# Big problem i need help bad



## clerisy (Dec 17, 2009)

Ok firstup, sorry if i am posting this in the wrong section.

Ok well previously i was on the computer and as i soon as i downloaded and ran a file my comp just shutdown and got the blue screen of death.
Maybe it was a virus/trojan or something, i dont yet know.

But heres where the problem begins, after i let the dump of physical memory finish in the blue screen of death, as it went to restart - as soon as it gets to the windows logo and starts loading, about 1-2 seconds through it just restarts again.

It comes up with the previous options to reboot:
Safe mode
Safe mode with Networking
Safe mode with Command Prompt

Last known good configuration

Normal startup.


It doesnt matter which one i choose the same thing happens for each, when i try load the 3 safe mode options the usually loading all sys file jibberish comes up but it pauses and says, 'Press ENTER to continue loading sptd.sys'
Then when i press enter it just reboots again.

The thing is earlier on the day it happened my computer tech was in my harddrive replacing my old faulty dvd drive with a new one so maybe im thinking he knocked something accidently or?

So i went and set my bios and cmos back to defaults and with further ado i continue to get failure.
When i go into the 'health options' in bios and enable 'SYS FAN fail warning' and reboot, some sort of siren noise is made by my harddrive but i have read on other forums that , that is due to me not having a sys fan.So i disabled it again.

My system says its running at 22degrees celcius if that helps at all lol.

Here are some of my pc specs, i cant get much more as i cant logon to view them:
Intel Celeron 3.06ghz
Windows xp sp3
1gb RAM
Award Modular BIOS vs6.00pg
Radeon 9200/9250 series Graphics Card.

Please do not post replys telling me to do some chkdsk or other commands in command prompt as i cant get that far!

I really hope there is a way to figure this out as my mum just bought this computer off the comp guy as i fried my old motherboard and its right on christmas so i really dont want to have to get it fixed AGAIN.

Consider this my thanks in advance.


----------



## hrlow2 (Oct 6, 2008)

First. Welcome to TSG.
Have you opened up the case and confirmed that all connections were securely hooked up?
Do the same for your RAM.(memory).


----------



## clerisy (Dec 17, 2009)

Hey hrlow2 and thanks for the welcome.
The thing is i really dont want to take of the case as last time i played around with the inside that is how i fried my motherboard by static or something and had to buy a new computer and my mum wasnt very happy so i really dont want to risk it.

And domnator please do not spam on my thread, please start your own.
Thanks.


----------



## clerisy (Dec 17, 2009)

Ok i have removed and put the RAM sticks back in, still fail.


----------



## clerisy (Dec 17, 2009)

Could people please reply with solutions.
I really do need this fixed ASAP.
Thanks.


----------



## clerisy (Dec 17, 2009)

bump


----------



## clerisy (Dec 17, 2009)

bump someone please reply.


----------



## Veryfrustratedus (Dec 6, 2009)

Clerisy, I'm sorry about your troubles but you are not the only person in a fix, and those who help here for free are busy so please try to be patient.
I'm not a tech, but to help those who know you should identify what it is you downlaoded, if you installed it, and whether or not you have operating system discs.


----------



## clerisy (Dec 17, 2009)

I downloaded the keygen from here:

{_Edited by Moderator.....Please...don't post links to known malware sites! We do not need the location you got infected and a way for new users to get themselves possibly infected!_

Yes i did install it and as soon i did thats when my comp crashed and got the BSOD(blue screen of death)

And no i dont have my OS discs.


----------



## Veryfrustratedus (Dec 6, 2009)

Ok my Av won't let me onto that page it is marked as unsafe as you have found out. 
If you have a secoind computer with a good up to date AV you could put the affected HD into an external and then scan it with the second computer. My AV automatically scans anything I plug into the USB ports. 
You may be better off if you go directly to the Malware forum.
I recomend you PM a moderator and ask to have this post moved over to that forum. It helps not to have multiple posts going.


----------



## clerisy (Dec 17, 2009)

OK tyvm, how do i find the moderators?


----------



## Veryfrustratedus (Dec 6, 2009)

At the top of each forum the stickies are posted by moderators. The moderators are also highlighted in the whos online list at the bottom on the front page. 
In the area where the user name is on each post it tells you the status of whomever it is.


