Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

many problems...please help.


  • This topic is locked This topic is locked
13 replies to this topic

#1 tapcc13

tapcc13

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 26 April 2009 - 04:09 PM

first off....hellooo...this is my first post. i am usually pretty good with getting to the bottom of my past computer problems with just researching the issue and making changes, downloading certain things and eventually getting it back to the way it was. not this time...its my gf's comp and i cant seem to find an answer. ive noticed that alot of people trust hijack this and you guys can decifer it and tell the appropriate actions to take. im hopin that is the case here. so ive recently downloaded it and im guessing i need to post a log of it (i will do that at the end of this post or one immediatly after it). here are a few symptoms ive notice with the computer:

- definatly popups are pretty frequent, eventhough we have popup blocker enabled on the ie browser. i have run the lavasoft ad-aware program and it only gets the normal cookies. i ran spysweeper and it found one not picked up on adaware but you had to purchase for it to delete it.

- My regedit doesnt work. It kinda tries but desktop just kinda refreshes and nothing happens.

- I was getting a message on startup that a couple of system32 dll files had errors. Im guessin they are checked and no longer on the comp somehow.

- My gf’s email of choice is hotmail. For almost a week now she has been having to check it via cell phone due to the fact that it says “We can't connect to Windows Live Hotmail right now. Please try again later.” I looked searched this prob but I cant make sense of it really. Im hopin getting rid of some sort of malware/spyware/adware/or anything else you guys get me to do will fix THIS problem.

- Ive recently tried to update my avg and I get an error saying that installation has failed and there was one error. I click details and get this: Error: Action failed for registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: creating registry key

- everytime I shut the comp down I a message saying that rundll32 is not shut down…so the comp tries to and it cant so it ask me to just end now or cancel.

- The comp is running a lot slower in general when browsing the web.

I hope I listed all the problems but I feel as though I have left one out. Anyways…thank you so much in advance to ever helps or tries to help us with these problems. I could not tackle them all by myself. I have met my match. But Im betting you guys know what to do though.

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:04:48 AM

Posted 26 April 2009 - 09:53 PM

The process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note:
-- If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Note 2:
-- MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes (like Spybot's Teatimer), they may interfere with the fix or alert you after scanning with MBAM. Please disable such programs until disinfection is complete or permit them to allow the changes. To disable these programs, please view this topic: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

---------------------------------

If mbam won't install or run

Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it. Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run.
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 tapcc13

tapcc13
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 26 April 2009 - 10:57 PM

well i couldnt get it to update. it said i either needed an internet connection...ugh check...or my firewall would not allow malwarebytes. so i cut my windows firewall off and still couldnt. but i did the scan anyways and got this.


Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 2

2009-04-26 23:50:00
mbam-log-2009-04-26 (23-50-00).txt

Scan type: Quick Scan
Objects scanned: 83308
Time elapsed: 5 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 7
Registry Keys Infected: 11
Registry Values Infected: 6
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\zinozobu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\zupugahe.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wenuliji.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jorepeho.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\mawisega.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\kesuviwe.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\birevaga.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0353c5e6-3abc-45de-bb3b-577bdf750440} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0353c5e6-3abc-45de-bb3b-577bdf750440} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0353c5e6-3abc-45de-bb3b-577bdf750440} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\lmaspois (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\lmaspois.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7a85cdf5-284b-4496-a9a7-dd82fee9dcec} (Rogue.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fcd4b2f5-8793-4e1f-8774-6e520cf6cd79} (Rogue.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\31d0f1f3 (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yugefikila (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm32e3c26f (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vgihaxeyuv (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\birevaga.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\wenuliji.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ijilunew.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zinozobu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ubozoniz.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zupugahe.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ehagupuz.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kesuviwe.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\mawisega.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jorepeho.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\birevaga.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\hebupigu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\igifukinemeroko.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.

#4 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:04:48 AM

Posted 27 April 2009 - 07:32 PM

Since you cannot use the Internet, manually download the definition updates from another computer, save them to a flash (usb, pen, thumb, jump) drive or CD and transfer to the infected machine. Then just double-click on mbam-rules.exe to install the update. If you cannot transfer or install from the infected machine, try installing the file directly from the flash drive to your machine.Mbam-rules.exe is not updated daily. Another way to get the most current database definitions is to install MBAM on a clean computer, launch the program, update through MBAM's interface, copy the definitions (rules.ref) to a USB stick or CD and transfer that file to the infected machine. Copy rules.ref to the location indicated for your operating system.
  • XP: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware
  • Vista: C:\Documents and Settings\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware
If you cannot see the folder, then you may have to Reconfigure Windows to show it. Then perform a new Quick Scan in normal mode and make sure you reboot afterwards. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.

Be sure to reboot your computer
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#5 tapcc13

tapcc13
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 28 April 2009 - 04:05 PM

ok i did what you said and dled it on my healthy comp and saved it to usb flash drive. then i transfered the rules.ref file replacing the existing one. ran the malwarebytes program and it found one more.

