AfterDawn Forums

Help!!!!!!! PC Closing Programs

This discussion thread has 21 messages.

#1
Hi i am having a problem with my pc on monday i recieved a phone call apparently from microsoft being suspicious about this as i they do not have my telephone number i hung up and looked on the internet to find out about the scams so did not do anything about it i ran a virus check with AVG internet security 2011 and found nothing anyway it started running slow on monday night and wouls not close programs down so i just switched off. When i turned it back on today it keeps closing my nero and when i open a web page it closes then reboots the page everytime i have ran AVG again and downloaded antimalware and ran full scans both find nothing so i tried panda online scanner but it will not start the scan at all keeps telling me windows internet explorer has encountered a problem closes and reboots and does this everytime i click on the scan button it is driving me insane can anyone please help me before i resort to just whipeing my whole system. Thanks in advance
▼▼ This topic has 20 answers - they are below this advertisement ▼▼
AfterDawn Advertisement
#2
download,update,and run hijack this.do not fix anything just yet.just post the log.
#3
Ok downloaded hijack this ran scan and got a message telling me "For some reason your system denied write access to the Hosts file". If any hijacked domains are in this file, HijackThis may NOT be able to fix this. So i clicked ok HijackThis scanned then got a message "Cannot find the C:\ProgramFiles\TrendMicro\HiJackThis\hijackthis.log file.". Asked if i wanted to create a new file clicking yes all i got was a blank page am i doing anything wrong here.
#4
Got A Log but keep getting a internal error message when i try and post it
#5
still can not post it tried 20 times and keep getting internal server error can still post just when i copy hijack this log i get error.
#6
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:50:25, on 13/11/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamgui.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.exe
C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\13.2.0\ScriptHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Downloads\HijackThis.exe
#7
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {8c5878d0-6106-423b-aaa8-144c143dbf44} - (no file)
#8
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing#
O3 - Toolbar: #no name# - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - #no file#
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" #file missing#
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [PS2] C:\Windows\system32\ps2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [BingDesktop] C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe /fromkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
#9
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: vToolbarUpdater13.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe

--
End of file - 7328 bytes


Sorry About It Being In Sections It Was The Only Way It Would Let Me Post It.
This message has been edited since its posting. Latest edit was made on 13 Nov 2012 @ 13:23
#10
have you tried a system restore(even thru safemode) to before the phone call which was a scam call?
#11
Hi Biggie7619,

I’ve looked over your HJT Log and don’t see anything that could cause this problem but, maybe if we dig a little deeper than HJT we may find and fix the problem you are experiencing..

I see you are running Win 7 32bit…
Download Emsisoft Emergency Kit from this page. Once it's finished downloading, extract the contents from the zip file. Then double click on the file called "start" and open the "Emergency Kit Scanner". When prompted allow it to update the database. Once it's updated select the option to go "Back To Security Status". Then go to "Scan now" and select the option to perform a "Smart Scan". Once the scan is complete remove all detected items. Restart whenever required.

Check things out and report back here…
ps: it's a little slow - it checks over 12 million signatures so, don't get in a hurry..
2oG
This message has been edited since its posting. Latest edit was made on 13 Nov 2012 @ 18:52



There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
#12
Ok Done That Found 4 Medium Risc Items Do Not Know Where From But Here Is The Log

Emsisoft Emergency Kit - Version 3.0
Last update: 14/11/2012 10:03:44

Scan settings:

Scan type: Smart Scan
Objects: Rootkits, Memory, Traces, C:\Windows\, C:\Program Files\

Detect Riskware: Off
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start: 14/11/2012 10:04:58

C:\Users\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitLord detected: Trace.File.BitLord 1.1 (A)
C:\Users\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitLord\BitLord.lnk detected: Trace.File.BitLord 1.1 (A)
C:\Users\Desktop\BitLord.lnk detected: Trace.File.BitLord 1.1 (A)
C:\Windows\Tasks\Driver Robot.job detected: Trace.File.DriverRobot (A)

Scanned 387408
Found 4

Scan end: 14/11/2012 10:33:45
Scan time: 0:28:47

C:\Windows\Tasks\Driver Robot.job Quarantined Trace.File.DriverRobot (A)
C:\Users\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitLord Quarantined Trace.File.BitLord 1.1 (A)
C:\Users\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitLord\BitLord.lnk Quarantined Trace.File.BitLord 1.1 (A)
C:\Users\Desktop\BitLord.lnk Quarantined Trace.File.BitLord 1.1 (A)

