Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

PLEASE PLEASE HELP, can't open any of my Antivirus, registry

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: PLEASE PLEASE HELP, can't open any of my Antivirus, registry

Unread postby kitneyes » March 22nd, 2008, 11:58 pm

Here is the new HJT log, there was no AVG "020 - WinLogon Notify: avgwlntf ..." after I uninstalled the old one so I didn't have to fix anything in the log.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:22:40 PM, on 3/22/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [WinPatrol] "C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" -expressboot
O4 - HKLM\..\Run: [SynTPStart] "C:\Program Files\Synaptics\SynTP\SynTPStart.exe"
O4 - HKLM\..\Run: [OnScreenDisplay] "C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [TivoTransfer] "C:\PROGRAM FILES\COMMON FILES\TIVO SHARED\Transfer\TIVOTRANSFER.EXE" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6628 bytes
kitneyes
Regular Member
 
Posts: 29
Joined: March 6th, 2008, 8:25 pm
Advertisement
Register to Remove

Re: PLEASE PLEASE HELP, can't open any of my Antivirus, registry

Unread postby John B. » March 23rd, 2008, 7:31 am

Hi,

How did you upgrade to AVG Pro 8? Did you have to pay or anything?

What I am suspecting is a conflict of programs causing your problems. To test this you can boot in Safe Mode and see whether programs can be succesfully executed then. So please boot in Safe Mode. Your programs will not start automatically, but you can try some, like Spyware Doctor, and see whether they work.

Afterward, please tell me if they did.

To reboot your computer in Safe Mode:
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected using the arrow keys.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

Greets, John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: PLEASE PLEASE HELP, can't open any of my Antivirus, registry

Unread postby kitneyes » March 23rd, 2008, 1:53 pm

Thankyou for responding so quickly. The AVG I'm trying now is the 30 day trail version AVG Pro 8 which is fully functional. If I like it I'll probably end up getting it. It does antivirus, antispyware and antirootkit. It just seems much better than the 7.5 version.

Also, I will try what you say sometime today, but I already have tried that when the problem first came about and it didn't change.

One more thing, is it okay if I update the Vista with the new service pack/update? It keeps asking me and maybe it might help.

Once again, thanks, and I hope you have a good easter.
kitneyes
Regular Member
 
Posts: 29
Joined: March 6th, 2008, 8:25 pm

Re: PLEASE PLEASE HELP, can't open any of my Antivirus, registry

Unread postby John B. » March 24th, 2008, 3:21 pm

What were the results? Talked to some people and got some information on SP1, but first I'd like to know how the test in Safe Mode was?
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: PLEASE PLEASE HELP, can't open any of my Antivirus, registry

Unread postby kitneyes » March 24th, 2008, 7:40 pm

Okay, so the programs would install in safe mode but would not open. No error message though. I assumed that they wouldn't open because their "service" can't START in safe mode ... I tried to manually start their services if they had any but it wouldn't let me. I think I'm gonna try to install in regular mode and then restart in safe to see if they'll open then. But if they use "drivers" then don't non microsoft/windows drivers not load in safe mode? This is so frustrating! I don't know what else to do. I've read and I've read post after post in forum after forum but no answers. Below I've included some links to forum/discussions on the whole APPCRASH/stackhash issue(s) other Vista users are having as well. Lotsa people have theories on what might work, but they vary so much it can't really point me in any type of direction. Most of the complaintants are experiencing the APPCRASH error with either IE or explorer, but some have the same problem with their third party software etc. Also, here are some possible reasons and answers that others have said worked (while others said did not) ...

1) JAVA issue (you know I just uninstalled and installed the newest update so that's not it)
2) Yahoo Toolbar or programs, which I didn't see under add/remove programs to remove, I guess it's a IE thing. I don't use IE, I prefer Firefox.
3) Codec issue (which this might be it ... a few weeks ago I was trying to convert an Xvid and I didn't have the codec needed to convert for WinAvi. I downloaded the k-lite codec pack, but then found the Xvid codec individually and so uninstalled the klite. I've read that codecs are tricky to mess around with and can really mess your computer up when trying to uninstall. Of course I read that after I uninstalled it;)
4) NVidia issue, and something to do with NVidia's network manager possibly. Not sure where to find this, how to adjust this, and/or how to update (driver) if it's needed.
5) DEP and/or memory issue (corrupt memory) ... this seems rather confusing, but promising as to what might be causing the problem. "DEP is intended to prevent an application or service from executing code from a non-executable memory region. DEP is enforced by hardware technology that detects code that is running from the default heap and the stack and raises an exception to terminate the process when execution occurs, and software-enforcer that prevent malicious code from taking advantage of exception-handling mechanisms in Windows. In short, DEP perform additional checks on memory to prevent malicious code or exploits from running on the system by shut down the process once detected." Atleast that's what one of the sites I read said. Attempting to disable it seems worse though.





