Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

I cant install or use an online virus scanner

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

I cant install or use an online virus scanner

Unread postby jgbullock » October 29th, 2008, 4:45 am

Hello again. I recently got a new hard drive to fix the errors I was having the last time i was here. Bought vista, and got a trojan from something a week ago or so. I decided it would probably be best, at the time to just format both of my hard drives to fix this. Since I did that, I haven't been able to get a virus scanner downloaded, nor even get an online one to work properly (currently trying the windows live care, but im really not giving it much hope.) I' have even tried to download a firewall as well, and that hasn't worked either. I'm wondering if its something I got again, while unprotected, or if its something else. Here is my HJT log, hopefully this can be fixed again :(


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:31:33 AM, on 10/29/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\windows live safety center\wlschost.EXE
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe /H
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resour ... cctrl2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 3482 bytes
jgbullock
Regular Member
 
Posts: 16
Joined: September 14th, 2008, 10:46 pm
Top
Advertisement
Register to Remove

Re: I cant install or use an online virus scanner

Unread postby Katana » November 1st, 2008, 8:25 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
  1. Please Read All Instructions Carefully
  2. If you don't understand something, stop and ask! Don't keep going on.
  3. Please do not run any other tools or scans whilst I am helping you
  4. Please continue to respond until I give you the "All Clear"
    (Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly Image

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe

----------------------------------------------------------------------------------------

I apologize for the delay in responding, but as you can probably see the forums are quite busy.
Unfortunately there are far more people needing help than there are helpers.

If you still require help please do the following


Download and Run RSIT
  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester
Top

Re: I cant install or use an online virus scanner

Unread postby jgbullock » November 2nd, 2008, 3:57 am

Thank you for your reply, and I understand completely about your delay. No worries.


Incoming Great wall o' text (joking) It only popped up the log.txt file. But here it is.


Logfile of random's system information tool 1.04 (written by random/random)
Run by James at 2008-11-02 01:55:06
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 10 GB (36%) free of 29 GB
Total RAM: 1279 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:55:20 AM, on 11/2/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Microsoft Windows OneCare Live\WinSSNotifyE.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\James\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\James.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe /H
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 4123 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-10-28 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-10-28 34816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"CmPCIaudio"=RunDll32 CMICNFG3.CPL []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-10-28 136600]
"OneCareUI"=C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe [2008-08-08 67112]
"Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2008-02-29 76304]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2006-10-09 90191]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2006-10-09 7741440]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2006-10-09 81920]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RegistryMechanic"=C:\Program Files\Registry Mechanic\RMTray.exe [2008-07-03 812952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\OneCareMP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b34d890d-a58e-11dd-95e5-806e6f6e6963}]
shell\AutoRun\command - D:\setup.exe


