Restarted computer, Things have changed

System crashes and similar are topics for the Software or Hardware Forum and that may be what the problems you are describing are related to.

Let me first ask have you tried using System Restore (that I previously had you enable) to go back to a point in time before these problems started. This will not restore any pictures, videos or music if they are really gone but it may fix other problems.

Other than the above, your alternative is to run the below so we can determine if you are having any malware isssues.

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, renaming, running, and posting HijackThis logs as attachments.

• Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
• Make sure you check version numbers and get all updates.
• Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

• After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis​

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.​

• When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
  • CounterSpy - only for Windows XP, 2K, & NT users
  • AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy. - only for Windows XP, 2K, & NT users
  • Bitdefender - from step 6
  • Panda Scan - from step 6
  • runkeys.txt - the log from GetRunKey.bat
  • newfiles.txt - the log from ShowNew.bat
  • HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!

 

You will need to use AVG Antispyware since your trial period (15 days) for CounterSpy will have already expired since you first installed it.

 

You will then have to use another PC to do your downloading and then transfer them to this PC somehow. Like a USB flashdrive...etc. The same goes for getting your logs back off of this PC if you cannot upload them from it.

Did you even think about using System Restore as I suggested already?

 

Very bad idea! It could have saved you from having to fix your PC and possibly formatting it if we cannot fix it. And that maybe the case since I tend to doubt your problems (at least not all of them) are malware. From what I remember last time you were here you still had a variety of Windows OS problems not malware. Perhaps it is time you formatted and reinstalled.

And as I said to you last time, System Restore does not use memory. It use disk space. And you probably would have plenty of diskspace if you removed pictures, videos and MP3s.

How large is your hard disk and how much free space is there?

 

You really should purchase a larger hard disk especially if you plan to keep storing large amounts of pictures, videos, and MP3s. Do you have a DVD or CD writer installed? If so, backup some or all of these files and get them off your hard disk while you still can. Also these will give you more free disk space and your PC will perform better. You need to have System Restore enabled.

Your computer did not detect the trojans. A program you have running detected them. Which program detected these trojans and what were they and where were they located.

If it worked fine after this and now you are having problems again, it still may not be malware.

Then how did you fix using a CD in the above statement. You need to buy a Windows XP CD. It is very important to have one especially for times like this. Without a CD you cannot fix many problems and you also cannot reinstall (unless you have some system recovery disks that came with your PC, but that puts you back into the state you PC was shipped which is normally very old and full of unncessary junk).


Do you have the ability to get me logs from GetRunKey, ShowNew and HijackThis?

 

It will not help you now. There are no restore points to restore to since you disable it.

Do you really need Paltalk? Read the below which is well known about it:

Run HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone

After clicking Fix, exit HJT.


Now we need to Reset Web Settings:

1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Note for IE 7 users: You need to select Internet Options then the Advanced tab and then Reset Internet Explorer Settings!


Can you somehow get the below fixME.reg patch onto your PC and follow the directions given?

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Now attach a new HJT log. Any change to your ability to download?

 

When you double clicked on fixME.reg did you get a message at the end that said it was successfully added to the registry?

Where is the new HJT log?

You say you cannot download anything but does the PC connect to the internet and can you surf and access this forum with it. In Internet Explore click Tools and select Internet Options. Click the Security tab and then select the Internet zone by clicking on the globe icon. Then at the bottom of the form click the Default Level button and then click Apply. Then at the top of the form select the Advanced tab and then at the bottom of the form click the Restore Defaults button and also click Apply. Then click OK to close the form.

Now reboot your PC. Any change?

 

You need to answer all of my questions.

 

What is your user account name?

Now see if you can do the below.

Click Start, Run and enter cmd and click OK. This should open a command prompt window. In the command prompt window enter the below command

net localgroup Administrators

tell me what user names are listed down under the word Members

 

Sounds like you are logging into the wrong user account to me.

 

I cannot explain how you got like this, but you are not logging into the correct account. And the current account is a restricted user account which is preventing you from doing anything. Logout and log into the correct user account.

 

What happens if you select Log Off and use Switch User?

Also try booting in safe mode and login to the Administrator account and then make sure your other accounts have administrator priviledges.

Your problems at this point are not malware related but rather related to something your have done to your operating system. I will have to suggest that you continue in the Software Forum.

 

Do what I said when logged into the Administrator account which only appears in safe boot mode.

Do you still have copies of GetRunKey and ShowNew on your PC?

 

Vfilt is a service that is used by Outpost firewall. Do you have it installed or did you have it installed at one time.

Also Ad-ware showed the service named Bits which is also valid and is part of Windows and used by Windows Update. User service just may not be in the correct state but it is not a trojan downloader. It is probably in the wrong state because you are not logged into an account with admin priviledges. Also the AutoAdminLogin entry is probably because you set your system to allow a user to automatically logon at any Windows network computer without giving a password. (not a good idea especially if you set this up this way)

You still need to do what I requested in my last message and remember to answer questions.

 

From Control Panel, User Accounts. However you may not be able to run this either. None of these issues are malware issues. You have some how corrupted your registry or at least your user profile (and probably the Administrator profile). I still suggest your best bet is to work thru these issues in the Software Forum since none of this is malware related. If you had not disabled system restore, you more than likely would have been able to use it to fix your problem.

It does not matter. I just wanted to know since I was telling you that Ad-Aware did not find any valid issues. They left overs from Outpost.

 

Creating a new user account will not remove anything from the other accounts; however I'm beginning to doubt you will be able to do this anyway. Your account seems to have too many restrictions placed on it and you could be missing various system files based on some of the problems you have experienced. You create new accounts from From Control Panel, User Accounts.