I think I have a virus

[indy777]

Hp Pavillion a6110n
AMD Anthlon 64 x2 4400
Dual core 2.3 gig
4 gig ram
320 g hard drive
Vista Home premium 32
Avg version 9 free edition
Malwarebytes antimalware
SuperAntiSpyware, registered version
CCleaner
PC tools firewall
======================
The last thing I remember doing was reading an email about some software when a pop up offering to check to see if I needed my drivers updated. It was free, and looked so authentic I clicked ok. I got that bar at the top warning about downloading active x controls and even though I know better I clicked download, nothing happened so I just assumed it didn't work and I got out of that page. Apparently it did download something. After a reboot I got spontaneous shut downs,screen goes black, none of my security software will start and after a few minutes the computer freezes up and I can't even shut it down the normal way.
What do I need to do now,
Thanks

[reddevilggg]

You're going to have to wait for the virus guru's, but i just gotta say.........

It was free, and looked so authentic I clicked ok.

Bogus pop-ups, links, sites are not made to look bogus. They are made to look 'authentic'.

Live and learn, eh!!

[Allan]

You're going to have to wait for the virus guru's, but i just gotta say.........

That part was right. I deleted your next post. The malware specialists will take over.

[indy777]

Allen, is there anything I could try to do until the "virus gurus" get back?

Thank you

[Allan]

I've moved this to a forum where they will probably see it more quickly.

[indy777]

Where is this forum please.

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line. If you can't run any step, just jump to the next one. Please let me know how you are doing or have any questions. Initially, I will need the SuperAntiSpyware, MBAM and HJT logs. Please post any logs that you can generate.

Sorry for being late. Let's try some simple stuff to see if we can get you started.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
Save Rkill to your desktop.

There are 4 different versions. If one of them won't run then download and try to run the other one.
 
Vista and Win7 users need to right click Rkill and choose Run as Administrator
 

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.exe
Rkill.com
Rkill.scr
Rkill.pif

Once you've gotten one of them to run then try to immediately run the following.
 
Now download and Run exeHelper.

Please download exeHelper from Raktor to your desktop.

• Double-click on exeHelper.com to run the fix. A black window should pop up, press any key to close once the fix is completed. A log file named log.txt will be created in the directory where you ran exeHelper.com Attach the log.txt file to your next message.
  
  Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
  *************************************************
  SUPERAntiSpyware
  
  If you already have SUPERAntiSpyware be sure to check for updates before scanning!
  
  Download SuperAntispyware Free Edition (SAS)
  * Double-click the icon on your desktop to run the installer.
  * When asked to Update the program definitions, click Yes
  * If you encounter any problems while downloading the updates, manually download and unzip them from here
  * Next click the Preferences button.
  
  •Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
  * Click the Scanning Control tab.
  * Under Scanner Options make sure only the following are checked:
  
  •Close browsers before scanning
  •Scan for tracking cookies
  •Terminate memory threats before quarantining
  •Please leave the others unchecked
  
  •Click the Close button to leave the control center screen.
  
  * On the main screen click Scan your computer
  * On the left check the box for the drive you are scanning.
  * On the right choose Perform Complete Scan
  * Click Next to start the scan. Please be patient while it scans your computer.
  * After the scan is complete a summary box will appear. Click OK
  * Make sure everything in the white box has a check next to it, then click Next
  * It will quarantine what it found and if it asks if you want to reboot, click Yes
  
  •To retrieve the removal information please do the following:
  •After reboot, double-click the SUPERAntiSpyware icon on your desktop.
  •Click Preferences. Click the Statistics/Logs tab.
  
  •Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  
  •It will open in your default text editor (preferably Notepad).
  •Save the notepad file to your desktop by clicking (in notepad) File > Save As...
  
  * Save the log somewhere you can easily find it. (normally the desktop)
  * Click close and close again to exit the program.
  *Copy and Paste the log in your post.
  *****************************************
  
  Please download Malwarebytes Anti-Malware from here.
  