----------



## Byteman (Jan 24, 2002)

clerisy

I will put the directions here for you, you download and install Hijackthis, scan and save a Log, and copy and paste your Hijackthis log into a New Thread you will make in Malware Remvoal, OK? There will be some waiting time, more than a day or two, things are very busy especially this time of year.

follow the directions to post a Hijackthis log there. (not here!)

Use this link below to go to the Malware Removal forum, when you are ready to post your log.

*http://forums.techguy.org/54-malware-removal-hijackthis-logs/*

Please click *here* to download and install *version 2.0.2* of the *HijackThis Installer.* 

Run it and select *Do a system scan and save a logfile*.

The log will be saved in Notepad. Copy and paste the log in your next post.

*Do not fix anything*​


----------



## clerisy (Dec 17, 2009)

if i cant run my computer, i cant run hijack this.

Dont worry i fixed it anyway, i click f8 on boot and clicked the option 'debugging mode' which was the only one which loaded up the computer then i ran mbam and found the trojan, once clean my computer loaded up.

thanks for everyones help anyway.


----------



## Veryfrustratedus (Dec 6, 2009)

I had the impression you had been pressing F8 to try the Safe Mode options you described in the first post. Sorry I didn't catch that.


----------



## clerisy (Dec 17, 2009)

actually it still does the reboot on startup thing even though i removed the virus...?
i can get into the computer in debugging mode but it doesnt load devices and software etc, i would like to fix the problem for good so it can work normal


----------



## Veryfrustratedus (Dec 6, 2009)

I don't know what to say except that if you get it running again at all run the hijackthis asap.


----------



## clerisy (Dec 17, 2009)

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 10:23:03 AM, on 22/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1164407520319
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 5984 bytes

NOTE: Usually my Boot mode is Modified BOOT.INI i just put it to normal so i could run usb in debugging mode.


----------



## Byteman (Jan 24, 2002)

Hi, I don't see anything to be alarmed about in the log....no sign of any infection. All malware does NOT show in Hijackthis.....

What is the status of this computer you are fixing....are you able to boot it into any mode at all? How about *Safe Mode with Networking*?


----------



## clerisy (Dec 17, 2009)

Yea i usually take care of my computer, This one just got lucky i guess 
I can't boot it into none of the modes except Debugging.

And what do you mean by 'What is the status of the computer you are fixing?'


----------



## Byteman (Jan 24, 2002)

I suggest you save any needed documents or files that you need (pics, music, downloads, whatever....)

There are several ways to do that> external drives, CD, USB flash disk, etc.

Next: the main question, is the PC a custom made one, or is it a major OEM brand type.... and do you have any sort of reinstall CD?

*Status* means.....are you able to do what I asked? (boot up in any Normal or Safe Mode....you answered the question I think)


----------



## clerisy (Dec 17, 2009)

I dont have any other storage devices that would hold all of my movies etc.
I think it is a custom made one.
And no i dont have the OS cd, i got my computer off my mechanic and it already came with the OS installed.


----------



## Byteman (Jan 24, 2002)

There is something I would like you to try:

Click on the left side at this page on words "Validate Windows"

Post what it tells you.


----------



## clerisy (Dec 17, 2009)

on my infected computer or the computer i am replying to your posts on>?


----------



## Veryfrustratedus (Dec 6, 2009)

I'm thinking the infected one

As far as storage goes I have a 4gig thumb drive and I've seen them with 8gig. The 4gig cost me about $12 US


----------



## clerisy (Dec 17, 2009)

Validation Complete!
Thank you for completing the validation process and for using genuine Microsoft software.

By using genuine Microsoft software, you can be confident that you will have access to the latest features, security, and support, which will help to improve your productivity and expand the capabilities of your computer. 

You will also have access to new innovations and offerings available only to genuine Microsoft software customers.


----------



## clerisy (Dec 17, 2009)

Veryfrustratedus said:


> I'm thinking the infected one
> 
> As far as storage goes I have a 4gig thumb drive and I've seen them with 8gig. The 4gig cost me about $12 US


Yea i have about 100gig of data on my comp lol.


----------



## Byteman (Jan 24, 2002)

You would need an USB external hard drive (or another internal one) to hold that amount of data.

Your files are not supposed to be affected by doing what is known as a *Repair Install* but accidents do happen....so I hesitate to give you instructions before your data is backed up.