Quarantined 4

DDP Have NOt Tried That Yet Did Not Think That Would Do Anything As I Did Not Do Anything When I Got The Phone Call I Just Hung Up Thinking It Was A Little Suspicious.
#13
Quote:
C:\Users\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitLord detected: Trace.File.BitLord 1.1 (A)
C:\Users\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitLord\BitLord.lnk detected: Trace.File.BitLord 1.1 (A)
C:\Users\Desktop\BitLord.lnk detected: Trace.File.BitLord 1.1 (A)
C:\Windows\Tasks\Driver Robot.job detected: Trace.File.DriverRobot (A)
None of this is threatening to your PC.

I'm having a hard time connecting the mystery, despite fake, phone call to your PC getting infected.

If you can, try a system restore regardless.


#14
I agree with Ripper and ddp you have no malware infection therefore, it is probably a system glitch. Use your System Restore to step back to a time before this was happening. If you don’t have your system restore set up, then try a repair.

DownloadTweaking.com windows repair

Once it's finished downloading, extract the contents from the zip file. Then double click on the file called “Repair_Windows”. You can skip step one. Run steps 2, 3, 4, and Start Repairs.

See if that gives you some satisfy and let us know…..

2oG
#15
Ha ha ha ha ha you got windows 7 jacked.

I recently ran into this myself the problem he is having is with disk permissions there is a new install hack called the certified installer hack where the installer places itself as the admin to the users computers and disables permissions to the hard drive so you cannot read or write to the drive which brings me to some bad news kiss your files goodbye as well this nasty new piece of work cannot be removed by virus scanners or malware removers because it lists it self as a trusted installer so windows doesnt think its a malware code worst thing is it replicates inside all of your files so it's a complete format and restart of your computer only way to get rid of it and make sure you do a delete of the current partition during the installation process i am sorry to here this happened because my friend got it bad he had the trusted installer hack write then corrupt the hard drive not a fun thing

the pc closes programs that it finds will stop the trusted installer hack from functioning including

AVG

AVG FREE

NERO

OFFICE XP/2003/2007/2010
#16
Quote:
the certified installer hack
Quote:
trusted installer hack
Any links for information on either of these?
#17
That is quite concerning and am glad someone can find funny my misfortune. As i said before when i recieved the telephone call i done NOTHING to my pc can they still have gained entry to my system. After spending the whole day yesterday running scans in safe mode including the panda online scan my pc has been running much easier today have been running nero fine and am not getting the windows error whenever i open a new window (hope not to put a curse on that now lol). I have just checked and i am still the only user on my system and can still open and use AVG and Nero along with everything else so hopefully it is all sorted now and as 2oldGeek said was just a glitch in my system will just play the waiting game and see what happens but once again thanks to Everyone who has helped me with this problem and again i hope it is all sorted now.
#18
Originally posted by Biggie7619:
That is quite concerning and am glad someone can find funny my misfortune. As i said before when i recieved the telephone call i done NOTHING to my pc can they still have gained entry to my system. After spending the whole day yesterday running scans in safe mode including the panda online scan my pc has been running much easier today have been running nero fine and am not getting the windows error whenever i open a new window (hope not to put a curse on that now lol). I have just checked and i am still the only user on my system and can still open and use AVG and Nero along with everything else so hopefully it is all sorted now and as 2oldGeek said was just a glitch in my system will just play the waiting game and see what happens but once again thanks to Everyone who has helped me with this problem and again i hope it is all sorted now.
just wondering, did you run the windows repair.

20G
#19
Biggie7619, as long as you did not download a certain program that was requested by the scammer then they did not get into your system.
#20
That is a relief ddp i thought it was a little strange so i just hung up the telephone without doing anything and got straight onto pc and found about the scam so it must have just been a glitch as you said before i bought the newer version of nero and so far it has not closed unexpectadly.

2oldGeek i am just doing that now i have done option 2 restarted so it ran the scan and an now half way through option 3 all seems good up to now.
#21
i've dealt with these scammers before & got 1 of them to swear at me as he was hanging up. i enjoyed that 1. most of them have indian or of that area accents but say they are in the states.
This discussion thread has been automatically closed, as it hasn't received any new posts during the last 180 days. This means that you can't post replies or new questions to this discussion thread.

If you have something to add to this topic, use this page to post your question or comments to a new discussion thread.