Vista Virus help

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

UnionAdam

Thread Starter
Joined
Apr 7, 2010
Messages
10
Hey,

Yesterday pc was running fine, until I noticed my vista firewall disabled itself. Went to check that out and a window popped up with one of those fake virus checkers. It was something like 'vista security center 2008' being a bit wise to this I ended it in task manager, and ran malwarebytes and it found the registry change as it kept on popping us every 2 mins. Everything was fine until I ran my pc this morning.. vista aero all gone, no internet, no security center, sound disabled, not able to do a system restore. At first wasn't able to open any software but after a restart it seems to be just 3ds max which I can't open (I had this open for most of yesterday). I had a saved registry from about a week ago, and imported that but there was no change?!

bit stuck, any help appreciated.

cheers.
 
Joined
Apr 5, 2008
Messages
11,761
Howdy,

You could post your HijackThis log and see if anything shows up


Download HijackThis to your desktop
  • Close all open windows
  • Double click on HJTSetup.exe on your Desktop
  • Click Run and Install
  • It will install to Program files by default
  • it will launch Hijack This
  • Click on "scan system and save a logfile" usually in notepad
  • Copy and Paste the logfile in your next post
  • Using Ctrl+A to copy All and Ctrl+C to copy and Ctrl+V to paste.
 

UnionAdam

Thread Starter
Joined
Apr 7, 2010
Messages
10
thanks for the fast reply, here it is

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:56:41, on 07/04/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18444)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\ASUS Xonar DS Audio\Customapp\ASUSAUDIOCENTER.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Cmaudio8788] RunDll32 cmicnfgp.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
O4 - HKUS\S-1-5-21-4091216595-306757372-2768515776-1000\..\Run: [AdobeBridge] (User '?')
O4 - HKUS\S-1-5-21-4091216595-306757372-2768515776-1000\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.vexcast.com/download/vexcast.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 5950 bytes
 
Joined
Apr 5, 2008
Messages
11,761
So is the only problem now 3d Max.......what about your internet etc......as I only see one Service running
 

UnionAdam

Thread Starter
Joined
Apr 7, 2010
Messages
10
erm nope.. 3ds max is the only software that doesn't want to work out of the few I checked. But the taskbar etc. have all reverted to classic, like I said windows security center is turned off and defender comes up with an error messege when logging in, sound has been disabled as well.. no network either
 

UnionAdam

Thread Starter
Joined
Apr 7, 2010
Messages
10
can I use the vista disc (any disc? I can't find mine) to use the system restore from there, if its not working within the OS itself, even though im sure there are resore points that have been written.
 
Joined
Apr 5, 2008
Messages
11,761
OK...lets for now just check the sound

Check in Services to see that it in-fact has been started.

Go Start>>Run type services.msc click OK

Look down the list for Windows Audio..

Double click on it and check that is has been started (the start button will be greyed out)

and the startup type is Automatic
 

UnionAdam

Thread Starter
Joined
Apr 7, 2010
Messages
10
yeah mate,

it had actually been disabled. There is a lot of stuff here that has been disabled.. like windows defender/ windows firewall.. security center is on a delayed start as well (not sure if thats normal)
 

UnionAdam

Thread Starter
Joined
Apr 7, 2010
Messages
10
nope I double clicked and hit start and it said

'Windows could not start the windows audio service on Local computer. Error 1068: The dependency group or service failed to start'

I also restarted and tried, hmmm..
 
Joined
Apr 5, 2008
Messages
11,761
OK.....Go Start>>Run type services.msc click OK

Look down the list for Windows Audio.....again and double click it and this time look at dependencies and try and start them first...Remote Procedure Call is one I believe
 
Joined
Apr 5, 2008
Messages
11,761
Also check Go Start>>Run>> type..msconfig click OK

see that Normal startup is selected click apply restart the PC
 

UnionAdam

Thread Starter
Joined
Apr 7, 2010
Messages
10
ah not able to, when I hit dependencies tab I get the error message

'Win32: This service cannot be started, either because it is disabled or because it has no enabled devices associated with it' even though its set to automatic like you said
 
Joined
Apr 5, 2008
Messages
11,761
Also check Go Start>>Run>> type..msconfig click OK

Click on the Services tab and Enable All click Apply.....restart the PC
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top