Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible virus, pc slow, 3 threats in Malwarebytes, yahoo won't op


  • Please log in to reply

#16
mango_nj

mango_nj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 206 posts

Hi RK!  This is the text from notepad.

 

 

 

 

vssadmin 1.1 - Volume Shadow Copy Service administrative command-line tool
© Copyright 2001-2005 Microsoft Corp.

Error: Unexpected failure: Catastrophic failure
 


  • 0

Advertisements


#17
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP

Copy the next lines:

cd /d %windir%\system32 
net stop vss 
net stop swprv 
regsvr32 /s ole32.dll 
regsvr32 /s oleaut32.dll 
regsvr32 /s vss_ps.dll 
vssvc /register 
regsvr32 /s /i swprv.dll 
regsvr32 /s /i eventcls.dll 
regsvr32 /s es.dll 
regsvr32 /s stdprov.dll 
regsvr32 /s vssui.dll 
regsvr32 /s msxml.dll 
regsvr32 /s msxml3.dll 
regsvr32 /s msxml4.dll 
vssvc /register 
net start swprv 
net start vss
 
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste (or Edit then Paste) and the copied lines should appear.  Hit Enter. 
 
then try the
 
vssadmin list shadowstorage > \junk.txt
notepad \junk.txt
again.

  • 0

#18
mango_nj

mango_nj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 206 posts

Hi RK!! At the prompt...should I copy  the first 18 lines all at once OR
enter after each line? Just want to make sure.


  • 0

#19
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP

Ideally you should be able to do them all at one time.  I've had some trouble recently with the forum software losing the Enter after every line and running them together.  Try it with all at once first and see if you it appears to take each line separately or if it gives you an error.  In that case take each line one at a time and see if you can get through it without an error.


  • 0

#20
mango_nj

mango_nj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 206 posts

Hi RK!  I was able to paste all the lines at one time, with no problem.

I made a screen shot of the command prompt results and below is the notepad.

 

 

 

 

 

vssadmin 1.1 - Volume Shadow Copy Service administrative command-line tool
© Copyright 2001-2005 Microsoft Corp.

No items found that satisfy the query.

Attached Thumbnails

  • command-prompt.jpg

  • 0

#21
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP

At least it is not failing the same way.

 

Search for service.msc and hit Enter.  Then find Microsoft Software Shadow Copy Provider and right click on it.  Make sure it is set to Startup Type: Manual.  Apply if you make any changes.  Try to start it.  Do you get the same stupid error?

 

Reboot and then try the vssadmin list shadowstorage again.


  • 0

#22
mango_nj

mango_nj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 206 posts

Hi RK!  VSS was stopped, but the Startup Type was Manual. I did a restart, but APPL was greyed out, so I checked ok.

The log said START. Screen shot is attached to show it was enabled. Did  a reboot and a command prompt and the results are

the same.  I did not try to create a restore point. If you want me to I will.

 

 

vssadmin 1.1 - Volume Shadow Copy Service administrative command-line tool
© Copyright 2001-2005 Microsoft Corp.

No items found that satisfy the query.


 

Attached Thumbnails

  • vss-started.jpg

  • 0

#23
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP

Not VSS.   Microsoft Software Shadow Copy Provider 

 

Search for service.msc and hit Enter.  Then find Microsoft Software Shadow Copy Provider and right click on it.  Make sure it is set to Startup Type: Manual.  Apply if you make any changes.  Try to start it.  Do you get the same stupid error?

 

Reboot and then try the vssadmin list shadowstorage again.

 

 

 

Do try to create a restore point


  • 0

#24
mango_nj

mango_nj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 206 posts

Hi RK!  OMG! I copy & pasted the wrong instructions in my Geeks file. Sorry about that.
Shadow Copy Provider: START. Then I got the same result as before, in the vssadmin list

shadowstorage, but when I created a restore point...it says it was successful. 2 Attachments.

If I did something wrong, let me know :-)

 

 

vssadmin 1.1 - Volume Shadow Copy Service administrative command-line tool
© Copyright 2001-2005 Microsoft Corp.

No items found that satisfy the query.
 

Attached Thumbnails

  • shadow-copy.jpg
  • RestorePoint-successful.jpg

Edited by mango_nj, 12 August 2016 - 09:48 AM.

  • 0

#25
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP

Great!  System Restore is fixed.  Are we done?  If so it's cleanup time:

 

We usually clean up with Delfix.  This removes our tools and their logs and quarantines and also removes all but the latest System Restore point so there is no chance of the malware coming back with a system restore. Delfix has been a tad too aggressive recently and seems to dislike pdf files in the Downloads folder so if you have any you should move them to a different folder before running Delfix.
 
Ensure Remove disinfection tools is ticked
Also tick:
Create registry backup
Purge system restore
 
Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply
 
If we installed Speccy it needs to be uninstalled.  Process Explorer, VEW  and their logs and Speccy's log can just be deleted.
 
Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  Flash is now the most malware targeted program so it must be kept up to date.  Be careful with Adobe.  They are fond of offering optional downloads like yahoo or Ask toolbars or that worthless McAfee Security Scan.  Go slow and uncheck the optional stuff.
 
Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions. 
 
 
If you use Chrome/Firefox/IE then get the AdBlock Plus Add-on.  Go to adblockplus.org with each browser and get the add-on.  (It's actually a program for IE)
 
If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox.  Close Chrome/Firefox/Skpe. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow starting..
 
Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will probably be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.combeforeyou open them.
 
Due to a recent rise in the number of Crytolocker infections I am now recommending you install:
 
CryptoPrevent
 
 
Last time I downloaded it you had to give them your IP address and they would send you the link to download it.  When it ran it asked if you were sure your PC was clean then it would try to allow everything on your PC to continue running.  The free version does not update on its own so you should check for updated versions once in a while.  If you have problems after installing CryptoPrevent you can just uninstall it.
 
If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.  See http://www.king5.com...0637284.htmlandhttp://www.seattlepi...ted-1344185.php for why encryption is important.  If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.
 
Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.
 
 
Ron

  • 0

Advertisements


#26
mango_nj

mango_nj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 206 posts

Hi Ron!!  Thank you so much for everything. You've been SO AWESOME!

Creating a restore point was so important. Appreciate all the work you did in

helping that happen. I uninstalled Speccy and deleted Process Explorer, VEW 

and their logs.

 

With some of the issues you've observed, how long do you think this pc has before it dies??

I'm in the process of getting a new laptop and also saving what files I need. Again,

thanks for all the recommendations you gave me. Btw, I saw your comment on Orcas

Island. I'm a Washingtonian and I've been to the San Juans....Beautiful!!! Take Care my friend! :wave:

 

Here's the delfix report

 

# DelFix v1.013 - Logfile created 12/08/2016 at 20:06:03
# Updated 17/04/2016 by Xplode
# Username : Dove - DOVE-PC
# Operating System : Windows Vista ™ Business Service Pack 2 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Dove\Desktop\adwcleaner_5.201.exe
Deleted : C:\Users\Dove\Desktop\FRST.exe

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #183 [First restore point | 08/12/2016 15:26:37]

New restore point created !

########## - EOF - ##########
 


  • 0

#27
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP
how long do you think this pc has before it dies??

 

 

No idea.  Could be today or it could be a year from now.

 

Alsa I no longer live on Orcas.  My wife decided she want to be close to her granddaughter so we moved back to FL 2 years ago.  I surviced one summer there and told her life's too short for this so this summer I am hiding out in Winter Park CO at 8900' where we generally have a high in the 70s.  Air's a bit thin but I've gotten used to it and I'm doing a lot of hiking and really enjoying living without AC.  She's flying up tomorrow.  I think I've finally convinced her that trying to survive the FL summer is no fun.  


  • 0

#28
mango_nj

mango_nj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 206 posts

Hi Ron! I'm sure living on Orcas Island, was so amazing. I don't know
how you stood FL summer for a year. It's so hot there.  I've never been to
Colorado, but the pictures are breath taking. I know you're loving it,
especially if you're a hiker and admire the outdoors. 70's weather is perfect
and your wife might decide to stay LOL. I think every thing is done on my
end. but I do have 2 questions...

 

1) I keep getting an error when I open NEW yahoo messenger. It will not work. See attached.

Thought it was a virus, but system is clean.

2) I would like to be able to completely get rid of Firefox and do a clean
reinstall, but keep my bookmarks. I do crash a lot and I feel it's probably
corrupt.  Uninstalling via control panel, will not rid my system of mozilla. I
tried that. Elements of it will still be there. I am looking to "completely" eradicate
it and do a clean reinstall.  If you can help me with instructions,  I would appreciate it.

It's difficult to sift through that on their website

Attached Thumbnails

  • Error.jpg

Edited by mango_nj, 13 August 2016 - 06:48 AM.

  • 0

#29
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP

1. I expect your Yahoo Messenger is too new (and Vista is too old).  You can get older versions at filehippo: I would try the last version of 10 first:

 

http://filehippo.com...nger/tech/7673/

 

Uninstall the new version first.

 

If that gives you the same error then back up ot the last version of 9.

 

http://filehippo.com...messenger/5684/

 

2.  First export your bookmarks:

 

Do the section 

 

Backup and restore
 
Manual backup
 
Steps 1 thru 4
 
on

 

https://support.mozi...up-or-move-them

 

Save the file to your desktop so it won't get lost.

 

After you reinstall Firefox then do 

 

Restoring from backups

 

on the same page.  Steps 1 thru 4

 

Then I would get the free REVO Uninstaller:

 

http://www.revounins...e_download.html

 

You want the second Free Download button.  The first one is for their trial.

 

The download should start.  Save it and once it finishes, right click on it and Run As Admin.  Accept the defaults.  Once the install finishes it should load REVO.  It will show you a list of installed programs.  Click on FIrefox.  Then on the Uninstall tab at the top.

 

It will startup Firefox's uninstaller which will probably ask in a separate Window if you really want to uninstall.  Let Firefox's uninstaller do its thing then go back to REVO.

 

Click on Scan.  Click Delete when the scan is finished.  It will ask you if you are sure.  Yes we are.  Click on Delete again and tell it you are sure and then it should be gone for good.

 

 

 

Wife is going to stay until October 15 and then we are going to detour to Franconia NH on our way back to FL to check out a possible location for next summer.


  • 0

#30
mango_nj

mango_nj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 206 posts

Hi Ron!!  Btw my name is Paloma. The instructions you gave for firefox, were successful. I have a fresh copy of the program and so far, so good. Revo worked well. Your expertise has helped me tremendously. You are really enjoying your retirement. I can't wait to be able to do that.

The New Yahoo messenger v0.8.155 is compatible w/ Vista, even though I know it is ancient. I have the old messenger installed, but they are deleting the Legacy program completely by 8/31. Only the new program will work. I have seen others on vista install it fine. Not sure why I'm getting this error. I do believe there is a problem with that SHELL32.dll error. Is there a way to check it and make sure it's not corrupted or missing? It may need to be replaced w/a new copy, but I have no idea how to do that. It's almost like it's not  reading something correctly. When I try to open the program I get a weird computer animation, but it's just colors then it goes away. I know SHELL32.dll is an important part of the OS, so I'm a little worried. I did go online and there are a few reasons for the error, but I'm not sure how to fix it. Last night I deleted the old program & I still had the same problem.
 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP