WiredWX Hobby Weather ToolsLog in

 


My computer is pretty much destroyed.. please help

2 posters

descriptionMy computer is pretty much destroyed.. please help EmptyMy computer is pretty much destroyed.. please help

more_horiz
Let me fill you in.. ready for this?

My computer will not start in normal mode. I have started in safe mode w/ networking and it will come on. I can not run any programs at all and I can not connect to the internet (it says.. "can not connect to the internet" when I try to repair it. When I try to open any program, a box that looks like the cmd box pops up really fast and disappears.. I quickly took at look at what it was saying real quick at the top and it said.. c:\windows\system32\ **I CAN"T SEE WHAT IT SAYS HERE BUT IT FLASHES SOMETHING THEN GOES QUICKLY TO** pump.exe and the box disappears.

PLEASE HELP!

descriptionMy computer is pretty much destroyed.. please help EmptyRe: My computer is pretty much destroyed.. please help

more_horiz
Please download the current version of HijackThis from HERE

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.

descriptionMy computer is pretty much destroyed.. please help EmptyRe: My computer is pretty much destroyed.. please help

more_horiz
ok so I tried that.. and when I try to open Hijackthis it says "the system administrator does not permit this" so then I went to control panel to "accessibility options" and it says that the "parameter is incorrect" and shows c:\windows\system32\rundll32.exe

:-(

descriptionMy computer is pretty much destroyed.. please help EmptyRe: My computer is pretty much destroyed.. please help

more_horiz
Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

descriptionMy computer is pretty much destroyed.. please help EmptyRe: My computer is pretty much destroyed.. please help

more_horiz
I think this may be your biggest challenge yet..

It will not let me open OTL, but has a slower reaction time when the cmd box comes up and it says in the address at the top of the box.. c:\WINDOWS\system32\ntvdm.exe then directly to c:\WINDOWS\system32\pump.exe and the boxes will then just close.

Another thing that caught my eye was a text would flash real quick in the cmd box and it says this "Program too big to fit in Memory"

descriptionMy computer is pretty much destroyed.. please help EmptyRe: My computer is pretty much destroyed.. please help

more_horiz
Hello.
Try this, that pump.exe is a file association changer.

Please download exeHelper from one of the two links.
Link 1
Link 2

  • Double-click on exeHelper.com or exeHelper.scr to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

descriptionMy computer is pretty much destroyed.. please help EmptyRe: My computer is pretty much destroyed.. please help

more_horiz
exeHelper by Raktor
Build 20091220
Run at 15:26:13 on 01/02/10
Now searching...
Checking for numerical processes...
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\10730464
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Deleting file C:\WINDOWS\temp\a.exe
Deleting file C:\WINDOWS\temp\b.exe
Deleting file C:\WINDOWS\temp\svchost.exe
Deleting file C:\WINDOWS\temp\taskmgr.exe
Deleting file C:\WINDOWS\temp\winlogon.exe
Deleting file C:\WINDOWS\system32\AVR09.exe
Deleting file C:\WINDOWS\system32\bincd32.dat
Deleting file C:\WINDOWS\system32\BtwSrv.dll
Deleting file C:\WINDOWS\system32\calc.dll
Deleting file C:\WINDOWS\system32\critical_warning.html
Deleting file C:\WINDOWS\system32\desot.exe
Deleting file C:\WINDOWS\system32\dddesot.dll
Deleting file C:\WINDOWS\system32\desote.exe
Deleting file C:\WINDOWS\system32\lsm32.sys
Deleting file C:\WINDOWS\system32\opeia.exe
Deleting file C:\WINDOWS\system32\plugie.dll
Deleting file C:\WINDOWS\ppp3.dat
Deleting file C:\WINDOWS\ppp4.dat
Deleting file C:\WINDOWS\system32\pump.exe
Deleting file C:\WINDOWS\system32\sdra64.exe
Error deleting C:\WINDOWS\system32\sdra64.exe - Set for removal on reboot - PLEASE REBOOT
Deleting file C:\WINDOWS\system32\skynet.dat
Deleting file C:\WINDOWS\svchast.exe
Deleting file C:\WINDOWS\svohost.exe
Deleting file C:\WINDOWS\system32\sysnet.dat
Deleting file C:\WINDOWS\system32\wscsvc32.exe
Deleting file C:\WINDOWS\system32\winupdate.exe
Deleting file C:\WINDOWS\system32\winhelper.dll
Deleting file C:\WINDOWS\system32\nuar.old
Checking for bad registry entries...
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\calc
Removing HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PopRock
Removing HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows System Recover!
Deleting file C:\WINDOWS\TEMP\spoolsv.exe
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winupdate.exe
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

descriptionMy computer is pretty much destroyed.. please help EmptyRe: My computer is pretty much destroyed.. please help

more_horiz
Hehe, now can you run Hijack This?

descriptionMy computer is pretty much destroyed.. please help EmptyRe: My computer is pretty much destroyed.. please help

more_horiz
great.. coming in 5

descriptionMy computer is pretty much destroyed.. please help EmptyRe: My computer is pretty much destroyed.. please help

more_horiz
It says this:

Windows Installer

"The System administrator has set policies to prevent this installation."

I am under the administrator!

descriptionMy computer is pretty much destroyed.. please help EmptyRe: My computer is pretty much destroyed.. please help

more_horiz
I am also getting this message after my computer is on for about 15 min.:


NT/Authority system failed unexpectedly

and:

dcom server process launcher service authorized shutdown.. could be the other way around but I only have a certain amount of time until it shutsdown

descriptionMy computer is pretty much destroyed.. please help EmptyRe: My computer is pretty much destroyed.. please help

more_horiz
Try OTL please instead. Smile...

descriptionMy computer is pretty much destroyed.. please help EmptyRe: My computer is pretty much destroyed.. please help

more_horiz
ugh.. so the otl will come up and I click run scan.. it runs for about 10 seconds and then otl just closes

descriptionMy computer is pretty much destroyed.. please help EmptyRe: My computer is pretty much destroyed.. please help

more_horiz
Hello.

  • Download combofix from here
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:

    My computer is pretty much destroyed.. please help CF_download_FF

    My computer is pretty much destroyed.. please help CF_download_rename

    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.

    My computer is pretty much destroyed.. please help Cf410

  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes

    My computer is pretty much destroyed.. please help Cf510

  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

descriptionMy computer is pretty much destroyed.. please help EmptyRe: My computer is pretty much destroyed.. please help

more_horiz
ok.. here is a problem I keep running into. Combo-Fix keeps telling me that the AVG is still active. I have done everything I can to get rid of this thing. When I went to control panel and "remove" progams it would have a failure. I manually went in and deleted everything affiliated with AVG and now the program does not work (which is good), BUT combo fix still comes up saying it is active and to go at my own risk..

what do you recommend?

descriptionMy computer is pretty much destroyed.. please help EmptyRe: My computer is pretty much destroyed.. please help

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum