Computer Hope
Software => Computer viruses and spyware => Topic started by: Altezza on May 05, 2009, 08:08:01 AM
-
hi there,
I've got a teeny bit of an emergency here...and I feel ill about it... :-X
Compaq Presario 2500, using Windows XP, Professional, Version 2002, SP2. Intel (R) Celeron(R) CPU 2.60GHz, 2.59 GHz 448 MB of RAM. The router is a "Netgear" system (Rangemax Wireless -N Notebook Adapter).
Anyway, this morning I went to turn on the computer and the Avira Antivirus that I have, alerted me to the fact that some virus was attempting to do something evil. I've had this alert before for other viruses, so I wasn't terribly concerned. I just chose the option "send to quarantine," and thought that would be the end of it. Well, it was the end of my computer! I can log onto Windows, my wallpaper comes up...and then that's it, nothing else. No icons, no bar at the bottom, no nothing!! I can still get Task Manager to come up, but nothing else.
I tried rebooting in Safe Mode, both under Admin and under my user profile...same thing happens. I can log in...then I just get a blank screen....
Please, please, please....if anyone can help me.... :-\
-
http://www.computerhope.com/forum/index.php/topic,46313.0.html
go to above and post 3 logs an expert will see tham , harry
-
I'm sorry Harry, but I can't run any scans...I can't do much of anything. I can't get the bar at the bottom, I can't see my icons...
The only thing I can do right now is cry a lot, and eat chocolate....which of course doesn't help my computer...but I really don't know what else to do...
-
have you tried a system resotre
-
No....how would I go about doing that?
-
Can You boot in command prompt?
If so, try to do the system restore with help of this link: http://support.microsoft.com/kb/304449
-
click start
go to programes
go to accessories
go to system tools
go to system restore and click
use the calender to go back to before you think it happened and click next and follow through , this might be easier , harry
-
Harry, it seems like You do not read the question. ??? There're no 'Start', 'Programs' etc available.
-
Yes, sorry Harry... perhaps I didn't explain well enough. I cannot click Start, nor can I access any programs.
Archer, thank you for your advice as well. And I apologize for being an idiot here...but what do you mean "boot in command prompt?" Like Safe-Mode?
-
Yes, select the 'Safe mode with command prompt' option.
-
Well....something happened....I'm not sure what it means tho....
I booted up in Safe Mode with Command Prompt.
Now a little window popped up entitled cmd.exe
There is a blinking cursor, inviting me to do something. Before it there is the command C:\Documents and Settings\user>
.....please tell me this is a good thing.....? :-\
thnx
-
Follow the link: http://support.microsoft.com/kb/304449. It should help You to do the System restore.
-
*sigh*.....
I did as you suggested, and I got another little pop up window that said that System Restore was not on, and that I have to sign in under Normal Mode, turn it on and then try again.....which as you know, I cannot do.....
I think I'm getting an ulcer..... :-X
-
Since I don't ask you to delete anything, I hope this is ok with the forum moderator.
If you can get Task Manager, click on the Applications Tab, click New Task and type explorer.exe. With any luck, your desktop will start. And you can follow the step at http://www.computerhope.com/forum/index.php/topic,46313.0.html and post all the require logs and wait the Malware Removal Specialist to help you.
If you still can't get your desktop back then I think your explorer.exe is corrupted. But please, wait for the forum's trust helpers to come in and give you further advice.
-
Thanks atittaya23...I will wait for a mod to confirm your advice. Or at least I'll TRY to wait! :) I'm so frantic right now...I so need this computer to function...it's my only source of minimal income right now, and without it, I'm just totally frakked... :'(
Thank you again. And anyone else that can confirm at's suggestion, please feel free to chime in...
-
I thought about sending a pm to the mod before I posted my last post but, unfortunately, all the staff are all appeared to be off-line. So, just hold on a little bit longer and someone will be here very soon.
-
:) Thanks....you're very helpful.
Perhaps I'll take this time to go get some lunch...all this stress is making me hungry. ;)
ty again....
-
its me again , what happens if you right click an empty screen
-
hi harry :)
hold please....going to give that a try.......
