun]

Man, this thing has really got you by the shorthairs. My sympathies.

 

[theogt]

I realize that, but even Indians aren't immune from international law. This is basically hacking.

That's a myth. Doesn't exist.

 

[Yeagermeister]

Man, this thing has really got you by the shorthairs. My sympathies.

No kidding

By now I would have backed up and reloaded

 

[Hoofbite]

Access Denied. When I tried to delete it in the C folder it said I needed permission.

Petter ask mother for the password to the administrator account.

 

[BrAinPaiNt]

One thing that I forgot to say and I don't see it mentioned, Before doing a scan disable your network connection so you can no longer get on the internet.

Do your scans, delete your found problems.

If it finally gets everything out you can enable your network connection again.

Sometimes...again this is just sometimes, when the computer loads up it automatically loads the network (if you are not on dial up) and some programs download files or updates them in the background to keep the computer from getting rid of it.

Also sometimes these programs start up when your computer does and the program is running in the background without you knowing it and that is when you sometimes have the access denied issues when trying to delete things.

Not sure that helps out much, seems like Kil is helping out and hopefully gets it fixed.

But really if you still have problems it is best to just reformat your hard drive as long as you have a working Windows OS cd.

It is really is an easy thing to do. The only downside is having to backup any word, mp3s or video files and such that you want to keep (including maybe bookmarks, email address, email settings like your pop3 and imtp settings plus username and password).

The best thing about reformating is you are guaranteed to get rid of the problem, plus you will notice that your computer will run better if you have not done a reformat in a long time.

I reformat my hard drive about once a year whether I have a virus or not.

 

[CATCH17]

I'm not even going to attempt to reformat my hard drive and right now I don't have the money to take it anywhere. I'm just gonna have to limp around in safe mode and use the computers on campus. No more YouTube : (

Thanks for all the suggestions.

Do a system restore. No-need to reformat and its worth a try.

 

[Yeagermeister]

Do a system restore. No-need to reformat and its worth a try.

I have never had a system restore work properly.

 

[theogt]

I have never had a system restore work properly.

I have, but that was years ago (7+). I haven't had an issue where I needed to in a long time. Computers are stable enough nowadays that as long as you aren't downloading tons of porn and other things, you're fine.

 

[vta]

Do a system restore. No-need to reformat and its worth a try.

Buy an Apple computer. There's nothing on the computer that you or Apple didn't put there.

:laugh2:

I know it's popular to say that because Apple is so unpopular that no one writes viruses for them, but the simple fact is the OS is a thousand times better in giving the user complete control without garbage like this happening.

System restore? What a waste of time.