anyway... finally got it through cnet... but, apparently, PC Tools has to automatically update itself before it will run AT ALL. whenever i click on the shortcut, or the icon in the system tray, a little dialog box pops up saying "new updates are available. run smart update". when i attempt to update, it says "update failed. error downloading the list of updates. try again later." then it suggests i check my internet connection. obviously, the virus is blocking the program from updating, as well.
so... my question is this: how do i stop it from blocking pctools.com? that's all i really care about... v_v" unless you don't think PCtools would clear all of it up..?
any suggestions at all would be greatly appreciated. oh yeah, and if it matters, i have win7 32-bit.
(more information about things i've already done to remove most of it at the bottom)
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\PC Tools Security\pctsTray.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\bArBiE\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Users\bArBiE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\bArBiE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\bArBiE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\bArBiE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\bArBiE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\bArBiE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\bArBiE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=14196&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\PC Tools Security\pctsTray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Users\bArBiE\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ZE18MW23GY] C:\Users\bArBiE\AppData\Local\Temp\Rfu.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Antimalware Doctor.lnk = bArBiE\AppData\Roaming\722334A1AD6E38BF90BB0F2C81D18A22\secureapp70700.exe
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\bArBiE\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B3D49D8-4D2B-45AB-A4D1-63858C246B4F}: NameServer = 93.188.164.73,93.188.166.223
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.164.73,93.188.166.223
O17 - HKLM\System\CS1\Services\Tcpip\..\{1B3D49D8-4D2B-45AB-A4D1-63858C246B4F}: NameServer = 93.188.164.73,93.188.166.223
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.164.73,93.188.166.223
O17 - HKLM\System\CS2\Services\Tcpip\..\{1B3D49D8-4D2B-45AB-A4D1-63858C246B4F}: NameServer = 93.188.164.73,93.188.166.223
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.73,93.188.166.223
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Security\pctsSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
Uninstall List:
7-Zip 4.65
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Photoshop Lightroom 2.6
Adobe Reader 9.3.4
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AIM 7
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG Free 9.0
BioShock
BioShock 2
Color Efex Pro 3.0 Complete
Combined Community Codec Pack 2009-09-09
ConvertXtoDVD 4.0.9.322
Counter-Strike: Source
Dfine 2.0
Download Updater (AOL LLC)
Fallout 3
Free Audio CD Burner version 1.4
Free YouTube to MP3 Converter version 3.8
Haali Media Splitter
HijackThis 2.0.2
iTunes
Java(TM) 6 Update 17
LG Burning Tools
LG Power Tools
LG Power Tools
LucisArt 3 ED/SE
Malwarebytes' Anti-Malware
Matroska Pack
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft WSE 3.0 Runtime
Mozilla Firefox (3.6.6)
MSXML 4.0 SP2 (KB973688)
neroxml
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenOffice.org 3.1
PC Tools AntiVirus Free
PDF Settings
PhotoScape
Portal
PVSonyDll
QuickTime
RadLight 4.0 FINAL
Realtek High Definition Audio Driver
Safari
Sharpener Pro 3.0
Silver Efex Pro
Steam
Team Fortress 2
The Sims™ 3
Uninstall 1.0.0.1
VCRedistSetup
Ventrilo Client
Viveza
VLC media player 1.0.5
Windows Media Player Firefox Plugin
Zune
Zune
Zune Language Pack (DE)
Zune Language Pack (ES)
Zune Language Pack (FR)
Zune Language Pack (IT)
i deleted all the registry files that the sites suggested... but i think i must have a new strain of the virus (pun, most certainly, intended :3). many of the names of files that AVG has caught (i will most likely be getting NOD32 after this is all cleared up 0.o") were never even mentioned on the sites i looked on...
here's a list of them all: neacrowmxs.exe, xwemorscan.exe, earmxocswn.exe, rfp.exe, 3u79iQG9.sys, WS9eI7.sys, Rfu.exe, Rwejoc.exe, Rwejoa.exe, and Rwejob.exe (sorry for the long list :X just wanted to include them all)...
i also deleted all the temp files that i could... there are only four remaining that are being stubborn. i've tried deleting them in safe mode, as well, but they just came back when i re-booted.
the only signs of me still having the virus: random pop-ups (even on safe sites) that i never had before, and of course the blocking of PCtools' update.
btw, if any of the programs i have on my computer are insecure or all around worthless, let me know, and i will remove them.