======List of files/folders created in the last 1 months======

2008-11-02 01:51:58 ----D---- C:\inetpub
2008-11-01 23:25:11 ----D---- C:\Users\James\AppData\Roaming\Ventrilo
2008-11-01 23:23:06 ----D---- C:\Program Files\Ventrilo
2008-11-01 23:22:20 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-01 01:58:27 ----D---- C:\Program Files\Mindscape
2008-11-01 01:27:52 ----D---- C:\Users\James\AppData\Roaming\SystemRequirementsLab
2008-10-31 16:42:13 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-10-31 16:40:42 ----D---- C:\ProgramData\Adobe
2008-10-31 16:40:16 ----D---- C:\Program Files\Common Files\Adobe
2008-10-31 16:40:16 ----D---- C:\Program Files\Adobe
2008-10-31 16:37:28 ----D---- C:\ProgramData\NOS
2008-10-31 16:37:27 ----D---- C:\Program Files\NOS
2008-10-30 21:06:08 ----D---- C:\ProgramData\Apple
2008-10-30 21:06:08 ----D---- C:\Program Files\Apple Software Update
2008-10-29 21:37:34 ----D---- C:\ProgramData\LogiShrd
2008-10-29 21:37:14 ----D---- C:\Users\James\AppData\Roaming\Logitech
2008-10-29 21:34:10 ----A---- C:\Windows\system32\BtCoreIf.dll
2008-10-29 21:34:05 ----A---- C:\Windows\system32\KemXML.dll
2008-10-29 21:34:05 ----A---- C:\Windows\system32\KemWnd.dll
2008-10-29 21:34:05 ----A---- C:\Windows\system32\kemutb.dll
2008-10-29 21:34:04 ----A---- C:\Windows\system32\KemUtil.dll
2008-10-29 21:33:41 ----D---- C:\ProgramData\Logitech
2008-10-29 21:33:39 ----D---- C:\Program Files\Common Files\Logishrd
2008-10-29 21:33:32 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-29 21:33:32 ----D---- C:\Program Files\Logitech
2008-10-29 21:33:29 ----D---- C:\Users\James\AppData\Roaming\InstallShield
2008-10-29 17:27:17 ----A---- C:\Windows\system32\ltclr13n.dll
2008-10-29 17:27:17 ----A---- C:\Windows\system32\lftif13n.dll
2008-10-29 17:27:17 ----A---- C:\Windows\system32\lfjbg13n.dll
2008-10-29 17:27:17 ----A---- C:\Windows\system32\lfj2k13n.dll
2008-10-29 17:27:17 ----A---- C:\Windows\system32\lffax13n.dll
2008-10-29 17:27:17 ----A---- C:\Windows\system32\lfcmp13n.dll
2008-10-29 17:27:16 ----A---- C:\Windows\system32\ltkrn13n.dll
2008-10-29 17:27:16 ----A---- C:\Windows\system32\ltimg13n.dll
2008-10-29 17:27:16 ----A---- C:\Windows\system32\ltfil13n.dll
2008-10-29 17:27:16 ----A---- C:\Windows\system32\ltefx13n.dll
2008-10-29 17:27:16 ----A---- C:\Windows\system32\ltdis13n.dll
2008-10-29 17:26:10 ----D---- C:\Program Files\MFInstall
2008-10-29 17:01:50 ----D---- C:\ProgramData\Blizzard
2008-10-29 12:42:49 ----D---- C:\Program Files\Common Files\PX Storage Engine
2008-10-29 12:42:26 ----DC---- C:\Windows\system32\DRVSTORE
2008-10-29 12:35:49 ----D---- C:\Program Files\Microsoft Windows OneCare Live
2008-10-29 04:33:24 ----D---- C:\ProgramData\Stardock
2008-10-29 02:30:39 ----D---- C:\Program Files\Trend Micro