  Double Click mbam-setup.exe to install the application.
  
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
    
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
    
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.
  Extra Note:
  
  If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

[indy777]

Thanks for your reply. I am out of town right now and do not have access to the infected computer. I will have to get back with you when I am in town next week.
Thanks again

[indy777]

I have tried to get on line to download  "rkill.exe" but the computer goes blank when I try to connect to the internet, run any spyware or anti virus. This is really strange, it's as if the computer is disconnecting the monitor. This is what I am trying to describe when I say the monitor goes blank.
What should I do now?

[SuperDave]

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

[indy777]

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as William Michels on 09/17/2010 at 16:25:30.


Services Stopped:


Processes terminated by Rkill or while it was running:


C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe


Rkill completed on 09/17/2010  at 16:25:35.


I couldn't get the exe.helper to run but here's the one from rkill

[SuperDave]

Can you now run the scans I provided in Reply # 6?

[indy777]

I updated SuperAntiSpyware and checked boxes in preferences you said, started the scan, Memory Items scanned 0, Registry Items got to "scanned 313" and the computer froze.
I have tried MalwareBytes but it also freezes during scan.

[SuperDave]

Download WhoCrashed from here
This program checks for any drivers which may have been causing your computer to crash....

Click on the file you just downloaded and run it.
Put a tick in Accept then click on Next
Put a tick in the Don't create a start menu folder then click Next
Put a tick in Create a Desktop Icon then click on Install and make sure there is a tick in Launch Whocrashed before clicking Finish
Click Analyze
It will want to download the Debugger and install it  say Yes

WhoCrashed will create report but you have to scroll down to see it
Copy and paste it into your next reply

[indy777]

After several attempts to run analyze from Who crashed I finally got the log.

Crash dumps are enabled and no valid crash dumps have been found on your computer. In case your computer does experience sudden reboots it is likely these are caused by malfunctioning hardware, power failure or a thermal issue. To troubleshoot a thermal issue, check the temperature using your BIOS setup program, check for dust in CPU and motherboard fans and if your computer is portable make sure it's located on a hard surface. Otherwise it's suggested you contact the support department of the manufacturer of your system or test your system with a memory test utility for further investigation.

As suggested I cleaned the CPU and motherboard and checked fans. CPU was a little dirty, but everything else looked fine.

[SuperDave]

Any chance that it's overheating? You can download and install SpeedFan to check the temperatures. Did you check all the connections?

[indy777]

I got another log to post, hope this helps it took me hours to finally get it to run and transfered to a disk.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:16:14 PM, on 9/20/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\hp\KBD\KbdStub.exe
C:\WINDOWS\RtHDVCpl.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\Eraser\Eraser.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Webshots\3.1.5.7613\webshots.scr
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/?ppud=4
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\3.1.5.7613\Launcher.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} (Web Camera Server Control) - http://blueskies.getmyip.com:200/wg_webeye.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\System32\avgrsstx.dll C:\WINDOWS\System32\avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: AG Core Services (AGCoreService) - AG Interactive - C:\Program Files\AGI\core\3.1\AGCoreService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9740 bytes

[indy777]

I have checked all connections but you'll have to help me out with the Speedfan thing. Don't know what that is.

[indy777]

I can't run any anti virus software, Superantivirus, AVG, Malwarebytes, would that have anything to do with overheating problems? Just wondering.

[SuperDave]

You can download and install by going to this link. It will tell you the temperatures inside your computer.

I can't run any anti virus software, Superantivirus, AVG, Malwarebytes, would that have anything to do with overheating problems? Just wondering.

We will investigate that as soon as we find out why your computer is freezing during the scans. It could be software, hardware or malware problems. We have to use the method of elimination.

