MSN B'defender problems may have virus...scan report incl.

Welcome to Major Geeks!

I'm not sure if your problems are due to malware. Let's find out.

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

• READ & RUN ME FIRST. Malware Removal Guide

• If something does not run, write down the info to explain to us later but keep on going.

• Do not assume that because one step does not work that they all will not.

Notes:

1. If you run into problems trying to run theREAD & RUN ME or any of the scans in normal boot mode. You can running steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
   
   • Starting your computer in Safe mode
2. If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.

 

If you installed USDownloader-Lite, perhaps you should uninstall it and delete all files from it since it appears to be at least one of the sources of your problems.

The ones the procedure requested. The below is quoted from the cleaning procedure.

 

As I stated, uninstall the program if it is installed. If it is not installed, just delete the files. It is not a system file and is not required by Windows.

I'm not sure what this is but let's see your logs first. Are you on a private domain (like a company domain/network)?

 

You need to attach the other 2 requested logs.

 

The instructions in the cleaning procedure explain how to get the logs.

Yes but I need to see those logs to know what problems may have been found. That info tells me what else I may need to be looking for. It also may indicated possible failures to fix something.

Does this happen all the time?

 

Stop looking and do what the instructions tell you to do to find the logs.

Based on the only logs you have attached, you do not have malware problems. You only have a severely cluttered Desktop that you need to fix. You need to stop downloading things to your Desktop. You even have duplicates of many files saved there.

 

These all sound like problems within your Windows Operating System

 

Please download the current version of MGtools.exe to C:\MGtools.exe and run it to produce a new MGlogs.zip file. Attach the new log.

Try shutting down your download manager and then do your update. Are you referring to a Windows Update?

 

You're welcome.

Okay this answers one question. Your logs from SAS and MBAM are right where they are supposed to be.

Code:

"C:\Documents and Settings\Kamran Malik\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs\"
supera~1.log   7 Aug 2008         465  "SUPERAntiSpyware Scan Log - 08-07-2008 - 14-42-36.log"
                                                                              
"C:\Documents and Settings\Kamran Malik\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\"
mb6548~1.txt   7 Aug 2008         813  "mbam-log-8-7-2008 (19-44-02).txt"
mbam-l~1.txt   4 Aug 2008        1194  "mbam-log-8-4-2008 (18-28-32).txt"
mbam-l~2.txt   6 Aug 2008         830  "mbam-log-8-6-2008 (20-51-14).txt"
mbam-l~3.txt   7 Aug 2008         895  "mbam-log-8-7-2008 (17-58-00).txt"
mbam-l~4.txt   7 Aug 2008         813  "mbam-log-8-7-2008 (18-54-33).txt"

Based on the size of the only SAS log, it probably found nothing. The first MBAM log from 8/4/2008 may have something in it. The others probably have nothing of interest except maybe something in the one that is 895 bytes. Attach the MBAM log from 8/4.

 

One other thing occurred to me. In message #1 you stated that BitDefender stopped working. I suggest that you uninstall it now since it may be corrupted. After uninstalling, reboot and see if there is any noticeable change to any problems.

You should also uninstall SpywareGuard because it is too old and out of date to be of any real use anymore.

Also a program for Roxio may be broken according to the below service:
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\KAMRAN~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)

Is that file really mising?

What is the below for?
O23 - Service: TeamViewer 3 (TeamViewer) - Unknown owner - C:\Program Files\TeamViewer3\TeamViewer_Host.exe

 

I will give you some steps below to manually remove it.

Then ignore it. No I have no idea what it is for, but it is a totally stupid place for them to put a service in a temp folder which is always prone to deletion.


If you have not already cleaned up your Desktop as suggested, you should do this immediately.

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"

After clicking Fix, exit HJT.


Now we need to use ComboFix to remove a bunch of malware files.

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).


Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!



As far as all of your problems go, they are not related to malware. And you probably need to reinstalled Windows Live Messenger since one the files for a service seems to be missing:

Code:

O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\Windows Live\Messenger\usnsvc.exe (file missing)

 

Only the same as requested in the original READ & RUN ME instructions and that is just clean temp files and nothing else.

 

Well BitDefender appears to be gone now! Do you plan on using it again? If yes, you can try reinstalling it to see if it will work properly.

All of these may not be related to malware. You need to check your Event Viewer logs ( a Software Forum topic) to see why the IE application is crashing. Windows Update and HP Update issues are also topics for the Software Forum. Windows Update has many many reasons for not working.

Also not a malware issue. I will take a quick stab at something. Uninstall it and DO NOT reinstall yet until I suggest that you do. Just reboot your PC and then attach a new MGlogs.zip file after running the C:\MGtools\GetLogs.bat program again.

 

You're welcome.

Well we don't like security suites since they are normally resource hogs. It is more a matter of choice and ease for you the end user. Do you mind paying and would you rather have one program that gets all your updates automatically? And does the performance hit bother you?

What we recommend (based primarily on free software) is in the below link:

How to Protect yourself from malware!

Then just try reinstalling over what you already have. Other than that, I suggest you post in the Software Forum for this.

 

I don't recommend any of the paid Internet Security Suites as they are all massive resource hogs and too expensive considering the fact that they do not work very well. And I'm not particularly fond of any of the paid AV programs (if you can find one that is only an AV) either. Although NOD32 and Kaspersky are pretty good.

Use any one of the free AV programs in the link I gave you. For realtime spyware protection, purchase SUPERAntiSpyware. Use one of the free software firewalls and also use a router with a hardware firewall. Do this along with the other tips and you should be fine. The most important part of your protection is the person sitting in front of the computer.

 

Personally I don't like them, but if I do use one I just use it to get a report for items that I may want to cleanup from an application that did not properly uninstall itself (most do not). And then I selectively remove only what I want to remove. You will get a variety of opinions on using registry cleaners.

If you do decide to use any registry cleaner, it would be a very good idea for you to create a System Restore point first, and also do a full registry backup with a program like Erunt first.

There have been many cases where aggressive registry cleaning can remove entries required for some programs to operate and it could cause a PC to become unbootable. This is a rare case. Many people use tools like CCleaner all the time without issue. I'm just warning you of possibilities. Some people will tell you that cleaning the registry improves performance others will tell you that the any performance change is insignificant. I tend to believe that overall they may help, but I prefer to go by the old rule "if it ain't broke, don't fix it".

This is not really a malware topic and you would get more opinions/feedback in the Software Forum if you with to discuss it further.