2008-10-29 02:09:58 ----D---- C:\Program Files\Windows Live Safety Center
2008-10-29 01:12:30 ----A---- C:\Windows\system32\win32spl.dll
2008-10-29 00:32:30 ----D---- C:\Program Files\Common Files\PC Tools
2008-10-29 00:31:55 ----D---- C:\Program Files\PC Tools AntiVirus
2008-10-28 19:45:29 ----A---- C:\Windows\system32\NVUNINST.EXE
2008-10-28 19:45:22 ----D---- C:\Program Files\Common Files\InstallShield
2008-10-28 19:40:46 ----D---- C:\Program Files\SystemRequirementsLab
2008-10-28 16:07:13 ----D---- C:\Program Files\Common Files\Steam
2008-10-28 13:13:31 ----A---- C:\Windows\system32\wersvc.dll
2008-10-28 13:13:31 ----A---- C:\Windows\system32\Faultrep.dll
2008-10-28 13:05:53 ----D---- C:\Windows\PCHEALTH
2008-10-28 13:01:20 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-10-28 13:00:51 ----D---- C:\Program Files\Windows Live
2008-10-28 13:00:13 ----D---- C:\ProgramData\WLInstaller
2008-10-28 04:47:54 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2008-10-28 02:41:29 ----D---- C:\Windows\Panther
2008-10-28 02:36:06 ----D---- C:\Users\James\AppData\Roaming\Malwarebytes
2008-10-28 02:35:54 ----D---- C:\ProgramData\Malwarebytes
2008-10-28 02:35:53 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-28 02:28:07 ----D---- C:\Windows.old.000
2008-10-28 02:17:39 ----AD---- C:\ProgramData\TEMP
2008-10-28 02:16:21 ----A---- C:\Windows\system32\STKIT432.DLL
2008-10-28 02:16:21 ----A---- C:\Windows\system32\msxml.dll
2008-10-28 02:16:17 ----D---- C:\Program Files\Registry Mechanic
2008-10-28 02:14:41 ----D---- C:\Program Files\uTorrent
2008-10-28 02:14:30 ----D---- C:\Users\James\AppData\Roaming\uTorrent
2008-10-28 02:04:50 ----D---- C:\Users\James\AppData\Roaming\WinRAR
2008-10-28 02:00:31 ----D---- C:\Windows\Internet Logs
2008-10-28 01:57:15 ----D---- C:\Program Files\WinRAR
2008-10-28 01:55:53 ----D---- C:\Windows\Debug
2008-10-28 01:48:58 ----D---- C:\Windows\SoftwareDistribution
2008-10-28 01:46:24 ----D---- C:\Program Files\Common Files\BitDefender
2008-10-28 01:42:15 ----D---- C:\Windows\Prefetch
2008-10-28 01:17:18 ----D---- C:\Users\James\AppData\Roaming\Macromedia
2008-10-28 01:17:18 ----D---- C:\Users\James\AppData\Roaming\Adobe
2008-10-28 01:12:32 ----A---- C:\Windows\system32\javaws.exe
2008-10-28 01:12:32 ----A---- C:\Windows\system32\javaw.exe
2008-10-28 01:12:32 ----A---- C:\Windows\system32\java.exe
2008-10-28 01:12:32 ----A---- C:\Windows\system32\deploytk.dll
2008-10-28 01:11:59 ----D---- C:\Program Files\Java
2008-10-28 01:09:54 ----D---- C:\Windows\system32\Macromed
2008-10-28 01:09:22 ----A---- C:\Windows\system32\tzres.dll
2008-10-28 01:03:29 ----A---- C:\Windows\system32\msshooks.dll
2008-10-28 01:03:28 ----A---- C:\Windows\system32\msscb.dll
2008-10-28 01:03:26 ----A---- C:\Windows\system32\thawbrkr.dll
2008-10-28 01:03:26 ----A---- C:\Windows\system32\SearchFilterHost.exe
2008-10-28 01:03:26 ----A---- C:\Windows\system32\propsys.dll
2008-10-28 01:03:26 ----A---- C:\Windows\system32\propdefs.dll
2008-10-28 01:03:26 ----A---- C:\Windows\system32\msstrc.dll
2008-10-28 01:03:26 ----A---- C:\Windows\system32\mssprxy.dll
2008-10-28 01:03:26 ----A---- C:\Windows\system32\mssitlb.dll
2008-10-28 01:03:26 ----A---- C:\Windows\system32\msshsq.dll
2008-10-28 01:03:25 ----A---- C:\Windows\system32\srchadmin.dll
2008-10-28 01:03:25 ----A---- C:\Windows\system32\korwbrkr.dll
2008-10-28 01:03:24 ----A---- C:\Windows\system32\wsepno.dll
2008-10-28 01:03:24 ----A---- C:\Windows\system32\rtffilt.dll
2008-10-28 01:03:24 ----A---- C:\Windows\system32\offfilt.dll
2008-10-28 01:03:24 ----A---- C:\Windows\system32\mimefilt.dll
2008-10-28 01:03:23 ----A---- C:\Windows\system32\xmlfilter.dll
2008-10-28 01:03:23 ----A---- C:\Windows\system32\nlhtml.dll
2008-10-28 01:03:23 ----A---- C:\Windows\system32\msscntrs.dll
2008-10-28 01:03:23 ----A---- C:\Windows\system32\chsbrkr.dll
2008-10-28 01:03:22 ----A---- C:\Windows\system32\tquery.dll
2008-10-28 01:03:22 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2008-10-28 01:03:22 ----A---- C:\Windows\system32\SearchIndexer.exe
2008-10-28 01:03:22 ----A---- C:\Windows\system32\chtbrkr.dll
2008-10-28 01:03:21 ----A---- C:\Windows\system32\mssvp.dll
2008-10-28 01:03:21 ----A---- C:\Windows\system32\mssrch.dll
2008-10-28 01:03:21 ----A---- C:\Windows\system32\mssphtb.dll
2008-10-28 01:03:21 ----A---- C:\Windows\system32\mssph.dll
2008-10-28 00:53:53 ----SHD---- C:\Windows\Installer
2008-10-28 00:41:39 ----A---- C:\Windows\system32\wmpeffects.dll
2008-10-28 00:40:31 ----A---- C:\Windows\system32\EncDec.dll
2008-10-28 00:40:28 ----A---- C:\Windows\system32\psisdecd.dll
2008-10-28 00:39:59 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-10-28 00:39:58 ----A---- C:\Windows\system32\gameux.dll
2008-10-28 00:39:57 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-10-28 00:39:42 ----A---- C:\Windows\system32\shell32.dll
2008-10-28 00:39:31 ----A---- C:\Windows\system32\rpcrt4.dll
2008-10-28 00:39:26 ----A---- C:\Windows\system32\pacerprf.dll
2008-10-28 00:39:18 ----A---- C:\Windows\system32\IPSECSVC.DLL
2008-10-28 00:39:05 ----A---- C:\Windows\system32\es.dll
2008-10-28 00:38:59 ----A---- C:\Windows\system32\netapi32.dll
2008-10-28 00:38:50 ----A---- C:\Windows\system32\inetcomm.dll
2008-10-28 00:38:33 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2008-10-28 00:38:27 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2008-10-28 00:37:57 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2008-10-28 00:35:38 ----A---- C:\Windows\system32\kd1394.dll
2008-10-28 00:35:37 ----A---- C:\Windows\system32\winresume.exe
2008-10-28 00:35:37 ----A---- C:\Windows\system32\winload.exe
2008-10-28 00:35:37 ----A---- C:\Windows\system32\ci.dll
2008-10-28 00:35:35 ----A---- C:\Windows\system32\srdelayed.exe
2008-10-28 00:35:35 ----A---- C:\Windows\system32\srcore.dll
2008-10-28 00:35:35 ----A---- C:\Windows\system32\srclient.dll
2008-10-28 00:35:35 ----A---- C:\Windows\system32\setbcdlocale.dll
2008-10-28 00:35:35 ----A---- C:\Windows\system32\rstrui.exe
2008-10-28 00:35:35 ----A---- C:\Windows\system32\kbd106n.dll
2008-10-28 00:35:06 ----A---- C:\Windows\system32\wshext.dll
2008-10-28 00:35:06 ----A---- C:\Windows\system32\wscript.exe
2008-10-28 00:35:06 ----A---- C:\Windows\system32\vbscript.dll
2008-10-28 00:35:06 ----A---- C:\Windows\system32\jscript.dll
2008-10-28 00:35:05 ----A---- C:\Windows\system32\scrrun.dll
2008-10-28 00:35:05 ----A---- C:\Windows\system32\scrobj.dll
2008-10-28 00:35:05 ----A---- C:\Windows\system32\cscript.exe
2008-10-28 00:30:50 ----D---- C:\Program Files\Belarc
2008-10-28 00:29:52 ----A---- C:\Windows\system32\mshtml.dll
2008-10-28 00:29:51 ----A---- C:\Windows\system32\ieframe.dll
2008-10-28 00:29:50 ----A---- C:\Windows\system32\urlmon.dll
2008-10-28 00:29:49 ----A---- C:\Windows\system32\wininet.dll
2008-10-28 00:29:48 ----A---- C:\Windows\system32\mstime.dll
2008-10-28 00:29:48 ----A---- C:\Windows\system32\iertutil.dll
2008-10-28 00:29:47 ----A---- C:\Windows\system32\jsproxy.dll
2008-10-28 00:29:38 ----A---- C:\Windows\system32\quartz.dll
2008-10-28 00:29:30 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-10-28 00:29:30 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-10-28 00:29:27 ----A---- C:\Windows\system32\emdmgmt.dll
2008-10-28 00:29:26 ----A---- C:\Windows\system32\dataclen.dll
2008-10-28 00:29:26 ----A---- C:\Windows\system32\cdd.dll
2008-10-28 00:29:08 ----A---- C:\Windows\system32\gdi32.dll
2008-10-28 00:25:41 ----D---- C:\Users\James\AppData\Roaming\Mozilla
2008-10-28 00:23:57 ----D---- C:\Users\James\AppData\Roaming\Xfire
2008-10-28 00:23:51 ----D---- C:\ProgramData\Xfire
2008-10-28 00:23:50 ----D---- C:\Program Files\Xfire
2008-10-28 00:22:47 ----D---- C:\Program Files\Mozilla Firefox
2008-10-28 00:01:16 ----D---- C:\Users\James\AppData\Roaming\Identities
2008-10-28 00:00:57 ----SD---- C:\Users\James\AppData\Roaming\Microsoft
2008-10-28 00:00:57 ----D---- C:\Users\James\AppData\Roaming\Media Center Programs
2008-10-26 22:53:31 ----HD---- C:\$AVG8.VAULT$
2008-10-25 02:43:46 ----RSHD---- C:\resycled
2008-10-21 01:11:50 ----A---- C:\EventLOG.txt
2008-10-11 01:56:19 ----D---- C:\Windows.old
2008-10-10 22:49:24 ----RAS---- C:\BOOTSECT.BAK
2008-10-10 22:48:11 ----SHD---- C:\Boot
2008-10-08 18:48:20 ----A---- C:\Windows\system32\xfcodec.dll

