Adware has brought my PC to its knees

  xiosxios 02:24 09 Jan 09
Locked

Hi Guys,

Today when I booted my pc weird things started happening. My google search results always go to a site that I have to purchase something, same with yahoo. The only one that works is metacrawler and even that not all links work. I already have Malwarebytes installed as well as AVG and hijackthis. Now I am only able to run hijackthis. Also I can only visit sites from my favorite list, even if I type in the address manually on the address bar I get a not connected page. Sites such as bleeping computer or hikack this forums I keep getting a not connected page. I am running Xp pro, service pack 2. My email also does not wo

All help is appreciated.

  User-1229748 04:03 09 Jan 09

can you boot into safe mode and run malwarebytes?

  wossie 04:19 09 Jan 09

Try system restore, start, all programs, accesories, system tools, system restore.........

  xiosxios 04:38 09 Jan 09

Hi Guys,

Thanks for your time. I restarted in safe mode and malwarebytes does not run. I also tried the other suggestion of system restore and no hope there either. I also tried booting Malwarebytes from a USB and it did not work. Hijackthis program works thought.

Logfile of HijackThis v1.99.1
Scan saved at 11:37:04 PM, on 08/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20900)

\

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = click here
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = click here
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = click here
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = click here
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - HKCU\..\Run: [MalwareRemovalBot] C:\Program Files\MalwareRemovalBot\MalwareRemovalBot.exe -boot
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - click here
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - click here
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - click here
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - click here
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - click here
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll wadbgf.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

  Diodorus Siculus 06:54 09 Jan 09

To solve the problems with google etc:

Go into

C:\WINDOWS\SYSTEM32\DRIVERS\ETC

delete the file called hosts (it has no extension) or rename it to hosts.old

This is the file that tells your browser where to find URLs etc and it seems to have been corrupted.

  birdface 09:18 09 Jan 09

Malwarebytes gets rid of most problems.Superantispyware also does a good job.Can you download it and update it and run in safe mode. click here

  hiwatt 11:10 09 Jan 09

go to internet explorer/tools/internet options and click on the advanced tab.Click restore default settings and then try and run malware byres and see if that helps.

This thread is now locked and can not be replied to.

Intel Coffee Lake 8th-gen Core processors release date rumours

1995-2015: How technology has changed the world in 20 years

Framestore’s haunting post-WWII title sequence for new BBC series SS-GB

How to install MacOS Sierra on an older Mac: Get Sierra running on Macs & MacBooks from before 2009