[indy777]

Thank you very much for your reply. I hate to tell you this because you warned me, but I used a memory stick to transfer files from my laptop to the infected computer to get logs to post. So guess what, now my laptop is infected. Should have listened to you but hindsite is 20/20. Tonight I went to Sam's club and bought a new computer so I can try to resolve the problems with mine. This was under the condition that my wife gets my old one if I ever get it going again so I better get to work.
I will be waiting for our next move. Thanks for your help so far.

[SuperDave]

You can start a new thread for your laptop. As for your present computer, I'm waiting for you to get Speedfan running to see if it's overheating.
Can you tell me how much RAM you're running (Right-click My Computer and select Properties.)  and also how much free space you have on your harddrive?( Double-click My Computer, Right-click the C: drive and select Properties. You can also do a "disk cleanup" while you're there.)

[indy777]

 I have Speedfan downloaded. How do I get a log or do you want me to record temps and send to you? This computer will only run 2 to 5 mins when I can finally get it booted up so I have to work fast to get the info I need.
The screen freezes or shut down the display at that time.
I have 4 GB memory and 187 GB free on hard drive.

[SuperDave]

Just give me the temp. readings

Check Hard Disk For Errors:

Press Start->Run, then copy/paste the following command into the box and press OK:

cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"

A blank command window will open on your desktop, then close in a few minutes. This is normal.
A file icon named checkhd.txt should appear on your Desktop. Please post the contents of this file.

[indy777]

There is no start run in Vista that I can see, where should I put that?

Speedfan temps
GPU 0 c
Temp 1: 36c
  "      2: 128c
  "      3: 18 c
 Fan #1 1618 RPM

[indy777]

I found the run command in accessories and ran the command. Window pops up for about 2 seconds and leaves the text on my desktop telling me I don't have sufficient authority to run this command or something like that and then it shuts down. I have tried it in Safe Mode and Normal mode several times.

[BC_Programmer]

I found the run command in accessories and ran the command. Window pops up for about 2 seconds and leaves the text on my desktop telling me I don't have sufficient authority to run this command or something like that and then it shuts down. I have tried it in Safe Mode and Normal mode several times.

1) Open the start menu, and type "cmd" in the search box.

One of the items listed should be "cmd.exe". Right-Click this and select "run as administrator". (optionally, you could also right-click the "Command Prompt" item in Accessories and choose "run as administrator")

When the Command Prompt appears, type the command SuperDave instructed:

Code: [Select]

cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"

And continue with his instructions to post the resulting file.

[indy777]

I can't get it to run as soon as I try to run as administrator the computer locks up. Tried it 4 times.

[SuperDave]

Dealio Toolbar is malware. Please uninstall it. Also, SGPSA and SelectRebates should be removed for the same reasons.

I strongly recommend that you remove Ask from your computer because it;

•Promotes its toolbars on sites targeted to kids.

•Promotes its toolbars through ads that appear to be part of other companies' sites.

•Promotes its toolbars through other companies' spyware.

•Installs without any disclosure whatsoever and without any consent whatsoever.

•Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.

•Makes confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

See Here for more info.

If you choose to follow my recommendation then please go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

•AskBarDis or anything related to Ask

Then please find and delete this folder in bold (if present):
C:\Program Files\AskBarDis. or anything related to Ask.
*************************************
My.Freeze.com Toolbar: a Softomate Toolbar variant - Softomate customizes toolbars to customers needs. The dll files for their toolbars contain some spyware/adware functionality, although not all of the toolbars use this. Some of the toolbars are fine to have, so every case is different. Your choice to keep it or not.
Also, MyWebSearch:  A Conduit "Community Toolbar" - modifies the default IE URL search hook. Conduit toolbars are reputed to have a certain trackware functionality.
And Zynga: A Conduit "Community Toolbar" - modifies the default IE URL search hook. Conduit toolbars are reputed to have a certain trackware functionality.
And Free_Radio_TV for the same reasons as above.
And Downloaded Program Files: Pugi/Softomate toolbar variant. Occasionally a Softomate toolbar will be installed by a legitimate application, but most often they're installed by various non-legitimate means and in such a case they're obviously parasites. If in any doubt, remove!
**********************************************
You have Viewpoint installed.

Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

More information:

* ViewMgr.exe - Useless
* Viewpoint to Plunge Into Adware

It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present.

* Viewpoint
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
* Viewpoint Experience Technology
**************************************

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code: [Select]

:OTL
IE - HKCU\..\URLSearchHook: {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll (Spigot, Inc.)
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\firefox\
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (ShopAtHome Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll File not found
O4 - HKLM..\Run: [FBSSA] C:\Program Files\SGPSA\ie3sh.exe ()
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Dealio Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKCU..\Run: [fajkmgwe] C:\Users\Macey\AppData\Local\pdjgryxrc\eswpalotssd.exe File not found
O4 - HKCU..\Run: [M5T8QL3YW3] C:\Users\Macey\AppData\Local\Temp\Zlk.exe File not found
O4 - HKCU..\Run: [QZAIB7KITK] C:\Users\Macey\AppData\Local\Temp\Zlj.exe File not found
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe File not found
O4 - HKCU..\Run: [xvysnstx] C:\Users\Macey\AppData\Local\msxpxxyml\vhmovrntssd.exe File not found
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)

:Files
C:\Windows\MEMORY.DMP

:COMMANDS
[resethosts]
[purity]
[clearrestorepoints]
[emptytemp]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
******************************************
Download WhoCrashed from here
This program checks for any drivers which may have been causing your computer to crash....

Click on the file you just downloaded and run it.
Put a tick in Accept then click on Next
Put a tick in the Don't create a start menu folder then click Next
Put a tick in Create a Desktop Icon then click on Install and make sure there is a tick in Launch Whocrashed before clicking Finish
Click Analyze
It will want to download the Debugger and install it  say Yes

WhoCrashed will create report but you have to scroll down to see it
Copy and paste it into your next reply
*************************************

Open the Start Menu.

2. Click on the Computer button.

3. Right click on your hard drive and click on Properties.

4. Click on the Tools tab.

5. Click on Check Now under the Error checking section. (See circled in red below)



. Click on Continue in the UAC prompt.

7. Make sure both options are checked. (See screenshot below)
NOTE: The Automatically fix file system errors box will be checked by default.

8. Click on the Start button.



9. You will get a pop-up window saying, "Windows can't check this disk while it's use". (See screenshot below)

10. Click on the Schedule disk check button for chkdsk to run the next time you restart your computer.



11. Restart your computer.

[indy777]

I am not that familiar with the abbreviation OTL. Looked it up in the dictionary part of this site and got :OTL
1.Short for Office of Technology Licensing, OTL is a University office that deals with technology patents, copyrights, royalties, commercial potential, and license agreements.
2.A file extension.
  I am sure this is not what your referring to but remember your dealing with a rookie. Also the programs that you referred to that need deleting I can not find in programs installed.

[BC_Programmer]

OTL is a program. It stands for Old-Timer Log (or something to that effect).

I believe SuperDave intended to include a link. Here is the download location for OTL:

http://oldtimer.geekstogo.com/OTL.exe

[indy777]

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91C18ED5-5E1C-4AE5-A148-A861DE8C8E16}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
File C:\Program Files\Dealio Toolbar\SearchSettings.dll not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] not found.
File C:\Program Files\MyWebSearch\bar\firefox not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ not found.
File C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
File C:\Program Files\Dealio Toolbar\SearchSettings.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ not found.
File C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98279C38-DE4B-4bcf-93C9-8EC26069D6F4} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98279C38-DE4B-4bcf-93C9-8EC26069D6F4}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\FBSSA not found.
File C:\Program Files\SGPSA\ie3sh.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings not found.
File C:\Program Files\Dealio Toolbar\SearchSettings.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\fajkmgwe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\M5T8QL3YW3 not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\QZAIB7KITK not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Weather not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\xvysnstx not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aol.com\objects\ not found.
========== FILES ==========
C:\Windows\MEMORY.DMP moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Error: Unable to interpret <[clearrestorepoints]> in the current context!
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: William Michels
->Temp folder emptied: 100259844 bytes
->Temporary Internet Files folder emptied: 54297998 bytes
->Java cache emptied: 32664134 bytes
->Flash cache emptied: 1989452 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4504918 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 185.00 mb
 