....................................... ..........................
thank you for waiting....the results are nothing happens. I tried in Safe Mode for Admin, under my user profile, and in Normal Mode...nothing. Not even an hour glass...
*sigh*
How do you feel about atittaya23's suggestion? Shall I give it a try?
-
Try this.
Also do you have another computer to burn a disk with?
If you can get Task Manager, click on the Applications Tab, click New Task and type explorer.exe. With any luck, your desktop will start. And you can follow the step at http://www.computerhope.com/forum/index.php/topic,46313.0.html and post all the require logs and wait the Malware Removal Specialist to help you.
If you still can't get your desktop back then I think your explorer.exe is corrupted. But please, wait for the forum's trust helpers to come in and give you further advice.
-
Altezza , your with a top man now he will sort you out , harry
-
Thanks harry and atittaya23...you've both been so helpful!
And thanks evilfantasy for jumping in... :)
I will try as suggested, thnx. As for burning a disc...at this very moment I do not. Within a couple of hours that should be a possibility however. Is there anything I can do to prepare? What will I need to burn?
millions of thanks again to all...
-
oh frak! :'(
i tried it, and then i got a pop up window saying that it is "impossible to find the file 'explorer.exe' Make sure the pathway (?) and file name are correct and retry." (sorry if these are not the precise words...I'm working on an Italian version of Windows, and translating as we go along....)
before I decide whether to shoot or hang myself....is there any hope for my poor laptop??
(and for those that take things literally...no, I am not seriously considering suicide...it's just that I am theatrical by nature, and rather upset about losing not only my JOB because it's now looking as tho my project will NOT be done, but also losing all my writing and photos that are locked inside that computer...*sigh*)
thx
-
my apologies for the emotional response earlier. i think the barometric pressure is weighing heavy on my mood today...
anyway, burning a disc? what did you have in mind evilfantasy?
-
Do you still have your Windows XP CD around? If not, then you'll need some disc to burn.
-
No...I don't have my windows CD. I was very stupid when I bought this computer, I bought it used. It was my first computer, and it never even occured to me to ask for the Windows CD.
Come to think of it though...it did come with some other CDs...I just moved from Italy to the United States, and my things are a bit of a mess. I may need a while to locate those discs...but I'll let you know what they are ASAP.
ty :)
-
Ok....I found that I have a "Documentation Library" disc, and three quick restore system recovery cds. they are for SP1 however.
are these useful?
-
You can try the restore CD's but I doubt they will work.
You will need to burn this to a disk and use it. All of the instructions are included.
Avira AntiVir Rescue System
* Download the Avira AntiVir Rescue System (http://www.free-av.com/en/tools/12/avira_antivir_rescue_system.html)
* Place a blank CD in your burner and double-click on the downloaded file.
* The program will automatically burn the CD for you.
* Place the burned CD into the affected computer and start the computer with the CD in the CD tray.
* On the bottom left side of the screen there are 2 flags. Using your mouse click on the British flag to use English.
* Click on the Configuration button.
- Select Scan all files
- Select Try to repair infected files and Rename files, if they cannot be removed
- Select Scan for dialers
- Select Scan for joke programs (Jokes)
- Select Scan for games
- Select Scan for spyware (SPR)
* Click on Virus scanner
* Click on Start scanner at the bottom of the screen
Let us know how it goes.
-
Thanks...I'll give it a shot, and let you know the outcome.
In the meantime, I forgot that I did run a SAS scan and a HijackThis scan the other day and posted it here on CH as my computer was acting strangely. No one got around to looking at it yet...but does anything look amiss here to you?
SAS scan log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 05/02/2009 at 09:38 PM
Application Version : 4.0.1154
Core Rules Database Version : 3875
Trace Rules Database Version: 1823
Scan type : Complete Scan
Total Scan Time : 01:54:48
Memory items scanned : 371
Memory threats detected : 0
Registry items scanned : 5618
Registry threats detected : 1
File items scanned : 25311
File threats detected : 9
Adware.Tracking Cookie
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\user@ez-tracks[2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\user@revsci[2].txt
C:\Documents and Settings\user\Cookies\user@media6degrees[1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\user@bravenet[1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
Trojan.SVCHost/Fake
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe#Debugger [ "c:\windows\system32\uiakbacq.old" ]
Hijack This log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12.01.32, on 03/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alltheweb.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 4524 bytes
-
That version of SUPERAntiSpyware is out of date. Can you update and run it again?
-
nope, sorry....just tried. i can't get online....it says my router card is not plugged in...which it is...
what a mess...sorry.
Note: In Safe Mode, using Task Manager, I was able to find out the name of the bug that did this to me. Opening Avira thru the Task Manager, I saw this:
"Virus or unwanted program 'TR/Crypt.FKM.Gen[trojan]'
detected in file 'C:\\WINDOWS\system32\uiakbacq.old.
Action performed: Move file to quarantine"
thnx
-
Tried the Avira Rescue System. However, CD did not work in affected computer. Booted with CD in, and the entire system froze. Could not even log into Windows. When CD drive was opened, the computer started again, I was able to log onto Windows as before, but nothing had changed, still no desktop.
:||x
I have written Avira to see if there is a way to use the Rescue System with a flashdrive instead of a CD. I am awaiting their response.
As always, any suggestions you might have are welcome.
thnx
-
You might be able to use it from a flash drive but since you are not able to use the computer...... it probably won't work. Plus if it won't boot from the CD then I'm sure it wouldn't boot from a Flash Drive either.
Since you can open Avira through Task manager can you also run it?
I'm wondering if this is even a virus to blame. ???
-
Hello again.
I finally heard from Avira, and they just gave me the instructions on how to burn their disc. Not the info I needed...giving up on that, as you suggested it wouldn't work anyway.
However, digging around in Task Manager today I discovered how to access nearly all my files, and even get online. That done, I got the updated SAS as you suggested and ran another scan. I ran another HijackThis scan afterwards as well. Here are the logs for the new scans:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 05/06/2009 at 01:29 PM
Application Version : 4.26.1002
Core Rules Database Version : 3879
Trace Rules Database Version: 1827
Scan type : Complete Scan
Total Scan Time : 03:06:38
Memory items scanned : 365
Memory threats detected : 0
Registry items scanned : 5744
Registry threats detected : 1
File items scanned : 53283
File threats detected : 5
Adware.Tracking Cookie
C:\Documents and Settings\user\Cookies\user@roiservice[1].txt
C:\Documents and Settings\user\Cookies\user@revsci[1].txt
C:\Documents and Settings\user\Cookies\user@kontera[2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\user@euroclick[2].txt
Trojan.SVCHost/Fake
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe#Debugger [ "c:\windows\system32\uiakbacq.old" ]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.39.47, on 06/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alltheweb.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 4562 bytes
thx...any of your thoughts are welcome at this point :)
-
How is the computer running now?
If you already have Malwarebytes be sure to update it before running the scan!
Download Malwarebytes' Anti-Malware (MBAM) (http://www.malwarebytes.org/mbam-download.php)
Alternate MBAM download link (http://www.besttechie.net/tools/mbam-setup.exe)
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to the following:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
- Then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select Perform quick scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy and Paste the entire report in your next reply.
.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
-
Hi :)
My apologies for the delay in getting back to you. After all this...I believe your thought on this not being a virus was correct. After looking around on the internet, I saw other people had the same kind of problem as I have, after deleting AdAware, which is something I did. I didn't mention it before, because I completely forgot actually.
At any rate, I have surrendered. My computer has had nothing but problems since the day I bought it. It was used, cheap, and as I was to assume with time, most likely stolen. The copy of Windows was not registered, so I could never get help from MS, couldn't download things I needed and so on.
So, the time has come. I'm just wiping the thing clean, and starting over with a new install of Windows. That should just about take care of everything I hope. :)
Thank you so much to everyone that helped me through this. I truly appreciate CH being here...you guys have been a great help to me time and again. As well as being teachers! If any good has come from two years of dinkin' around with this laptop from *censored*...I certainly have learned A LOT!!! Actually, I'm looking into some IT classes now...I actually love learning all this stuff!
thanks again to all :-*
-
Thanks for letting me know.