And> you need an XP CD of the same type as you have installed.

From Start button> Run> type in *winver* and hit Enter key or OK.

Post the info shown.....I don't think it will copy and paste, so write it all down and type it accurately, please.


----------



## clerisy (Dec 17, 2009)

I do not have, and cannot get access to an External Hard drive. 
And i don't want to back it up and reformat, i want to fix the problem thats why i came onto these forums.

I have said several times i don't have the OS disc.
MY Windows Version is: Version 5.1 (Build 2600.xpsp_sp3_gdr.090804-1435 : Service Pack 3)


----------



## Byteman (Jan 24, 2002)

I was going to have you perform a *Repair Install* not a reformat.

http://michaelstevenstech.com/XPrepairinstall.htm

Repair Install, if it is done correctly and if it works does not affect your data- however, it's always the best idea to be prepared for anything, which is why I posted to back up your stuff. It seems that you do not wish to continue, and that is your choice.

You can usually use any XP CD *that is the same type you have installed to do the Repair* and that is what I was going to ask, if you could *borrow* a CD.


----------



## clerisy (Dec 17, 2009)

I don't know anybody atm that has a Xp cd of my same version and the only time my computer guy can come around in the next 2 weeks is tommorow so i would like to fix it before then to save me some money.

Is there a way i can download just the repair files from the internet and burn them to disc and run them?
If yes please post a download link to the files for the right version of windows.
Thanks.


----------



## clerisy (Dec 17, 2009)

Ok i found out the name of the trojan i was infected with:
Agent2.PGZ


----------



## vicks (Jan 31, 2005)

Sometimes, the only way to fix a problem is to do a reinstall of the operating system.
Byteman is one of the few people here, who have been trained to work with difficult infections/;security problems. I suggest you would do well to follow his instructions if you want to have a successful resolution to your problem.
vicks


----------



## clerisy (Dec 17, 2009)

I can't follow his instructions if i dont have the disc >.<


----------



## clerisy (Dec 17, 2009)

You can't tell me there aren't any other solutions besides the disc... ?

Note: I just ran chkdsk and did a full Av scan(didnt pick up anything else).


----------



## clerisy (Dec 17, 2009)

Wow i uninstalled service pack 3 off my computer so the disc was the right version for me to repair my computer and now it wont even boot up in debugging mode...


----------



## Veryfrustratedus (Dec 6, 2009)

You could get a replacement copy of the OS from MS or the manufacturer of the machine. If it requires that the system be repair installed your tech guy won't be able to fix it anyway.

You call the manufacturer and tell them you want a replacement disc, they ask a bunch of questions about the machine and the product key, it costs about ten bucks.

MS is about the same except they usually just want the product key.


----------



## Byteman (Jan 24, 2002)

I think right now I would concentrate on having the computer repair person try to have the hard drive temporarily installed in another computer as a Slave drive to rescue your data onto something....

There is more than one way to do this> the tech should be able to do it fairly reasonably. Though, you said you have 100 gigabytes of movies.....with a fast external drive it would not be that much to do.

Here's one way that can *work for even a non-bootable computer*>>> *http://www.howtogeek.com/howto/wind...backup-files-from-your-dead-windows-computer/*

It may be that your hard drive is failing.... problems like this do get progressively worse about each time the computer is used until finally, there is nothing at startup.

If the hard drive will power up, it should be able to be accessed and the files copied to something. You may need another hard drive, or a full format and reinstall using the Product Key used the last time....I sure hope you have a record of the Key or the tech does....

You could also try starting the machine with only part of the RAM installed if you have more than one module....try one, then try just the other, see if that makes any difference. Have no extra devices connected, just the mouse and monitor and keyboard. You could have bad RAM modules, but now only trying *other* modules that are compatible with your computer would help show a problem. This means buying..... so is probably not an option for you.

Goodl luck.


----------



## clerisy (Dec 17, 2009)

Veryfrustratedus, im sure my pc tech will be able to fix it - he has worked with computers for 40 years.

And Byteman It is clearly not a hardware issue, it is the trojan.
The second i click opened the file, my computer crashed.
I think it deleted some important files from %windows% that were needed for startup or something.


----------



## clerisy (Dec 17, 2009)

bump


----------