 
OTL by OldTimer - Version 3.2.14.1 log created on 09252010_114511

Files\Folders moved on Reboot...
File\Folder C:\Users\William Michels\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CR91LW3Q\ing[1].php;psrch=0;logged_in=0;tpc=unetbootin;tpc=setup;tpc=system;tpc=softwaredist;aud=enduser_advanced;aud=endusers;aud=sysadmins;tile=1;sz=1400x600;ord=6663328961216726 not found!
File\Folder C:\Users\William Michels\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CR91LW3Q\ing[1].php;psrch=0;logged_in=0;tpc=unetbootin;tpc=setup;tpc=system;tpc=softwaredist;aud=enduser_advanced;aud=endusers;aud=sysadmins;tile=1;sz=1400x600;ord=9075626969702412 not found!
File\Folder C:\Users\William Michels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(353)\Content.IE5\PZEKYEYZ\555_1284001766,11b1839e3a0befd,Miscellaneous,;;dc=d;kw=;tile=2;ord1=126213;sz=300x250,336x280;ppos=btf;contx=Miscellaneous;btg=;ord=9235851132317178[1] not found!
File\Folder C:\Users\William Michels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(353)\Content.IE5\PBV9KXK5\ns-10640074_1284001765,11b1839e3a0befd,Miscellaneous,;;dc=d;kw=;tile=2;ord1=504260;sz=300x100;ppos=atf;contx=Miscellaneous;btg=;ord=9235851132317178[1] not found!
File\Folder C:\Users\William Michels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(353)\Content.IE5\I1KBJV9R\1284001764,11b1839e3a0befd,Miscellaneous,;;dc=d;kw=;dcopt=ist;tile=1;ord1=588771;sz=728x90;ppos=atf;contx=Miscellaneous;btg=;ord=%209235851132317178[1] not found!
C:\Users\William Michels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UBOMRKYO\ads[1].htm moved successfully.
C:\Users\William Michels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UBOMRKYO\login[1].srf moved successfully.
C:\Users\William Michels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\P90L14U0\ads[3].htm moved successfully.
C:\Users\William Michels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\P90L14U0\topic345774[1].htm moved successfully.
C:\Users\William Michels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AAMD7HAS\iframe[2].htm moved successfully.
C:\Users\William Michels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8VI76J9J\iframescript[1].htm moved successfully.
C:\Users\William Michels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8VI76J9J\topic,109812.15[1].html moved successfully.
C:\Users\William Michels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

Files\Folders moved on Reboot...
File\Folder C:\Users\William Michels\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CR91LW3Q\ing[1].php;psrch=0;logged_in=0;tpc=unetbootin;tpc=setup;tpc=system;tpc=softwaredist;aud=enduser_advanced;aud=endusers;aud=sysadmins;tile=1;sz=1400x600;ord=6663328961216726 not found!
File\Folder C:\Users\William Michels\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CR91LW3Q\ing[1].php;psrch=0;logged_in=0;tpc=unetbootin;tpc=setup;tpc=system;tpc=softwaredist;aud=enduser_advanced;aud=endusers;aud=sysadmins;tile=1;sz=1400x600;ord=9075626969702412 not found!
File\Folder C:\Users\William Michels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(353)\Content.IE5\PZEKYEYZ\555_1284001766,11b1839e3a0befd,Miscellaneous,;;dc=d;kw=;tile=2;ord1=126213;sz=300x250,336x280;ppos=btf;contx=Miscellaneous;btg=;ord=9235851132317178[1] not found!
File\Folder C:\Users\William Michels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(353)\Content.IE5\PBV9KXK5\ns-10640074_1284001765,11b1839e3a0befd,Miscellaneous,;;dc=d;kw=;tile=2;ord1=504260;sz=300x100;ppos=atf;contx=Miscellaneous;btg=;ord=9235851132317178[1] not found!
File\Folder C:\Users\William Michels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(353)\Content.IE5\I1KBJV9R\1284001764,11b1839e3a0befd,Miscellaneous,;;dc=d;kw=;dcopt=ist;tile=1;ord1=588771;sz=728x90;ppos=atf;contx=Miscellaneous;btg=;ord=%209235851132317178[1] not found!
File\Folder C:\Users\William Michels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UBOMRKYO\ads[1].htm not found!
File\Folder C:\Users\William Michels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UBOMRKYO\login[1].srf not found!
File\Folder C:\Users\William Michels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\P90L14U0\ads[3].htm not found!
File\Folder C:\Users\William Michels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\P90L14U0\topic345774[1].htm not found!
File\Folder C:\Users\William Michels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AAMD7HAS\iframe[2].htm not found!
File\Folder C:\Users\William Michels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8VI76J9J\iframescript[1].htm not found!
File\Folder C:\Users\William Michels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8VI76J9J\topic,109812.15[1].html not found!
File\Folder C:\Users\William Michels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat not found!

Registry entries deleted on Reboot...

[indy777]

I got the log from OTL using the infected computer and posted. Haven't got the Who Crashed log yet. Everything was going fine running the OTL and posting it on the forum. After reboot I get a message Microsoft updates are available, I clicked OK and the monitor went blank as before. This happens also when I try to run any anti virus or spyware. Very strange, it's like the computer shuts down the monitor similar to when I shut the computer down the on/off button will flash until I shut the monitor off. But in this case the computer is still on. I'll work on getting the Who Crashed log now.

[indy777]

I almost forgot, I checked all connections on the monitor, inside the computer, and even tried using a different monitor.

[indy777]

Crash dumps are enabled and no valid crash dumps have been found on your computer. In case your computer does experience sudden reboots it is likely these are caused by malfunctioning hardware, power failure or a thermal issue. To troubleshoot a thermal issue, check the temperature using your BIOS setup program, check for dust in CPU and motherboard fans and if your computer is portable make sure it's located on a hard surface. Otherwise it's suggested you contact the support department of the manufacturer of your system or test your system with a memory test utility for further investigation.

[SuperDave]

Also the programs that you referred to that need deleting I can not find in programs installed.

Please tell me which programs that are not in Add/Remove and I'll help you remove them.

I am not that familiar with the abbreviation OTL

OTL is a flexible, multipurpose, diagnostic, and malware removal tool. I'm sorry that I forgot the link. I thought we had already used OTL.

Crash dumps are enabled and no valid crash dumps have been found on your computer. In case your computer does experience sudden reboots it is likely these are caused by malfunctioning hardware, power failure or a thermal issue. To troubleshoot a thermal issue, check the temperature using your BIOS setup program, check for dust in CPU and motherboard fans and if your computer is portable make sure it's located on a hard surface. Otherwise it's suggested you contact the support department of the manufacturer of your system or test your system with a memory test utility for further investigation.

Did you do this troubleshooting as suggested such as cleaning the dust. You should install this program to test the temperatures.

Please download and install SpeedFan After you run it, please post the temperatures here.
*************************************
Open the Start Menu.

2. Click on the Computer button.

3. Right click on your hard drive and click on Properties.

4. Click on the Tools tab.

5. Click on Check Now under the Error checking section. (See circled in red below)



. Click on Continue in the UAC prompt.

7. Make sure both options are checked. (See screenshot below)
NOTE: The Automatically fix file system errors box will be checked by default.

8. Click on the Start button.



9. You will get a pop-up window saying, "Windows can't check this disk while it's use". (See screenshot below)

10. Click on the Schedule disk check button for chkdsk to run the next time you restart your computer.



11. Restart your computer.

[indy777]

I will do the Speed fan test but first let me give you a piece of info I just received. Remember I told you I got a new computer, it has Norton antivirus, I got a message saying I received an attack from my infected computer which is connected to the same internet access router. This might explain how my other laptop got infected instead of the memory stick I was using to transfer files. Norton caught it on this new computer. I saved the log and will post it if you want me to. It's quite lengthy

[SuperDave]

Routers have no harddrive or memory so they can't get infected. Some of them can be hacked but not infected. The only way your other computers can become infected is if you are sharing files between them.

[indy777]

So if I was using a memory stick to download logs from the infected computer and posting them on the clean one using the same stick it is possible that a virus could be transferred? Is that correct?

[SuperDave]

If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs.
You could also infect other computers if you have file-sharing.
Do you have the temperatures from SpeedFan? Do you still have the problem with your computer freezing/crashing?

[indy777]

I have given you the temps for Speedfan already but here they are from todays temps.
GPU  0c
Temp 1: 37c
   "      2: 128c
   "     3:  14c
Core: 16c
Fan speed: 1622

 
Also again I have disassembled and cleaned the inside of the computer and heat sink for the CPU.


I got it to restore to an earlier point in time but same thing happens when I try to run any spyware or virus programs. When I try to run any virus related software the computer reboots and after the HP blue screen it just locks up or freezes.

[SuperDave]

Ok. Let's try running this in Safe Mode.
Safe Mode

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

[indy777]

As I said in my previous posts I can't run any virus,spyware programs or even do any updates, the computer shuts down.

[reddevilggg]

He's asked you to try it in SAFE MODE!

[indy777]

I have tried it in the safe mode, sorry I should have said that.

[SuperDave]

I have tried it in the safe mode, sorry I should have said that.

And your computer shuts down?. Any error messages? It only happens when you try to run scans? Does it work properly when not running the scans?

[indy777]

No, I tried just letting it sit idle to see what would happen after a boot and after 5 minutes the computer reboots and doesn't complete the reboot just goes to a blank screen with a cursor blinking in upper left hand corner and stays there for a long time so I assume it is not going to complete the boot.

[SuperDave]

Does it do that in Safe Mode? Please try this next one even if you don't have your OS disk. If it asks for the disk during the scan, we'll know there's something wrong with the files.

Do you have your OS  CD/DVD?

If so,

1/ Click the Start button.

2/ From the Start Menu, Click All programs followed by Accessories.

3/ In the Accessories menu, Right Click on the Command Prompt option.

4/ From the drop down menu that appears, Click on the Run as administrator option.

5/ If you have the User Account Control (UAC) enabled you will be asked for authorisation prior to the command prompt opening. You may simply need to press the Continue button if you are the administrator or insert the administrator password etc.

6/ In the Command Prompt window, type: sfc /scannow and then press Enter.

7/ A message will appear stating that the system scan will begin.

8/ Be patient because the scan may take some time.

9/ If any files require replacing SFC will replace them. You may be asked to insert your Vista DVD for this process to continue.

10/ If everything is okay you should, after the scan, see the following message Windows resource protection did not find any integrity violations.

11/ After the scan has completed, Close the command prompt window.

[indy777]

I got the system restore to work but before it was finished the computer stopped responding. So when I do a boot I get a message " The file is possibly corrupt. The file headed checksum does not match the computed checksum"
 This doesn't sound good at all, any suggestions as what to do now?

[SuperDave]

This sounds more and more like a harddrive failure. Were you able to run sfc?