Not too sure what im doing help please

[drgnlesx]

i think i have a virus, when ever i download a anti virus eg: spybot mbam or whatever when i try to open it , it says the download has been corrupted so i googled that and a yahoo answers told me to come here and post my hig jack this log , if anyone can help me out it would be greatly appriciated, thank you

hijackthis.log

[screen317]

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

[drgnlesx]

thanks for the reply

mbam-log-2012-07-25 (00-05-35).txt

dds.txt

[drgnlesx]

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

[screen317]

Hi,

In the future, please post all logs directly into your reply instead of attaching them. With that said, please update MBAM, run a Quick Scan, and post its log.

Next, run DDS again and post DDS.txt in your reply.

Also, don't use the "Quote" button to reply. Just use the box at the bottom of the page.

[drgnlesx]

ok.... my computer wont even boot up now, it's just a black screen now, green power button is on but all i see is a black screen, occasionally if i boot up enough time i would see that start up page, than it would just go black screen of nothing again, any ideas ?

P.s for the last couple of days its been like that but i just left it because after the 2nd try it would actually boot up, now nada i know this isnt the logs but if you can help it be great

[drgnlesx]

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.24.12

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

HELLO :: HELLO-8DCF7D175 [administrator]

7/24/2012 11:56:08 PM

mbam-log-2012-07-24 (23-56-08).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 183908

Time elapsed: 9 minute(s), 11 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 2

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Data: 1 -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Data: 1 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\WINDOWS\Installer\{079ca04c-0739-d2ab-fc44-ecadadd11c39}\U\00000004.@ (Rootkit.Zaccess) -> Quarantined and deleted successfully.

(end)

[drgnlesx]

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31

Run by HELLO at 18:20:32 on 2012-07-26

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3583.2641 [GMT -4:00]

.

AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: AVG Firewall *Enabled*

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG2012\avgfws.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\VistaDrive\VistaDrive.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\AVG\AVG2012\avgemcx.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\yzshadow\yzshadow.exe

C:\WINDOWS\system32\visualtasktips\visualtasktips.exe

C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

C:\Program Files\SAMSUNG\Samsung PC Studio 7\PCSuite.exe

C:\Program Files\Rainmeter\Rainmeter.exe

C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [yzshadow] c:\windows\system32\yzshadow\yzshadow.exe

uRun: [visualtasktips] c:\windows\system32\visualtasktips\visualtasktips.exe

uRun: [TransBar] c:\windows\system32\transbar\TransBar.exe /s

uRun: [steam] "c:\program files\steam\Steam.exe" -silent

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"

uRun: [s60 PC Suite Tray] "c:\program files\samsung\samsung pc studio 7\PCSuite.exe" -onlytray

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [VistaDrive] c:\windows\vistadrive\VistaDrive.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe

mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

dRun: [TransBar] c:\windows\system32\transbar\TransBar.exe /s

dRun: [visualtasktips] c:\windows\system32\visualtasktips\visualtasktips.exe

dRun: [yzshadow] c:\windows\system32\yzshadow\yzshadow.exe

dRun: [samsung.PCSync] "c:\program files\samsung\samsung pc studio 7\PcSync2.exe" /NoDialog

dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

StartupFolder: c:\docume~1\hello\startm~1\programs\startup\rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exe

uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

Trusted Zone: vizzed.com\www

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 167.206.254.1 167.206.254.2

TCP: Interfaces\{44518A43-8DC8-417B-9918-C164B282F93A} : DhcpNameServer = 167.206.254.1 167.206.254.2

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\hello\application data\mozilla\firefox\profiles\h67onzts.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll

FF - plugin: c:\documents and settings\hello\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\browser\nppdf32(2).dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

FF - plugin: c:\program files\vizzed\vizzed retro game room\NpVizzedRgr.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]

R0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys [2012-7-24 149272]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]

R2 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe [2011-11-23 2391832]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2011\TuneUpUtilitiesService32.exe [2011-12-8 1527104]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2011-5-23 30944]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2011-12-15 193640]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2011\TuneUpUtilitiesDriver32.sys [2011-5-18 10064]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-12-15 1691480]

S3 apf001;apf001;\??\c:\game\softnyxgame\gunboundis\apf001.sys --> c:\game\softnyxgame\gunboundis\apf001.sys [?]

S3 arusb(TP-LINK);Wireless Network Adapter Service(TP-LINK);c:\windows\system32\drivers\arusb.sys [2011-12-15 598528]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2011-5-23 30944]

S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]

S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-12-15 18432]

.

=============== Created Last 30 ================

.

2012-07-26 20:44:34 -------- d-sha-r- C:\cmdcons

2012-07-26 20:43:05 98816 ----a-w- c:\windows\sed.exe

2012-07-26 20:43:05 518144 ----a-w- c:\windows\SWREG.exe

2012-07-26 20:43:05 256000 ----a-w- c:\windows\PEV.exe

2012-07-26 20:43:05 208896 ----a-w- c:\windows\MBR.exe

2012-07-25 06:36:40 -------- d-----w- c:\program files\Lame For Audacity

2012-07-25 05:39:57 -------- d-----w- c:\program files\Audacity

2012-07-25 05:32:23 -------- d-----w- c:\documents and settings\hello\local settings\application data\WMTools Downloaded Files

2012-07-25 03:55:27 -------- d-----w- c:\documents and settings\hello\application data\Malwarebytes

2012-07-25 03:55:17 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-25 03:55:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-25 03:55:17 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-07-25 03:41:19 388096 ----a-r- c:\documents and settings\hello\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2012-07-25 03:41:18 -------- d-----w- c:\program files\Trend Micro

2012-07-24 22:19:41 -------- d-----w- c:\documents and settings\hello\DoctorWeb

2012-07-24 21:35:57 149272 ----a-w- c:\windows\system32\drivers\dwprot.sys

2012-07-24 21:28:34 -------- d-----w- c:\windows\pss

2012-07-24 20:43:24 -------- d-----w- c:\windows\system32\wbem\repository\FS

2012-07-24 20:43:24 -------- d-----w- c:\windows\system32\wbem\Repository

2012-07-22 23:29:03 -------- d-sh--w- c:\documents and settings\hello\IECompatCache

2012-07-21 23:32:06 -------- d-----w- c:\program files\Diablo III.temp

2012-07-17 22:20:19 -------- d-----w- c:\windows\ie8updates

2012-07-17 20:59:29 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-07-17 20:59:29 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-07-17 20:59:29 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-07-17 20:59:28 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

.

==================== Find3M ====================

.

2012-05-11 12:12:55 385024 ----a-w- c:\windows\system32\html.iec

.

============= FINISH: 18:20:49.39 ===============

[screen317]

Hi,

Can you boot successfully now?

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

[screen317]

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

[screen317]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!