http://www.vistax64.com/vista-performan ... ferer.html

http://forums.microsoft.com/technet/sho ... 0&pageid=2

Sorry these are hyperlinked but I wasn't sure if this forum supported or would display code automatically or not.


Okay, well enough for now, I'm sure you're probably getting tired of me by now. I appreciate all your help. I just wish someone would finally come up with a real reason and solution to this issue in Vista. If you google it you'll see that there are LOTS of people having the same problem.
kitneyes
Regular Member
 
Posts: 29
Joined: March 6th, 2008, 8:25 pm

Re: PLEASE PLEASE HELP, can't open any of my Antivirus, registry

Unread postby John B. » March 25th, 2008, 4:02 pm

Hi kitneyes,

Lets respond on some things first.

Okay, so the programs would install in safe mode but would not open. No error message though. I assumed that they wouldn't open because their "service" can't START in safe mode ... I tried to manually start their services if they had any but it wouldn't let me. I think I'm gonna try to install in regular mode and then restart in safe to see if they'll open then. But if they use "drivers" then don't non microsoft/windows drivers not load in safe mode?

As far as I know (XP ;) ) most programs will succesfully start in Safe Mode. It doesn't automatically start when you boot it, but it does if you manually execute the executible.

I've read and I've read post after post in forum after forum but no answers. Below I've included some links to forum/discussions on the whole APPCRASH/stackhash issue(s) other Vista users are having as well. Lotsa people have theories on what might work, but they vary so much it can't really point me in any type of direction. Most of the complaintants are experiencing the APPCRASH error with either IE or explorer, but some have the same problem with their third party software etc.

My suspicion is that APPCRASH is just a general name for an error of a lot of different kind of problems. XP also has one of those titels which is used in a lot of different cases.

If you google it you'll see that there are LOTS of people having the same problem.

Already did that :P That's why I suspect APPCRASH to be nothing specific as there are so many people with so many different executible.

Your computer seems to have a lot of different problems. That means that probably a lot of registry entries and values are damaged. The problem with the registry is that there are so many entries and values that we will never be able to restore things to the original. That could only be done if you have made a back up of your registry before the problems began.

For that reason, we don't know if installing the Service Pack will damage anything on your system. If you want to install the Service Pack I recommend you to back up your important data and music. That is what I recommend you to do anyway, because we will probably not be able to restore everything and I guess you want to solve all the problems.

If you want to install the Service Pack here is a really good guide on how to do it safely:
http://www3.telus.net/dandemar/vistasp.htm

Of course, you could also decide to reformat and reinstall (XP and Vista) and in that case please let me know so I will be able to give you some tips and tricks.

John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: PLEASE PLEASE HELP, can't open any of my Antivirus, registry

Unread postby kitneyes » March 25th, 2008, 4:25 pm

Hey John, yeah I figured it might be some sort of registry issue, and that maybe that is causing the problem. that's why I miss my registry cleaners (Reg Mechanic and/or Registry Booster), do you know of any other good ones I should try or is it something that can be done manually ... although to be honest the registry kinda scares me, I have no idea how it works or how to "edit" it. Backup of registry, that isn't done automatically when you set a restore point in general? If I had known that, I would had done more regular "registry backups". I've already tried to restore to a couple days before the problem began (before I uninstalled ESET) but the problem was still there.

Reformat? Ugh, that is what I'm afraid of ... definetely a last resort. Although I've already started backing up all my data, music and movies (burnt to disc). What I find to cause me hesitation to reinstall completely is losing all my "settings" and/or "firewall settings". It took me a couple weeks to set my firewall just right. I have to allow for my network sharing, for computers, xbox360 and Tivo ... which also meant I had to find out what ports they use and what I should allow for. I'd hate to lose all that stuff, but I will if I have to. The question is, can I live without those programs and will similar programs have the same problem or will they work? The new AVG worked, as did the CounterSpy I'm trying now. Maybe I just need a different registry cleaner, maybe it has something to do with compatibility.

