Try that quickfix program from Bleepingcomputer.com.  Those guys make some amazingly effective trojan removing programs.

Or better still....first do what Yrag requests ....;)

Ok, good.  ElanaAhova, let us know how it goes!

Stop trying to install anything. The malware will not allow it.

Open msconfig/ Startup and post snapshots (scroll). Open Taskmanager/ Processes, click Show processess for all users, expand and post a snap of that.

a-squared makes a nice free remover, I have not tried it personally but it saved a good friend of mine from a reinstall, as far as getting your games from Stardock , if you registered them with Impulse you should be able to download it again and reinstall them from there. that is what I am hoping anyway as I am looking at more or less the same thing!

msconfig gets down nice and low in os and should tell you whats up!

i recommend you get a program called autorunz, it's like msconfig but it goes even further into the system and gives more detailed info on whats loading. you may be able to then locate the trojans location. if you can locate it try and delete it, it will probably say unable to delete file access denied or it's in use by another program etc etc, if so get a little program called unlocker and once thats installed right click on the trojan file and then choose the unlocker option in the menu, this should open the unlocker main window and enable you to unlock it from any files that may be in use. then try and delete it again, hopefully this might work. other wise see below

the reason you are having so much trouble trying to install programs to fix the problem is that the trojan is stopping them being able to install. bite the bullet, take the computer to a computer shop, get them to back up any of your important (UNINFECTED) files and then have them completely wipe the hard drive, and reinstall windows. If you keep going the way you are then it's just going to get worse. Once you have a freshly installed windows back install some good antivirus software, get yourself malwarebytes antimalware and maybe some of the other programs suggested here.good luck

Removing malware from a computer only works if the computer's security is not compromised.  No prizes for guessing that a lot of malware exists simply to quietly take down your security, so that other malware can infest it.

Reformatting and reinstalling may be a pain, but since not removal software is guaranteed to get rid of everything, you can be up and running again (assuming you back up your files) in far less time than it would take to do all the malware scans.

You can download GalCiv fresh using Impulse, as long as it's registered and you remember your login for Impulse.

I have had success with hijackthis. There is a function in hijacthis for deleting a file on reboot and its a great help when I manually kill the buggers. Have done this 4-5 times on different comps.

Of course ther is much more to it than just deleting files. You have to look through hijackthis listing of startup files and remove everything you dont want, tracking down the file location of the trojan and so on.

YRAG wrote: November 21, 2010 11:57:13 PM from WinCustomize Forums

Stop trying to install anything. The malware will not allow it.
Open msconfig/ Startup and post snapshots (scroll). paint doesn't work (deleted it last night), manual copy via notepad:


NvCpl        RUNDLL32.EXE               C:\WINDOWS\system32\NvCpl.dll,NvStartup HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Run
jusched   "C:\program files\Java\jre6\bin\jusched.exe"    HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Run
RTHDCPL RTHDCPL.EXE HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Run
PDVDServ "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Run
qttask "C:\Program Files\Quicktime|qttask.exe" -atboottime HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Run
nwiz nwiz.exe /install HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Run
NvmcTray RUNDLL32.EXE C:\C:WINDOWS\system32\NvmcTray.dll,NvtaskbarInit HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Run
iTuneshelper "C:\Program Files\iTunes\iTunesHelper.exe HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Run
avgtray C:\PROGRA~1\AVG\AVG8\avgtray.exe HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Run
ALCMTR ALCMTR.EXE HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Run
reader_sl "C:\Program Files\Adobe\reader 8.0\Reader\reader_sl.exe" HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Run
ClearwireCM "C:\Program Files\Clearwir\Connection Manager\ClearwireCM.exe" -a HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Run
avgnt "C:\program Files\Avira\AntiVir Desktop\avgnt.exe"/min HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Run
ctfmon C:\WINDOWS\system32\ctfmon.exe HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Run
SUPERAntiSpyware C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Run
DLM C:\Program Files\Download manager\DLM.exe/windowsstart /startifwork HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Run
Windows Search C:\PROGRA~1\wi459E~1\WINDOW~1.EXE /startup Common Startup
Impulse Now C:\PROGRA~1\Stardock\Impulse\Now\IMPULS~1.EXE Startup







Open Taskmanager/ Processes, click Show processess for all users,


expand and post a snap of that. next post....