======List of files/folders modified in the last 1 months======

2008-11-02 01:54:59 ----D---- C:\Windows\Temp
2008-11-02 01:53:57 ----D---- C:\Windows\Microsoft.NET
2008-11-02 01:53:07 ----D---- C:\Windows\System32
2008-11-02 01:53:07 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-11-02 01:53:01 ----D---- C:\Windows\inf
2008-11-02 01:52:38 ----D---- C:\Windows
2008-11-02 01:52:04 ----D---- C:\Windows\winsxs
2008-11-02 01:52:04 ----D---- C:\Windows\system32\migration
2008-11-02 01:52:03 ----D---- C:\Windows\system32\inetsrv
2008-11-02 01:52:00 ----D---- C:\Windows\system32\en-US
2008-11-02 01:51:09 ----SHD---- C:\System Volume Information
2008-11-02 01:45:31 ----SD---- C:\Windows\Downloaded Program Files
2008-11-02 01:44:49 ----D---- C:\Windows\system32\drivers
2008-11-01 23:23:11 ----HD---- C:\Config.Msi
2008-11-01 23:23:06 ----RD---- C:\Program Files
2008-11-01 23:22:20 ----D---- C:\Program Files\Common Files
2008-10-31 16:40:42 ----HD---- C:\ProgramData
2008-10-31 05:54:40 ----D---- C:\Windows\system32\config
2008-10-30 14:03:38 ----D---- C:\Windows\system32\WDI
2008-10-29 21:36:37 ----D---- C:\Program Files\Common Files\microsoft shared
2008-10-29 21:36:24 ----D---- C:\Windows\system32\catroot
2008-10-29 21:35:13 ----D---- C:\Windows\system32\catroot2
2008-10-29 17:26:42 ----D---- C:\Windows\system32\Tasks
2008-10-29 12:59:07 ----SD---- C:\ProgramData\Microsoft
2008-10-29 12:54:38 ----SD---- C:\Windows\system32\Microsoft
2008-10-29 02:45:38 ----D---- C:\Windows\rescache
2008-10-28 20:49:22 ----D---- C:\Windows\system32\LogFiles
2008-10-28 19:46:57 ----D---- C:\Windows\Help
2008-10-28 15:28:54 ----SHD---- C:\$Recycle.Bin
2008-10-28 15:28:19 ----RD---- C:\Users
2008-10-28 06:45:58 ----D---- C:\Windows\Logs
2008-10-28 06:14:47 ----RSD---- C:\Windows\assembly
2008-10-28 06:06:18 ----D---- C:\Windows\AppPatch
2008-10-28 06:06:17 ----D---- C:\Windows\ehome
2008-10-28 06:06:16 ----D---- C:\Program Files\Windows Mail
2008-10-28 06:06:14 ----D---- C:\Windows\PolicyDefinitions
2008-10-28 06:06:10 ----D---- C:\Windows\system32\Boot
2008-10-28 02:08:39 ----D---- C:\Windows\system
2008-10-28 00:15:28 ----D---- C:\Windows\system32\restore
2008-10-15 02:49:48 ----D---- C:\downloads
2008-10-12 20:34:46 ----D---- C:\NVIDIA
2008-10-11 02:12:39 ----RASH---- C:\Boot.ini.saved
2008-10-07 11:19:42 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 MSFWHLPR;MSFWHLPR; C:\Windows\system32\DRIVERS\msfwhlpr.sys [2007-11-27 37440]
R2 MSFWDrv;MSFWDrv; C:\Windows\system32\DRIVERS\msfwdrv.sys [2007-11-27 91200]
R3 Alpham1;Ideazon ZBoard USB Human Interface Device; C:\Windows\system32\DRIVERS\Alpham1.sys [2007-07-23 42624]
R3 Alpham2;Ideazon ZBoard MM USB Human Interface Device; C:\Windows\system32\DRIVERS\Alpham2.sys [2007-03-20 18432]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter; C:\Windows\system32\DRIVERS\AN983.sys [2005-01-13 39040]
R3 cmuda3;C-Media PCI Audio Interface; C:\Windows\system32\drivers\cmuda3.sys [2005-10-28 1355456]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys [2008-02-29 28944]
R3 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2008-05-15 53168]
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\Windows\system32\drivers\nvax.sys [2005-04-13 53376]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm60x32.sys [2006-11-02 429056]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2006-10-09 4428160]
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\Windows\system32\drivers\nvapu.sys [2005-04-13 414464]
S3 bdfsfltr;bdfsfltr; C:\Windows\system32\DRIVERS\bdfsfltr.sys [2008-08-12 228672]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-20 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 msfwsvc;@C:\Program Files\Microsoft Windows OneCare Live\Firewall\\MSFWSVCResource.dll,-10000; C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe [2007-11-27 869952]
R2 NetPipeActivator;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-01-20 122880]
R2 NetTcpActivator;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-01-20 122880]
R2 OcHealthMon;Windows Live OneCare Health Monitor; C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe [2008-08-08 28200]
R2 OneCareMP;OneCare AntiSpyware and AntiVirus; C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe [2008-07-09 18704]
R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 winss;Windows Live OneCare; C:\Program Files\Microsoft Windows OneCare Live\winss.exe [2008-08-08 1126952]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2008-01-20 21504]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 scan;BitDefender Threat Scanner; C:\Windows\System32\svchost.exe [2008-01-20 21504]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2008-10-28 87288]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 NetMsmqActivator;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-01-20 122880]

-----------------EOF-----------------
jgbullock
Regular Member
 
Posts: 16
Joined: September 14th, 2008, 10:46 pm
Top

Re: I cant install or use an online virus scanner

Unread postby Katana » November 2nd, 2008, 6:17 am

Information

REMOVE P2P PROGRAMS

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

uTorrent

Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected.
The bad guys use P2P filesharing as a major conduit to spread their wares.

