Tech Problem Aggregator

Smitrem And Rogue Scan Completed... Still Need Help.

Q: Smitrem And Rogue Scan Completed... Still Need Help.

Export SharedTaskScheduler key
------------------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

A: Smitrem And Rogue Scan Completed... Still Need Help.

If your still having problems after using the self-help guide, then please read and follow all instructions in the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". You may have performed some of these steps already. About half way down are instructions for downloading HijackThis and creating a log.When you have done that, post a log in the HijackThis Logs and Analysis Forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. Please include the top portion of the HijackThis log that lists version information. An expert will analyze your log and reply with instructions advising you what to fix.Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.If after 5 days you still have received no response, then post a link to your HJT log here.After posting a log you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc.) unless advised by a HJT Team member. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make may cause confusion for the member assisting you and complicate the malware removal process.

1 more replies
Answer Match 68.04%

Wish I could post logs but I can't even run anything at the moment. Please advise if this is in the wrong section.

I was in the process of helping a friend with his badly infected Dell Inspiron 700m notebook but I think I just made it worst. :/

I ran multiple scans with various softwares and got rid of a lot of the infections on the laptop. Just when I thought I was close to finish and had the computer running smoothly, Norton found a virus call Trojan.Alemod but couldn't get rid of it.

I did a search and found that the trojan infects the wininet.dll file and someone was able to get rid of it by manually replacing the infected file with a new one. I tried it by renaming the existing file and moving it to the desktop and putting a new wininet.dll file into the system32 folder.

That just ended up causing a worst problem. Windows wouldn't work properly anymore. It kept stalling or would reload to desktop when I try to open just about anything by mouse clicking.

In regular safe mode, it's even worst -- will just keep continually reloading the desktop screen so that I can't access any files.

The command prompt still worked though so I tried to fix it by running smitrem through the command prompt in safe mode. It was running ok for a while but then the screen reloaded and caused smitrem to close unexpectedly. That has lead to my current problem.

Windows will now boot up to the screen with the options for safe boot, safe boot with networking, safe boot w... Read more

More replies
Answer Match 61.32%

I am running windows vista and a couple months back I got the Antivirus Action and used the guides here to rid the problem successfully. Twice. Thanks for the guides.

I got Antivirus Scan now and I went through the steps in the guide for this issue. Unfortunately I am still infected. I have tried the process again, however RKill and MBAM find nothing. I am able to run in Safe Mode (which I am doing now). When I first start safe mode Firefox does not attempt to use the proxy (and does not need the setting changed) IE does still require the proxy fix.

I'm hoping to avoid completely restoring the system...any advice? Thank you.

More replies
Answer Match 60.48%

This a Tiny URL of the 2 mile long link by Symantec and my problem:
http://tinyurl.com/arngx
For some strange reason my NIS 2003--the NAV part of it--is giving me a warning that a complete scan of my hard drive was not completed. I have had WinXP Pro set for automatic scan each Friday since I installed NIS last November on WinXP. Would a System Restore be in order? And if so, how would I do that? I was out of town each of the past 2 Fridays and those scans were not done. A scan would be done tomorrow night but now, of course, that will not be done because of my problem. I have the NIS installation CD but I do not want to have go through that "**((#" uninstall/reinstall routine again. (I had to do that with NIS 2002 just a few days ago for some other reason. Not resolved either so I switched to AVG.)
In addition to this scan problem, my virus definitions were not updated even though automatic updates are set to be done so I went to the Symantec site and downloaded/installed the latest updates so I am not worried about that.
Does anyone have a work around the problem I have posted? And I hope I have described the problem well enough for someone to help me. As usual, TIA.
BTW, I have been using NIS/NAV for several years and all of a sudden I begin having problems. Puzzled!!
EDIT: I have just run Panda and Trend Micro Housecall and both gave me a clean bill of health
 

A:Hard Drive Scan not completed per message

6 more replies
Answer Match 60.48%

Appreciate any help!  FBI virus has PC locked.  Only can run in Safe Mode/prompt.  Download/scan w/ FarBar Recovery Tool. Scan is completed and FRST txt posted below.  What to do next?  Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2013Ran by SYSTEM on 07-05-2013 10:12:43Running from F:\Windows 7 Ultimate (X64) OS Language: English(US)Internet Explorer Version 9Boot Mode: RecoveryThe current controlset is ControlSet002ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.==================== Registry (Whitelisted) ==================HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [2839840 2010-03-24] (ESET)HKLM-x32\...\RunOnce: [*EvtMgr32] C:\Users\Brian\AppData\Roaming\{34184A35-0401-272E-2D21-1D000D07C131}.exe [326656 2013-05-06] (exono GmbH)HKLM\...\Winlogon: [Shell] C:\Users\Brian\AppData\Roaming\{34184A35-0401-272E-2D21-1D000D07C131}.exe [x ] ()HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$01d4dcc8a2b2cdd91d89f3f95b21d31c\n. ATTENTION! ====> ZeroAccessHKLM-x32\...\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry [x]HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [31016 2006-10-26] (Microsoft Corporation)HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Re... Read more

A:FBI - Virus - Already have FRST scan completed and posted

Hello blenny I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", ... Read more

20 more replies
Answer Match 60.48%

Due to innactivity - as I have been out of town - my last thread in the Hijackthis forum was closed. My previous thread is located at:

http://www.techsupportforum.com/secu...nctioning.html

Chemist told me that I should clear up unused programs, pictures, and music, and I am going to begin doing this as soon as I finish this post.The last thing that I was told to do was to download and run combofix. I followed all of the instructions and this the log that was displayed following the ComboFix scan:




ComboFix 08-12-23.01 - Owner 2008-12-23 13:53:03.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.959.619 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\ComboFix.exe c:\documents and settings\Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.
The following files were disabled during the run:
c:\windows\TWF0dCBIdWJlcnR5\asappsrv.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Rabio
c:\documents and settings\LocalService\Application Data\NetMon
c:\documents and settings\LocalService\Application Data\NetMon\domains.txt
c:\documents and settings\LocalService\Application Data\NetMon\log.txt
c:\documents and settings\LocalService\cftmon.exe
c:\documents and settings\Owner\App... Read more

A:Continuing my last thread. Completed Combofix scan...

Hello again, Tommy1073.

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

One or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please read this: How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?

------------------------------------------------------

You are using an outdated version of HijackThis. Please uninstall HijackThis 1.99.1 in the Add or Remove Programs section of your Control Panel and delete your current version.

-------------------------------------------------... Read more

2 more replies
Answer Match 60.06%

hello

after scanning, Shields up reported port 443 is open.
I'm hoping to stealth my system.

my system-
xp home sp3
browsers-google chrome-ie8-
kaspersky kis 2010 459.0.0.0 trial edition
wifi internet

let me know if any further info is needed

thanx

A:port 443 reported open-after grc shields up scan completed

Do you not want to connect over SSL?

2 more replies
Answer Match 55.44%

Ok guys bare with me, Im going to try to give you as much info as possible.

I got the fake "windows-ish" pop-up in the bottom corner of my screen I ended the process and it was titled something like "qc_____.exe" It ended and I went looking for it. I couldn't find it so I tried to run ad-aware to get rid of it. Ad-aware popped up with a new version that I had to restart my computer, so sadly I did. When I got the comp. back on I was locked out of everything admin. Went on a website or two and tried to go to MS config, couldn't do it. Anything I install or try to get into pops up on the screen and then goes away before I can even read anything. Then a big red, again "windows-ish" box pops up asking if I want to continue unprotected... YES I do!

I called my tech buddy and he told me to come on here and follow the directions. I tried to enable the firewall, the Defogger, the GMER and got into nothing. I think I disabled the CD emulation software before it vanished but not sure. I tried to run dds but the black dos screen popped up and vanished before I could read it and never came back with any scan results.

Whenever my new sweet software runs its "scan" it then directs me to this site hxxp://programmci.com/shop?abc=cGdpZD04JnI9OC4x and wants me to buy some fake BS program!

I also get an Infiltration alert inside reads: Your computer is being attacked by an internet virus. It could be a password-stealing attack, a troja... Read more

A:Rogue "Anitivirus Scan"

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.Thanks and again sorry for the delay.Please download RKill by Grinler from one of the 4 links below and save it to your desktop.Link 1
Link 2
Link 3
Link 4
Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how. Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator) A black screen will appear and then disappear. Please do not worry, that is normal. This mea... Read more

9 more replies
Answer Match 55.02%

Hi

My laptop is running Vista Home Premium, Service Pack 1, 32-bit. It got infected when I was browsing the net, suddenly a window popped up and the next thing I know there was a program called "AntiVirus Scan" running and started giving me warnings about threats and trojans.

I didnt take a screen snapshot when it was infected, but now the pop ups do not appear after I ran DDS and GMER. The quoted messages are only based on my memory and not exactly accurate, but the warnings were along those lines.

The program gave a balloon pop up from desktop tray, saying "Windows Security Warning - Virus detected, please activate your Antivirus now"

Then there were pop-up windows everytime I started up a new program "Application (skype2.exe) (or any other app.exe) is infected and failed to start. ..."

These pop-ups annoyed the heck out of me. After a while, there was also another warning, something along the lines of Trojan Alert, please activate your Antivirus now. Options: Activate Now and Continue Unprotected. (looks like one when your AV program detects a virus/malware): "

Before getting into techsupportforum.com, I read up a few posts from different websites and I went on to Safe Mode and disabled a funny-named program at Start-up. To be honest, I cannot quite remember what I did.
But this didn't help, the pop-ups were still there.

What I have done after that:

1. Register to techsupportforum
2. Read the New Instructions before posting for M... Read more

A:AntiVirus Scan rogue AV program

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Due to the restrictions on Vista, all tools should be started by right-click > Run as Administrator

------------------------------------------------------

It appears that you have two antivirus programs installed and running, avast! and Norton(Symantec). While this may seem like better protection, they can actually conflict with one another and cause system instability or even system hangs.

Please uninstall the following via the Programs and Features section of your Control Panel if they still exist:

ccCommon
Norton AntiVirus
Norton Confidential Browser Component
Norton Confidential Web Protection Component
Norton Interne... Read more

14 more replies
Answer Match 54.6%

I got all of these viruses and i can't work properly because of these.

Zlob.Trojan, Rogue.VirusTrigger, Rogue.Errorsmart, Rogue.System Antivirus 2008

I think i got more malware on. I believe it started when my sister inserted her flash disk on my pc.

What do i do?

A:Zlob.Trojan, Rogue.VirusTrigger, Rogue.Errorsmart, Rogue.System Antivirus 2008

Hello please run an MBAM scan on this PC. DO NOT put that Flash drive into any other PC's it is infected.Please download Malwarebytes Anti-Malware and save it to your desktop.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main ... Read more

12 more replies
Answer Match 54.18%

 
sorry if this is nothing in advance. i been browsing the darknet and a bit paranoid at these stuff popping up all the sudden
 
 
 
 
 
 
 
 
 
 
RogueKiller V8.6.7 _x64_ [Aug 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/
 
Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : jun [Admin rights]
Mode : Scan -- Date : 08/31/2013 05:50:23
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 3 ¤¤¤
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤... Read more

A:ROGUE KILLER SCAN, SOME STUFF POPPED UP?

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/506227 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Answer Match 54.18%

Hello there.
 
Will someone please help? Thank you.
 
My laptop is running Win 7 with SP1. I have Eset AV installed and running, so are Malwarebytes Protection, Win Patrol. I do practise usually safe habits and safety precautions.
 
Recently I began to use Dropbox, mBox. And it seems only after these when I routinely scan my laptop using Rogue Killer that I noticed many entries in the RKiller drivers tab.
 
I did Eset scans, Malwarebyte scans, Rkill scans, ADW Cleaner scans all on my own but found nothing, except R Killer driver tabs contained many entries. Each time I deleted, but invariably all these returned after each and every internet session.
 
Can some one kindly please help to take a look.
 
Grateful and appreciate.
 
Terence.

A:Many entires in Drivers Tab after Rogue Killer Scan

I did Eset scans, Malwarebyte scans, Rkill scans, ADW Cleaner scans all on my own but found nothing

Hello -
You have done all of the basic scans we do in Am I Infected, so your best advice is to post to the Experts.
 
As you seem infected, please Fully read and follow the instructions in the Preparation Guide starting at Step #6.
 
Note :If you are unable to complete any step, please post the topic and leave a full description of your problems
 
When you have done that, start a new topic and post the required logs to  Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team Experts.
 
 Please Use Copy / Paste for your responses, and Do Not Attach them unless your helper requests this.
 
 If Help Bot responds to your topic, please follow his Step #1 so the team will be notified.
 
 After doing this, please reply back in this thread with a link to the new topic then we can close this one.

3 more replies
Answer Match 54.18%

Routinely and regularly I carried out some security scans on my laptop. The usual set of scans are my Eset, Malwarebytes, OTL, TFC, Rogue Killer 64 bit (donate) version. At times, I also scanned with Mbam Anti rookit and TDSS Killers - both of these scan results turned out negative infection.
Recently, on a routine scan using Rogue Killer (which auto update) scanning a few times, there were many entires on the Driver's Tab after each scan. Naturally I clicked on delete to remove. They were removed because when I repeat a scan, the entries were gone. 
But after another internet surfing session, and completing another Rogue Killer scan, the Driver tab entries returned.
 
Attached are the reports of the just completed DDS scans:
 
Thank you.
 attach.txt   17.94KB
  1 downloads
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041
Run by Terence CKW at 22:07:08 on 2014-04-12
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.65.1033.18.3894.1211 [GMT 8:00]
.
AV: ESET Smart Security 7.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ESET Smart Security 7.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLa... Read more

A:Many entires in Drivers Tab after Rogue Killer Scan

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/530810 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

23 more replies
Answer Match 53.76%

Good Afternoon, thanks in advance for the help here.
 
I have been following threads here on how to clean viruses and have ran MBAM which did not find anything. I also ran rkill which did not seem to find anything.  Rogue Killer found it and ended the process, causing windows to close and reoot.  Also I ran esef online scanner which found it, deleted it and then I had to do a system restore to an earlier date, therefore I may need some new updates from Microsoft.
I have attached the logs from Farbar.
 
Any help would be greatly appreciated.
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:16-06-2014
Ran by jeremy (administrator) on DARRYLS on 18-06-2014 06:45:36
Running from C:\Users\jeremy\Downloads
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framewor... Read more

A:ZEKOS found during Rogue Killer scan in system32

Hello jpbene I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", ... Read more

20 more replies
Answer Match 47.88%

Malware removal guides Following the procedures stated in the Remove Security tool and uninstall guide, all appeared ok until section no. 20 Hostsperm .bat download to desktop ok, but could not open the file. Noted it was in Notebook and to download it you must use the save facility.section 21. Found and deleted c:\windows\system32\drivers\etc\HOSTS, observed that Windows Vista HOSTS download link is in actual fact identified under Windows 2003 Hosts file download link. When trying to save Hostsperm.bat to system32\drivers folder, was flagged with a message stating I did not have the authority to save the file such. I am not sure of what to do next or how to set Hostsperm in system\drivers. Can you please advise. DDS (Ver_09-12-01.01) - NTFSx86 Run by brian at 16:05:59.64 on 21/02/2010Internet Explorer: 8.0.6001.18882Microsoft? Windows Vista? Home Basic 6.0.6002.2.1252.44.1033.18.1977.1032 [GMT 1:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssc:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetwor... Read more

A:Rogue.multiple H,Rogue. pc Doc pro,Rogue.Security.T

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 47.04%
Q: Smitrem

Hi,

I just took a look at your forum for the threat of I worm_attck_V122.02A and I noticed that I would need SmitRem to get the job done, but the server to smitrem is down.
I can't find it anywhere on the net, cause it's all the same link.
What now ?

Greetz

A:Smitrem

Hi MickeyNoedel and Welcome to the Bleeping Computer!Normally I would say post a HijackThis log and Ill have a look but obviously you allready know what your dealing with so we will wing it!Just in Case,I dloaded a copy of smitrem and will attach it to the post inside a Zip Folder,just right click the zip folder and select "Extract All"Download smitRem.exe and save the file to your desktop.Double click on the file to extract it to it's own folder on the desktop.Place a shortcut to Panda ActiveScan on your desktop.Please download the trial version of Ewido Security Suite here:http://www.ewido.net/en/download/Please read Ewido Setup InstructionsInstall it, and update the definitions to the newest files. Do NOT run a scan yet.If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:Ad-Aware SE SetupDon't run it yet!Next, please reboot your computer in SafeMode by doing the following:Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, press F8.Instead of Windows loading as normal, a menu should appearSelect the first option, to run Windows in Safe Mode.Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.Wait for the tool to complete and disk cleanup to finish.The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where you... Read more

1 more replies
Answer Match 47.04%
Q: Smitrem

recently, a browser hijacker (Spyware.Known_bad_sites) (shame I can't figure out which bad site this came from so history doesn't repeat itself) showed up when I ran my Spyware Doctor program. It showed up in the file... documents and settings\administrator\desktop\smitRem\eTrustWhen I went looking around and found the smitRem folder, it appeared to be blocked on my computer. From things I've read on the net it appears that smitRem is a good thing? Yes? No? If it is a good thing, do I unblock it? And yes, I know...people like me are lethal to the good health of our pc's! That's why we have people like you. I so need to marry a hi-techie who cuts hair, too...haaaThanks, in advance, for your help with this.Moved from the XP Forum. ~acklan~

A:Smitrem

SmitRem is used to remove Smitfraud-type infections from your computer. Since you posted in the XP forum, I am going to assume that you are running Windows XP. There is an alternative program called SmitfraudFix which I believe is much more effective to use on newer operating systems, so it would be better to use that instead. Having said that, there is little point in having any of these specific removal tools on your computer if you are not infected with the malware that they target; they are worthless. So you can safely delete it from your computer, it is just wasting some space on your hard drive at the moment.EDIT: Typos

1 more replies
Answer Match 46.2%

Hi, I am having some problems with getting smitRem.exe. Won't load the page at all. Found one of the people that has the same problem getting the file as well, but no help was there. Is there another way around the "SmitFraud-C" spybot picked up?

Here is HijackThis report:

Logfile of HijackThis v1.99.1
Scan saved at 12:27:20 AM, on 1/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\VCClient\VCClient.exe
C:\Program Files\Common Files\VCClient\VCMain.exe
... Read more

A:Issues getting smitRem.exe

9 more replies
Answer Match 46.2%

Following your advice I have run the SpyAxeFix.exe, then rebooted in safe mode.

when I run the RunThis.bat file in my smitRem folder, the keyboard will not activate the program. I have made sure that the window is active, yet still I cannot start the tool.. It remains showing the press any key---- message

Any advice gratefully received.......

Below is the Hijack this scan log, followed by the Spyaxe log.

Logfile of HijackThis v1.99.1
Scan saved at 18:13:16, on 08/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Modem Event Monitor\IntelME... Read more

A:smitRem problem

Hi SpeedyUK

Welcome to TSG!

Run ActiveScan online virus scan here

When the scan is finished, anything that it cannot clean have it delete it.
- Save the results from the scan!

Post a new HiJackThis log along with the results from ActiveScan
 

1 more replies
Answer Match 46.2%

I downloaded smitrem but everytime i try to run the program it says "handle invalid" What does this mean?
 

A:Smitrem.exe version 3.2

6 more replies
Answer Match 46.2%

I've just opend and ran smitrem.exe ... now is the problem that all my icons are disappeard from my desktop... all the programs are still available but i think i can't use them anymore when i close the windows that are still open now...

help me please!!
 

A:smitrem.exe problem

10 more replies
Answer Match 46.2%

Although I have Spy Axe listed in my Norton 2005 Personal Firewall as a program to "Block All", itstill downloaded onto my computer. I searched the MS support website and came across your information. I was able to eradicate (hopefully) the malware with smitRem software quickly, but was hoping you could tell me if there is anything else lurking on my computer.Thanks for the great information and hopefully I'm bug free:)Sincerely,JeffLogfile of HijackThis v1.99.1Scan saved at 9:36:58 AM, on 12/30/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC... Read more

A:Spy Axe - Ran Smitrem And It Worked

Hi,

The forums are really busy, that explains why logs get behind. We start with the oldest logs first. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then I'll take a look.

2 more replies
Answer Match 45.78%

Problem started as Win86 a month ago of which seemed to be taken care of by Malwarebytes, yesterday the computer came back with the same blue screen background a green center stating that your computer is at risk and has been infected by malware. Since then all sorts of pops ups have been occurring and everytime I try to open a program a dialog box appears which states "Security Warning! The application cannot be executed. The file -whatever file/program you clicked on-is infected. Do you want to activate your antivirus software now? Yes/No."The internet has been hijacked by a very official looking page that states "Internet Explorer warning. Visiting this website may harm your computer" It gives me several options to click on including "purchase for secure surfing"Ark and Attach files attached.Here is the DDS Log:DDS (Ver_09-12-01.01) - NTFSx86 Run by Integrity at 15:52:52.31 on Tue 12/08/2009Internet Explorer: 7.0.5730.11Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.254.32 [GMT -6:00]AV: Norton AntiVirus *On-access scanning enabled* (Updated) {B5510F6F-87E1-47F7-A411-360BC453007C}FW: Norton Internet Security *enabled* {825036E0-9F94-4752-8789-8B92454AF49B}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchSVCHOST.EXEC:\WINDOWS\System32\svchost.exe -k netsvcsSVCHOST.EXESVCHOST.EXEC:\Program Files\Common Files\Symantec Shared\ccSe... Read more

A:Infected with Antivirus Pro, Rogue security Tool, Rogue Multiple

Please, I am still having problems with this...anyone have any answers?

