Hello everybody, My computer has apparently contracted a virus. Programs such as Adobe Acrobat and Registry Mechanic will not open. Any ideas on how to fix my problem? Thanks
Monsoon: Ted Arcidi's gonna drop by. Brain: What a jerk. Monsoon: He's buying dinner. Brain: Oh, that Ted Arcidi. He's a wonderful human being.
You have not provided enough information for anyone here to help you. Because you didn't provide enough information, I am hesitant to attempt to help you - perhaps you would be more comfortable taking your system in to a local computer shop instead of doing your own repairs? I'm not trying to be harsh, but it appears that you don't know a lot about fixing software issues just from the lack of useful troubleshooting information provided. Perhaps you were just in a hurry and can provide us with more data so that we can help you.
When I try to open Adobe, the opening picture appears on the screen, than nothing happens. When trying to run Registry Mechanic a box apperas that states" Error while unpacking program, code 4. Please report to author." When I contacted the company, their reply was the prpblem may relate to a malware infection on my system. They suggested that I download their Malware detective program and email them the results. Unfortunately, I am not able to find the results of scan to send to them. Guru, you are correct in that I'm not well versed in fixing software problems, although I have limited successes in the past. Let me know if this isn't enough info.
Monsoon: Ted Arcidi's gonna drop by. Brain: What a jerk. Monsoon: He's buying dinner. Brain: Oh, that Ted Arcidi. He's a wonderful human being.
Can you open up task manager? If so, can you post the programs that are running under "processes" tab? Also, try downloading Hijack This! and post the results. First show me the task manager, maybe I can determine your problem there.
Post the Processes first then run Hijack This! If I cant help you, I'm sure someone on this board will get the info they need from your hijack This log.
The following are the results of HiJack This: Logfile of HijackThis v1.99.1 Scan saved at 1:45:36 PM, on 11/3/2006 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
C:\WINDOWS\TEMP\TED78.EXE There's no information about this file anywhere on Google. It's probably a virus/malware with a random name. Plus it's running from a Temporary folder.
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB- 9B51-7695ECA05670} - blank (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53- 2644-206D7942484F} - blank (file missing) O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17- ADC1-64B5B4FF55D0} - blank (file missing) O2 - BHO: ST - {9394EDE7-C8B5-483E- 8773-474BF36AF6E4} - blank (file missing) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17- ADC1-64B5B4FF55D0} - blank (file missing) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2- 892F-0090271D4F88} - blank (file missing) None of these are that big a deal, but when the file is missing they might as well be removed.
O4 - Startup: PowerReg Scheduler.exe O4 - Startup: PowerReg Scheduler V3.exe Sites are mixed about these. Some say that they cause popups, while another says that it's a registration reminder used by companies such as Iomega, Hasbro, & Microprose. Either way it can be safely removed.
O9 - Extra button: Dell Home - {08DCFC6C-B6E4-480C- 95A4-FC64F37B787E} - http://www.dellnet.com/ (file missing) (HKCU) Same as the missing files from above.
O16 - DPF: {89122070-4199-11D4- 8BAF-0050045B552C} - http://download.rocketpipe.com/ bundles/ 2288.cab RocketPipe.com seems to have been taken over by a cybersquatter, so I'd remove this one.
O16 - DPF: {A7EA8AD2-287F-11D3- B120-006008C39542} (CBSTIEPrint Class) - http://offers.brightstreet.com/ cif/ download/ bin/ actxcab.cab I would probably remove this. brightstreet.com has something to do with a thing called "E-Centives". Something about getting coupons from companies. If you don't use that regularly, I'd remove it.
O16 - DPF: {89D75D39-5531-47BA- 9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/ include/ cab/ CWDL_ DownLoad.CAB Do you use CallWave? It looks like some sort of call-waiting feature on your computer. If you don't, you might as well remove it.
O16 - DPF: {4ED9DDF0-7479-4BBE- 9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/ molbin/ shared/ mcinsctl/ en- us/ 4,0,0,83/ mcinsctl.cab O16 - DPF: {BCC0FF27-31D9-4614- A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/ molbin/ shared/ mcgdmgr/ en- us/ 1,0,0,20/ mcgdmgr.cab What Antivirus do you have? The thing earlier said Trend Microsystems, now this stuff is from McAfee. More than one active antivirus can cause conflicts.
O16 - DPF: {352797A0-EFD0-4FA6- B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/ v3/ setup/ activex/ DIGHardwareControl.cab O16 - DPF: {4F1E5B1A-2A80-42CA- 8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/ resources/ MsnPUpld.cab O16 - DPF: {2F003D51-39FD-4D18- 9016-95CF70B92ABE} - http://download.movienetworks.com/ install/ US/ altpmtscab.cab Remove any of these if you don't use them. They appear to be from Disney Blast (a kid's site), one for uploading Pictures in Hotmail, and one from MovieNetworks.com.
So only the first one is obviously bad. The rest are just things that are cluttering things up and might as well be removed.
I'd recommend restarting your computer in Safe Mode (Press and Hold F8 while the computer is starting, then choose the Safe Mode option), running HijackThis!, and removing those items listed above. Then restart your computer, run HijackThis again, and we can see if everything has been removed.
Ted78 is probably the random name that the Office Scan watcher was assigned. Look for an icon of a little dog on it. If so, it's from Trend, and can be safely ignored.
Hmm... No obvious sign of infection.. out of morbid curiosity, how does your hosts file look? Also, I have these two questions: 1) how up to date is your anti-virus software. and 2) Have you mad any recent changes to the system? This includes any Microsoft updates, any patches, firewall changes, etc.
Keep that info coming! Any other programs exhibiting weird behavior? What happens in safe mode? Can you run these programs there?
As silly as this sounds, you may just have some corrupt files (driver, dll etc) or even some bad registry entries preventing you from running this software. The solution may even be as simple as running scan disk and disk defragmenter, but we wont be able to tell unless you can get more info. Slowly but surely we'll get to the solution, its just process of elimination at this point!
The anti virus software that runs is Trend-Micro it automatically updates. I had been using the free Zone Alarm firewall. Once they stopped updating for Windows ME, I uninstalled the program.
Monsoon: Ted Arcidi's gonna drop by. Brain: What a jerk. Monsoon: He's buying dinner. Brain: Oh, that Ted Arcidi. He's a wonderful human being.
Yeah, thanks all. BleepingComputer helped a lot here. This virus is found as either 'xxjskinbkvu.exe' or '19586852.exe' and it is the AIDS of computer viruses right now.