Go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red) NOW.

Post back a new HijackThis, so we can continue cleaning your pc.




Registry Cleaners

Re. RegistryMechanic

I don't personally recommend the use of ANY registry cleaners.
Here is an excerpt from a discussion on regcleaners
Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.
The point we are trying to make is that the risk of using one far outweighs any benefit.
If it does work perfectly you will not see any difference
If it doesn't work properly you may end up with an expensive doorstop.

http://forums.whatthetech.com/Regcleaner_t42862.html

----------------------------------------------------------- -----------------------------------------------------------

Step 1

Installed Programs

Please could you give me a list of the programs that are installed.
  • Start HijackThis
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
You will see a list with the programs installed in your computer.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad into your next post.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester
Top

Re: I cant install or use an online virus scanner

Unread postby jgbullock » November 3rd, 2008, 2:06 am

Programs deleted. Here's the HJT log for that.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:56:49 AM, on 11/2/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Microsoft Windows OneCare Live\WinSSNotifyE.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\James\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\James.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe /H
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 4081 bytes



Here is the second list that you asked for.


Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
Apple Software Update
Belarc Advisor 7.2
CDDRV_Installer
C-Media PCI Audio Driver
Counter-Strike
GTOneCare
HijackThis 2.0.2
Java(TM) 6 Update 10
KhalInstallWrapper
Logitech SetPoint
Malwarebytes' Anti-Malware
Microsoft Protection Service
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Live OneCare Resources v2.5.2900.15
Microsoft Windows OneCare Live AntiSpyware and AntiVirus
Microsoft Windows OneCare Live v2.5.2900.15
Microsoft Windows OneCare Live v2.5.2900.15 Idcrl Install
Mozilla Firefox (3.0.3)
PX Engine
RzE's CS Helper
Steam
System Requirements Lab
Ventrilo Client
Windows Live installer
Windows Live Messenger
Windows Live OneCare
Windows Live OneCare safety scanner
Windows Media Player Firefox Plugin
WinRAR archiver
World of Warcraft
Xfire (remove only)
jgbullock
Regular Member
 
Posts: 16
Joined: September 14th, 2008, 10:46 pm
Top

Re: I cant install or use an online virus scanner

Unread postby Katana » November 3rd, 2008, 6:42 am

Malwarebytes' Anti-Malware

  • Start MalwareBytes AntiMalware
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update
  • When the update is complete, select the Scanner tab
  • Select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt



Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester
Top

Re: I cant install or use an online virus scanner

Unread postby jgbullock » November 4th, 2008, 2:51 am

Ok. Here is the malware bytes log.



Malwarebytes' Anti-Malware 1.30
Database version: 1361
Windows 6.0.6001 Service Pack 1

11/4/2008 12:48:10 AM
mbam-log-2008-11-04 (00-48-10).txt

Scan type: Full Scan (C:\|)
Objects scanned: 109117
Time elapsed: 1 hour(s), 24 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)


Now here comes the confusion. I downloaded combofix, read about it then got lost. I understand somewhat what I am supposed to do, but the directions are slight foggy for vista. I use the DVD, then let the program run... but what do i do after that? Do i go back to the steps provided prior to redirecting me to that page? I didn't run this because of this confusion. If you would like me to still run it, could you dumb it down for me somewhat? Maybe because it was late that I wasnt reading it right? Dunno.
jgbullock
Regular Member
 
Posts: 16
Joined: September 14th, 2008, 10:46 pm
Top

Re: I cant install or use an online virus scanner

Unread postby Katana » November 4th, 2008, 8:36 am

On Vista you just need to disable your security programs and the double click Combofix.exe.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester
Top

Re: I cant install or use an online virus scanner

Unread postby Gary R » November 11th, 2008, 1:03 pm

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Top
Advertisement
Register to Remove
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 522 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index