17 more replies
Answer Match 45.78%

Hello,Yesterday I seem to have picked up Rogue.AntivirusSuite, Trojan.Fraudpack, Rogue.AntiSpywareSoft and possibly others. I had a false antivirus program which popped up, and was unable to run any programs, getting a message that whatever I tried to run was infected. Without clicking anything suspicious, I immediately shut down the machine, booted into safe mode, and ran Malwarebytes' Anti-Malware. The log is below:Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4069Windows 5.1.2600 Service Pack 3 (Safe Mode)Internet Explorer 8.0.6001.187025/5/2010 12:00:13 PMmbam-log-2010-05-05 (12-00-13).txtScan type: Quick scanObjects scanned: 112966Time elapsed: 9 minute(s), 47 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 4Registry Values Infected: 2Registry Data Items Infected: 0Folders Infected: 0Files Infected: 3Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.Registry Values Infected:HKEY_CURRENT_USER ... Read more

A:Rogue.AntivirusSuite, Trojan.Fraudpack, Rogue.AntiSpywareSoft and possibly others

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Fo... Read more

2 more replies
Answer Match 45.78%

Hi,

My wife got the smitrem virus while browsing. It turned the desktop blue, put wierd icons in system tray, the works.

I was able to remove the smitrem by following the procedures provided to someone else in this forum. I followed the directions in this thread: http://www.short-media.com/forum/showtread.php?t=44211

Anyhow, I got rid of the smitrem, but now my wireless connection won't work. It won't even detect wireless networks that I know are there. I know this is related to the smitrem or what I did to fix it.

Here is my hijack this thread. Any help would be greatly appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 6:32:08 PM, on 8/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\mcafee.com\a... Read more

A:Problem w/ SmitRem - help appreciated

Hello salscamperini,

The link you provided is not working, and I'd really like to be able to see what has been done so far. Can you provide the correct link?

In the meantime, you are currently running 2 Anti Virus programs. While it may seem to be added protection for you, more than 1 Anti Virus can cause conflicts and confusion between the AV programs as well as system instability. Please choose and run only 1 and uninstall the other via the Add/Remove Programs in the Control Panel.

Perform an online scan using Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner Click Check Now & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
Enter your e-mail address, country, and state & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting My Computer If it finds any malware, it will offer you a report.
Please ignore any entry it finds and wants you to buy the program for removal as we will address this later.
Click on see report. Then click Save report

In your next reply, please include the following:

Link to your thread at shortmedia.com
Panda results
New HijackThis log

6 more replies
Answer Match 45.78%

Hello Tech guy,

I am having the same problems as everybody else....SpyFalcon is on my computer and I have tried to get rid of it to no avail. Most solutions involve downloading smitrem.exe but when I try to download it says:

High security alert!!!

You are not permitted to download the file "smitRem.exe" because it is infected with the virus "Process".

URL = http://noahdfear.geekstogo.com/smitRem.exe

File quarantined as: .
http://www.fortinet.com/VirusEncycl...?method=quickSearchDirectly&virusName=Process

I thought that this may have been just my computer, so I tried other computers on campus and got the same message. I am lost as what to do but did follow instructinos to download the Hijack this........this is what I got:

Logfile of HijackThis v1.99.1
Scan saved at 2:47:18 PM, on 3/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\OfficeScan NT\pccntmon.exe
C:\Program Files\ATI Technologies\ATI Control Panel... Read more

A:having troubles with spyfalcon2 and smitrem.exe

10 more replies
Answer Match 45.78%

hello,
I downloaded smitrem from geekstogo to get rid of zlob/virusburst and followed the instructions on the site but when i restart in safe mode and run the .bat file it doesn't work, a command prompt screen just flashes briefly. If i drag the .bat into command prompt it says that " 'find' is not recognized as an internal or external command, operable program or batch file." The same thing happens if i try to run smitrem in normal mode as well. I don't know what's wrong at all , can anyone help? Pleasee! Thanks

A:Smitrem Doesn't Work. Help!

Please start over and follow the instructions in BC's self-help tutorial How to remove VirusBurst.

1 more replies
Answer Match 45.78%

This is my first foray into the forum world, I apologize if I'm using the wrong topic or forum...

Our PC is infected with Spy Axe...tried downloading SmitRem.exe from BleepingComputer--followed all instructions (start up in safe mode etc.) and everything worked beautifully until it was time to actually run the program.

I open SmitRem folder in Safe Mode, click on RunThis.bat file, follow promt to "push any key to start"....and nothing happens.

I have Windows XP Home edition--I am personally a Mac user so please take pity, I've never dealt with these types of problems and I'm in unchartered territory trying to fix this PC for my mother...

Thank you SO MUCH in advance for any help or advice you can offer...

More replies
Answer Match 45.78%

Hi

I have windows xp service pack 3. My computer is infected and can not access the web. I have tried researching anything that might have come on the computer and have several files under a smitRem. One says replace Windows NT COmmand Script. When I open it I get a message Bloodhound W32/wininet.dll fix has been infected and it asks me to look for another copy in another location. Is this legit? what is smitRem?
 

More replies
Answer Match 45.78%

My norton just flagged smitrem.exe as a trojan.startpage virus? Is this a false hit or is it possible someone has disguised smit as virus???

Thx.

A:Smitrem.exe A Trojan.startpage?

This topic has been moved to a more appropriate forum.

That's most likely a false positive. Where did you download it from--got a link?

1 more replies
Answer Match 45.36%

I cleared this Dell Inspiron/Vista SP2 (It had no sp when infected) ref this thread http://www.bleepingcomputer.com/forums/t/314085/cwindowssystem32rundll32exe/I would like to make sure there are no hidden rootkits or anything else.Thank You!Here are the DDS and ark.txt files.I had problems running GMER so I hope it is complete.Also have attach.txt if needed.DDS (Ver_10-03-17.01) - NTFSx86 Run by Amigo at 20:54:25.77 on Tue 05/04/2010Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_20Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.1917.992 [GMT -5:00]SP: Spyware Doctor *enabled* (Updated) {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301}SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\Windows\system32\Ati2evxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\Ati2evxx.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spo... Read more

A:Had rogue.antivirus2008, rogue.winantivirus, trojan.agent

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

13 more replies
Answer Match 45.36%

G'day I'm pretty bad with computers but I've done some research and now know enough that I have smitfraud or whatever it's called, and I've downloaded and installed all the programs that are s'posed to clean it.

I've got

Smitrem
SmitFraudFix
Rogue Remover
CCleaner

Anyway when I run SmitFraudFix in safe mode, I get a message saying "Cannot import C:/smitfrau.reg: Error accessing the registry" and a similar message when I try to run smitrem.

I'd really appreciate some help, I tried to look up what I should do when I get this "Error accessing registry" message but I can not understand it at all!

Cheers

Logfile of HijackThis v1.99.1
Scan saved at 10:46:07 PM, on 7/5/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\LTSMMSG.exe
C:\WINNT\system32\PRISMSTA.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\System32\sistray.EXE
C:\WINNT\System32\khooker.exe
C:\PROGRA~1\LAUNCH~1\CPLBY25.EXE
C:\WINNT\system32\PRPCUI.exe
C:\Program Files\QuickT... Read more

A:Smitfraud - try to run smitrem and smitfraudfix but not working

hi there.

Make sure you have the most up to date version!

Try running smitfruad in normal mode if you can't in safe mode!
Please download
SmitfraudFix
(by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Also run these scans and past the logs along with the smitfraud log!

Download the pocket killbox

http://www.majorgeeks.com/Pocket_KillBox_d4709.html

Download AVG Anti-Spyware

http://www.ewido.net/en/
* Once you have downloaded AVG Anti-spyware, locate the icon on the desktop
and double-click it to launch the set up program.
* Once the setup is complete you will need run AVG and update the definition
files.
* On the main screen select the icon "Update" then select the "Update now"
link.
* Next select the "Start Update" button, the update will start and a
progress bar will show the updates being installed.
* Once the update has completed select the "Scanner" icon at the top of the
screen, then select the "Settings" tab.
* Once in the Settings screen click on "Recommended actions" and then select
"Delete"
* Under "Reports"
* Select "Automatically generate report after every scan"
* Un-Select "Only if threats were found"
Close AVG Anti-Spyware. Anti-spyware, Do NOT run a scan yet. We will do that
later in safe mode.


* Click here to download ATF Cleaner by Atribune and save it to your
desktop.

http://majorgeeks.com/A... Read more

1 more replies
Answer Match 45.36%

Well there it goes. I've recently been infected by SpyQuake2 and SmitRem. I googled for "SpyQuake2 removal" and fell upon this forum thread:
http://www.bleepingcomputer.com/forums/topic47826.html

I went and read about the procedures, and since it all seemed like it was the same problem as me, i used went through the Automatic removal procedures.

Unfortunately, it didn't seem to fix much. Now i'm getting browser pop-ups, heavy CPU load when some processes are running, and activity on my connection while i ain't even using it. So i just made a couple logs here, namely (and in the order i used the programs/utilities):

-- Activescan log -- (sorry if it's kind of a messy page setup, but it came out like that)
Incident Statut Analyse

Spyware:Cookie/Statcounter No Désinfecté C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\Owner\Desktop\smitRem\Process.exe
Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\Owner\Desktop\smitRem.exe[smitRem/Process.exe]
Adware:adware/securityerror No Désinfecté C:\Documents and Settings\Owner\Favorites\Antivirus Test Online.url
Outil indésirable:Applica... Read more

A:Solved: SpyQuake2 and SmitRem headaches

13 more replies
Answer Match 45.36%

Hello,

I'm trying to get ride of SpywareStrike - I've downloaded smitRem.exe, extracted the files & run run the RunTHis.bat file to start the tool. It runs through all it's checks & then say to allow the cleanup tool to run which could take up to 3 hours. WHen I click OK, I'm taken back to the Desktop message that tells me Windows in running in safe mode and asks if I want to proceed in safe mode of use System Restore. I suppose I'm supposed to choose Yes, but when I do, nothing appears to be happening. Am I doing something wrong?

I'm running Windows XP Pro.
On a side note, this SpywareStrike thing should be criminal, how can a company get away with doing this to my computer?

A:Smitrem - Next Steps Ins Safe Mode

Bump

Sorry to bump my own thread, but I really need help!

8 more replies
Answer Match 45.36%

Hi there,

As the title indicates, I can't get rid of that damned spyaxe (which now seems to be calling itself spyware- strike as well) even when I follow the Smitrem.exe procedure. Everything goes well, up until the moment when the Smitrem programme tells be that it will clean up my system and that this may take several hours. After that a box appears saying that it is "searching for space on my C drive". Then suddenly, when the search is complete, nothing else happens. The programme seems to come to a dead end.

Please can someone help me! I?ve tried everything: adaware, spyware doctor, xoftware ? you name it, I?ve tried it!

It might also be worth pointing out that when I open the Smitrem folder in the safe mode spyaxe?s characteristic toolbar message still pops up.

Anyway, has anyone got any ideas?

Thank you very much,

Leif

A:Smitrem.exe Won't Get Rid Of Spyaxe/spyware Strike

If you think you are infected submit a hijackthis log to the HJT Forum.How to submit a hijackthis logDownload HijackthisTry running the following from safe mode (Getting to safe-mode) Sysclean you'll also need the virus template file from here lpt***.zip remember to extract the contents of the zip file into the same folder as Sysclean.comorDrWeb CureITorKASFX which is powered by the Kaspersky AV engine, you will need internet access to update it. If you haven't got net access in safe mode, update it before you use it.If your good with the command line also try Sophos Command Line scanner this command will scan all of your hdd's SAV32CLI.EXE -F -di -remove -dn -mbr -all -zip -p=avscanlog.txt and give you a log file to review afterwards.Also try installing and running A2 Free and Ewido again run from safe mode.I'd also run Spybot(Spybot Tutorial) and AdawareIf your using Win2K/XP run adaware/spybot from "safe mode with command prompt" If your using Win9x just run it from safe mode the command line options aren't needed..At the C:\ prompt type the following:-cd\C:\progra~1\spybot~1\spybotsd.exe /autocheck /autofixcd\C:\progra~1\lavasoft\ad-awa~1\ad-aware.exe

2 more replies
Answer Match 45.36%

Win2000 with problems founr Smitrem on startup
Ran smitrem fix utility, Ran ewido, Unable to connect to internet from reg mode.
Have not been unable to get to control panel to uninstall some programs (very slow)

Have been able to load and run Grisoft AVG and Adaware

Saved hjt this log for review - see below
There is a bunch of crap in there which I haven't been able to deal with yet.

I've just been able access the internet via safe with networking.
Next step.. going to run Housecall and download Kaspersky to see what they catch
then take a better look at the hjt log.

Directions appreciate... (Nothing to do on this saturday but fix pc's)

Original Log (Ooops...Thanks MFDnSC for the catch)

Logfile of HijackThis v1.99.1
Scan saved at 11:43:51 AM, on 2/18/2006
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\W... Read more

A:Solved: w2000 hjt for checkup - smitrem and other

12 more replies
Answer Match 44.94%

I followed instructions and downloaded Hyjackthis into a file on my desktop. Here is the log: HELP!!!

Logfile of HijackThis v1.99.1
Scan saved at 5:08:49 PM, on 10/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\174b9eda.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Mic... Read more

A:Spybot, Smitrem, and a pain in the butt HYIP.com

9 more replies
Answer Match 44.94%

Hi, I'm new here, but I found the excellent Spyaxe remover smitRem on this site, which successfully removed that nightmare. But now I can't scan (with my Dell A940) though I can print. I think maybe either the virus, the remedy, or something else I did (I was trying to muck around the registry using Hijack this, and might have overdone it) created an orphan. Can anyone give me any suggestions (more like step by step hand holding assistance, I am a true amateur) other than "re-instal your OS," which is what Dell tech support suggested? Thanks.

A:Post-spyaxe Smitrem Scanner Malfunction

To make sure you could run an online scan at: Windows Live Safety Center.By "scan" you mean scanning with your scanner; not just a virus scan? Can you uninstall and reinstall the scanner software?

5 more replies
Answer Match 44.94%

Hello, I was wanting to know if I should be alarmed that Panda ActiveScan found "Processor" which they list as a hacking tool. I did have the smit virus (some time ago) and used a tool to remove it that the bleepingcomputers group told me about. I am not sure if this "Processor" is left from the removal tool or the virus itself. What was found is "RecoveryBin\Volume-99130aa1-...\Documents and settings\Owner\My Documents\SmitRem\Processor(01C7415E2263331D).exe" and "RecoveryBin\Volume-99130aa1-...\Documents and settings\Owner\My Documents\SmitRem(01C7415E82743370).exe[SmitRem/Processor.exe]" None of my other spyware/virus programs see any issues. Any idea if I have a problem or not? Thanks

A:Panda Activescan, Smitrem, Processor Issue

Welcome to BC

No its related to smitrem!!! Safe... When did you run smitrem????

1 more replies
Answer Match 44.94%

Logfile of HijackThis v1.99.1Scan saved at 1:07:29 PM, on 7/14/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.unfinishedtale.com/O2 - BHO: (no name) - {062492AF-392E-479D-BF52-A7A4BCA00307} - (no file)O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: (no name) - {54CD2BC5-F16F-4CB3-BA1C-62D0880723BE} - (no file)O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\system32\ixt1.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dllO2 - BHO: (no name) - {C8E8F1C2-1EEA-47B1-81DB-C26B66E65AE0} - C:\WINDOWS\system32\sstqr.dll (file missing)O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\pro... Read more

A:Infected With Unknown Virus (not Being Removed By Smitrem)

Hello.Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htm

1 more replies
Answer Match 44.94%

I was wondering do you run these programs before or after you check your items to fix on the HJT log..Ive seen some people on forums do this before and some do this after..any info is appreciated
 

A:Question about smitrem.exe, ewido, adaware and spybot

I think everyone here has their own method.

But I think majority runs these program before doing the Hijack fixes.
 

1 more replies
Answer Match 44.52%

I have an hp pavilion ze5500 running Windows XP version 5.1 sp 3. When I open Internet Explorer (version 7) to access any website, instead of going to the web page, I immediately get a File Download dialogue with the question "Do you want to open or save this file?" (for example, name: m.www.yahoo.htm Type: HTML Document, From: m.www.yahoo.com). Selecting either Open, Save, or Cancel option results in a blank internet explorer window with no activity.

I ran Malwarebytes Anti-Malware (which I had to download and transfer from my other laptop since I am unable to access the internet on the infected one). Two infections, Rogue.Installer and Rogue.winAntivirus, were detected, quanrantined and deleted according to the Malwarebytes log (attached). Also posting output of DDS.txt below, and attaching Attach.zip and ark.txt files as directed by the preparation guide.

Thanks in advance for your help!

DDS.txt:
DDS (Ver_09-12-01.01) - NTFSx86
Run by user at 15:27:46.05 on Thu 12/31/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.139 [GMT -8:00]

AV: avast! antivirus 4.8.1335 [VPS 091231-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Soft... Read more

A:Infected w/ Rogue.Installer and Rogue.winAntivirus

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

4 more replies
Answer Match 44.52%

Hello, yesterday the dreaded blue desktop saying that i have spyware appeared, i tried using the self help on this site to no avail.

Here is the log Panda gave me (it wouldnt let me click the disinfect button)

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-08-21 12:22:29
PROTECTIONS: 2
MALWARE: 32
SUSPECTS: 2
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
McAfee Internet Security Suite 2007 8.1 No Yes
McAfee VirusScan Plus 12.1 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;================================================================... Read more

A:please help: Smitfraud Blue desktop, smitrem/fraud fix did not work

72 hour bump.

My restore points, task manager, and desktop hijack are also gone, if i delete the current user restrictions in the registry they just come back after restart. Please help. If you need anymore logs let me know. Thanks!

19 more replies
Answer Match 42.84%

Thanks in advance for any help provided. I developed problems yesterday when searching with Google. Symptoms include: unable to start windows firewall and related windows security services, unable to navigate to windows update web site (refers to pseudo Google english web site even though correct web address appears in search bar), blocked from performing system restore, blocked from performing Malwarebytes and other spyware tool updates, slow or unresponsive system and applications.I have recieved several error messages, the most problematic is:svchost.exe - Application ErrorThe instruction at "0x75606eb5" referenced memory at "0x00000008".The memory could not be "read".Click OK to terminate programThis error appears at startup and keeps popping up especially while browsing the internet.History:Windows Defender came up with nothing. I removed Windows Defender after suspecting it's service may have been corrupted and was causing the issues.Malwarebytes found Rogue.XPAntivirus & Rogue.DriveCleaner. It seems to have removed these OK but with lingering effects and bad settings.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:29:55 PM, on 3/6/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDO... Read more

A:Rogue.DriveCleaner & Rogue.XPAntivirus

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. Please download Trend Micro - HijackThis. Do a new scan with Trend Micro - HijackThis and post it in your next reply. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instructed to do so! Let me know if any of the links do not work or if any of the tools do not work. Tell me about problems or symptoms that occur during the fix. Do not run any other programs or open any other windows while doing a fix. Ask any questions that you ... Read more

3 more replies
Answer Match 42.42%

Greetings,

My McAfee Real-Time Scan will not remain enabled. When I try to run either Quick Scan or Full Scan, an error message comes up, telling me to return to the McAfee Internet Security Home and to try to run the scan again.

I have followed their instructions for re-enabling the Real-Time Scan to the best of my abilities, by trying to restart the McShield Service, and by running the oas-disabled-fix.cmd utility that they instructed me to download. The oas-disabled-fix.cmd utility will not run.

I have contacted McAfee and they have told me that it is a problem with Windows Update. I have contacted Microsoft and told them that as well, but they seem to be trying to rule out any other possible cause, than what McAfee says is the actual cause of the problem, thereby dragging this out even longer.

Microsoft is supposed to be getting back to me again tomorrow, but any other help would be appreciated.

Thank you for your time.

More replies
Answer Match 40.74%

Almost every time I do quick scan and got nothing and I think it is good. However, I just read online, it says that when quick scan does not find anything then you do deep scan. It confuses me, since it means I should do deep scan all the time. ?
 

A:quick scan vs deep scan/full scan ( antivirus )

the 1000$ question is
which anti-virus
ON windows defender and malwarebytes and many others only a quick scan is necessary
The converse of what you have read is usually the case eg. You do a quick scan and only if that finds something should you then need to follow it with a full scan
For instance a threat scan on Malwarebytes paid for edition or the scan on the free version will scan up to 99% of the system
A full scan also scans the system restore points and other unusual places to detect, or at least try to detect, all possible traces of infection.
As I said it depends on the AV and to some extent the OS which I presume is not Windows 2000 as indeed commented on by my colleague Cookiegal in another of your topics
Also, it appears you're running Windows 7 and if you don't still have your Windows 2000 computer you should visit your profile and change that information so that it's current which makes it easier to help you in some casesClick to expand...
 

13 more replies
Answer Match 39.48%

i tried to do the on-line Panda scan a few times, once my dial-up connection disconnected it, and i couldnt get it back, and I tried it 2 more times and it stalled about 3/4 of the way thru, even tho i was still connected. When i do Spybot S&D scan it stalls midway too, several times, i have to keep moving my mouse around for a while to get it to start again. Why do u think this keeps happening on my computer?( Virus scan was negative, and i deleted some adware with a scan i did a day before.) I know the Panda scan used Actixe X which i had to download to do the scan. Should i delete it now? What would it look like and where would it be on the computer.?
I have an old Dell OptiPlex GX1 Pentium 2 with 350 MHZ, with 256 RAM and WIN ME O.S. with 10 G. storage with a slow dial-up connection. Thank in advance. ZUZU2
 

A:Panda scan and Spybot-S&D scan stalls mid-scan

This is my HJT log after running (sluggishly) Sbybot-S&D and finding no problem:
Logfile of HijackThis v1.99.1
Scan saved at 9:56:31 PM, on 2/2/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCTSKSHD.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\DOWNLOAD\CONKEEPM.EXE
C:\PROGRAM FILES\NETSCAPE INTERNET SERVICE\DIALER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\NETSCAPE INTERNET SERVICE\NETSCAPE WEB ACCELERATOR\NSACCEL.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\NETSCAPE INTERNET SERVICE\CSS.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: I... Read more

1 more replies
Answer Match 39.48%

Below are Bazooka scanner, dds and gmer scan results. Exe files are not working properly. Any executable I open immediately asks for a file to open the program. I can run some programs by browsing for the executable again but does not work for everything. Some programs won't work or install. here is my latest scan results using bazooka / dds / and gmer.BAZOOKA SCAN--------------------------------------------------------------------------------------------------------------------------------********************************************************************************************************************************************Result when scanning:SystemDir.explorer 545.505.000 %SystemDir%\explorer.exeC:\Windows\system32\\explorer.exehttp://www.kephyr.com/spywarescanner/library/systemdir.explorer/index.phtmlSystemDir.regedit 544.500.000 %SystemDir%\regedit.exeC:\Windows\system32\\regedit.exehttp://www.kephyr.com/spywarescanner/library/systemdir.regedit/index.phtml********************************************************************************************************************************************DDS SCAN------------------------------------------------------------------------------------------------------------------------------------********************************************************************************************************************************************.DDS (Ver_2011-06-23.01) - NTFSAMD64 Internet Ex... Read more

A:Virus - Bazooka Scan / DDS scan / GMER scan - %#^#%^#

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post fresh dds logs, please.

2 more replies
Answer Match 38.22%

I have a couple of Word 7 files which can't be moved, deleted or renamed. Any attempt results in a message: This action cannot be completed as it is in use by another program. It is not in use by any program I am aware of. When I open the file, it says (Read Only) in the title bar but the properties dialogue boxes are not checked as read only. Of course, I can't save any changes to the file unless I go to 'save as' but that still leaves me with an undeletable/uneditable file. I am using Vista Ultimate. Any help would be greatly appreciated.
Joan

A:This action cannot be completed...

Unless you're particularly interested in the mechanics of why this might be happening, I'd suggest booting to safe mode (press the F8 key early during Windows startup) and moving or deleting the files from there. You probably won't have trouble deleting the files that way.

37 more replies
Answer Match 38.22%

Hi everyone!

Ive just completed my upgrade from an MSI 745 Ulta mobo and ATI Radeon 7000 series 64meg AGP x4 graphics card to an Abit NF7-S mobo and ATI Radeon 9550 AGP x8 256meg graphics card and I gotta say, boy what a difference.

Now I have to save up my pennies to get myself a better processor, I have an AMD Athlon XP Pro 2000 and was wondering what i should replace it with?

There's a fair ammount of choice out there so i was wondering if anyone has any recomendations?
 

A:Just completed an upgrade

Nice speed jump!
Upgrading always starts with budjet. If you are going to keep your Mb , then simply buy the best (fastest) CPU you can afford at the time.If you are saving pennies you will probably be able to get the quickest cpu your mb can handle.
 

5 more replies
Answer Match 38.22%

Hi,

Having successfully performed a 3 hour chkdsk by means of a downloaded microsoft program which did this automatically, the screen is left hanging and there is no option available to exit from it. I tried switching off and then on again but this just puts me back to the start of the chdsk routine which then completes again. So I'm stuck in a loop from which I can't escape !! What do you recommend ?

A:After chkdsk has completed

Hello ,

here is a shot in the dark

turn your system on & then back off

then un plug your system

them push your power button as if you wanted to start it and hold it for a count of 10

this will clear the compleat system of power and maybe reset way your system starts / you may want to reset the bios also by crossing the bios jumpers or just pulling the litheum battery from your mother board for at least 3 minutes

then try your system

you may be looking at wipeing the driver & reinstalling

have you tried to get into the recovery console useing the Windows XP cd ?

3 more replies
Answer Match 38.22%

Deckard's System Scanner v20070804.61
Run by HP_Owner on 2007-08-05 at 16:46:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis (run as HP_Owner.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:37:16 PM, on 8/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Common Files\AOL\1128887343\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Softw... Read more

A:Completed the 5 Steps

Please stay with this thread, and only post here for this problem. Do not start a new thread, otherwise it is too confusing...

Use Post Reply - left bottom corner. Thanks!!


Next, download ComboFix.exe

Save it to the Desktop

Double-click combofix.exe to run the program
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to stall.)

When finished, a log, ComboFix.txt, is produced.

~~~~
Please post the ComboFix.txt, and a new HijackThis log in your reply.[/QUOTE]

19 more replies
Answer Match 38.22%

hey im having problems with installing windows xp SP3 i boot to cd do the whole installation thing for step 1 and then it restarts and then im waiting for the continuation of the installation but it doesnt happen it boots to cd again without me pushing anything

please help!!!!!!!!!!!!!
 

A:Installation not completed

6 more replies
Answer Match 38.22%

Finally got my gaming rig built and in perfect working order. Took me a while figure out how to put my two HDD into raid 0. One of the tech support guys at EVGA helped me out and said that HDDs have a hard time going into raid array if they have never been used, which was the case. I just installed some stuff on my two HDDs and reformatted the partition and BOOM it stopped giving me errors, LOL. Anywho here is the finished build:


Cooler Master Cosmos 1000 Silent Gaming Tower
EVGA 750i FTW Motherboard
Intel E8400 Wolfdale Processor
Xigmatek HDT-D1284 120mm Rifle CPU Cooler
MX-2 Thermal Compound
2x2GB OCZ DDR2 1066 5-5-5 18
2xEVGA 8800GTS in SLI
3xSeagate 7200.11 (2 in Raid 0, 1 backup)
Corsair 750TX Power Supply
Samsung DVD-RW w/ Lightscribe SATA
Liteon DVD-RW IDE
4 Scythe KAZE 120mm case fans (1 intake, 3 exhaust)
1 Stock Exaust Fan on HDDs


When I looked at the Case for the first time I couldn't believe how big it was, plenty of room to work in. The Scythe fans sound like a tornado when I first turn on the computer but it gets quite once the bios and PSU start regulating them and you can't notice it when playing games or listening to music. I bought a generic filter for the intake fan and realized that it wasn't needed because the case already comes with filters that you just slide off and wash.

This was my first build ever and I must say I'm quite pleased with the results. The bios defaulted the memory at 800mhz 1.9v so I bump... Read more

A:First Gaming Rig Completed

Cool. Looks like a good build.
 

7 more replies
Answer Match 38.22%

Keep getting the same error over and over, tried many things (inclduing scf /scannow) but to no avail.

Here is the bit from the log:


Code:
1348769 (3424) - winsat\logging.cpp:0815: --- START 2011\10\30 17:15:04 ---
1348769 (3424) - winsat\main.cpp:4301: Command Line = "C:\Windows\system32\winsat.exe" formal -restart clean -cancelevent 8e00fb41-d1d6-4e88-8347-83b99be94b73
1348769 (3424) - winsat\processwinsaterror.cpp:0095: ERROR: tried to read resource strings, unknown exception occured
1348784 (3424) - winsat\main.cpp:4474: > IsFormal=TRUE IsMoobe=FALSE.
1348815 (3424) - winsat\main.cpp:4585: Watch dog system enabled
1348815 (3424) - winsat\main.cpp:4600: Main watch dog timer set to 600.0 seconds
1348878 (3424) - winsat\main.cpp:2505: > DWM not running.
1348878 (3424) - winsat\main.cpp:2470: > EMD service will be restored on exit.
1348893 (3424) - winsat\syspowertools.cpp:0983: > Read the active power scheme as '8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c'
1348893 (3424) - winsat\main.cpp:2793: > power policy saved.
1348909 (3424) - winsat\syspowertools.cpp:1015: > Set the active power scheme to 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c'
1348909 (3424) - winsat\main.cpp:2814: > power policy set to maximum.
1349736 (3424) - winsat\logging.cpp:1763: ERROR: pahse enter/leave imballance
1349736 (3424) - winsat\main.cpp:0948: > IsOfficial=TRUE IsFormal=TRUE IsMoobe=FALSE RanOverTs=FALSE RanOnbatteries=FALSE
1349736 (3424) - winsat\main.cpp:1775: ... Read more

A:WEI test cannot be completed

What language is your OS currently using, and what was originally installed on it? Is one of the two English?

4 more replies
Answer Match 38.22%

Good evening..i have just completed the combofix scan on my Openlabs Neko TSE. Which is my music workstation with a built in computer. Please can you review my log for further advice.? I really appreciate you for this. This workstation is the key to all my productions. I have been freaking out all night. Aloha!

A:completed combofix run

Hello,That request about NOT posting CF logs is primarily to keep people from running the program unsupervised.Please read this topic: http://www.bleepingcomputer.com/forums/t/273628/combofix-usage-questions-help-look-here/ which explains that reasoning further.Please follow the instructions in ==>This Guide<== starting at step 6.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Since you have run ComboFix, please include the ComboFix log in the new topic.If you cannot produce any of the other logs, then please create the new topic anyway, include the information that you were unable to produce the other logs and why and include the ComboFix log along with a description of your computer issues.Orange Blossom

1 more replies
Answer Match 38.22%

Avast seems to find a new malware every 20 min. I could not complete a panda activescan because the update would stall and hang at 19 %

Deckard's System Scanner v20071014.68
Run by Owner on 2008-05-30 21:04:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
102: 2008-05-31 01:04:12 UTC - RP583 - Deckard's System Scanner Restore Point
101: 2008-05-30 21:19:31 UTC - RP582 - Restore Operation
100: 2008-05-30 21:12:31 UTC - RP581 - Restore Operation
99: 2008-05-30 21:09:59 UTC - RP580 - Restore Operation
98: 2008-05-30 21:07:03 UTC - RP579 - Restore Operation


-- First Restore Point --
1: 2008-03-02 21:51:33 UTC - RP482 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-30 2111
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Awar... Read more

A:I have completed the 5 steps!

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.
Download SDFix and save it to your desktop.
Do not do anything with this yet!


Reboot
Reboot your system in Safe Mode.Restart the computer. The computer begins processing a set of instructions known as BIOS.
After hearing your computer beep once during startup, but before the Windows icon appears, press F8 (dependent on your system this may be F5 or another key)
Instead of Windows loading as normal, a menu should appear
Use the arrow key to highlight Safe Mode and press Enter.


SDBot FixRight click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the ... Read more

7 more replies
Answer Match 38.22%

Here is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:05:14 PM, on 1/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\system32\vtutq.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run... Read more

A:Completed 2/5 steps - please look over this and tell me what to do

Hello

I needed you to go all the way through the steps. We prefer a more comprehensive set of logs to assist in detecting any malware that may be present. As noted in the final step (Step 5) of our sticky topic (Updated!) IMPORTANT - Read This Before Posting A Log, download Deckard's System Scanner (DSS) to your Desktop.

What DSS will do:create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review.
DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.


Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer"... Read more

19 more replies
Answer Match 38.22%

Desktop machine.
Windows Vista Home Prem. 32b.

The computer shut itself down a few days ago while it was copying for files.
Then, it behaved abnormally after restart.
A back to the factory status recovery was performed, but it did not complete the task.
The last part of the recovery did not run.
The recovery disks, burned right after the purchase of the machine and used before, were used and they ended the same way.
The last part of the recovery did not run.

There are 3 partitions on the HDD.
Partition 0, 20GB. hidden, keeping the recovery OS.
Partition 1. 223GB. partition C.
Partition 2. 220GB. partition D.

Question:
If partition C is formatted, can recovery OS be installed on partition C ?

Thanks.
 

A:Recovery can not be completed.

What's the brand name and model name and model number of that desktop?

What's the part/product number and/or service tag number and/or serial number on it?

Which country do you live in?

--------------------------------------------------------
 

3 more replies
Answer Match 38.22%

I accidentally infected my computer with security toolbar 7.1. I have done the 5 steps and i did not get a log from that first scan but here is the log it gave me on the last one.

Deckard's System Scanner v20071014.68
Run by Alan Hickman on 2007-10-21 13:33:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
98: 2007-10-21 18:33:54 UTC - RP572 - Deckard's System Scanner Restore Point
97: 2007-10-21 10:02:26 UTC - RP571 - Software Distribution Service 3.0
96: 2007-10-21 09:56:58 UTC - RP570 - Installed Windows Defender
95: 2007-10-21 09:24:44 UTC - RP569 - Restore Operation
94: 2007-10-20 09:03:00 UTC - RP568 - System Checkpoint


-- First Restore Point --
1: 2007-08-01 05:41:11 UTC - RP475 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-10-21 13:35:50
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.ex... Read more

A:Completed five steps...here is the log.

Bump!

3 more replies
Answer Match 38.22%

Logfile of HijackThis v1.99.0
Scan saved at 16:26:28, on 08/01/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\David.DAVID-91YJAB3H3\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/
R1 - HKCU\Software\Micros... Read more

More replies
Answer Match 38.22%

Model HP 15 notebook PCProduct no. J8B82PA#ACJRam 4gbHard disk 1tb HDDProcessor Intel core i3 1.70 GHzWin does 8.1 64 bit

More replies
Answer Match 38.22%

I did not get any replies so will try this again with updated info. Downloaded Microsoft Pocket PC 2002 October 2002 Update(EUU3) to computer but when tried to sync it to handheld got message: "Synchronization Cannot be Completed Successfully" and have not been able to sync since then. Same message and then disconnects. Have reinstalled Activesync twice..even going to older version. Have done disc cleanup and defrag. Have deleted recent programs including the EUU3. Also soft resert on handheld although problem developed in computer before could sync to there. There is no problem in connection of handheld with computer..just will not sync. Any help much appreciated as cannot download or sync any material to handheld(iPAQ3835) at all.
Thanks!!! John
 

A:Synchronization Cannot be Completed..

6 more replies
Answer Match 37.8%

Dear Broni and All,

I have completed all steps, and ran the security programmes recommended in this thread:

http://www.techspot.com/community/topics/keep-getting-stupid-shopping-malware-installed.208648/

However, I am still getting pop-ups and adware related problems, which means that the underlying problem has not been resolved.
These are the programmes that I have run (today, 18/05/2015):
-RogueKiller
-Mbar
-AdwCleaner (it removed NickelBlock, AllCheeiaPPPriCe, DowwnSaave, SaVieNeewaApupoz)
-Junkware Remover
-Farbar Recovery Tool
-Farbar Security Scanner
-Security Check
-Tempfile Cleaner

I am currently running Sophos.
My laptop runs Windows 8.1, and Combofix does not support it.
The antivirus that I have is Kaspersky (I previously had Microsoft Security Essential), and Windows Defender. The malware was not detected by a Kaspersky and Spybot full scan a few days ago. However, on the 26th of April, I manually uninstalled some adware, and then ran full scans, which showed nothing.

As you can imagine, I don't think I have many options left, and formatting my laptop is a dreadful prospect. I was wondering if you could give me some advice.
I have kept all logs of the security programmes that I've run.

Thank you in advance, and looking forward to hearing from you.
 

A:Completed all instructions, but still getting adware pop-ups

Welcome aboard

Never follow steps from other topics. Every computer is unique.

Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

57 more replies
Answer Match 37.8%

The action can?t be completed because the folder or a file in it is open in another program. I suspect that my anti virus, Norton 360, is stopping me from deleting a specific folder, it happens only in one specific folder.
When I restart my computer, it takes time to the regular background tasks to "wake up", so I can delete it once the computer turns on, but then something stops me from deleting the folder. I am not sure if it is Norton 360, or another problem.
Would it be a Malware?

A:The action can’t be completed because the folder or a f...

not positive what it could be ,anything knowing computers .
to see if its Norton 360. disconnect from intern ,disable Norton360 temporally ,how to do so will be in the settings of Norton , after its disable try deleting file.

just found this in google ,how to disable Norton temporally .

Try right clicking on the 360 icon in your notification area. You should be able to disable protection features for a specified time. Remember that you are unprotected while doing this, so you should disconnect from the Internet while doing this. Remember to reset the protection when you are finished.

6 more replies
Answer Match 37.8%

log listed below : DO YOU WANT THE PANDA SCAN SCAN ALSO?

had constant pop ups- they have stopped- system very slow..avast found virus in operating system-win32:agent-PSG [drp] and vtutr.dll -
trojans




I just know how to computer surf- my son goes to online school- so we really need this computer
log listed below

Deckard's System Scanner v20071014.68
Run by wpccs on 2008-02-03 18:09:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-02-03 23:09:39 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 248 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-03 18:13:54
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WI... Read more

A:hijackthis log- completed 5 steps

Hi dorimom, and welcome to TSF.

Sorry for the delay in looking into your log, as we are extremely busy as you may have noticed. If you still require assistance and are not seeking help elsewhere, then please carry out my instructions.

Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

--------------------------------------------------------------


Please download HijackThis. This program will help us determine if there are any spyware/malware on your computer. Double-click on the file you just downloaded. Click on the "Install" button. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

Close HiJackThis

--------------------------------------------------------------


Since it has been awhile... Please run Deckard's System Scanner (dss.exe) again, and post the resulting log.

--------------------------------------------------------------

Please include the following in your next reply:

C:\Deckard\System Scanner\main.txt

5 more replies
Answer Match 37.8%

I just started using Microsoft 2010 and in the Outlook tasks I have created recurring tasks. In the old XP version when I completed a recurring task, the completed task would move to the top of the list. Now, it just puts it below the original task. Is there a way to automatically move completed tasks to the top of the page?
 

More replies
Answer Match 37.8%

Not sure if this is the correct forum to post this in but..

Have installed Windows 8 64bit on three computers, all similar spec (amd a8 processors and gigabyte f2 motherboards with 8gig ram.)

Windows seems to be ok in every other respect other than I am getting an error in the metro store. When trying to install any app I get the error:

I have searched the internet for this error, and although I can find similar errors, I can see no one else having the error code with the same scrambled type.

We got around the error by signing in to a microsoft account, but then we are unable to create a pin for said account (the cursor just spins).

This happens on all three computers.

Any help greatly appreciated.

A:your purchase couldn't be completed

Have you tried copying & pasting the error code in Google ?

I find that helps.

EDIT--

I Googled & found nothing.

Perhaps this phone number will help.
I've used it & got good help from Microsoft.

Microsoft Product Support Customer Phone Number | Shortest Wait | Best Support | GetHuman.com

2 more replies
Answer Match 37.8%

hi there,
plese consider that who's writing (me) is a sw/hw total illiterate..
 
months ago i downloaded a .exe (then uninstalled) to upload videos on youtube and from that time:
 
- at every web connection (firefox), the start page is http://istart.webssearches.com + the last web page visited at previous connection (two windows). i set up new homepage but nothing changes.
- pop ups frequently open (then disabled via settings).
- mouse stops/blocks for a second while using it.
 
i downloaded combofix and let it run. everything seems worked correctly, but now i don't know how to proceed.
here below the log i got - integral copy&paste - now saved on desktop.
if i understood well, malware etc will be removed once combofix is uninstalled and i still have to uninstall it..
 
i hope you can help me about how to proceed.
 
thanks++
iggy
 
 
 
ComboFix 14-05-19.01 - user 19/05/2014  19.13.03.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.39.1040.18.1919.1432 [GMT 2:00]
Eseguito da: c:\documents and settings\user\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dati applicazioni\kp_0loor.pad
c:\documents and settings\user\Dati applicazioni\cacaoweb
c:\documents and settings\user\Dati applicazion... Read more

A:ComboFix ran&completed - don't know how to proceed

..if i understood well, malware etc will be removed once combofix is uninstalled and i still have to uninstall it.. ...that is not true...  Hello iggy1427,my name is Jo and I will help you with your computer problems.Please follow these guidelines:Logs can take a while to research, so please be patient.Read and follow the instructions in the sequence they are posted.print or copy & save instructions.back up all your private data / important files on another (external) drive before using our tools.Do not install / uninstall any applications, unless otherwise instructed.Use only that tools you have been instructed to use.Copy and Paste the log files inside your post, unless otherwise instructed.Ask for clarification, if you have any questions. Stay with this topic til you get the all clean post.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.***1. Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.Vista / Windows 7/8 users right-click and select Run As Administrator.A Notepad document should open automatically called checkup.txt; please post the contents of that document.***2. Download OTL to your desktop.Double click on the icon to run it.Vista / Windows 7/8 users right-click and select Run As Administrator.Make sure all other windows are closed and to let it ... Read more

3 more replies
Answer Match 37.8%

I am using SQL Server 7.0.
I have databases DB1 (only current values) and DB2 (both current and old - keeps history). When I update (or insert), on DB1, a copy of the row I am working on has to be sent to DB2 using a trigger. What gets completed first? The update process on DB1 or the action started by the trigger? I am asking this because of what I found at this site:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/architec/8_ar_da_1tup.asp

…..
You can use the FOR clause to specify when a trigger is executed:
AFTER
The trigger executes after the statement that triggered it completes. If the statement fails with an error, such as a constraint violation or syntax error, the trigger is not executed. AFTER triggers cannot be specified for views, they can only be specified for tables. You can specify multiple AFTER triggers for each triggering action (INSERT, UPDATE, or DELETE). If you have multiple AFTER triggers for a table, you can use sp_settriggerorder to define which AFTER trigger fires first and which fires last. All other AFTER triggers besides the first and last fire in an undefined order which you cannot control.

AFTER is the default in SQL Server 2000. You could not specify AFTER or INSTEAD OF in SQL Server version 7.0 or earlier, all triggers in those versions operated as AFTER triggers.

…..

This statement sounds confusing?
 

A:Which is completed 1st? a transaction or a trigger?

Enforcing Business Rules with Triggers
Microsoft® SQL Server™ 2000 provides two primary mechanisms for enforcing business rules and data integrity: constraints and triggers. A trigger is a special type of stored procedure that automatically takes effect when the data in a specified table is modified. A trigger is invoked in response to an INSERT, UPDATE, or DELETE statement. A trigger can query other tables and can include complex Transact-SQL statements. The trigger and the statement that fires it are treated as a single transaction, which can be rolled back from within the trigger. If a severe error is detected (for example, insufficient disk space), the entire transaction automatically rolls back.
This means that the trigger completes before the transaction, you can rollback a transaction within a trigger as mentioned above so in your case the action started by the trigger completes before the update action.
 

2 more replies
Answer Match 37.8%

I've run CHKDSK on a couple of laptops today, and in each case, after hanging for ages around 10-11%, the laptop rebooted while my back was turned. (The process was run at boot and the internet was not connected at the time.)

Is there a way to check if the process completed and what it did?

There is a CBS log with today's date, with entries that correspond time-wise to the CHKDSK activity, but I don't understand them. At the end there are several entries like this:

Can anyone explain what this means please, and if I have a problem?

Coincidentally (or not) There are similar 'Failed to internally open....' entries in the CBS log from when I turned the laptop back on later in the morning.

A:How do I know if CHKDSK completed successfully?

Hi, check this tutorials CHKDSK - Check a Drive for Errors in Windows 8 and Check Disk (chkdsk) - Read Event Viewer Log - Windows 7 Help Forums to see if they will help you.

Good luck, werty

3 more replies
Answer Match 37.8%

I recently had a virus and used HP recovery and now I don't have any sound. I originally posted this in the sound card forum and was instructed by deejay100six to go through the five steps of identifying a virus. I completed those steps and below is my Panda Scan results. I have the hijackthis results when ever you need them. I originally went through all of the basic steps to fixing the sound problem but nothing worked. Thanks again in advance.

ANALYSIS: 2008-08-16 02:24:44
PROTECTIONS: 1
MALWARE: 19
SUSPECTS: 2
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.8.1229 [VPS 080815-0] 4.8.1229 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;==============================================================================================... Read more

A:No Sound/5 steps completed

I need some help here guys. Below is my hijackthis results.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:50 AM, on 8/23/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\... Read more

4 more replies
Answer Match 37.8%

I got my P50 a few weeks ago and yesterday its LCD went half black. OK, this happens.I turned it into authorized premium repair center and they got LCD replaced (as my P50 is under warranty). No big deal.However, they could not re-calibrate the new LCD screen because I do not run Windows on my P50 (running Kubuntu).It would not be a big deal either (the Panel Replacement Utility they have does not run on Linux, but I can live without that), however there is one worrying thing: by my request, they printed Lenove repair instructions for me where it is stated, that "Failing to run the Panel Replacement Utility program will require another LCD panel replacement". Please note "will require". My interpretation of this statement is that LCD will fail again unless I run this Panel Replacement Utility which requires Windows (not Linux version exists). Repair guys could not comment on that in either direction.REALLY????So, despite the fact that nor P50 user guide nor warranty description limit me from using non-Windows OS, the P50 cannot be repaired to be used in full capacity unless I use Windows.Do I miss anything? Is this an official position of Lenovo on non-Windows OS use on ThinkPad P50?

More replies
Answer Match 37.8%

I'll give some background.

I have a tri-boot setup. Windows 8 one ssd, windows 7 pro on a second ssd and ubuntu 13.04 on a partition on a 2 gig raid 1. The boot partition is on the windows 7 ssd. All drives are on the same Intel controller. Prior to the 8.1 attempt it worked. I'd boot the w7 ssd and a black win7 style boot screen would appear with the 3 OS choices. I'd been using win 8 as primary since it's release with no real issues.

I updated through the store early today and the process had a hitch after the first reboot but I rebooted and it completed the install. Windows 8.1 started and walked me though an initial setup. Once in, all looked pretty much unchanged. The only issued was it asked me to reinstall some XLan software.

I rebooted to check my other OS's and the problems began. I boot up, it loaded the blue win8 boot screen with all 3 OS present when I attempted to boot ubuntu it went to a black screen with no possible input. Hard rebooting brought up the grub bootloader (not win8 bootscreen) and I was able to enter ubuntu. Same thing happened with win 7 pro. I soft rebooted and the win 8 bootscreen appeared. Choosing win 7 took me to a hung black screen - hard reboot directly started up win 7. Restarting to win 8 bootscreen again and choosing win8.1 took me to another black screen - Hard reboot from there started up a win 8 repair process.

This is always the case with each of the 3 OS's. I have found that I can get into win8 if I enter through safe mode ... Read more

A:8.1 update completed but problematic

I have the exact same problem. I even had the XLan error you described. Once I restarted the computer, it always go to a black screen. I do not have multiple OS's to boot into, but the black screen always comes up after the little blue windows 8 loading screen.

If you get your issue solved, please report back.

Update:

When I tried your suggestion of enabling Debugging, it loaded up. However, 1-2 minutes later it would freeze and I would have to push the reset button on the machine. In Safe Mode, I didn't have any of the freezing, but when I tried to uninstall Norton Internet Security, it would freeze. After a restart, I downloaded the Norton Removal Tool, and removed Norton. At this point, starting Windows 8.1 with Debugging allows me to stay freeze-free. However, trying to start up without Debugging gives me the same black screen.

Another thing to note is that when I have all non-Microsoft services stopped, I still get the black screen upon bootup. I'm not quite sure what Debugging mode does in terms of bootup, but its definitely a workaround for now. I used msconfig.exe to keep debugging turned on for now.

Again, if someone figures out the fix, report back.

2 more replies
Answer Match 37.8%

I've ran Combofix, but need someone to look at my log file. I'm still having boxes pop up like my symantic anti-virus can't work because it is on a network resource that is unavailable. The log file is below. I would really appreciate any help I could get.Thanks,DonComboFix 10-12-09.04 - Todd 12/10/2010 16:39:31.1.1 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.70 [GMT -6:00]Running from: c:\documents and settings\Todd.PHILCON\Desktop\ComboFix.exeAV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\All Users\Application Data\FuhYQAtN.exec:\documents and settings\Don\Local Settings\Application Data\{127EBD9A-1C22-44C3-8173-3067BB23059B}c:\documents and settings\Don\Local Settings\Application Data\{127EBD9A-1C22-44C3-8173-3067BB23059B}\chrome.manifestc:\documents and settings\Don\Local Settings\Application Data\{127EBD9A-1C22-44C3-8173-3067BB23059B}\chrome\content\_cfg.jsc:\documents and settings\Don\Local Settings\Application Data\{127EBD9A-1C22-44C3-8173-3067BB23059B}\chrome\content\overlay.xulc:\documents and settings\Don\Local Settings\Applicat... Read more

A:Combofix completed - need help with log file

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting... Read more

2 more replies
Answer Match 37.8%

Hello,

Had the "Security Center" come up on this computer...got rid of it using the tutorials on this site, along with trying all the other suggestions for removing rootkits that may be causing the redirects. Some solutions seem to run their course, others don't. Still having issues: browser redirects, browsers stop working, MBAM errors, Start menu blank, "waiting for background programs to end" on shutdown.

So, not sure where to go from here. Help please.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Chance at 6:41:48 on 2012-01-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2379 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\wind... Read more

A:Completed all self-help tutorials, still have rootkit

Hello and Welcome to the forums!My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 31. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the runn... Read more

22 more replies
Answer Match 37.8%

Hi
 
Looking for some help resolving this issue. Computer was acting strange. Scanned with Norton 360 and Malwarebytes and found nothing. Ran TDSSkiller, found and removed a rootkit. Now, when I try to  run Combofix, it stops at Stage 48. The hard drive light is solid, so I figured it would eventually complete, but it does not.
 
Can you help?
 
thanks
 
drobtoy

A:stuck on 'Completed Stage_48'

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

19 more replies
Answer Match 37.8%

A neighbor brought over his computer since he knows I help folks with infections.  It appears he already ran and removed infections found with SAS Portable and MBAM.  I can include those logs if you like so let me know.
 
DDS Log
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.25.2
Run by HP_Administrator at 12:32:46 on 2013-08-16
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.958.456 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalS... Read more

A:Infected PC with some Removal Completed

Attached file ...

3 more replies
Answer Match 37.8%

Hi I just completed my second homebuild, I installed windows 7 pro and have been running it for over two weeks now, (got it pre release from msdna for free, thats right free, gotta love being a student, as many copies of 7, vista, xp and visual studio, and tons of other cool software for nada.)

anyway:
asus m4a78-e mobo
8gb (4x2gb) ddr3 ram