So, where does that leave us? can you give me any tips on how to cleanup the registry? For programs that I uninstalled, but still linger in the registry, do you just delete all the files and folders (file tree) left behind? And back to my question earlier, is the registry backed up with general backups/restore points? Like I said, if reinstall/reformat are my only options left, then I'll do that. What do you think?
kitneyes
Regular Member
 
Posts: 29
Joined: March 6th, 2008, 8:25 pm

Re: PLEASE PLEASE HELP, can't open any of my Antivirus, registry

Unread postby John B. » March 26th, 2008, 1:39 pm

Hi,

yeah I figured it might be some sort of registry issue, and that maybe that is causing the problem. that's why I miss my registry cleaners (Reg Mechanic and/or Registry Booster), do you know of any other good ones I should try or is it something that can be done manually ... although to be honest the registry kinda scares me, I have no idea how it works or how to "edit" it.

The fact is that a wrong registry cleaner may have caused your problem! They can be dangerous and sometimes clean things which are not leftovers. This brings me to a new idea, have you done any cleanup just before the probems started? Cleaning the registry at this point is not a very good idea, because if there are any corrupted entries belonging to legit programs it may delete them.

Backup of registry, that isn't done automatically when you set a restore point in general? If I had known that, I would had done more regular "registry backups". I've already tried to restore to a couple days before the problem began (before I uninstalled ESET) but the problem was still there.

Was thinking about the same. Asked it and waiting for an answer.

Reformat? Ugh, that is what I'm afraid of ... definetely a last resort. Although I've already started backing up all my data, music and movies (burnt to disc). What I find to cause me hesitation to reinstall completely is losing all my "settings" and/or "firewall settings". It took me a couple weeks to set my firewall just right. I have to allow for my network sharing, for computers, xbox360 and Tivo ... which also meant I had to find out what ports they use and what I should allow for. I'd hate to lose all that stuff, but I will if I have to.

Here's something you may want to check out:
  • Open COMODO by doube-clicking on the system tray.
  • Click on the Miscellaneous tab.
  • Go to Manage My Configurations.
  • Here you can Import and Export settings.
Note: Not sure if this really works, because if you press Export you can only choose for 'Optimum Security'. :P

The question is, can I live without those programs and will similar programs have the same problem or will they work? The new AVG worked, as did the CounterSpy I'm trying now. Maybe I just need a different registry cleaner, maybe it has something to do with compatibility.

The programs you need:
  • Anti-Virus
  • Firewall
Some good optional ones:
  • Spybot S&D
  • WinPatrol
  • SpywareBlaster
  • MVPS Hosts file

I will inform you on the restore points.

Greets, John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: PLEASE PLEASE HELP, can't open any of my Antivirus, registry

Unread postby John B. » March 27th, 2008, 10:27 am

Hi,

Got some replies on the System Restore thing. If you go here...
http://support.microsoft.com/kb/322756
...you can see that there is a possibility to restore the register (and the rest of your computer) to earlier dates using System Restore. Somebody told me that on the other hand System Restore doesn't always succesfully do this. He also said there is a program called NTBACKUP which is much more succesful, but this is only information for future use, because it relies on backups it made earlier. Here's also a very informative page on Registry Mainenance and backups...
http://wiki.castlecops.com/User:PCBruis ... aintenance
...made by an expert.

This is my suggestion:
  • Back up all your important data and files
  • Try System Restore:
    • If it fails you can reformat
    • If it succeeds I hope everything's right

But there is still one other possibility. At CastleCops, the same organization as the one of the Wiki page you just visited, there are people which are specialized in non-malware things and who would probably like to grab the big challenge (even for them) to try and fix your computer without having to reformat and reinstall.

Anyway, as you're clean the least thing I can do for you is to give you the all clean speech with some very interesting tips and tricks (for later) before I forget to give it.