Malwarebytes' Anti-Malware 1.36
Database version: 2051
Windows 5.1.2600 Service Pack 2

2009-04-28 16:43:07
mbam-log-2009-04-28 (16-43-07).txt

Scan type: Quick Scan
Objects scanned: 90583
Time elapsed: 5 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\bevoweja.dll (Trojan.Vundo) -> Quarantined and deleted successfully.


i have been experiencing no more popups, and the hotmail account is working again. thank you. but i still cant dl my new avg. i still get the above error message. also i still cant run regedit, regedt32, or combo-fix. what can i do about this.

#6 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:04:48 AM

Posted 28 April 2009 - 08:24 PM

I would strongly suggest that you do not run Combofix on your own


ATF
Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

------------------------------------

SAS,may take a long time to scan
Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#7 tapcc13

tapcc13
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 29 April 2009 - 05:01 PM

so i did the atf cleaner. it looked like it basically just deleted my temp files and stuff? i cant find it on my comp anywhere. is it just dled to the temporary folder then deleted??? then i dled the superantispyware program. when i rebooted in safemode and ran it, the comp shuts off after a lil bit. i tried it many times. it just keeps cutting off. when i try to turn it back on it is a simple black screen with nothing happening. i have to kill the power and remove the battery to get it to come back to normal. should i just run the program not in safe mode?

#8 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:04:48 AM

Posted 29 April 2009 - 06:23 PM

ATF should have remained on your Desktop
Let's see ifwe can get Dr. Web to work
-----------------------


Please download Dr.Web CureIt, the free version & save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.
  • When complete, click Select All, then choose Cure > Move incurable.
    (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • Now put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and UNcheck "Heuristic analysis" under the "Scanning" tab, then click Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • When the scan is complete, a message will be displayed at the bottom indicating if any viruses were found.
  • Click "Yes to all" if asked to cure or move the file(s) and select "Move incurable".
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#9 tapcc13

tapcc13
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 01 May 2009 - 09:33 AM

as far a combo fix goes its still on here from a previous problem we had. i just thought i would run it like last time to see if anything was wrong. anyways it wont. so ya know how the comp was dying not long after running during superantispyware in safe mode. it did the same thing with drweb cureit in safe mode. what is the importance of doing this is safemode? can we just perform one in regular mode? but now im coming back to the comp after a few minutes and it will just be off. whats making it randomly shut down now? and i still cant run regedit, regedt32, combo-fix or my new avg. bear with me. thanks.

#10 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:04:48 AM

Posted 01 May 2009 - 07:53 PM

This is not the proper forum for Combofix logs
Combofix is only to be used when requested by a HJT team member
If something happens while running Combofix, I only have limited knowledge of how to repair your problems and you will not get much outside support
So run at your own risk

SAS and DR Web are run in safe mode because that is the way they were designed to run for optimum efficiency

You can also try this:


Full tutorial:
http://www.bleepingcomputer.com/forums/t/131299/how-to-use-sdfix/


Please print out and follow these instructions: "How to use SDFix".
When using this tool, you must use the Administrator's account or an account with "Administrative rights"
  • Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.
  • Please be patient as the scan may take up to 20 minutes to complete.
  • When the process is complete, the SDFix report log will open in Notepad and automatically be saved in the SDFix folder as Report.txt.
  • If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.
  • The SDFix report log (Report.txt) will open in Notepad and automatically be saved in the SDFix folder.
  • Please copy and paste the contents of Report.txt in your next reply.
  • Be sure to re-enable you anti-virus and and other security programs before connecting to the Internet.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#11 tapcc13

tapcc13
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 03 May 2009 - 12:48 AM

i wasnt askin for you to help me run combo fix. im just sayin it doesnt work and its obviously for a reason. probably the same as why all the others dont. i just thought it could help diagnose the problem if i told you all the things wrong. and that was simply one of them. no big deal.
i dled sdfix and went to run it in safemode. same thing happened as did with the other two. this time it shut down rather quickly after starting the program. what can we do know? is this a result of whatever has attacked the computer?
thanks

#12 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:04:48 AM

Posted 03 May 2009 - 06:34 PM

I would say your best bet is to submit a HJT log



Please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". If you cannot complete a step, then skip it and continue with the next. In Step 6 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.

When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the HJT Team.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#13 tapcc13

tapcc13
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 04 May 2009 - 01:32 PM

thanks for all your help along the way. i appreciate your time and concern. one more thing. how do i go about getting rid of ALL the components associated with drweb and sdfix since they do not come with an uninstall feature. simply delete or through add/remove program (if they show up)???
thanks agian

Edited by tapcc13, 04 May 2009 - 01:35 PM.


#14 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:04:48 AM

Posted 04 May 2009 - 07:24 PM

Dr web you can simply delete
I believe SDfix is in add/remove
Your HJT team helper will help with that when everything's cleaned up

I didn't know you had an open HJT log, Topic Closed

Edited by garmanma, 04 May 2009 - 07:26 PM.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users