Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Improper Shutdown, Weird Error Messages And "limited Connectivitiy"


  • Please log in to reply
10 replies to this topic

#1 Mayu

Mayu

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 02 September 2008 - 02:09 AM

Before I start listing the problems I am having, I first have a guess as to what might be the cause but if it is I have no idea how to fix it. I looked at my history in Firefox and one of the last visited pages (when internet was still working) was pucowyq.pluto.ro WARNING: If you go here it will give you infinite messages telling you to install something for windows media player and you may have to use the task manager to close out your browser. It might help if someone went there or has heard of this website and can tell me if this really is the problem... but if you don't know then I wouldn't download it to find out. To be honest, the website is very shady but I'm pretty sure I allowed it to install because I wanted it to stop asking me to >-<

The problem started with internet... I have 5 bars almost always for wifi and it had been working great but now I always have limited connectivity or local only. I don't think its the provider because I'm using that connection right now on a different computer. The computer that I'm having problems with the the Hp TX2510z if that helps.. I tried all the things that the computer suggests and restarting the router and such, I even plugged it in and tried using the internet on ONLY this computer while disconnecting the others and nothing worked.

Whenever I start up my computer after shutting down properly it tells me that I shutted it down improperly... it never did this before and now it does all the time. Under details it states that the problem is BlueScreen but I did not see my computer bluescreen ever. I also get a message telling me that I turned off Norton's virus protection which I didn't and shortly after I get one saying that Webroot Spysweeper has failed. I tried scanning my computer with defender and it said everything was normal.

My biggest problem is the internet and that sometimes when I shut down my computer it turns back on again (like restart) when it was clear that I told it to shutdown. I tried burning a backup disk (in hopes that I would be able to use it to restore my computer) but it stopped in the middle of the process and would not let me close the window without task manager. I tried restoring my computer to a date before these issues happened but when it went to shut down the whole screen got all boxy/pixely (it doesn't look good at all :thumbsup: ) I tried letting it sit there like that but nothing happened.

As far as I know I don't have any odd programs that I haven't heard of.

And as a side note, when I turn on the computer my little weather center still works accurately although my computer will not let me browse websites or anything (I've tried multiple browsers and such as well)

Please let me know if you can think of why my computer might be behaving like this and what I can do to fiz it, thanks for reading.

BC AdBot (Login to Remove)

 


#2 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:21 PM

Posted 02 September 2008 - 11:07 AM

that website might very well be the problem, I investigated with firefox with noscript, I wouldn't allow scripting since siteadvisor showed links to some real nasty romanian sites

http://www.bleepingcomputer.com/forums/ind...st&p=932243

please use the directions from this post to install MBAM, run a scan with it and post the log please
Chewy

No. Try not. Do... or do not. There is no try.

#3 Mayu

Mayu
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 02 September 2008 - 12:35 PM

that website might very well be the problem, I investigated with firefox with noscript, I wouldn't allow scripting since siteadvisor showed links to some real nasty romanian sites

http://www.bleepingcomputer.com/forums/ind...st&p=932243

please use the directions from this post to install MBAM, run a scan with it and post the log please


ok thankis :thumbsup: I'll do that after work today and post is asap

#4 Mayu

Mayu
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 02 September 2008 - 06:10 PM

that website might very well be the problem, I investigated with firefox with noscript, I wouldn't allow scripting since siteadvisor showed links to some real nasty romanian sites

http://www.bleepingcomputer.com/forums/ind...st&p=932243

please use the directions from this post to install MBAM, run a scan with it and post the log please


Here is the log:
Malwarebytes' Anti-Malware 1.26
Database version: 1103
Windows 6.0.6001 Service Pack 1

9/2/2008 7:01:14 PM
mbam-log-2008-09-02 (19-01-14).txt

Scan type: Quick Scan
Objects scanned: 41331
Time elapsed: 2 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 11
Registry Values Infected: 3
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{f0d4b230-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f0d4b23a-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f0d4b23c-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b15fd82e-85bc-430d-90cb-65db1b030510} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Run (Trojan.Agent) -> Data: c:\users\theresa\appdata\roaming\adobe\manager.exe -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Delete on reboot.
C:\Windows\System32\tdssadw.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\System32\tdssl.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\System32\tdssserf.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\System32\tdssmain.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\System32\tdssinit.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\System32\tdsslog.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\System32\tdssservers.dat (Trojan.Agent) -> Delete on reboot.
C:\Windows\System32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot.
C:\Users\Theresa\AppData\Roaming\Adobe\Manager.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Theresa\AppData\Local\Temp\lwpwer.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.


I rebooted the computer and still have the same problems.. I will try manually updating the software and scanning again...

#5 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:21 PM

Posted 02 September 2008 - 07:11 PM

let's try atf cleaner and SAS from safe mode next please

http://www.bleepingcomputer.com/forums/ind...st&p=931781

don't expect one pass with one program to remove this kind of infection

Edited by DaChew, 02 September 2008 - 07:12 PM.

Chewy

No. Try not. Do... or do not. There is no try.

#6 Mayu

Mayu
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 02 September 2008 - 08:34 PM

let's try atf cleaner and SAS from safe mode next please

http://www.bleepingcomputer.com/forums/ind...st&p=931781

don't expect one pass with one program to remove this kind of infection


alright, I'll keep trying and let you know if it does anything. Thankyou for helping

#7 Mayu

Mayu
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 02 September 2008 - 10:16 PM

let's try atf cleaner and SAS from safe mode next please

http://www.bleepingcomputer.com/forums/ind...st&p=931781

don't expect one pass with one program to remove this kind of infection


After running antispyware for about 10-12 minutes my computer bluescreened, I tried it again and it did the same thing. I removed three cookies that it detected but that was as far as the scan would go without bluescreening. I tried without safemode just to see and it didn't bluescreen but nothing was detected after a full scan either

#8 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:21 PM

Posted 02 September 2008 - 11:02 PM

http://www.bleepingcomputer.com/forums/ind...mp;#entry916491

Would you try Cureit from safe mode

be sure and right click, run as administrator
Chewy

No. Try not. Do... or do not. There is no try.

#9 Mayu

Mayu
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 03 September 2008 - 10:20 PM

http://www.bleepingcomputer.com/forums/ind...mp;#entry916491

Would you try Cureit from safe mode

be sure and right click, run as administrator


I'm not finished scanning but it found a program called tdssserv.sys which I heard is bad, so at least I should be able to get that off there now and see if that is the only problem that this scanner picks up or not when its done...

#10 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:21 PM

Posted 03 September 2008 - 10:50 PM

I would uninstall MBAM and reinstall with the right click run as administrator
Chewy

No. Try not. Do... or do not. There is no try.

#11 Mayu

Mayu
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 03 September 2008 - 11:25 PM

http://www.bleepingcomputer.com/forums/ind...mp;#entry916491

Would you try Cureit from safe mode

be sure and right click, run as administrator


immediately after rebooting I noticed that my internet was working and that the improper shutdown warning did not come up. My computer was, however, being extremely slow which stopped as soon as norton and webroot announced that they were done downloading updates (which is probably why my computer was being so slow)

This appears to have worked, if any other problems occur I'll be sure to contact you. Your patience with me and your quick replies really helped me out faster than I thought the problem would be resolved. Thank you very much :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users