IF you have files you need get an external drive and a copy of the ubuntu 10 cd - its free.  from here: http://www.ubuntu.com/

Boot from ubuntu you will now be in an non-windows operating system so the bug should not be active.

Atttach a usb drive to copy files that you dont want to lose

From ubuntu you will be able to see both your c drive and the usb drive you installed

copy the files you need from your local c: drive to your usb drive.

shut down the pc. remove the ubuntu cd - remove the usb drive

reboot with windows cd

Format the system - Full format - kills everything

Dont worry about galciv - if you registered the game with Impulse than you can reload it from there.

When you get back up - install a virus scanner - 1st thing - go ahead and spend some money on it - I like mcafee personally.

reconnect the usb drive with your files in - run a full scan to make sure nothing nasty copied over - copy your files back and that should do it.

November 21, 2010 11:57:13 PM from WinCustomize Forums
Stop trying to install anything. The malware will not allow it

Open Taskmanager/ Processes, click Show processess for all users,

expand and post a snap of that. paint deleted last night. Typed copy of taskmanager follows...

notepad.exe user CPU=00 (all are 00 except system idle process which is "99" MemUsage=3.704 K
taskmgr.exe user 5,044 K
impulseNow.exe user 19,288 K
WindowsSearch.exe 10.420K
iPodService.exe SYSTEM 3,932 K
SUPERANTISPYWARE.EXE 640K
avgnt.exe user 1,632K
iTunesHelper.exe user 4276K
rundll32.exe user 3,624K
qttask.exe user 2596K
PDVDServ.exe user 3,336K
RTHDCPL.exe user 22,472K
Jusched.exe user 2,896K
WINWORD.EXE user 2,896K
alg.exe LOCAL SERVICE 3,668K
dllhost.exe SYSTEM 8,516K
LSSrvc.exe SYSTEM 2,580K
ctfmon.exe SYSTEM 3,944K
avshadow.exe SYSTEM 2,580K
jqs.exe SYSTEM 4,436K
avgwdsvc.exe SYSTEM 1,844K
avguard.exe SYSTEM 1,900K
svchost.exe LOCAL SERVICE 3,780K
sched.exe SYSTEM 736K
spoolsv.exe SYSTEM 5,100K
Opera.exe user 15,964K
avgrsx.exe SYSTEM 112,621K
svchost.exe LOCAL SERVICE 3,928k ((eLANA'S NOTE: THIS IS EXACT SAME NAME AS EXE PROGRAM FIVE LINES UP, BUT WITH DIFFERENT memory SIZE. several 'svchost'exe programs are repeated...))
svchost.exe NETWORK SERVICE 5,840K
Explorer.exe user 52,308K
svchost.exe SYSTEM 27,484K
svchost.exe NETWORK SERVICE 4,748K
svchost.exe SYSTEM 5,428K
msdtc.exe NETWORK SERVICE 5,100K
lsass.exe SYSTEM 1,272k
services.exe SYSTEM 1,292 K
winlogon.exe SYSTEM 1,020K
csrss.exe SYSTEM 4,640K
RcAppSvc.exe SYSTEM 2,820K
Mylocal.exe user 25,160K
smss.exe SYSTEM 416K
searchindexer.exe SYSTEM 416K
DeviceLaunchSvc.exe SYSTEM 5,880K
ClearwireCM.exe user 28,020K
nvsvc32.exc SYSTEM 4,160K
MDM.EXE SYSTEM 3,336k
System SYSTEM 344k
System Idle Process SYSTEM cpu=99 28K

OK, bugs maybe?? gone, (malwarebytes clear.  Alvira clear, shredder clear), but ALL MS word docs still bugged, even new ones just made with NO text...).  Guess it is time to lose it all, and do fresh install of windows... oye!

i have snaps made with paint, but still trying to figure out how to get them uploaded here.  the 'inseret image wants a url...and i don't know url of paint snaps on my desktop - and no brouse fuinction is there to 'find' it.  maybe i will try uploading to email yahoo account

also tried ubuntou with a 2Gb stick drive, but kept getting error messages.

i really am lousy at all this web/Internet stuff.  Should have not bothered with impulse, EWoM, etc., and stayed with stand alone PC games that come on CD and don't need live Internet access.. lol.  Never had problems with my PC or with MS office, then.



If you dislike MS office, Open Office is a free open source alternative. www.openoffice.org

Re-installing windows may seem daunting at first, but its really not very difficult.  It's not worth paying a shop to do it for how simple it is.  As long as you have install discs, and backups of anything crucial, once you have internet access back up and running your pretty much set.  Though it can be time consuming if your like me with an original xp disc and haven't bothered to burn the service packs to cd...

I like MS office, worked fine before this bug hit my PC.  i have disc for windows, and certificate.  i never burned the service packs....

I thought MS stopped supporting XP.  They still have serv pak 1 and 2 available on line?

ElanaAhova: Here's the link to teach you how to make a screenshot: http://wiki.wincustomize.com/wiki/Screenshots:_How_to_make_one

Crystal shake, I have been hoping yrag will post with his response to my msconfig, and task manager info.  Hoping he sees something we all are missing.

OK, say I do the reinstall windows xp route.  what are the steps/order of things i must do?

When do i reformat hard drive?  do in put win disk in cd drive, restart PC, or reformat first?  etc.

I suspect, after getting new windows install done, i have to:

1) reinstall Internet connectivity stuff,

2) THEN get win serv packs 1 and 2 (or t3?), down load, install.

3) then get malwarbytes, alvira, shreeder downloaded and installed and running.

4) then go to stardock, and get impulse again, etc, yes?

5) thenb take dosbox and MoM off my stickdrive and hop it copies back to PC.

6) reinstall MS office (legal copy), and hope the MS wizards and MS police haven't done overkill on their anti-pirate efforts.

would you modify sequence of doing these?

Dr JBHL,  I have uploaded the three images to wincustomize.  i looked around, and I still don't see how to link them to this forum.... I appreciate all you r help, and the help of everyone here.  REALLY!

going to do reinstall of windows, hope i survive.   hopefully see you on the other side...

Elana,

As I have tried to indicate the best and most thorough source for pc assistance I've found is bleeping computers.  If any people can get your pc back to being fully functional without having to re-install your system it is they who can do it.  It's up to you, please read through the forums at the link and you will see what i mean.  Bleeping Computer Forums.

Bigdogbigfeel.  i posted my situation with bleep last night.  no reply yet.  will check one more time.  the, if nada, will reinstall windows.  thnaks all for help...

Just came from bleep computer.  My request for help is missing, or i just cant find it.  my profile says i only have one post, the intro post. yesterday, at that site, i also started a topic asking for help... and posted the data as i have here.  and now i cannot find that post on bleep comp site.  how i love complicated, convoluted sites...  search of my name there showed only one post, the intro post.  LOL.

many people who posted earlier today, after my post, have already been answered.  LOL.

I think it is safe to say that you more than likely have a problem with you computer that only a wipe of the hard drive and clean install of the OS will fix. 

Now, not to scare you but do you have enough information on the computer to be concerned that someone has hijacked it?  Such as financial information?  You may need to take some other actions than just getting the computer fixed.

Well Bleeping Computer has many forums but only one for posting requests for assistance with virus problems that would be here.  I looked through there and did not find anything posted by anyone named Elana so.. I don't know what happened.  In any case good luck solving this.

If you do decide to post there, follow their instructions for posting, etc and bookmark your post.

The good news is I see nothing abnormal in your processes.....the bad news is that means it's embedded in your registry or your temp files. Before I recommend a reformat, do you have a restore point PRIOR to all this. Don't guess what "prior" is, look for the oldest one you have.