It may seem like your system will be too much protected with all these things installed, but a lot of programs aren't running always on the background so don't slow down your computer. Please take a look at the following things:
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialise and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.
  • Visit Microsoft's Update Site Frequently - It is important that you visit http://update.microsoft.com/ regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.
    This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here:
    Tutorail for Spybot S & D
  • Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. You can download it here:
    SpywareBlaster
  • Install WinPatrol - As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. You can download it from this website:
    WinPatrol
    The developer is a well-known man in the MalWare Removal business. If you really like WinPatrol think about upgrading to the PLUS version. It will give you additional features and you will only have to pay once, for your whole malware-free life.
  • Install MVPS HOSTS - This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
    For information on how to download and install, please read this tutorial here:
    WinHelp2002
    Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.
  • Use an alternative Internet Browser - Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead:
    Firefox << Most used, I use this one myself.
    Opera
  • Bookmark general cleanup links - It could be that your computer is becoming slower and slower. This is not always the cause of malware. Most of the times it's malware when you're computer is suddenly getting slow or doing strange. When the slowdown increases slowly check (so now bookmark) these links for tips & tricks:
    Help! My computer is slow
    Slow Computer? Check here first; it may not be malware
  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Stand Up and Be Counted!
Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints called Malware Complaints. Please register there first! Then follow the instructions here:
http://images.malwarecomplaints.info/We ... general=on (to be exact you had part of the 'Deloder' worm)

Please let me know what you want/are going to do.

John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: PLEASE PLEASE HELP, can't open any of my Antivirus, registry

Unread postby kitneyes » March 27th, 2008, 6:43 pm

Hey John,
Yeah, restore did the same as before, same problem, so I restored back. I was going to post on some of the Vista forums about my issue, but judging by the answers others have gotten with the same problems, I don't expect many answers. Correction, I expect a lot of varied possible answers but no real solution. I didn't think to try CastleCops, and I have used their site before for answers, maybe I'll try that one.

I just wanna thankyou for all your help. you've been very patient with me and listened to all my issues, I appreciate it. I think I'm also gonna try SpywareBlaster, I'm a little skeptical on SpyBot Search & Destroy. The trial version of counterspy is about to run out, which I like, but not enough to pay for it. I think I am gonna renew though with the full AVG 8 pro, I like it and it's easy to use (it also has antispyware and antirootkit) and seems very effective. It even has real time search and web protection, along with link scanners (although it has a minor compatibility problem with the new firefox update).

So, I'm gonna give it a week or so, slowly backing up everything, and then I might try the reinstall if I keep having problems. So far, most of the new stuff I've downloaded and tried haven't had any problems, it's just the ones that I told you from weeks ago. I'll just have to live without those programs, there are others and I'm happy with the protection I have now. When I say slowly, mostly all I have left are my movies (avi, tivo, etc), which are taking longer than I thought to convert to DVD. Hey, you wouldn't happen to know how to convert tivo files to DVD would you? Just thought I'd ask. Well, thanks again John, and hopefully I won't have to revisit a malware site. Oh, and doesn't your site (malwareremoval) also have computer issue forums, should I try to post there?

Thanks Again,
Amanda
kitneyes
Regular Member
 
Posts: 29
Joined: March 6th, 2008, 8:25 pm

Re: PLEASE PLEASE HELP, can't open any of my Antivirus, registry

Unread postby John B. » March 29th, 2008, 5:19 am

Hi,

There's one program I want you to run, which I forgot to tell you. It's a rootkit scanner. A quick rootkit scan has been done in the ComboFix process but I just want to be really sure I didn't miss anything:

Please copy the fix to Word, or print it, because you won't always have internet access!

Download Gmer to your Desktop and unzip it to your Desktop.
http://www.gmer.net/gmer.zip

Disconnect from internet and close running programs.
There is a small chance this application may crash your computer so save any work you have open.
Double click gmer.exe.
Let the gmer.sys driver load if asked.
If it gives you a warning at program start about rootkit activity and asks if you want to run scan...say Ok.
If no warning....
Click the rootkit tab
To the right of the program you will see a bunch of boxes that have been checked... leave everything checked. Then click the Scan button. Wait for the scan to finish.
Once done click the Copy button.
Post the log in a reply to this topic.


Some replies to your post.

Hey, you wouldn't happen to know how to convert tivo files to DVD would you?

Take a look at this website:
http://dvd-video-tools.com/tivo/tivo-to-dvd.html
Found it using Google and may be interesting.

Oh, and doesn't your site (malwareremoval) also have computer issue forums, should I try to post there?

No, that's why I mentioned CastleCops. You can post in this forum (registered or not) about your problem:
http://www.castlecops.com/f120-General_ ... blems.html
Some things which you should mention if you post there:
  • Your computer is all clean.
  • A link to this topic so they can see what we ran.
  • Mention that you have Vista.
  • What you already tried (reinstalling programs, system restore, etc.)

Greets, John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: PLEASE PLEASE HELP, can't open any of my Antivirus, registry

Unread postby kitneyes » March 29th, 2008, 10:54 pm

Hello again,
thanks for the advice on the Tivo thing ... I somehow happened to come across that same website last night, seems to work well. Only thing is that I gave up on trying to archive (burn to disc) the particular show I wanted (Lost) because the files ended up being too large. I forgot I had tivo set to record in best quality, which made the files start out around 1.5 - 2 GB per episode, which after converting to mpeg, and then to dvd quality (VOB?) made them huge. I could only put two episodes on a disc so I decided against it (and thats with using Nero Recode to shrink em) ... I'll just watch them and then erase them.

Okay, so for the gmer.exe program ... it kept freezing up when it got to device\harddiskVolumeShadowCopy1 ... and surprisingly guess what the error was ... "gmer.exe has stopped working". Well, I tried it in safe mode also but it stopped in the same spot. So, what I ended up doing was doing a "print screen" of what showed up prior to it freezing so maybe you could judge if you saw anything of importance. I'm guessing it got through all the main hard drive and files, since it said it was on the Shadow Copy Volume (Vista thing I guess). Here it is ...

Okay, well here it isn't. It wouldn't let me paste it in here. I'll try to attach the doc as an attachment. I hope you have Word.
You do not have the required permissions to view the files attached to this post.
kitneyes
Regular Member
 
Posts: 29
Joined: March 6th, 2008, 8:25 pm

Re: PLEASE PLEASE HELP, can't open any of my Antivirus, registry

Unread postby John B. » March 30th, 2008, 9:16 am

So you are planning to go to CastleCops?
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: PLEASE PLEASE HELP, can't open any of my Antivirus, registry

Unread postby kitneyes » March 30th, 2008, 2:02 pm

Yeah, just posted there last night. I hope what I said makes sense, it seems like an awful lot to explain ... I'm glad you beared with me through it all (I hope I get someone equally as nice). Oh yeah, what about what you can see so far on the gmer test? Anything potentially bad? I wonder why it froze like that? I have a theory for my problem(s), but being that I know NOTHING of registry stuff, I wanna research it somemore before I embarrass myself. Basically it came to be during a registry cleanup with Registry First Aid (Oh, I forgot to tell you about that I think, I just got it). I noticed that a lot of my other security and maintenance programs either were somehow linked with the Comodo keys or were under them somehow (maybe as a value etc), like I said, I don't really understand the terminology here or how it works. Well, do all firewalls work this way, as a catch all and kinda team leader for other security programs? This is what I wanna look up, why would they be associated anyways? My ultimate point is, maybe when I uninstalled my last firewall (ESET), it took out something important needed for all the security/maintenance programs I had then (that it was associated with). Isn't it strange that everything I've added since then has worked?
kitneyes
Regular Member
 
Posts: 29
Joined: March 6th, 2008, 8:25 pm

Re: PLEASE PLEASE HELP, can't open any of my Antivirus, registry

Unread postby John B. » March 30th, 2008, 2:23 pm

Hi,

(I hope I get someone equally as nice).

The whole team is nice and johnlgalt is one of the experts. I'll be watching the topic ;)

Oh yeah, what about what you can see so far on the gmer test? Anything potentially bad?

It wasn't too much which was scanned already, but it was all clean.

I have a theory for my problem(s), but being that I know NOTHING of registry stuff, I wanna research it somemore before I embarrass myself. Basically it came to be during a registry cleanup with Registry First Aid (Oh, I forgot to tell you about that I think, I just got it). I noticed that a lot of my other security and maintenance programs either were somehow linked with the Comodo keys or were under them somehow (maybe as a value etc), like I said, I don't really understand the terminology here or how it works. Well, do all firewalls work this way, as a catch all and kinda team leader for other security programs?

It could have been rules/settings set in the firewall regarding those security programs, but if that's true there must have been entries for other programs as well. It sounds strange and suspicious and worth telling johnlgalt (btw, his name is not John so it is nothing freaky like you're helped by Johns only :P )

Please let me know if you feel this topic is done and then I'll ask an admin to move it to the room with archived cases.

John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 42 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware