an't get anything on computer

[mac122748]

try clicking and it does not display anything. click on internet icon home page displayed but will not let me go any ware else. also can not open anything else,,,,,please help

[Corrine]

Hi, mac122748.  Welcome to LandzDown Forum.

We will do our best to assist you.  However, in order to do so, please follow all instructions provided in the sequence given.  Do not install/re-install any programs or run any fixes or scanners that you have not been instructed to use.  This may cause conflicts with the tools being used in the cleanup process.   

If you have questions regarding any of the instructions or problems running any tools, please let us know.

Please follow the instructions below in the order provided.  Note that it may take more than one reply to get all the requested logs to post.

1.  Please restart the computer in Safe Mode with Networking. (To do this, turn your computer off and then back on and immediately when you see anything on the screen, start tapping the F8 key on your keyboard. Using the arrow keys on your keyboard, select Safe Mode with Networking and press Enter on your keyboard. Windows will now boot into safe mode with networking and prompt you to login as a user.) 

2.  Please download rkill from one of the following links and save to your Desktop:

One, Two,Three or Four

• Double-click rkill to run.
  
• A command window will open then disappear upon completion, this is normal.
  
• Please leave rkill on the Desktop until otherwise advised.
  
• Do NOT restart your computer after running rkill as the malware program(s) will start again.

Note: If you you receive security warnings about rkill, please ignore and allow the download to continue.

3.  Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  Update Malwarebytes' Anti-Malware and
  Launch Malwarebytes' Anti-Malware
• Click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, be sure Quick scan is selected, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
  
• Click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See the Note below)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Please post contents of that file in your next reply.

** Note **

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

4.  Download DDS.scr by sUBs from one of the following links and save it to your desktop.
Link 1
Link 2

• Double-Click dds.scr and a command window will appear. This is normal
• Shortly after two logs will appear, DDS.txt & Attach.txt
• A window will open instructing you save & post the logs
• Save the logs to a convenient place such as your desktop
• Copy the contents of both logs & post in your next reply

5.  Download Security Check by screen317 from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Requested logs:

Malwarebytes
Both DDS.txt and Attach.txt
checkup.txt

[mac122748]

Hi Corrine, thanks in advance for your help. I did everything but it din't find anything. it told me that it did not found any infection I did as you said and didn't find anything, I am confuse, by not finding any infected files. I am reloading the recovery disk for the second time. it does the same thing every time. do not what else to do it is my wifes computer and i got to fix it. Can I format the drive and then use the recovery to install>

thanks again

Mike

[Corrine]

Can you post the logs I requested, Mike?  I may be able to help.  DDS requires analysis, it does not pop up and tell you if the computer is infected. 

[mac122748]

Hi Corrine, this were the only reports that generated. It is not easy, because it keep going back to the same. Here are the reports, hope it help, because I do not know what else to do.

Thanks for your help

Mike

[Corrine]

 Results of screen317's Security Check version 0.99.17 
Windows Vista  (UAC is enabled)
Out of date service pack!![/b]
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled! 
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware   
````````````````````````````````
Process Check: 
objlist.exe by Laurent
``````````End of Log````````````

.
DDS (Ver_2011-06-23.01) - NTFSAMD64 NETWORK
Internet Explorer: 7.0.6001.18000
Run by Lelia Lay at 20:19:01 on 2011-07-24
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1033.18.6142.5357 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [Logitech Vid] "C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe" -bootmode
mRun: [RunAIShell] C:\Program Files\ASUS\AI Manager\AsShellApplication.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRunOnce: [GrpConv] grpconv -o
mRunOnce: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
StartupFolder: C:\Users\LELIAL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINZIP~1.LNK - C:\Program Files (x86)\WinZip\WZQKPICK.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{394D6345-0CF4-4070-8ADE-B888B29DCC40} : DhcpNameServer = 192.168.0.1
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
mRun-x64: [RunAIShell] C:\Program Files\ASUS\AI Manager\AsShellApplication.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun-x64: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRunOnce-x64: [GrpConv] grpconv -o
mRunOnce-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
.
============= SERVICES / DRIVERS ===============
.
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
S2 Device Handle Service;Device Handle Service;C:\Windows\SysWOW64\AsHookDevice.exe [2011-7-24 196608]
S2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-1-20 93696]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
S3 LVUVC64;Logitech QuickCam S5500(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
.
=============== Created Last 30 ================
.
2011-07-24 23:51:01   --------   d-----w-   C:\Users\Lelia Lay\AppData\Roaming\Malwarebytes
2011-07-24 23:50:54   41272   ----a-w-   C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-24 23:50:54   --------   d-----w-   C:\ProgramData\Malwarebytes
2011-07-24 23:50:51   25912   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2011-07-24 23:50:51   --------   d-----w-   C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-07-24 21:27:17   --------   d-----w-   C:\Users\Lelia Lay\AppData\Local\LogiShrd
2011-07-24 20:07:18   --------   d-sh--w-   C:\Windows\Installer
2011-07-24 20:06:40   221184   ----a-w-   C:\Windows\SysWow64\drivers\ServiceHelp.dll
2011-07-24 20:06:40   196608   ----a-w-   C:\Windows\SysWow64\AsHookDevice.exe
2011-07-24 20:06:39   --------   d-----w-   C:\Program Files\ASUS
2011-07-24 20:05:29   410656   ----a-w-   C:\Windows\System32\nvcpl.cpl
2011-07-24 20:05:29   2112544   ----a-w-   C:\Windows\System32\nvcplui.exe
2011-07-24 20:05:29   1097248   ----a-w-   C:\Windows\System32\nvcpluir.dll
2011-07-24 20:05:02   501280   ----a-w-   C:\Windows\System32\nvudisp.exe
2011-07-24 20:04:38   501280   ----a-w-   C:\Windows\System32\NVUNINST.EXE
2011-07-24 20:01:29   609280   ----a-w-   C:\Windows\System32\drivers\netr28x.sys
2011-07-24 20:01:29   305152   ----a-w-   C:\Windows\System32\RaCoInstx.dll
2011-07-24 20:01:29   --------   d-----w-   C:\ProgramData\Wireless LAN Card
2011-07-24 20:01:03   24576   ----a-r-   C:\Windows\SysWow64\AsIO.dll
2011-07-24 20:01:03   14392   ----a-r-   C:\Windows\SysWow64\drivers\AsIO.sys
2011-07-24 20:01:01   11832   ----a-w-   C:\Windows\SysWow64\drivers\AsInsHelp64.sys
2011-07-24 20:01:01   10216   ----a-w-   C:\Windows\SysWow64\drivers\AsInsHelp32.sys
2011-07-24 20:01:01   --------   d-----w-   C:\Program Files (x86)\ASUS
2011-07-24 20:00:50   77824   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-07-24 20:00:50   32768   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-07-24 20:00:50   225280   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2011-07-24 20:00:50   176128   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-07-24 19:59:16   67584   ----a-w-   C:\Windows\System32\RtNicProp64.dll
2011-07-24 19:59:16   195584   ----a-w-   C:\Windows\System32\drivers\Rtlh64.sys
2011-07-24 19:55:16   --------   d-----w-   C:\Windows\SysWow64\RTCOM
2011-07-24 19:55:16   --------   d-----w-   C:\Program Files\Realtek
2011-07-24 19:50:17   53248   ----a-r-   C:\Windows\SysWow64\CSVer.dll
2011-07-24 19:50:01   --------   d-----w-   C:\Intel
2011-07-24 19:49:54   15680   ----a-w-   C:\Windows\System32\drivers\ASACPI.sys
2011-07-24 09:19:09   82944   ----a-w-   C:\Windows\System32\Spool\prtprocs\x64\CNMPP8Z.DLL
2011-07-24 09:19:09   27648   ----a-w-   C:\Windows\System32\Spool\prtprocs\x64\CNMPD8Z.DLL
2011-07-24 09:19:03   258560   ----a-w-   C:\Windows\System32\CNMLM8Z.DLL
2011-07-24 09:18:47   98304   ----a-w-   C:\Windows\SysWow64\cabview.dll
2011-07-24 09:18:47   104960   ----a-w-   C:\Windows\System32\cabview.dll
2011-07-24 09:18:46   218112   ----a-w-   C:\Windows\System32\wintrust.dll
2011-07-24 09:18:46   171520   ----a-w-   C:\Windows\SysWow64\wintrust.dll
2011-07-24 09:08:19   2621440   ----a-w-   C:\Windows\System32\wucltux.dll
2011-07-24 09:07:56   98816   ----a-w-   C:\Windows\System32\wudriver.dll
2011-07-24 09:07:56   87552   ----a-w-   C:\Windows\SysWow64\wudriver.dll
2011-07-24 09:07:50   36864   ----a-w-   C:\Windows\System32\wuapp.exe
2011-07-24 09:07:50   33792   ----a-w-   C:\Windows\SysWow64\wuapp.exe
2011-07-24 09:07:50   185416   ----a-w-   C:\Windows\System32\wuwebv.dll
2011-07-24 09:07:50   171608   ----a-w-   C:\Windows\SysWow64\wuwebv.dll
.
==================== Find3M  ====================
.
2011-07-24 19:54:54   525792   ----a-w-   C:\Windows\DIFxAPI.dll
.
============= FINISH: 20:19:19.70 ===============

[Corrine]

Hi, Mike. 

I didn't post the MBAM log but added SecurityCheck and DDS, even though in safe mode, a lot isn't shown.  As a result, let's see if the following will make a difference.  Please copy/paste the log as a reply rather than attaching it.

Please follow these instructions carefully.

Download ComboFix from one of the following locations:

Link 1
Link 2

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray. 

Note:  If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum:  How to disable your security applications.

Now, please run ComboFix:

• Note:  If infections are found, ComboFix will automatically reboot the machine to complete the removal process.  Please ensure all opened windows are closed before proceeding.
• Double-click ComboFix.exe on your desktop and follow the prompts.
• As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  Please note: If the Microsoft Windows Recovery Console is already installed on the computer, ComboFix will continue the malware removal procedures.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
• When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  
  


• After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  
  


• Click "Yes" to continue scanning for malware.


• When finished, a log will be produced. Please include the C:\ComboFix.txt in your next reply.

[mac122748]

Hi Corrine, did what you sent me, ran it it boot and I can't even enter the password to log in to windows.
Will it help if I format that drive and then use the recovery disk to install windows?

Thanks for your help, bet you are getting tired of me!
Please let me know if is not tuoo much trouble

Mike

[mac122748]

I can boot in safe mode, and if I take too much time it start not letting me key in anything. I am not a computer expert, but with so much program out there something could be done.
It does not make sence it started from one day to another, my wife just play in facebook and check her emails.

Mike

[Corrine]

Hi, Mike. 

The instructions at Repair Install For Vista - Vista Forums should be helpful. 

Note:  Be sure to scroll down past the advertisement which repeats the tutorial title to the section showing the publication information:

How To Perform a Repair Installation For Vista
Published by Brink
08-27-2007