joshstegall

Members
 View Profile  See their activity

  • Content Count

    4

  • Joined

  • Last visited

 Content Type 

Posts posted by joshstegall

  1. Virus Removed, Still Cant Update Windows

    in Malware Removal

    Posted

    I am having a hard time making it through the e-secure scan without it shutting down. I made it 2 hours in last time. Is there anyway that I could get rid of if by deleting the entire hard drive. I have already installed windows several times and that did not do anything. I am not worried about file loss though, if there are any other possibilities. Thanks so much for all of your help thus far!

  2. Virus Removed, Still Cant Update Windows

    in Malware Removal

    Posted

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 11:03:41 PM, on 4/12/2008

    Platform: Windows XP SP1 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\System32\atievxx.exe

    C:\Program Files\Spyware Doctor\pctsAuxs.exe

    C:\WINDOWS\System32\servupdate.exe

    C:\Program Files\Spyware Doctor\pctsTray.exe

    C:\Program Files\Spyware Doctor\pctsSvc.exe

    C:\WINDOWS\System32\wuauclt.exe

    C:\WINDOWS\System32\wbem\wmiprvse.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    C:\WINDOWS\System32\wuauclt.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

    O4 - HKLM\..\Run: [Windows USB Monitor] servupdate.exe

    O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

    O4 - HKLM\..\RunServices: [Windows USB Monitor] servupdate.exe

    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.trendmicro-europe.com/ho...ivex/hcImpl.cab

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1207971326210

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207972206296

    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

    O23 - Service: Windows Task Services (TASKMNGR) - Unknown owner - C:\WINDOWS\system\taskmngr.exe (file missing)

    --

    End of file - 2454 bytes

  3. Virus Removed, Still Cant Update Windows

    in Malware Removal

    Posted

    Walwarebytes did not find anything. I have attatched the two requested. I will reply with the new hijackthis log in just a minute.

    Still infected.

    Next download Malwarebytes' Anti-Malware from Here or Here

    Double Click mbam-setup.exe to install the application.

    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

    Please download ATF Cleaner by Atribune.

    This program is for XP and Windows 2000 only

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.

    If you use Firefox browser

    • Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser

    • Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    Click Exit on the Main menu to close the program.

    For Technical Support, double-click the e-mail address located at the bottom of each menu.

    REBOOT

    Next download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

    • Close any open browsers.
    • If your Real protection or Antivirus intervenes with OTScanIt, allow it to run.
    • Open the OTScanit folder and double-click on OTScanit.exe to start the program.
      (Vista users, please right click on OtScanIt.exe and select "Run as an Administrator")
    • Leave all the setting to the default except as noted below
      • Check the box for Scan all user accounts
      • Under Additional Scans sections, check the following
        • Reg - BotCheck
        • File - Additional Folder Scan

      [*]Now click the Run Scan button on the toolbar.

      [*]The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.

      [*]When the scan is complete Notepad will open with the report file loaded in it.

      [*]Save that notepad file

    Since the log is too large to post, use the ADDREPLY button, scroll down to the attachments section and attach the notepad file here.

    OTScanIt.Txt

    mbam_log_4_12_2008__22_41_19_.txt

  4. Virus Removed, Still Cant Update Windows

    in Malware Removal

    Posted

    I used Norton and resolved 1 virus. I still cant update virus definitions or windows. Here is the log file. Thanks!

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 6:35:29 PM, on 4/11/2008

    Platform: Windows XP SP1 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\System32\atievxx.exe

    C:\Program Files\Norton AntiVirus\navapsvc.exe

    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

    C:\WINDOWS\mrofinu1001186.exe

    C:\Program Files\Common Files\Symantec Shared\ccApp.exe

    C:\Program Files\Messenger\msmsgs.exe

    C:\WINDOWS\rundll32.exe

    C:\Program Files\Alltel\QuickLink Mobile\QuickLink Mobile.exe

    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

    C:\WINDOWS\System32\wpabaln.exe

    C:\Program Files\Symantec\LiveUpdate\AUpdate.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\PROGRA~1\NORTON~1\IWP\Aleupdat.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll

    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll

    O4 - HKLM\..\Run: [AutoInclude] C:\WINDOWS\TEMP\DIL78.tmp

    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1001186.exe 61A847B5BBF72813329B39577AFF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310

    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [sSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"

    O4 - HKCU\..\Run: [Microsoft Windows Driver] C:\WINDOWS\rundll32.exe

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    O4 - HKUS\S-1-5-18\..\Run: [Microsoft Windows Driver] C:\WINDOWS\rundll32.exe (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [Microsoft Windows Driver] C:\WINDOWS\rundll32.exe (User 'Default user')

    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1207935888402

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207948535999

    O17 - HKLM\System\CCS\Services\Tcpip\..\{5502C19E-B634-45F7-A58E-30E35966212E}: NameServer = 166.102.165.11 166.102.165.13

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    --

    End of file - 4530 bytes