amd phenom II 945 3.0ghz quad core processor.
xfx hd 4850 1gb gddr3 gpu 256 bit with 512mb onboard already
2 x 500gb hitachi deskstar hdd's
sunbeam acb9 acrylic green led pc case (12 green leds, with 5 80mm green led fans, and custom fan grills.)
19" tft
650tx corsair psu
onboard sound and networking

it works great, so far I haven't seen the cpu go over 8% you through stuff at it it gives you a blank look and shrugs, it took a virus scan, dreamweaver, word and a few web pages (chrome) at 8% for god's sake. Anyway i'm very pleased with it.

BUT it only lists one hdd in the my computer section and that is the drive that i installed windows on, I don't know if the other one is formatted or not, I would say not, the bios recognises both of them, but my computer displays only one, i have not used raid in any form. Whats the solution?


Thanks alot, bob.
 

A:New build completed, but second hdd not recognised by os?

you shoud try this :
On "My Computer" Icon right click it and click MANAGE, click on DIsk Management..you may find your C: drive as Disc 0. Then look if you find drives that is unallocated..if you find it, click on the on it, right click and format the drive and click ok..just wait to make a 100% and you should after that it is healthy and formatted and you should the other drives now..try this tnx
 

3 more replies
Answer Match 37.8%

Trying to restart will not allow me to login, keeps telling me wrong pass word, (didn't think i had setone yet)think its microsoft thats causing the problem, it says i need a removeable media, what the hell is one ofthem. i'm already on line at home.     Can anyone help me please 

A:New netbook setup not completed,

Hello, Thank you for posting in the HP Support forum. Is this re. Windows login ? You can't login to Windows? If yes, I have encounter such a problem once only but was with Win 8. Anyway - if this is a new computer you can revert the software back to factory default settings. Eventually you should create a local account (not login with Microsoft account). At the end, you can always migrate the local account to Microsoft account. If this is not re. Windows login, please provide back details.

1 more replies
Answer Match 37.8%

Hello TSF -

Recently, i have had a problem with my system restore. After i attempt a restore, the computer reboots fine and acts as if it did the restore, but when i sign it, i get a messege saying system restore incomplete, or something along those lines. I decided to check the sr.inf file, right clicked and clicked install, but it said i need a windows XP sp3 cd, and i only have the original SP2 cd, not Sp3. Also i'm not sure if that will even fix the probem, has anyone else seen this problem? any help would be greatly appreciated!

-Thank you.

More replies
Answer Match 37.8%

Computer has a very slow startup. I cannot get rid of this Kodak Easyshare. Internet response time a bit faster, page to page.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 05:44, on 2008-03-19Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\Program Files\Common Files\AOL\1101823440\ee\services\safetyCore\ver210_5_2_1\aolavupd.exeC:\WINDOWS\system32\cisvc.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\WINDOWS\system32\lxczcoms.exeC:\WINDOWS\Explorer.EXEC:\Program Files\mcafee.com\personal firewall\MPFService.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\wanmpsvc.exeC:\WINDOWS\system32\fxssvc.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\MUSICMATCH\... Read more

A:All Steps Completed Up To Hijack

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis LogPlease also post the problems you are having.

1 more replies
Answer Match 37.8%

Deckard's System Scanner v20070905.67
Run by Tom Roach on 2007-10-01 10:32:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
104: 2007-10-01 14:32:38 UTC - RP355 - Deckard's System Scanner Restore Point
103: 2007-10-01 14:17:25 UTC - RP354 - Installed WinZip 11.1
102: 2007-09-30 07:00:16 UTC - RP353 - Software Distribution Service 3.0
101: 2007-09-29 17:11:48 UTC - RP352 - Removed Adobe? Photoshop? Album Starter Edition 3.2
100: 2007-09-29 16:55:46 UTC - RP351 - Installed Windows Internet Explorer 7.


-- First Restore Point --
1: 2007-09-24 19:33:06 UTC - RP252 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Tom Roach.exe) -------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-10-01 10:39:35
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16512)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\syst... Read more

A:WinAntiVirusPro - 5 steps completed

1. Download & Save this file to Desktop -> http://download.bleepingcomputer.com...a/ComboFix.exe

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that & a fresh Hijackthis log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

13 more replies
Answer Match 37.8%

Hello and thank you for any help you may be able to give. I've gone through the five required steps before posting my logs for help.

I've run Spybot, Adaware and SuperAntiSpyware and can't seem to clear up whatever the issue is.

Following are the required log files (as well as the "extra" text file attached):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:06:02 PM, on 1/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\vtsphlxp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program File... Read more

A:HijackThis Log - completed 5 steps

bump

anyone?

19 more replies
Answer Match 37.8%

hi guys,

every single time I try to rename a folder the boring message "The action can't be completed because the folder or the file is in use" appears even if apparently neither the folder or a file in it is in use.

What I have to do is: Task Manager > Explorer.exe > End Process > File > New Task > Explorer.exe and I am able to rename the folder.

It is a really boring process and I find this process really stupid. The folders I am trying to rename are full of pictures, I think it is something related to the Thumbs files.

Anybody of you have the same issue? Any possible solution?

Thanks

A:PLEASE HELP - The action can't be completed because the folder....

OpenedFilesView - View opened/locked files in your system (sharing violation issues)
Download somewhere at bottom of page.
What file is opened by explorer.exe in that folder?

9 more replies
Answer Match 37.8%

Hello,

This is a follow-up to my original thread here -

http://www.sevenforums.com/crashes-d...ease-help.html

I completed 1 RMA with HP and the teleplan service center guys sent me the machine back with the note - no issues found, reloaded OS. This time they loaded the OS with SATA controller as IDE as opposed to the default RAID setting that had come when I had purchased the system.

I let it run overnight hoping for the best but see the BSOD error in morning - I would really appreciate if somebody can pin point the issue so in the next RMA I can advise HP Teleplan guys about it - they seem to not spend great deal of time researching the issue but try to do a quick fix that obviously didn't work.

Appreciate all your help !

PS - my System specs -

System Manufacturer/Model Number HP Pavilion Elite HPE-210F
OS Windows 7 Home Premium 64 Bit
CPU AMD Phenom(tm) II X4 945 Processor, 3000 Mhz, 4 Core
Motherboard H-RS880-uATX (Aloe)
Memory 8 GB PC3-10600 MB/sec (message as PC3-8500)
Graphics Card ATI Radeon HD 5450
Sound Card Integrated Realtec ALC888S Audio
Monitor(s) Displays Acer? H243H
Screen Resolution 1920 x 1080
Keyboard HP USB
Mouse Microsoft Compact Optical Mouse Model: 1016
PSU Bestec 300W
Case Mid-size ATX
Hard Drives Western Digital Caviar Green WD10EADS-65M28X
Internet Speed ATT DSL 6 MBPS

A:1st RMA completed - still random BSOD

Your dumps indicate conflicts and memory corruption. Uninstall Symantec using this removal tool: Tool. Many third party security programs create conflicts with Win 7 and Norton is no exception. Norton was involved in one of the crashes. Download and install Microsoft Security Essentials. It will not cause conflicts. Make sure Windows firewall is turned on.

Uninstall or upgrade CyberLink. Its driver, 000.fcl, Fri Sep 26 09:11:22 2008, is out of date. Outdated drivers can and do cause conflicts and BSOD's.

I find another slightly out of date driver loaded on your system. Update this driver from the link provided.





Quote:
usbfilter.sys Fri Apr 03 07:39:51 2009 - AMD USB Filter Driver (likely part of the chipset drivers). http://support.amd.com/us/Pages/AMDSupportHub.aspx. Update this driver.


Follow these suggestion, reboot and let's see if your system is more stable. Post back and let us know. If you get anohter BSOD, upload it and we will go from there.

Code:
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0xfffff800`02804000 PsLoadedModuleList = 0xfffff800`02a41e50
Debug session time: Thu Dec 16 09:41:31.624 2010 (GMT-5)
System Uptime: 0 days 8:53:11.013
Loading Kernel Symbols
...............................................................
................................................................. Read more

8 more replies
Answer Match 37.8%

I had a problem with my yoga 700 11". The laptop freezes every so often (3-6 hours). At first I thought it's the drivers that need to be updated, then Windows 10 updates, then BIOS update.I tried all of that but the problem still persisted. I did the recovery reset but still the same... I created Linux system on USB flash drive and booted the laptop with it. Even under Linux the laptop was freezing.I contacted lenovo support team and they said the laptop needs to be repaired and they send me the return free postage vocher. I put my laptop in the original box and posted it as I was instructed (for some reason it was send to Germany). The company name that issued me with the postage slip was MEDION AG - A Lenovo CompanyAfter 13 days I got an email saying:"...After assessing your device, the repair center has deemed that a repair cannot be completed under the manufacturer?s warranty due the case of the device showing signs of inappropriate treatment. ..." There were two pdf documents attached to the email. one with the detailed photos of the damage ( see photo attached) and the other one, the cost estimate document. In the document I was given two options:1. accept the cost of repair (£54.65)2. not accept and the laptop would be return to me (I would be still charged fat price of £44.07)My reply was that I do not recall the laptop having this damage and I always looked after it. I was suprised when I saw the photo. I also added that my main concern was that th... Read more

More replies
Answer Match 37.8%

Hi, I have already run Ad-aware using the required settings multiple times and removed everything I can on my own. Ad-aware could not remove iboboi.dll and I believe that is the root of my problem. But on startup that file is gone.

Here is my hijack this log, with the analyzer. Thank you in advance for the help!

===========================================================================================================================
Log was analyzed using HijackThis Analyzer - Updated on 1/7/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVir... Read more

A:Urllogic Pop-ups, completed all prereqs

Let's see if these logs will show us anything:

The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! (Alternate Link if main link don't work) and install it. Do not run it yet.

Before doing anything, MAKE SURE that you can keep your computer on (at least until we get it fixed). This infection requires us to detect and remove it without rebooting or restarting your computer (unless the instructions say so). If you can't keep your computer on today, then I suggest that you don't get the logs yet until you are ready. With that said (when ready):

Open up HijackThis and go to Config->Misc Tools and check the first two boxes there. Now click on the Generate StartupList log button. Post that log in your next post.

Right click on this link and choose Save As...Save it to your Desktop. Make sure you have disabled any programs that may block/disable scripts (ex: Ad-Watch, TeaTimer, Norton, etc.). Double click on Silent Runners to run it. This will take a few minutes. It will create a file called Startup Programs followed by your computer name and current date. Open up that file and post all the contents here in your next post.

Download Find-qoologic. Unzip the files to your Desktop. Open the qoologic folder and run the qoologic.bat file. Wait a few minutes for it to finish. When the dos window disappears, go to your C: drive and open up the log.txt file. Copy and p... Read more

7 more replies
Answer Match 37.8%

I apologize if this forum is meant for tech people as I'm a novice computer user, but I really need help.  I have Windows 7 x64 and I used RoboCopy for the first time, and have messed up royally.  I was trying to copy folders and files from my
computer to an external hard drive.  My external hard drive had important files and folders on it already, and I thought that copying more data using RoboCopy would just add to it, but it deleted everything that was on the external hard drive when it
copied the additional data.  
Can I undo what just happened?  Is there any way to revert?  Or maybe there's some way to recover that deleted data?
I used:  Robocopy C:\Users\Name\Documents F:/MIR /dcopy:T
I would be really grateful to be helped.  Thanks in advance.

More replies
Answer Match 37.8%

Recently installed kaspersky pure 2. 0 .Getting error message that backup task has not been completed. I have read that this is a known issue. Is there a solution to correct this problem? Thanks.

A:backup task has not been completed

Welcome to Seven Forumsnancy159. As you say, this is a known issue






Quote:
5. Main known issues

The maximum size limit for Quarantine and Backup and Restore does not work.
Some application windows do not correspond to Microsoft computer management from keyboard standards.
Groups of windows cannot be closed through Windows 7 taskbar.
Application window cannot be closed through Windows 7 taskbar preview.
"A backup task has not been completed" status is displayed in the general protection status and in the Backup and Restore section when backup tasks are performed.
Protection parameters cannot be reverted to default values.
AVZ reports cannot be created under 64-bit operating systems.
In some cases, characters cannot be entered using the Virtual Keyboard in entry fields of web browsers or applications.
When in Safe Run mode, Microsoft Outlook Express (Windows Mail) email client may fail to display some email messages received from the standard Microsoft Windows environment.


Kaspersky PURE 2.0: commercial release (build 12.0.1.288)

Have you tried creating a backup task?

How to create a backup task in Kaspersky PURE 2.0?

A Guy

1 more replies
Answer Match 37.8%

Thanks a lot to everybody who paid attention to my problems with windows 7 installation.

Finally I went to my university and took from their a windows 7 pro dvd and everything worked perfect. I also managed to install the windows over both windows XP and 7 thanks to your advices and tutorials.
Thanks a lot once again from the not so hot now Greece

A:Installation completed with success!!!!

You're welcome! Thanks for posting back. It means a lot to those that have worked hard to help others when they come back with thanks.

2 more replies