1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Vista Virus help

Discussion in 'Virus & Other Malware Removal' started by UnionAdam, Apr 7, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. UnionAdam

    UnionAdam Thread Starter

    Joined:
    Apr 7, 2010
    Messages:
    10
    Hey,

    Yesterday pc was running fine, until I noticed my vista firewall disabled itself. Went to check that out and a window popped up with one of those fake virus checkers. It was something like 'vista security center 2008' being a bit wise to this I ended it in task manager, and ran malwarebytes and it found the registry change as it kept on popping us every 2 mins. Everything was fine until I ran my pc this morning.. vista aero all gone, no internet, no security center, sound disabled, not able to do a system restore. At first wasn't able to open any software but after a restart it seems to be just 3ds max which I can't open (I had this open for most of yesterday). I had a saved registry from about a week ago, and imported that but there was no change?!

    bit stuck, any help appreciated.

    cheers.
     
  2. Megabite

    Megabite

    Joined:
    Apr 5, 2008
    Messages:
    11,761
    Howdy,

    You could post your HijackThis log and see if anything shows up


    Download HijackThis to your desktop
    • Close all open windows
    • Double click on HJTSetup.exe on your Desktop
    • Click Run and Install
    • It will install to Program files by default
    • it will launch Hijack This
    • Click on "scan system and save a logfile" usually in notepad
    • Copy and Paste the logfile in your next post
    • Using Ctrl+A to copy All and Ctrl+C to copy and Ctrl+V to paste.
     
  3. UnionAdam

    UnionAdam Thread Starter

    Joined:
    Apr 7, 2010
    Messages:
    10
    thanks for the fast reply, here it is

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:56:41, on 07/04/2010
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18444)
    Boot mode: Normal

    Running processes:
    C:\Windows\Explorer.EXE
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\ASUS Xonar DS Audio\Customapp\ASUSAUDIOCENTER.EXE
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    O4 - HKLM\..\Run: [Cmaudio8788] RunDll32 cmicnfgp.cpl,CMICtrlWnd
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
    O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
    O4 - HKUS\S-1-5-21-4091216595-306757372-2768515776-1000\..\Run: [AdobeBridge] (User '?')
    O4 - HKUS\S-1-5-21-4091216595-306757372-2768515776-1000\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.vexcast.com/download/vexcast.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

    --
    End of file - 5950 bytes
     
  4. Megabite

    Megabite

    Joined:
    Apr 5, 2008
    Messages:
    11,761
    So is the only problem now 3d Max.......what about your internet etc......as I only see one Service running
     
  5. UnionAdam

    UnionAdam Thread Starter

    Joined:
    Apr 7, 2010
    Messages:
    10
    erm nope.. 3ds max is the only software that doesn't want to work out of the few I checked. But the taskbar etc. have all reverted to classic, like I said windows security center is turned off and defender comes up with an error messege when logging in, sound has been disabled as well.. no network either
     
  6. UnionAdam

    UnionAdam Thread Starter

    Joined:
    Apr 7, 2010
    Messages:
    10
    can I use the vista disc (any disc? I can't find mine) to use the system restore from there, if its not working within the OS itself, even though im sure there are resore points that have been written.
     
  7. Megabite

    Megabite

    Joined:
    Apr 5, 2008
    Messages:
    11,761
    OK...lets for now just check the sound

    Check in Services to see that it in-fact has been started.

    Go Start>>Run type services.msc click OK

    Look down the list for Windows Audio..

    Double click on it and check that is has been started (the start button will be greyed out)

    and the startup type is Automatic
     
  8. UnionAdam

    UnionAdam Thread Starter

    Joined:
    Apr 7, 2010
    Messages:
    10
    yeah mate,

    it had actually been disabled. There is a lot of stuff here that has been disabled.. like windows defender/ windows firewall.. security center is on a delayed start as well (not sure if thats normal)
     
  9. Megabite

    Megabite

    Joined:
    Apr 5, 2008
    Messages:
    11,761
    So you may have to restart your PC...but do you have sound now?
     
  10. UnionAdam

    UnionAdam Thread Starter

    Joined:
    Apr 7, 2010
    Messages:
    10
    nope I double clicked and hit start and it said

    'Windows could not start the windows audio service on Local computer. Error 1068: The dependency group or service failed to start'

    I also restarted and tried, hmmm..
     
  11. Megabite

    Megabite

    Joined:
    Apr 5, 2008
    Messages:
    11,761
    OK.....Go Start>>Run type services.msc click OK

    Look down the list for Windows Audio.....again and double click it and this time look at dependencies and try and start them first...Remote Procedure Call is one I believe
     
  12. Megabite

    Megabite

    Joined:
    Apr 5, 2008
    Messages:
    11,761
    Also check Go Start>>Run>> type..msconfig click OK

    see that Normal startup is selected click apply restart the PC
     
  13. UnionAdam

    UnionAdam Thread Starter

    Joined:
    Apr 7, 2010
    Messages:
    10
    ah not able to, when I hit dependencies tab I get the error message

    'Win32: This service cannot be started, either because it is disabled or because it has no enabled devices associated with it' even though its set to automatic like you said
     
  14. Megabite

    Megabite

    Joined:
    Apr 5, 2008
    Messages:
    11,761
    OK...check post #12
     
  15. Megabite

    Megabite

    Joined:
    Apr 5, 2008
    Messages:
    11,761
    Also check Go Start>>Run>> type..msconfig click OK

    Click on the Services tab and Enable All click Apply.....restart the PC
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/915302

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice