Tech Problem Aggregator

After effects of malware "System Progressive Protection"?

Q: After effects of malware "System Progressive Protection"?

My system, XP Ser Pk 3, was infected by malware called "System Progressive Protection". I understand that this malware belongs to the Winwebsec family of rogue security products. It blocks its victims from accessing any other application on an infected machine. It would only allow access to IE, presumeably for paying the fee to clear it.
Unfortunately I contracted for a one-time-fix to be carried out by MYTECHGURUS. At their request I booted into Safe+Network mode and then watched as the downloaded a single anti-malware prog, MalwareBytes, and ran that. They then unloaded my installed Microsoft Security Essentials, which would not respond, re-installed it, updated it, and ran a Quick scan. They then declared my computer to be ok!!

Shortly afterwards I discovered that Security Essentials will not update. The pop-up says:
"Virus and Spyware definitions update failed.
Check Internet and Network connections and try again.
Error code: 0x80070424"
Other computers on the home wireless network Update without a problem and prior to this issue there was not a problem on this box.

The only way that I can update Essentials is by uninstalling and reinstalling. It will then update but following that update the error message recurs on the next attempt.

Also when I attempt to check if Windows Firewall is on by Run Firewall.cpl I get the message:
"Due to an unidentified problem, Windows cannot display Firewall settings"

I no longer trust the machine and would be obliged to you if you could have a look at the files pasted.

********************************************************
HijackThis file:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:17:46, on 08/10/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Stickies\stickies.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\PokerStars\PokerStars.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\IBM\Desktop\HijackThisProcess\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE8ENUS02/110
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - "C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\IBM\Application Data\DVDVideoSoftIEHelpers\freeytvdownloader.htm
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1331504868953
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

--
End of file - 5640 bytes
*******************************************************************
DDS file:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by IBM at 13:20:40 on 2012-10-08
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3061.2278 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
svchost.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Stickies\stickies.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\PokerStars\PokerStars.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\uTorrent\uTorrent.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - "c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\ibm\startm~1\programs\startup\stickies.lnk - c:\program files\stickies\stickies.exe
IE: Free YouTube Download - c:\documents and settings\ibm\application data\dvdvideosoftiehelpers\freeytvdownloader.htm
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1331504868953
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{06DCD442-7049-4E46-80F7-F08D158E1EAD} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{514FE8D4-98EF-433F-81DD-301B09313DFF} : DhcpNameServer = 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - No File
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ibm\application data\mozilla\firefox\profiles\ovlvgsiu.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?babsrc=HP_ss&affID=101385&mntrId=2c4fa25b000000000000c83a35cf0bed
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&affID=101385&mntrId=2c4fa25b000000000000c83a35cf0bed&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\ibm\local settings\application data\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_278.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
R1 MpKslda952d4c;MpKslda952d4c;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8960e927-985a-4af6-ae78-927432f840dd}\MpKslda952d4c.sys [2012-10-7 29904]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S1 cjbilbrg;cjbilbrg;\??\c:\windows\system32\drivers\cjbilbrg.sys --> c:\windows\system32\drivers\cjbilbrg.sys [?]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2012-3-11 827488]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-12 250288]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-4-12 116648]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-4-12 116648]
S4 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2012-3-11 132768]
S4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-4 114144]
S4 NetTimeSvc;NetTime;c:\program files\nettime\NetTimeService.exe [2012-4-12 473088]
S4 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
.
=============== Created Last 30 ================
.
2012-10-07 00:42:54 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8960e927-985a-4af6-ae78-927432f840dd}\offreg.dll
2012-10-07 00:42:54 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8960e927-985a-4af6-ae78-927432f840dd}\MpKslda952d4c.sys
2012-10-06 23:53:11 -------- d-----w- c:\documents and settings\ibm\local settings\application data\FixItCenter
2012-10-06 23:43:23 -------- d-----w- c:\windows\MATS
2012-10-06 23:43:21 -------- d-----w- c:\program files\Microsoft Fix it Center
2012-10-06 20:41:35 -------- dc-h--w- c:\windows\ie8
2012-10-06 20:41:03 -------- d--h--w- c:\windows\msdownld.tmp
2012-10-06 17:45:26 6980552 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8960e927-985a-4af6-ae78-927432f840dd}\mpengine.dll
2012-10-06 17:43:02 -------- d-----w- c:\program files\Microsoft Security Client
2012-10-06 17:40:56 -------- d--h--w- c:\windows\system32\GroupPolicy
2012-10-06 09:41:39 -------- d-----w- C:\CCE_Quarantine
2012-10-05 16:01:34 -------- d-----w- c:\documents and settings\ibm\application data\ElevatedDiagnostics
2012-10-05 13:50:39 -------- d-----w- c:\documents and settings\ibm\local settings\application data\LogMeIn Rescue Calling Card
2012-10-05 12:26:31 -------- d-----w- c:\program files\LogMeIn Rescue Calling Card
2012-10-05 12:10:51 -------- d-----w- c:\documents and settings\ibm\local settings\application data\join.me
2012-10-05 11:54:53 -------- d-----w- c:\documents and settings\ibm\application data\Malwarebytes
2012-10-05 11:54:29 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-10-05 11:19:01 -------- d-----w- c:\documents and settings\ibm\local settings\application data\Deployment
2012-10-04 22:58:07 -------- d-----w- c:\documents and settings\ibm\local settings\application data\{F5117C73-0E76-11E2-8271-B8AC6F996F26}
2012-10-04 22:58:03 -------- d-----w- c:\documents and settings\ibm\application data\Wuow
2012-10-04 22:58:03 -------- d-----w- c:\documents and settings\ibm\application data\Suud
2012-10-04 22:58:03 -------- d-----w- c:\documents and settings\ibm\application data\Qaefa
2012-10-04 22:58:02 -------- d-----w- c:\documents and settings\all users\application data\7BF2824A1360A25B002C7BF255FA44B6
2012-10-02 12:51:49 -------- d-----w- c:\documents and settings\ibm\dwhelper
2012-09-27 10:37:27 -------- d-----w- c:\program files\EMET (Tech Preview)
.
==================== Find3M ====================
.
2012-09-20 22:19:17 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-20 22:19:17 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-30 21:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-07-19 12:15:48 114792 ----a-w- c:\windows\apppatch\apppatch64\EMET64.dll
2012-07-19 12:15:44 536656 ----a-w- c:\windows\apppatch\EMET.dll
2012-07-12 16:13:40 405144 ----a-w- c:\windows\system32\Newtonsoft.Json.Net20.dll
.
============= FINISH: 13:21:59.60 ===============

ARK File:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-10-08 21:21:05
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3160212ACE rev.3.ATA
Running: u7cnq11j.exe; Driver: C:\DOCUME~1\IBM\LOCALS~1\Temp\pxloqkob.sys
---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\IBM\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

A: After effects of malware "System Progressive Protection"?

16 more replies
Answer Match 106.68%

The System Fix Virus & Privacy Protection Virus hijacked and infected my system: WinXP (64-bit). They've caused my default web browser to change frequently (each time I reboot my PC). So I've been having trouble getting rid of all of this malware/viruses from my system, since I use Windows XP x64.

ComboFix.exe and TDSSKiller.exe are not compatible with my Windows XP 64-bit system. So how do I get rid of the malware/viruses from this computer without those apps that were made to get rid of the following problems on other Windows OS's?:

The latest version(s) of ComboFix and TDSSKiller don't work on the 64-bit version of Windows XP, but they are compatible with other versions of Windows: 98, XP, VISTA, 2000, 2003, 2008 and Windows 7!

1. System Fix Virus (the first virus that affected my Windows system, 2 days ago.)
2. Privacy Protection Virus (behaves almost exactly like the aforementioned virus)
3. Google-Redirect Malware (redirects all my searches to this site: 63.209.69.107)

Thanks in advance to ANY users for helping me and others with this malware/virus problem: I understand and read the previous pinned-thread about the revelant malware/virus issue that Windows-users solved with the programs I've been unable to install on my system. The aforementioned malware/viruses began to infect my PC on December 14, 2011 (since that day, I haven't found a single anti-virus program that can detect the Google-redirect malware/virus on my system).
&nbs... Read more

More replies
Answer Match 105%

I recently upgraded to Office 2010...all was fine until recently i had this weird problem in Power Point '10.

I added an Entrance effect to a picture quite easily...but when I tried to add an Exit effect I found out that the Entrance effect was being overwritten in the "Animation Pane".
Again on re-adding the Entrance effect..the Exit effect was being overwritten.

FYI this is happening with everything (pics,text boxes,smart art).It seems you can't add two different effects to the same item.
It should be noted that I experienced no such problems with Power Point 2007...there the Entry and Exit effects were added in separate lines in the Animation Pane.

Any help would be appreciated.
 

More replies
Answer Match 103.74%

Hello Experts,I have win 7 and installed Microsoft Security Essential (MSE) with latest updates. System Progressive Protection (Malware) showed up and hijacked my computer. My windows firewall is ON. I am wondering, how does this malware come into my system and changed folders/registry. How did MSE allow to make such changes? As I googled, there are suggestion to install additional antivirus software. Is it necessary to go in that direction? Thanks in advance.

A:System Progressive Protection - Malware

Welcome RIMD... Please follow our guide System Progressive Protection Removal Guide Post the log and tell us how it isThe log is automatically saved and can be viewed by clicking the Logs tab.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.

1 more replies
Answer Match 103.74%

I think my laptop is infected by the System progressive protection malware. Whenever I turn on the laptop, window will hange at the booting stage without reaching to the desktop page.

To reach to the desktop page successfully, I need to boot window in safe mode and select start window normally option. Once window is at the desktop page, program name "system progressive protection" will do the scanning automatically and listed out several infected files on my laptop. All the programs that I try to execute are prohibited by this malware.

I am very grateful for your help to solve this problem. I have done the HijackThis, DDS, and GMER scanning. Please see below log files. Thank you.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:06:49 PM, on 12/28/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\Explorer.exe
C:\Windows\system32\ctfmon.exe
C:\Users\... Read more

A:System Progressive Protection malware

16 more replies
Answer Match 102.9%

Hey All,

I have the System Progressive protection Malware Issue.

I have shut down the main portion of this malware and I'm just waiting on the additional cleanup.

Thanks,
Cnon

A:I have the System Progressive protection Malware Issue

I'm clean now, would it be ok the link the guide I used?

Cnon

8 more replies
Answer Match 99.54%

.
I am getting a lot of pop ups telling me my computer is infected and it will not stop. I was told that "system progressive Security" was a very bad one "malware" I seriously need help fixing it bcz I don't have $100 that everyone is asking

Thank you,
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/6/2012 8:29:09 PM
System Uptime: 10/12/2012 9:19:07 PM (0 hours ago)
.
Motherboard: eMachines | | EL1358G
Processor: AMD Athlon(tm) II X2 220 Processor | CPU 1 | 2812/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 912 GiB total, 855.3 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP54: 8/7/2012 5:02:15 AM - Windows Update
RP55: 8/14/2012 5:02:17 AM - Windows Update
RP56: 8/15/2012 3:00:11 AM - Windows Update
RP57: 8/16/2012 3:00:12 AM - Windows Update
RP58: 8/21/2012 5:20:58 AM - Windows Update
RP59: 10/10/2012 5:58:01 PM - Windows Update
RP60: 10/10/2012 6:10:31 PM - Installed VIPdesk Scan Utility
RP61: 10/11/2012 3:00:13 AM - Windows Update
RP62: 10/11/2012 9:26:06 AM - Installed J2SE Runtime Environment 5.0 Update 17
RP63: 1... Read more

A:"system progressive security"

12 more replies
Answer Match 98.7%

First of all - thank you for your dedication to people like me!
I followed the removal instructions but then has a black screen when restarting my computer. Computer woks in safe mode.
I have done a Windows startup repair but it cannot be completed, I get the message that unspecified changes to system configuration might have caused the problem. Error code 0x490.
Also get Boot/BCD failed.
I have restored the computer and can work on it in normal mode. I still see the little lock of the Malware on my taskbar.
I have also purchased Advanced System Care to assist but I get no joy...
It seems like removal of the Malware also removes some system registry files but I am no expert.

Please, please help me!

A:Uninstall of System Progressive Protection Malware creates registery files problems

Please do the following:Please download DDS from either of these linksLINK 1 LINK 2and save it to your desktop.Disable any script blocking protection Double click dds to run the tool. When done, two DDS.txt's will open. Save both reports to your desktop.---------------------------------------------------Please include the contents of the following in your next reply:DDS.txtAttach.txt. NEXTPlease download aswMBR to your desktop.Double click the aswMBR.exe icon to run itWhen asked if you want to download Avast's virus definitions please select Yes.Click the Scan button to start the scanOn completion of the scan, click the save log button, save it to your desktop and post it in your next reply.You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well

40 more replies
Answer Match 94.08%

Got my computer back today (Windows XP), and my background is now all green with a black box in the middle saying "Your System Is Infected...etc"

Also a red circle with a white X in the task bar

I can't open the task manager

Can Anyone Help???...

Downloaded HiJackThis

My log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:51 AM, on 12/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\dlcqcoms.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\i... Read more

More replies
Answer Match 94.08%

Got my computer back today (Windows XP), and my background is now all green with a black box in the middle saying "Your System Is Infected...etc"

Also a red circle with a white X in the task bar

I can't open the task manager

Can Anyone Help???...

Downloaded HiJackThis

My log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:51 AM, on 12/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\dlcqcoms.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\sy... Read more

A:"Your System Is Infected" Background + "Internet Security 2010" virus/malware problem

Hi and welcome to TSF.

I'm afraid HijackThis no longer provides the information we require.

We want all our members to perform the steps outlined in the link given below, as far as they possibly can, before posting for assistance.

http://www.techsupportforum.com/f50/...lp-305963.html

If you have problems with any of the steps, simply move on to the next one and make a note of the problem in your reply.

Please note that the Security Forum is always busy, so I would ask for your patience while waiting for a reply - it may take a few days.

This thread will now be closed.

1 more replies
Answer Match 89.88%

Hi all
I want to disable "hardware, Advanced, System Protection, Remote" tabs from system properties dialog box( screen shot attached).
The user should only able to access change computer name feature. Other feature should be disabled/removed.
I there any way to achieve it?
thanks in advance.


IMG]https://social.technet.microsoft.com/Forums/getfile/703346[/IMG]

A:disable "hardware, Advanced, System Protection, Remote" tabs in system

I'm inclined to say no, for a very simple reason.
Changing the computer name requires administrator access. Given that, the user already has full control over the entire computer, therefore he can change whatever he wants.
What's the purpose of such "limitation"?

4 more replies
Answer Match 89.46%

I noticed a 'check mark' icon in my system tray and on investigating it is a program called "Malware Protection Live". It just suddenly was there...It shows up in Control Panel > Programs and Features and it appears I could uninstall it there....It says it was installed yesterday, but I have no recollection of installing anything yesterday.

I'm running Norton Security with a current subscription and all Windows Updates are / have been in place.

I planned to upgrade to Windows 10 tomorrow while I'm working from home on my laptop, but I'd like to get this dealt with. Any help appreciated.


Thanks!

A:"Malware Protection Live" Suddenly Installed Yesterday- How to Remove?

Malware Protection Live is a infection. Have you downloaded anything in the last few days. If you did it probable came along as a rider.

This should help you.

https://forums.malwarebytes.org/inde...-live-protect/

I also recommend using AdwCleaner from Bleeping Computer. Select the Download button for Bleeming Computer not the authors button.

AdwCleaner Download

5 more replies
Answer Match 89.04%

Hi all, just saw this in the bottom right tray a red windows security alert, when I click it on it says Malware protection, windows did not find any anti-virus software. Although I do have super anti spyware loaded on this machine. I have attached a screen shot.

Any help would be appreciated.
 

A:Solved: Windows security center message "Malware protection not found"

16 more replies
Answer Match 88.2%

About a month ago Computer Associates' internet security suite (free through my ISP) told me it couldn't update. Tried a couple of things and gave up. Uninstalled CA and installed AVG Free. Same thing. AVG Free can't update. Today I got a message "attention...trojan spm/lx...etc." with a prompt for a web page, but instead I closed the window from the top right corner. Today I also got a background on my desktop that said "your system is infected, system has been stopped due to a serious malfunction".

I started through some of the threads on this site, and was looking at a promising thread (855938-trojan-spm-lx-infection..) that cybertech posted and instructing kramer8886 to run malwarebytes. I installed malwarebytes and it opens but self closes in a matter of seconds (regardless if I hit quick scan or not).

Some additional symptoms:
1. Can't open computer in Safe Mode
2. Can't use "run" from start menu
3. Can't use volume on computer
4. Malware is redirecting my url choice to its own choices

This is the first virus that I can't seem to deal with myself. Any help is appreciated
 

A:Malware indicates "trojan spm/lx" and "your system is infected"

Windows XP operating system
It has also disabled my Task Manager and is currently running something in the background
 

2 more replies
Answer Match 87.78%

Hello

I have a problem with my laptop which is running on Windows 7. I do not have access to the windows disc/boot disc.

Two days ago a small window popped up with the title of "Internet Protection" and in the small window of it, it looked like this program was running a scan and finding numerous trojans and viruses on the computer. Straight away I knew it was something corrupt. Each time I closed the window, another one would pop up and minimize anything else that was open.

I ran an AVG scan on it but that didn't find anything. So I ran a MalwareBytes scan on it and that found 60 entries. So I cleaned those off and was in the hope it was fixed. It wasn't.

So I ran another MalwareBytes scan but this time in safe mode and that found one entry. I cleaned that out and then booted up in normal mode, yet the rogue program still popped up straight after booting up.

So now I'm really stuck as to what to do and could really do with some help from someone. I'd be very grateful. It would be hugely appreciated.

Please find below the relevant required information to post on this board and the MalewareBytes logs:

DDS:

.
DDS (Ver_11-03-05.01) - NTFS_AMD64 NETWORK
Run by EMILY at 18:24:41.57 on 13/04/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3032.2283 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updat... Read more

A:"Internet Protection" malware problem. Help

And here are the MalwareBytes logs which I have ran since this problem occured:Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6333
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
11/04/2011 18:27:57
mbam-log-2011-04-11 (18-27-57).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 289861
Time elapsed: 38 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 31
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 15
Files Infected: 13
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D44FD6F0-9746-484E-B5C4-C66688393872} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cu... Read more

11 more replies
Answer Match 87.36%

my computer was hijacked by "support tool" a so called virus protection hijacker. i'm in safe mode with networking now & attached you see my hjt log file. help please. THanks!

actually, i'm on a different computer. it has windows xp home ed. & its a dell inspiron 530S

also, in trying to fix the problem initially, my wife deleted the file "rundll32" beacause the virus stated that had a virus error. so this file may be missing as well & we may need to replace it.
 

A:Computer Hijacked by "Support Tool" "Virus Protection" Prog

I posted this yesterday to get help for a "Support Tool" hijack on a computer. Please help. Log file attached. Thanks.
 

3 more replies
Answer Match 86.94%

Helloes
Pz say to me how to remove the System Progressive Protection which I was attacked by him.....Thnx

A:system progressive protection 3.7.17

Hello nrimawi.

Please follow these instructions closely here at this site.
System Progressive Protection Removal Guide <-Let me know if you cannot go to that site.

Post back with any questions and to let us know how things are going.

1 more replies
Answer Match 86.94%

After reading your website I am sure I have System Progressive protection. I read the user guide written by Lawrence Abrams and have tried it a couple of times. I am using windows XP. I have followed the steps each time, but it does not seem to work. I boot into safe mode and then download one of the RKill downloads and it does it's thing and then posts a report on my desk top. Each time I have attempted to remove the vius/worm I have tried a different version of RKill. So then I move on to scanning my computer. I use Microsoft Security Essentials. I have run full scan twice and found and removed "unwanted software". Then when I have removed it I am prompted to "restart" the computer to let changes take effect. When it boots back up in normal mode the System Progressive Protection thing pops up again and obviously I did not get rid of it. I would guess one of two things is going on. Either it is not stopping the virus when I run RKill or I am rebooting back into normal mode and I should not be doing that. What should I do? With this description can you tell what I might be doing wrong? I know this is not a really serious problem but I would prefer to get rid of it. I am so close to fixing this issue but I can't seem to completely get rid of this thing. Please help. By the way. Thanks for the site. You all do wonderful work here. Thanks again. Looking forward to hearing from someone.

A:System Progressive Protection

Can anyone help me with the issue I am having? Thanks.

5 more replies
Answer Match 86.94%

I am running Windows XP using Firefox. I got the System Progressive Protection virus. I ran Malwarebytes and can use the computer now but "iexplore.exe" is still running in the background. Also, Microsoft Security Essentials pops up every few minutes with a "Detected threats are being cleaned" message. What do I do now?
Thanks, in advance.

A:System Progressive Protection

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next t... Read more

1 more replies
Answer Match 86.94%

I am trying to create my first ever "restore point". Start > Settings > Control Panel > System (icon) > System (window) > System protection (item) > System-Properties (dlg)
-----
System Properties (dialog) > System Protection (tab)

There are two Available drives in the "Protection Settings" panel
(C:) Local Disk (System) ... Protection:= ON
System ... Protection:= OFF
Should "System" be OFF ?

If I only Create "... drives that have system protection turned on..." -- will I be getting what I expect --
a valid restore point ?

In Configure (btn) > System Protection for (C: Local Disk (dlg)
Disk Space Usage is set to "0 bytes" (zero)
Is this a correct setting (and what about #2. System (drive), too) ?

Would the same method/assumptions, apply to both Win7 32/64bit PCs
-----
1. My Laptop -- Toshiba, Win7 32Bit
2. One tower (as per "My System specs") -- Win7 64bit

A:Create "Restore Point" -- system protection is OFF ?

I have Configure (btn) > System Protection for (C: Local Disk (dlg)
Disk Space Usage set to 10% of my memory (Ram)

I'm showing only one, not two system protection(s) to turn on.

4 more replies
Answer Match 86.94%

Many programs (e.g. REVO or Windows Updates) perform an automatic "Create a Restore Point" prior to doing their thing. By right clicking Computer and choosing "System Protection", one can create a system restore point. I can't. The problem; Vista finds the Drives only after about 15 hours! Thereafter, it appears to work fine(ish). My system is a DELL XPS M1730 with a solid state drive and a regular drive. I have set the System Restore to look at only the solid state drive (after one of those 15 hour waits). I recently installed Service Pack 2 which went well. The problem preceded that installation as it was an attemp at resolution. Other things that I have done included removing McAfee (I disliked anyway) and replacing it with Panda Cloud. I have been running Vista for barely over a year and would just like to solve this nagging problem. The issue started about 6 months ago. It wasn't an issue in the beginning. Unfortunately, I can't pinpoint any event. Moving to Windows 7 might solve the problem (it better), but I am loathe to make the move because I run a version of MathCad that Mathsoft would make me pay for again if I had to a) restore or b) change operating systems.

More replies
Answer Match 86.1%

My parents computer has somehow managed to pick up some super invasive spyware junk and im trying to help them get it back on track, usually i can figure this kind of stuff out myself but this one is giving me a run for my money. heres the symptoms.

total-pc-protection popups
locks me out of task manager
changed wallpaper to some html file called "yod" which has been placed in my c:\windows dir
locks me out of display (ie cannot change wallpaper)
also does the popups with the icon in the systray, not sure how to describe these, the ones with the little speech bubble

please can somone give me any tips on where to start? im going to try to delete the yod html file with killbox so at least the wallpaper isnt goofed up. please any tips would be greatly appriciated!
 

A:"total pc protection" malware please help!

16 more replies
Answer Match 86.1%

Hi I'm new to Win 7,

I noticed something called System Protection which backs up files to revert to an earlier version if need be. This feature was turned ON for my hard disk and I didn't realize it, which contained sensitive data which has since been deleted (3-pass overwrite).

Is it possible that backup versions of the deleted files are still on the hard disk somewhere, even if they are only retrievable by data recovery programs (i.e. the backup files haven't been overwritten on disk).

I never manually set a "restore point", so does that mean there were no backups ever made, or does Windows 7 make restore points automatically by default?

Where specifically is the System Protection data stored, and can it be overwritten with 3rd party data destruction software?

Thank you
 

More replies
Answer Match 86.1%

my computer was infected by Rogue "System Progressive Protection"
but it was protected by my NOD32 antivirus.
therefore some of it left on my computer eg. it's icon and some file without extension
on my C:\Documents and Settings\All Users\Application Data\(random number)

i am not sure that my computer is slower than before or not!!

i attached hijack this log file along with my post..
please help me to check is my computer still in good condition or not??...
Many thanks in advance
===============================================================================
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:22:37, on 3/11/2555
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Lenovo\Bluetooth Software\... Read more

A:infected with System Progressive Protection

Hi jackoff

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.

White Warrior

6 more replies
Answer Match 86.1%

I am running Windows XP. Yesterday I got the "System Progressive Protection" virus. I used Malwarebytes to remove it and I can now use the computer but I have "iexplore.exe" running all the time. I tried to delete it in the Task Manager but it pops back up immediately. Also, I am using MSE and it now pops up every few minutes with a "Detected threats are being cleaned" message.
What do I do now?
I have attached the files I believe will be needed.
Thanks in advance.
 

More replies
Answer Match 86.1%

Hi,
I got the System Progressive Protection a couple weeks ago, but have had only a little of time to work on fixing it since then. I have kept my computer off for much of that time, only when trying to fix it.

I am not sure if my trend micro didn't find it or the virus was not allowing it to find anything. I immediately went to safe mode and downloaded Malewarebytes and started scanning. It found quite a few files. I continued removing them. Then I rebooted. When starting, my computer would freeze after getting to the home screen. So I would go back to safe mode and rerun malwarebytes only to find a file again. I did this a few times with same result thinking the virus was somehow reinstalling itself on startup. Then finally no files were found. So I restarted and the computer still froze. I then realized that I was running two virus programs, Trend Micro and Malwarebytes and thought maybe they were interfering with each other. So I uninstalled Malwarebytes and restarted. My computer has not frozen since. I ran a full scan using Trend Micro and got a list of things that it has found and deleted or quarantined. I am wondering how I know if I have fully and successfully removed everything I need to from my computer and am ok to use like normal.
Any help is much appreciated.

Thanks.

----------------------

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Jason at 10:55:40 on 2012-12-09
#Option Extended Search is enabled.
Micros... Read more

A:System Progressive Protection - am I clean

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Please download ComboFix from one of these locations:Link 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Close any open browsers, and all other programs working. Make sure you save your file if working on a document.
Do not install any other programs until this if fixed.[/b]
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass... Read more

11 more replies
Answer Match 86.1%

Hello,

My computer was recently infected by System Progressive Protection virus, which I removed using RKill and Malwarebytes Anti-Malware. In the process, the Antimalware detected and removed several Trojans and Rogues. How do I ensure that my computer is not infected? Any suggestions on additional scans that can be performed?

Thank you so much.

A:System Progressive Protection Virus

Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwar... Read more

12 more replies
Answer Match 85.26%

System Progressive Protection is a rogue security software which will report that malware has been detected on your computer in an attempt to scare you into buying this malicious software.
In reality, none of the reported issues are real, and are only used to scare you into buying System Progressive Protection and stealing your personal financial information.

As part of its self-defense mechanism,System Progressive Protection has installed a rootkit on your computer,which will disable the Windows Task Manager and will block you from running any program that could lead to its removal.

System Progressive Protection is a scam and you should ignore any alerts that this malicious software might generate.
Under no circumstance should you buy this rogue security software as this could lead to identity theft,and if you have, you should contact your credit card company and dispute the charge stating that the program is a scam and a computer virus.
Removal instructions for System Progressive Protection virus​This is a self-help guide, use at your own risk.
If you experience problems completing this guide, or the problem persists after following the instructions below or would like to have one of our staff members guide you through the process, please start a new thread in our Malware Removal Assistance forum.
STEP 1 : Start your computer in Safe Mode with Networking

Remove all floppy disks, CDs, and DVDs from your computer, and then restart your computer.

Press and hold the F... Read more

More replies
Answer Match 85.26%

HelloI have a Sonay Vaio running Vista 32bitI had the System Progressive Protection on my laptop and ran rkill and MBAM and cleaned it.After that i lost use of my laptops keyboard and mouse but the USB keyboard/mouse work.I tried many thing with no success and have now restored all the files found by MBAM and now back to square one and realize i'm in over my head and need some help.Windows Update will not run as well as other servicesMS Security Essentials was on it but was getting errors so i uninstalled itMy Recylc Bin says it's corrupted as well.Here is the log from my most recent Rkill being ran in safemode and MBAMPlease Help!Rkill 2.4.3 by Lawrence Abrams (Grinler)http://www.bleepingcomputer.com/Copyright 2008-2012 BleepingComputer.comMore Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.htmlProgram started at: 10/01/2012 08:46:02 PM in x86 mode.Windows Version: Windows Vista ™ Home Premium Service Pack 2Checking for Windows services to stop: * No malware services found to stop.Checking for processes to terminate: * No malware processes found to kill.Checking Registry for malware related settings: * No issues found in the Registry.Resetting .EXE, .COM, & .BAT associations in the Windows Registry.Performing miscellaneous checks: * ALERT: ZEROACCESS rootkit symptoms found! * HKEY_CLASSES_ROOT\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32 [ZA Reg Hijack] * HKE... Read more

A:Zeroaccess Rootkit and System Progressive Protection

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

22 more replies
Answer Match 85.26%

Had System progressive protection malware
ran Rkill, malwarebytes, and PSIS. Now I am getting a message that says

The Recycle Bin on C:\ is corrupted. Do you want to empty the Recycle Bin for this drive?

I said yes at first and when it said there were over 700 files I stopped it. Rebooted and got it again, this time I said no and tried to open the Recycle bin to view the files and it wouldnt let me.

Any suggestions????

Thanks,

A:malwarebytes removed system progressive protection

Hello,I will be helping you with your problems. Please be patient while I assist you.Some points for you to keep in mind while I am helping you to make things go easier and faster for both of us Please do NOT run, install or uninstall any programs, unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post. Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process. Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Butt... Read more

1 more replies
Answer Match 84.42%

Hi guys,
I have been having a really annoying pop up window keep opening that is trying to get me to switch to the spyware it is selling. It's opening every 30 to 90 seconds or so. The window is titles "Security Center Alert" and it looks like the Windows shield. I believe that the company is called "Protection System".

Another window also pops out of the bottom blue bar called, "Protection System network security alert" saying, "my computer is beeing [sic] attacked from remote host."

There is also a new icon on my desktop shaped like a life preserver called, "Protection System". Another pop up keeps trying to get me to buy their services.

Below is the HJT log. Please let me know if you see anything that could be the culprit and what I should do about it.

Thanks a ton!
Ari

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:09:34 PM, on 10/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CT... Read more

A:Please help! "Protection System" is attacking me!

Bump.

Any help would really be appreciated. Thanks!!
 

1 more replies
Answer Match 84.42%

I only get "system protection is turned off etc." than in the section where it tells you how to turn it on, it says: "Click to open System.

In the left pane, click System protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. "
but all there is in the left pane is: Control Panel Home, Device Manager, Remote Settings, Advanced system settings. So where do i turn it on then?

A:I only get "system protection is turned off etc."

Hello Steinarbj, and welcome to Seven Forums.

This may be able to help you get system protections turned on. It's turned on by default for the C: drive. You can also click on the Advanced system settings link, and click on the System Protection tab.

System Protection - Turn On or Off

Are you an administrator?

Hope this helps,
Shawn

1 more replies
Answer Match 84.42%

Hi all,

The other day I turned on to find malware on my computer - a fake antivirus called System Progressive Protection.

I have since:

- deleted the files from their origin folders
- ran the computer in safe mode
- run Rkill
- run malware bytes (having first updated)
- run hitman
- deleted all cookies and temporary internet files
- emptied my recycle bin

When I boot my computer in normal mode I get the message:

"recycle bin is corrupted" and I think it then asks if I want to empty it.

System progressive protection seems to have gone but i still have internet re-routing malware going - seekportal and doublee-click.net for example. These won't go no matter what I do.

In my task manager processes, something called atieclxx.exe is running, which I've read could be malware.

When I go back into safe mode and run malwarebytes, it doesn't pick anything up.

If somebody could please help me, then I'd be hugely appreciative.

Thanks,

Trevor

A:System Progressive Protection, Seekportal, Doublee-click.net

Oh, I've also made sure that in my LAN settings I do not have ticked "use a proxy server".

23 more replies
Answer Match 83.16%

A couple of days ago, I was looking at images of dinosaurs with my daughter when a screen popped up claiming to be "Malware Protection" and "designed to protect." It was purportedly running a scan which immediately claimed to have found some sort of child porn infection. I hit the stop scan button, but of course it had already done it's work. The result is that I can no longer access the internet (I'm using my daughter's computer to type this) as upon clicking the icon for Firefox, Opera, or IE nothing happens. I also can't open task-manager as it simply closes after a second or two; at first I could see it long enough to see that something called Defender.exe was running, but now I open it and it resets itself to "Processes" so I can't even see that. Shortly after this started, I had a Zone Alarm message come on telling me that "Manganum" was trying to access the internet, upon which I of course hit "Deny."

So at the moment I can't provide an HJT scan or anything else from my computer until someone can help me to do what it takes to get it online. Thanks for any and all help.

Edit: I just performed a search and found files named "defender.exe" from Manganum TrendMicro in C:\Documents & Settings\All Users\Application Data and DEFENDER.EXE-16290DCO.pf in C:\WINDOWS\Prefetch.

Second edit: After reading one of the numerous posts here complaining of an affliction similar to mine, I st... Read more

A:"Malware Protection" has gotten me

Here are the Malwarebytes and HJT logs:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6670

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/25/2011 2:10:56 AM
mbam-log-2011-05-25 (02-10-37).txt

Scan type: Quick scan
Objects scanned: 163779
Time elapsed: 5 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> No action taken.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> No action taken.
HKEY_CURRENT_USER\Software\SolutionAV (Rogue.AntivirSolutionPro) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tdojlrrn (Rogue.AntivirusSuite.Gen) -> Value: tdojlrrn -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\idpmyrqj (Rogue.AntivirusSuite.Gen) -> Value: idpmyrqj -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tdojlrrn (Rogue.AntivirusSuite.Gen) -> Value: tdojl... Read more

1 more replies
Answer Match 81.9%

After privacy protection installed itself I no longer have a desktop. The task bar is still on the screen as well as the start menu. But when I click on the start menu there is nothing on it. The only programs that are running are " privacy protection", "windows security center", and "XP anti-virus 2012". All three of these are running completely by themselves and I never installed or downloaded any of them. I cannot get on the internet or do anything with my computer. I know that privacy protection and XP anti-virus 2012 are fake virus protection but when my computer was still somewhat functional, these programs did not allow me to run anything which made it hard to fight it off. I have some really important stuff on my computer and I would hate to lose it all.
 

More replies
Answer Match 80.64%

virus.. popup "Malware Wipe" "the spy guard" and alot of commercials like porn poker and more crap..
this is what I get when I start internetexplorer
Recommended Anti-Spyware Software: Pest Trap, Malware Wipe, Spy Guard Internet Security

TOP RATED
Pest Trap
Most popular spyware/adware cleaner software all over the world. Cleans all known viruses and worms.

Visit Website Free Scan
Malware Wipe
Became one of the most popular programs very fast. It`s really easy to use and at the same time very effective.

Visit Website Free Scan
The Spy Guard
Developed as the most efficient spyware cleaner with realtime protection.

Visit Website Free Scan
Brave Sentry
Award-winning spyware removal utility that will help you fighting all kinds of spyware including keyloggers, trojans and password thieves.

Visit Website Free Scan
AD Protect
World's leading software application that checks, protects and re-checks spyware and spam vulnerability in your home computer.

Visit Website Free Scan

WARNING! YOUR SYSTEM IS VULNERABLE TO HACKERS' ATTACKS AND BREAKDOWNS!
Attention! Your system is currently exposed. Any remote computer can easily browse following folders and files on your computer:
- \Windows\System32
- \Program Files\Internet Explorer
- \My Documents
- Drive C:\ files
Click here to download official intrusion detection system (IDS software)
YOUR PRIVATE INFORMATION IS IN OPEN ACCESS TO OTHER COMPUTERS
Your... Read more

A:Solved: virus.. popup "Malware Wipe" "the spy guard" and alot of commercials

14 more replies
Answer Match 80.22%

Hello,

I'm running Windows XP SP 3. I have fake "Security Center Alert" popups and "Security Center" popups. A program called "Malware Defense" has also seemed to installed itself onto my computer. And I've just noticed porn icons appearing on my desktop. It's also disabled my Avira software.

GMER doesn't seem to run. I've clicked on it a couple of times but it doesn't seem to do anything. The DDS logs are attached/follows.

Thanks in advance!

DDS (Ver_09-12-01.01) - NTFSx86
Run by zili at 23:28:31.96 on Wed 01/06/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.1022.493 [GMT 11:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WI... Read more

A:"Security Center Alert" popups, "Malware Defense" self install

Let's try this version of gmer.


Download GMER Rootkit Scanner from here to your desktop. Double click the exe file.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.



Click the image to enlarge it


In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and attach it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

4 more replies
Answer Match 79.8%

Please help. I've inserted an SD card from a friends camera with my antivirus disabled and got fake security "System Tool 2011" all over my computer blocking .exe files, throwing warnings, changing background etc.

Can't get HJT, DDS and GMER to run in the normal mode (renaming, rkill and exefix don't help). Everything seems to be calm in safe mode so HJT and GMER logs are attached, DDS doesn't produce any files in the safe mode. Thank you for your help in advance!

----

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:00:17, on 13.12.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Users\Dennis\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Softw... Read more

A:Got "System Tool 2011" malware - HJT and GMER only in safe mode, can't run DDS

Bump. Please help!
 

2 more replies
Answer Match 79.8%

In Windows XP, fully updated, I have several folders full of mp3's and want to see the bit rate and duration. I right click on a column heading and select "Bit rate". I then click on "More..." so I can get to "Duration", and I select that one too.

But all the figures in the "Duration" column appear to be in "hours" and "minutes", so I see "00:04" or "00:03", but what I want is "minutes" and "seconds".

Any thoughts as to how to change this?
 

A:Solved: Windows Explorer "Duration" Column - no "Seconds", just "Hours" and "Minutes"

16 more replies
Answer Match 79.8%

A few days ago, the windows for "Vista Antivirus 2010" started popping up on my screen, and in my sleep deprived state, I had the genius idea of doing a system restore before anything else. No idea what lasting damage may have been done by it, but I suppose that'll show up in the logs.

At any rate, my machine's still mostly usable, just much slower, and with annoying pop-ups every time I open an application, which opens anywhere between one and twenty "av.exe" processes, usually all shutting down after I end one. I'm not the only one using this computer, so I couldn't tell you everything that's gone on in it, but I do know that until I uninstalled them for this, it had Bittorrent and Daemon Tools Lite.

I'm running Vista 32-bit on an HP machine. It wasn't shipped with an installation disc. All I actually have is a recovery disc I downloaded from Neosmart, that seems to work but I have no idea how to actually use it. Not sure what else there is to say, so heeeeeeeere's a DDS report! I noticed at the top it says some Norton features were enabled. I've tried disabling every feature and it invariably says this after scanning. Is this a problem? If it is, I'd guess it applies to the other logs aw well, but I don't know how to fix it short of uninstalling Norton.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Owner at 10:51:35.94 on Sun 03/07/2010
Internet Explorer: 7.0.6000.16890 BrowserJavaVersion: 1.6.0_16
Microsoft? Windows Vista? Home Premium 6.0.6... Read more

A:System infected with "Vista Antivirus 2010" malware

Hello, and welcome to TSF.

I am currently reviewing your log. I will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

7 more replies
Answer Match 79.38%

I need SAFE removal of malware "AV System Care Installer" Software from Locus Software? I'm not sure which downloads to trust when recommended. I saw rogue software will fix, but it didn't have a digital signature.

I tried to follow a past post on this topic, but it was specific to his log file.
Thank You! Your help getting rid of this is GREATLY appreciated!! My son infected our pc while playing games online. ~ S

Here's my HJT log file.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:00:51 PM, on 2/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.... Read more

More replies
Answer Match 79.38%

The issue is a Malware/Virus Program that is on my Wife's laptop. At startup, the virus shuts down all other programs except the Operating System. The Virus program says the computer is infected, The Virus Program sends the user to a screen to put in Payment information to buy the fake program. This Virus makes the background turn blue and also there are 1's and 0's in the background too.

Scans and attachments are included. I do have a recovery/reboot disk available if needed.








.
DDS (Ver_11-03-05.01) - NTFSx86 NETWORK
Run by Ashley at 17:21:19.86 on Sat 03/05/2011
Internet Explorer: 8.0.6001.19019
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.1917.1459 [GMT -6:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system3... Read more

A:"System Tool Virus" Malware Removal

Hello, Welcome to TSF.
I'm nasdaq and will be helping you.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programs, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.
===

A number of steps are required to remove this infection.

You will find the instructions here:

Remove System Tool and SystemTool (Uninstall Guide)

If at any time you need advice before proceeding please ask for help here.

p.s.
The <random>.exe file mentioned in the article is this one.
uRunOnce: [jNnOkKb06310] c:\programdata\jnnokkb06310\jNnOkKb06310.exe

At any time when you can disable the process via the Task Manager.

CTRL+ALT+DEL KEY should give you the way to the Task Manager.
===

When you ... Read more

2 more replies
Answer Match 79.38%

Hi all,

Sorry to repeat a question I see a lot of instances of, but none of those seem to be addressing my problem correctly.

I have not done anything new to my computer in recent days, so this problem has caught me off guard (I see most instances of this problem come after upgrading to Windows 7, I have had Win 7 installed for a while now).

Here is a summary of my problem:
1) My computer recently got stuck on the "Starting Windows Screen." So I manually held the power button to reboot.
2) On reboot, it said there was a need to run a startup repair, which I did. Everything checked fine, except for the last one which said "System Volume on Disk is Corrupted," which it claimed to have successfully fixed.
3) After rebooting from repair, the system gets stuck on "Starting Windows Screen" for a good 10-15 minutes, after which it runs a registry check. After it completes that I get hopeful -- but the screen then gets stuck on an all black screen with just the mouse cursor and nothing more.
4) Additional note: Attempting to start the computer on "safe mode" leads safe mode startup to become stalled on "DRIVERS\CLASSPNP.SYS"
5) The lastest attempt to repair yielded this message: "Startup repair cannot repair this computer automatically.
Problem event Name: Startup Repair Offline
Problem signature 01: 6.1.7600.16385
02: 6.1.7600.16385
03: uknown
04: 21201099
05" AutoFailover
06: 2
07: Corrupt Volume
OS Version: 6.1.7600.... Read more

A:Stuck on "Starting Windows", Repair Shows "System Volume on Disk is Corrupted"

Hi Stan, Hopefully I can help you out....or at least lead you in the right direction. From my experience, the symptoms you are suggesting sound like perhaps a dying Hard drive.

1. Do you have the windows 7 boot disks that came with your computer or when you bought the Operating System? If so, you could try and insert one of those and boot from it, and attempt to repair the installation. (this won't affect your data, only the windows system files).

2. If that doesn't fix it, you could try a fresh reinstall of windows 7, and see if that works.

3. If neither of those work, its likely that because of the fact that when windows is repairing itself, it is generally putting copies of its system files in the same physical location on your disk. Because your disk is obviously not completely dead, ie....its still loading to the windows 7 startup screen, its just copying files to the bad sectors on your hard drive and gets stuck when loading. This is especially my guess because you said Safe mode is having same problems, even after attempting to repair. In the past, I've tried and salvage a disk by reformatting it and only leaving on partitions which do not contain the bad clusters. This takes some time, and some guess work.....and really this is only a "bandaid" fix because once the disk has bad clusters, its only a matter of time before these things give out. You wouldn't want to trust your important data on it anyways....

I hope this leads you in ... Read more

1 more replies
Answer Match 78.96%

Is there an easier way to have Word use mouse over effects to display an image when the mouse hovers over a hyperlink than using the dynamic html editor? I have 4 hyperlinks on one page representing different products and i just want Word to show the image of each one as the mouse passes over the link. I saw the Word web toolbar has a "movie" with an alternate image selection for browsers unable to play movies, but all I want is the image.

Thanks.

Drew
 

More replies
Answer Match 78.96%

Good Morning,

I would like to introduce myself. I am new to the forum. Should I address an issue inappropriately, kindly alert me.

Most recently, I have experienced multiple PC issues. Recently, I performed a System Recovery and encountered the following ?

1. Cannot perform a SYSTEM RESTORE. The message is: ?Restoration Incomplete. Your computer cannot be restored."

2. When I booted up this morning, and DID NOT HAVE A DESKTOP.
The screen was blank ? no Icons.

3. The items below are APPEARING IN MY TEMP FOLDER, and are located at: C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp:

........a. 415303181927525125.tmp
......... plus similar numbers.

........b. IswTmp
........c. msohtmlclip1
........d. msohtmlclip

I delete the above items through safe mode but they re-appear.
** I am MOST CONCERNED ABOUT Items 1 & 2.

SYSTEM SPECIFICATION:

? (DESKTOP PC) Windows XP
? (SP3) HP Compaq Presario 061 - Media Center Edition,
? AMD Athlon (m) 64 Processor / (X 86-Based PC - 32-bit package)
? MOTHERBOARD Chipset - ATI RADEON XPRESS 200 CHIPSET
? Version 5.1 / 2600 Build Processor

** If someone would give me some feedback, I would appreciate it tremendously.
** THANKS IN ADVANCE.

Kind regards,
AJ

A:NO DESKTOP after booting up & SYSTEM RESTORE "Incomplete" & "Strange" Temp Files

Usually when the machine has a "blank" desktop, the boot/startup process has been interupted or is frozen to before Explorer is launched.

You can launch Explorer manually be navigating C:\Windows and double-clicking "Explorer".

If successful, do the following:

Start>Run>(type) "msconfig" and turn off all non-MS services and all startups.

Then, Start>Run>(type) "cmd", and at the command prompt type "chkdsk /f" and schedule a chkdsk to run on next reboot.

Reboot system and report results.

3 more replies
Answer Match 78.96%

I am running Windows XP SP3, fully updated, on an Acer lap top PC.

I have several folders full of .mp3's and want to see the bit rate and duration. To do this I right click on a column heading and select "Bit rate". I then click on "More..." so I can get to "Duration", and I select that one too.

The two new columns appear, but the format of the "Duration" column appears to be "hours:minutes", so I see "00:04" or "00:03" for most .mp3's, when what I want to see is 'hours:minutes:seconds", e.g. "00:03:45".

This also happens for video files (.avi files), e.g. all my episodes of "Heroes" (sad, I know) have a duration of "00:42" instead of "00:42:xx".


Here are two pictures showing the problem with the .mp3's. The first is of Explorer showing the Duration as "Hours:Minutes":




The second picture is of the properties window of the first .mp3 in the list above:




I copied some .mp3 files to another (old) PC on my home network, and it displayed the duration field correctly:




Also, the properties window correctly shows the duration also:





I'm not the only person to have this problem. I received a private message from a member of another forum where I posted about this problem several weeks ago. That person also has the same problem with the duration field.

The tech guys on that forum were unable to find the source... Read more

A:Windows Explorer "Duration" Column - no "Seconds", just "Hours" and "Minutes"

* bump *

Tricky, this one!

8 more replies
Answer Match 78.54%

thats the message i get in a baloon, along with IE randomly opening up and going to either a blank page or a page trying to get me to download a program.
the exact message is "your computer is infected with a back door trojan that allows the remote attacker to perform various malicious actions. Click this baloon to download malware removal software."
no matter what i do it wont go away. what can i do to get rid of this?
thanks in advance
 

A:"System Alert: Malware threats"?

bump!
 

1 more replies
Answer Match 78.54%

It appears that I'm also the lucky recipient of the "Security Toolbar [email protected][email protected]/WinFixer32" trojan. I've been trying to weed through this forum for a couple of days, and have attempted to use the following: VundoFix V6.5.10, SmitFraudFix, SUPER Anti-Spyware, and SafeXP. Each time, it looks for a moment like I'm making some progress, but the popups and error messages keep coming back.

One peculiarity that I've not seen listed has to do with Safe Mode in Windows: Every time I try to do something in Safe Mode, the system seems to "cycle"...like it's restarting safe mode over and over again. Not only is it frustrating, I can't seem to get any of the programs to complete successfully.

In looking at other posts in this forum, it appears the best place to start is with the HiJack This log, so I'll include it with this post.

Any and all help will be greatly appreciated. Thanks!

--paste--
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:47:11 AM, on 10/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:... Read more

A:"System Alert: Malware Threats"--These and many, many more!

16 more replies
Answer Match 78.54%

My wife seems to have recently installed "System Security" malware, even though we were running an updated version of the AVG 8.5 antivirus and the computer (XP Home) is fully patched.

I find many references to it on the internet, and even some at techguy.org. But all of the instructions tell you to run some malware removal program. This version of the program not only pops fake security messages and asks you to "register" to get rid of them, but it claims that *EVERY* exe I try to run, except Internet Explorer is "infected" and therefore will not be run. This includes the malware removal installation programs that it does allow IE to download, regedit, even notepad. And since it won't let anything run, NONE of the usual antivirus and antimalware programs will run.

Is there anything short of a full reinstall that I can do? And is AVG 8.5 *really* this bad?

Thanks
 

More replies
Answer Match 78.54%

All desktop icons are hidden, and the start menu is void of all installed applications. I have tried to acquire the requested logs as per the instructions in the first sticky thread. However, all I am able to provide you is the HiJackThis log. All other attempts to gather information using the other downloads fail. Please help me!!!
Here is the log from the HiJackThis scan:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:37:01 PM, on 1/23/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Documents and Settings\All Users\Application Data\tSUpODctlIrm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.11.20\SymcPCCULaunchSvc.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.11.20\ccSvcHst.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common F... Read more

A:"System Check" malware infection. Please help!

16 more replies
Answer Match 78.54%

Using "System Performance" DCS reports some events are lost. To fix it, I need to increase buffer size but I can't do it because all parameters are disabled. 
When I create custom DCS with same trace (based on "Windows Kernel Trace" provider) I increase num of buffers and everything works fine.
How can I change it for "System Performance"?

More replies
Answer Match 78.54%

I have been getting these "Bad Pool Header" and "System Service Exception" BSODs for about a day now (the "Bad Pool Header" one tends to pop up more often then the other btw). I ran a registry cleaner which didn't work and ran memtest this morning and it showed that my memory was fine. The BSODs tend to occur more often when I am playing a game or running some program that uses a bit more memory but it also happens when I am just on the internet. On the other hand, last night I did nothing but surf YouTube for 3 hours and didn't get a BSOD at all. However, since then I haven't been able to do anything for more than 10 minutes (without being in safe mode) without it crashing, and this morning it completely froze until I turned it off. My OS is Windows 7 Home Premium 64bit. It came preinstalled from the manufacturer and unfortunately I do not have the install disc. The entire laptop is less than 2 years old and there have been no major hardware changes and I have never reinstalled the OS.

A:Random "Bad Pool Header" and "System Service Exception" BSODs

UPDATE: Another BSOD just happened after I left the computer idle for a couple of hours except this one said something about Asdsm.sys.

1 more replies
Answer Match 78.54%

First off, thank you for any assistance in advance.

Problem: "System Alert" balloon in tray icon that will not go away and redirects me in IE 7 to hxxp://www.virprotect.com/?aff=1012.

Using SpyBot Search & Destroy and Ad-Aware SE, I seem to have gotten rid of the problem of the redirection of my home page as well as removed the trojan that caused all of this in the first place (I think). The pesky balloon, however, remains. All pre-steps your forum recommeded have been completed. Below are the logs your forum requests in advance (please note that my DSS "extra" log file is attached):

PANDA ACTIVESCAN
===============

Incident Status Location

Potentially unwanted tool:application/myglobalsearch Not disinfected c:\program files\MyGlobalSearch
Spyware:Cookie/Atlas DMT Not disinfected... Read more

A:[SOLVED] Trying To Remove "System Alert" Balloon That Directs To "virprotect.com"

Download SDFix from here and save it to your desktop.


Please then reboot your computer in Safe Mode by doing the following :
Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

In Safe Mode, right click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the script.
Type Y to begin the script.

It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.

Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.

Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).

Finally paste the contents of the Report.txt back on the forum.


=========================================

This will help to identify malware on your system.
Please download Combofix from any of these locations:
... Read more

9 more replies
Answer Match 78.54%

I have been getting these "Bad Pool Header" and "System Service Exception" BSODs for about a day now (the "Bad Pool Header" one tends to pop up more often then the other btw). I ran a registry cleaner which didn't work and ran memtest this morning and it showed that my memory was fine. The BSODs tend to occur more often when I am playing a game or running some program that uses a bit more memory but it also happens when I am just on the internet. On the other hand, last night I did nothing but surf YouTube for 3 hours and didn't get a BSOD at all. However, since then I haven't been able to do anything for more than 10 minutes (without being in safe mode) without it crashing, and this morning it completely froze until I turned it off. My OS is Windows 7 Home Premium 64bit. It came preinstalled from the manufacturer and unfortunately I do not have the install disc. The entire laptop is less than 2 years old and there have been no major hardware changes and I have never reinstalled the OS.

A:Random "Bad Pool Header" and "System Service Exception" BSODs

UPDATE: Another BSOD just happened after I left the computer idle for a couple of hours except this one said something about Asdsm.sys.

4 more replies
Answer Match 78.54%

hi every body
My PC has lots of files called "Thumbs.db" & "System volume information" in all its drives.I cant delete these files and I think the cause of shutting my pc down automatically and showing blue screen is these files.the operating system is win xp/sp2.
I don't know what to do with these and what anti virus will delete them.please help me.
thanks
 

More replies
Answer Match 78.54%

Which one should I do? I originally wanted to just do "Return computer to factory condition" but Theog just suggested "Use A System Image Created Earlier." I have no idea what to do. So confusing!

A:"Return computer to factory condition" or "Use A System Image Crea..."

Hello M4TE and welcome to Seven Forums. Sorry for the delay in responding but I just came across your question.

Most newer manufactured computers have a hidden recovery partition on the hard drive. The manufacturer provides specific instructions on how to access that partition in case you want to restore your machine to the exact condition it was in when it left the factory. That means you'd have to go through the time consuming process of cleaning out factory bloatware (like free trials of programs you'll never need), installing programs you do need, updating everything, creating your personal settings, etc. Here is a general idea of how to access the hidden recovery partition.

HP Recovery From Partition

Let's say it took you a day or two to set up your machine to your liking using the hidden recovery partition. A System Image is like a snapshot of your entire hard drive. It will include everything from the operating system to all your programs, files, photos, music, all updates ... everything. Most folks keep it on a separate external hard drive. Let's say a week later you get a virus or your machine crashes for some reason. You can use that System Image to return your machine to the exact condition it was in when you made the image. Usually takes about 30 minutes or so and you're back in business. It's a lot faster and more convenient to only worry about a week of updates compared to probably months with the hidden recovery partition. The newer a System Image is the... Read more

1 more replies
Answer Match 78.54%

Dear Experts,

I have created windows image on Drive F: but delete it after some time manually due to some space prob.
But while backup shows about 40 GB only few GB space got free after deletion. When i try to again take the the backup using windows 7 backup & restore option, its still shows 35 Gb of System Image in drive F: when i brows the Manage Disc Space option but i cant find it on the same drive. (Plz see attached pic)
Plz help me to locate this and delete the same.

Thanks

A:Cant find "System Image" of 36 GB but its shows on "Manage Disc Space"

Hello sattyaji, and welcome to Seven Forums.

It may still be showing if the system image was created as part of a Windows backup. Using the tutorial below to reset Windows Backup should clear it for you, but you will need to set up your backup again afterwards.

Backup User and System Files - Reset to Default Configuration

Hope this helps,
Shawn

5 more replies
Answer Match 78.12%

Hello,
First let me tell you about my system.   This is an Inspiron
E1705/9400 laptop with the T7400 Core 2 Duo processor running at 2.16
GHZ.   It has 2 GB of RAM and a brand new 500GB Hitachi Travelstar hard
drive (7200 RPM).   It also has the GeForce Go 7900 GS video card.   
It previously had Windows XP Professional (32 bit) and worked fine.  
But, I have three computers in my home and home office and would like
them all to work better together on my wired home network, so I am
upgrading all three to Windows 7.   My two desktops (one is Dimension
XPS 420 and the other is Dimension XPS 430) seem like they will be no
problem to upgrade to Windows 7.   But, this laptop was not listed on
Dell's Windows 7 Compatibility List.   However, the Windows 7 Upgrade
Advisor that I downloaded and ran seemed to say that it was OK to do a
clean install of 32 bit Windows 7 and it only had a few minor concerns,
where it said to check for updated drivers from the manufacturer.   The
laptop originally came with a 100GB hard drive.   For my use, that is
getting very small, so I decided to get the same exact 7200 RPM drive
in the 500 GB size.   This will allow me to do a clean install of the
32 bit Windows 7 OS on the new hard drive and not have to wipe the old
drive to do it.   I can just hold onto the old HD and stick it back in
whenever I might ... Read more

A:Minor Problem with New Windows 7 Installation on my Inspiron E1705/9400 - two entries for "Base System Device" under "Other Devices" with yellow exclamation point

BTW, I just downloaded and installed the driver pack from that ftp location and it worked, even for Windows 8.1 - 64 bit.
Thanks Steve!

Roger

9 more replies
Answer Match 77.7%

Logfile of HijackThis v1.99.1
Scan saved at 20:27:43, on 2/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\WINDOWS\system32\sumsw32.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\svchost.exe... Read more

A:total pc protection" malware please help!

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may... Read more

1 more replies
Answer Match 77.7%

Hi, I'm having BSODs on my new custom PC build running Windows 10. I am sure this is probably just a driver issue but I'm unaware of how to figure out which driver.

I've uploaded the debug report. Please let me know if you have any ideas or help.

AJ-DESKTOP-Sun_06_19_2016_200102_65.zip

Thank you!

More replies
Answer Match 77.7%

There are 2 devices in the "Device Manager" that do not have drivers installed.

I just did a clean install of Window 7 SP1 32-bit to a Dell Latitude E6500. I have uploaded all the Windows updates and all seems to be performing well. However, there are two devices in the "device manager" that do not have drivers installed, and I can't determine what the devices are nor how/where to find the drivers for them online or elsewhere. The driverless devices are "Base System Device" and "Broadcom USH". When I look at the properties page of both devices, it says that the Base System Devices location is "PCI bus 3, device 1, function 3", and the Boradcom USH's location as "0000.001a.0002.001.000.000.000.000.000".

The laptop did NOT come with a drivers installation disk.

QUESTION: How can I identify what these devices actually are and, more importantly, how can I obtain the driver for them?

A:Can't ID driverless devices "Base System Device" and "Broadcom USH"

Well, as for the second part of your question......... have you tried using windows own driver update utility? Right click on the yellow exclamation point in Device Manager, choose update.

I'm thinking your "boradcom ush" is this, drivers for it are here too, :Broadcom USH - USB\VID_0A5C&PID_5800 - awdit - The driver, software, & hardware database

4 more replies
Answer Match 77.7%

Hi

New installation of windows 7 ultimate 32bit and on trying to copy a 38gb folder from c drive to d drive, pc gives bsod.
Lately playing world of tanks is resulting in system lock ups,please can anyone help

Frosty

A:bsod copying files from "c" to "d" drive and system lock ups

Post it following the Blue Screen of Death (BSOD) Posting Instructions.

2 more replies
Answer Match 77.7%

Hello All,

I started a few weeks ago on the PowerShell programing and I got my answer from here only. So am putting up the error that I am getting now to get some help again.

Scenario : I wrote a script that checks a Folder on a server and counts the number of files in it.Then when it finds the resulting number to be more then a specific value(threshold) it sends up a mail to the required alias. To break it all along the portion to send a mail is generated through DBmail using another .PS1 file.

In the PS1 file containing the main checking of number of files I am trying to pass 2 parameters :

1. Folder path on the server
2. the Threshold value of number of files

Now when I created a job to run this powershell script as :

& "C:\PowerShell\Power.PS1" \\XXXX\\c$\Documents and Settings\ABC\Local Settings\Temp 10


IT fails with the error :

A job step received an error at line 1 in a PowerShell script. The corresponding line is '& "C:\PowerShell\Power.ps1" \\XXXX\\c$\Documents and Settings\ABC\Local Settings\Temp 10'. Correct the script and reschedule the job. The error information returned by PowerShell is: 'Cannot convert value "and" to type "System.Int32". Error: "Input string was not in a correct format." '. Process Exit Code -1. The step failed.


I really can not move forward on this.

Please help.

A:PowerShell issue ('Cannot convert value "and" to type "System.Int32")

Just to add for reference Below is the code for the Power.Ps1 file that I have used :


param
(

[string] $directory_string,
[int] $benchmark

)

$date=get-date
[int]$directory_file_count = 0

# check that the directory exists.
$does_directory_exist = (Test-Path $directory_string)


# if it does, then continue
if ($does_directory_exist)
{


# Check for the number of files on the directory
$directory_file_count = (get-childitem $directory_string -name -recurse).count

# If number of files exceeds the limit, send mail to notify

if($directory_file_count -gt $benchmark)
{
& "C:\Powershell\DB_mail.ps1"
$subject= "XXXX"
$body= "XXXX"

}

else

{
& "C:\Powershell\DB_mail.ps1"
$subject= "XXXX"
$body= "XXXX "
}

}
else
{
& "C:\Powershell\DB_mail.ps1"
$subject = "XXXX"
$body = " XXXX"
}

5 more replies
Answer Match 77.7%

I've run SuperAntiSpyware, Ad-Aware, SpyBot and Norton which removed some trojan files and registry items but I'm still getting pop-ups ("Security System Warning" and "System Integrity Scan Wizard"). Below is my HiJackThis log. Thanks in advance!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:00:21 PM, on 4/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\cryptainersrv.exe
C:\WIND... Read more

A:"Sys Integrity Scan Wizard" & "Security System Warning" Pop-ups

Hi Welcome to TSG!!
Please visit this webpage for instructions for downloading and running ComboFix.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
 

1 more replies
Answer Match 77.7%

With EaseUS Backup Tool, I've cloned these two partitions ("System Reserved" and "C") to same-sized partitions on a external HDD ("X" and "Y"). Picture tells it concisely:
How to make drives "X" and "Y" boot-able?

In "Disk Management", I've noticed these partition labels missing:"X" (or "System Reserved") is missing System label,
"Y" (or "OS") is missing Boot, Page File and Crash Dump labels

Thank you!

A:Both "System reserved" and "C" partition cloned to external HDD: boot?

You cannot boot Win7 on external HD, unless it is connected via eSATA.

9 more replies
Answer Match 77.7%

Long story short, I need to change the name of a folder back to its original name but i forgot it! The program im using cant load my files because i changed the directory name (the folder) and i need to change the name back so that my program will reload the files so i dont have to do it all over again.
The program im using it after effects cs5.5 by adobe
I tried looking in the folders properties for the name but didnt see anything! Does anybody have suggestions!

A:Any way to find the old name of a folder? "After effects"

How feasible is:
1. Uninstall program.
2. Install program.

2 more replies
Answer Match 77.7%

So that I don't have to keep changing my desktop every time I make a video, I want to use "Desktops".

My problem is that whenever "Desktops" is started, the basic colour scheme is activated which I do not want in my videos.

Is there any way to keep Aero with "Desktops"?

A:Can "Desktops" be used with Aero effects?

Short answer would be no.

This app was designed for windows xp, server 2003 or higher.

However, your actual desktop(#1) should works fine with aero, desktop 2, 3 and 4 should not.

6 more replies
Answer Match 77.7%

I run a program that requires the setting "Smooth Edges of Screen Fonts" to be un-checked in Win7 and XP. Using Win7, that selection is under Control Panel/System Security/System/Advanced System Settings/Performance Settings/Visual Effects. How do I access that setting in Windows 8?

A:Where is the "Visual Effects" menu?

Hello K4YS, and welcome to Eight Forums.

Here you go.

Visual Effects - Adjust in Windows 8

3 more replies
Answer Match 77.28%

Hi TSF,

Recently been getting Microsoft Visual Basic pop-ups saying macros are disabled whenever I bootup my computer. It has finally shown itself in the form of a green screened popup saying: "Your system is infected. System has been stopped due to a serious malfunction. Spyware activity has been detected. It is recommended to use spyware removal tool to prevent data loss. Do not use the computer before all spyware removed."

Please advise, Thanks.
Urby

DDS (Ver_09-12-01.01) - NTFSx86
Run by pwu at 13:28:40.96 on Sat 02/13/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.236 [GMT -5:00]

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\QuickT... Read more

A:"Your system is infected" malware

Hello and welcome to TSF.

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
To disable Avira :

Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background (looks like this: )right click it-> untick the option AntiVir Guard enable.
You should now see a closed, white umbrella on a red background (looks like this: )

Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Re... Read more

19 more replies
Answer Match 77.28%

I have the little icon at the bottom right of the desktop which periodicaly pops up and tells me to download anti-spyware, but it's really just malware. I can't get rid of it and I was hoping somone could help.

Deckard's System Scanner v20071014.68
Run by Zac LaRoche on 2008-03-18 14:15:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
32: 2008-03-18 18:15:18 UTC - RP1337 - Deckard's System Scanner Restore Point
31: 2008-03-18 17:16:34 UTC - RP1336 - Software Distribution Service 3.0
30: 2008-03-17 15:09:39 UTC - RP1335 - System Checkpoint
29: 2008-03-16 03:46:41 UTC - RP1334 - System Checkpoint
28: 2008-03-15 01:31:23 UTC - RP1333 - System Checkpoint


-- First Restore Point --
1: 2008-02-22 18:44:58 UTC - RP1306 - Installed Windows NLSDownlevelMapping.


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 80% (more than 75%).
Total Physical Memory: 503 MiB (512 MiB recommended).
System Drive C: has 1.38 GiB (less than 15%) free.


-- HijackThis (run as Zac LaRoche.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:18:12 PM, on 3/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.... Read more

A:"System Alert" malware

bump

.

2 more replies
Answer Match 77.28%

I need SAFE removal of malware "AV System Care Installer" Software from Locus Software? I'm not sure which downloads to trust when recommended. I saw rogue software will fix, but it didn't have a digital signature.

I tried to follow a past post on this topic, but it was specific to his log file.
Thank You! Your help getting rid of this is GREATLY appreciated!! My son infected our pc while playing games online. ~ S

Here's my HJT log file.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:00:51 PM, on 2/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.... Read more

More replies
Answer Match 76.44%

All of the sudden my "System Volume Information" folders (the system restore folders) on all of my hard drives are shown even when viewing hidden files is off. Tried to mark them hidden, but it won't let me. Anyone have a clue as to why they would suddenly unhide themselves and not allow me to hide them again? This is on XP Pro with no service pack1 installed. Just bugs me they did that all of the sudden. Haven't installed anything recently except Paint Shop Pro 7 and Easy CD Creator 5.2 plus the update patch to 5.3.

Thanks,

Smith
 

A:"System Volume Information" folder won't go "hidden"

11 more replies
Answer Match 76.44%

After last night i have re-turn on my computer about five minutes ago............ i see on "My Computer" i have a new "strange" system drive named F: (C and D it's my HD... E it's dvd burner) whit label "SYSTEM" and i have tryed to access and result inaccessible.
The size it's about 100MB and 47,2 it's be filled but i can see what's inside and i don't have idea what's is that............. i thinks it's possible there's sometighs like a "hidden" partition but i don't even idea because now it's appears on "My Computer".
Yesterday and last night (before i go to sleep and turn off this same pc) there's no listed here................
If it's necessary i can post some pics.... or info about it... apparently there's a FAT32 partition.........

*EDIT*
I can add this info about this:
i have opened the diskmgmt.msc and here i can't see nothings about this newest drive F:.... look at here:
And here the the disk manager.. no F: appears:

A:Strange "SYSTEM" drive has been appears on "My Computer". What's it's?

See:

what is F System directory that suddenly appears in Windows 10

1 more replies
Answer Match 76.44%

Hello all i need your help when i play world of warcraft and watch videos my computer will crash and go to a blue screen and say Bluescreen "hardware malfunction" "the system has halted" anyone kno what i can do?

 

A:Bluescreen "hardware malfunction" "the system has halted"

8 more replies
Answer Match 76.44%

Hi All,

Is there an easy to "split" a 40 Gb user file area into ten 4 Gb "chunks", for the purpose of backing up onto ten DVDs? In other words, is there an easy way to copy a 40 Gb file area onto ten DVDs?

Operating System is Windows 7 Enterprise (64 bit).

Thank you for your time and help,
Best regards,
James

A:"Splitting" 40 Gb user file system into ten 4 Gb "chunks"

Perhaps if you save to a FAT32 formatted partition.
This is automatically done by image backup software such as Macrium and Acronis.

6 more replies
Answer Match 76.44%

When installing SP2 on my computer, there was a box that recommended "Backing up my system" before proceeding. So I created a restore point. I will install it on my daughter's computer next, and would like to know if I was supposed to do anything fancier than creating a restore point before installing SP2?
 

A:Does "Back up your system" mean "Create a Restore Point"?

16 more replies
Answer Match 76.44%

Hi TSG

My comp was messed up so I decided to clean reinstall xp pro, my hard drive was split into 3 partition, C, E backup and L photos and bits, at the point of the install were you decide,delete our make partitions, I decided to delete L as it was not needed and clean install onto C, leaving E with my docs and data, the install went fine, when I looked at my drives in admin tools the C is marked boot and E system, I was going to delete E and make new partitions, but because it marked as system, can not delete it. How did I do this and is there away to put it all back onto C, without reformatting.
 

A:Solved: partitions "boot" and "system" after xp install.

6 more replies
Answer Match 76.02%

I copied this from another post, as it is exactly the same problem I am having:

virus.. popup "Malware Wipe" "the spy guard" and alot of commercials like porn poker and more crap..
this is what I get when I start internetexplorer
Recommended Anti-Spyware Software: Pest Trap, Malware Wipe, Spy Guard Internet Security

TOP RATED
Pest Trap
Most popular spyware/adware cleaner software all over the world. Cleans all known viruses and worms.

Visit Website Free Scan
Malware Wipe
Became one of the most popular programs very fast. It`s really easy to use and at the same time very effective.

Visit Website Free Scan
The Spy Guard
Developed as the most efficient spyware cleaner with realtime protection.

Visit Website Free Scan
Brave Sentry
Award-winning spyware removal utility that will help you fighting all kinds of spyware including keyloggers, trojans and password thieves.

Visit Website Free Scan
AD Protect
World's leading software application that checks, protects and re-checks spyware and spam vulnerability in your home computer.

Visit Website Free Scan
Here is my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 8:40:21 PM, on 6/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.... Read more

A:Solved: "Malware Wipe" "the spy guard"

16 more replies
Answer Match 75.18%

My office just upgraded, and I can no longer use Windows XP. On this system, I was able to add a separate taskbar to facilitate quick access to commonly-browsed folder locations on our vast network, and another one expedited the launching of useful programs and lists. Each task on each taskbar was represented with a big custom icon to save eye strain. I had them installed in opposite vertical margins, and they were set on auto-hide to keep them out of the way when not being used. Just move your mouse pointer to the left or right margin, and BAM! Sorry for the cliche, but I really got used to the convenience of what I had set up, and I just don't think I can be as efficient without anything comparable.

Now there appears to be nothing comparable in the Windows 7 GUI, and it's making me sick with rage! I see only the option to put a "toolbar" on an existing "taskbar", and no option to create any additional taskbars! This cramps up your one-and-only taskbar, plus the tiny toolbar access buttons require way too much precision for anything that's supposed to be quick. When you've figured out how to bring up that ridiculous button, the list that it yields is small enough to cause painful eyestrain - nothing efficient, much less cool about this at all! I have seen customization options in other OS GUIs that may have resolved some of these issues, but I see none such in W7.

I have tried every google search string that I can think of, and found... Read more

A:Need to add "TASKBARS" (MSese for "Launchpads", "Docks" NOT "Toolbars"

Several possibilities here: Second taskbar in windows7? [Solved] - Windows 7 - Windows 7

1 more replies
Answer Match 75.18%

Hi,

When our website users click on an html attachment embedded on a web-page in IE9, the download manager will not display the "Open" option. It will only display "Save" and "Cancel" which our users don't like, having to save the
html document in a folder to open it. Whereas, when downloading attachments like pdf, word etc. all three options are displayed. 

Is there any setting to tweak , which will display all the 3 options for HTML attachments as well?

A:IE9 download manager will not display "Open" option (only "Save" and "Cancel" is displayed) for downloading HTML documents.

Hi,
As you know, the Open-Save-Cancel dialog box helps you prevent your computer from affecting by virus while downloading. 
So I suggest you test to reset all zones to a lower level temporarily and then please attempt to download this html attachment again.

However, since you can normally download the other documents, I suspect there is some restriction in the website which you are trying to view. I recommend you to contact the administrator of that website if possible.
could you please send me the link of the website from where you are trying to download the html attachment?
Thanks!


We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.

6 more replies
Answer Match 75.18%

My system protection is displayed as "off" but the button to turn it on is grayed out. When I click System Restore I get the window with the "configure system protection" hyperlink but clicking it has no effect, nothing happens. Why would it be disabled? I have created RP's before. Why is it turned off & how do I turn it on.
RE sysinfo below;I don't understand the last sentence about WinDef antivirus being off. ContPanel says WD is on
Here are 2 screenshots of the windows:

http://imageshack.com/a/img633/4197/7NFYli.jpg
http://imageshack.com/a/img673/7322/ydBCje.jpg

TSG: SYSINFO:
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1, 64 bit
Processor: AMD A10-6700 APU with Radeon(tm) HD Graphics, AMD64 Family 21 Model 19 Stepping 1
Processor Count: 4
RAM: 11461 Mb
Graphics Card: AMD Radeon HD 8670D, 768 Mb
Hard Drives: C: Total - 932868 MB, Free - 586652 MB; D: Total - 19137 MB, Free - 2343 MB; E: Total - 1907726 MB, Free - 561508 MB; F: Total - 953867 MB, Free - 597397 MB;
Motherboard: MSI, 2AE0
Antivirus: Windows Defender, Disabled
 

More replies
Answer Match 74.76%

I am infected with this crap and have used the following tools to try to get rid of it:
Windows Defender, Unible PowerSuite (SpeedUpMyPC, Registry Booster & Spyware Protector) and Norton's One Button Checkup and WinDoctor.

Not sure if it's related, but my DISPLAY is locked at 640 X 480.

Atempted the 5 Step Process before posting and Panda ActiveScan froze and crashed after scanning 59253 files, but not before identifying 28 spyware files.

Here's my extra.txt log from Deckard's:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 2.80GHz
Percentage of Memory in Use: 36%
Physical Memory (total/avail): 1277.95 MiB / 810.39 MiB
Pagefile Memory (total/avail): 1516.89 MiB / 1165.44 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1930.88 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.21 GiB total, 18.7 GiB free.
D: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - ST340014A - 37.25 GiB - 1 partition
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 37.21 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled... Read more

A:Netsky Worm-Popups-The Three Icons - "Error Cleaner" "Privacy Protector" "Spyware..."

Bump.

14 more replies
Answer Match 74.34%

Well, its my first post here and my english is not good, Hi all!
I've installed win7 ultimate 64bit yesterday and Iam having a annoying problem when System locale is setting to Japanese:
The standard "\" character in shortcut dialog box, for example was replaced with yen symbol (?)

Windows help said that it dont affect the language in menus or dialog boxes for windows or other programs that do use Unicode (see image below), then i dont understand why its changing this character, and well, I know that its visual only but i preffer my windows without this yen symbol and yet, being able to show correct characters in japanese applications

A:"" instead "\" when System locale is setting to Japanese

Sorting it all Out : When is a backslash not a backslash?

2 more replies
Answer Match 74.34%

Newbie here. I have searched around for a while but have not found a post with my exact situation.

I just installed a new Seagate Momentus 500gb (7200rpm) SATA drive in my Lenovo X61 laptop and have been working on a installation of Windows7 Ultimate.

Not realizing this was an upgrade install disk, I tried to install Win7. I didn't know about the clean install method, so I started over with an installation of WinXP (slipstreamed to deal with the SATA drive).

Next, I ran the Custom Installation upgrade to Win7.

So far, it seems to be working ok.

However, the Local Drive is D: instead of C:. The System Reserved drive in labeled C:. Should I be concerned? Should/Can I change this?

Attached are screenshots of Disk Management and explorer window.

Thank you for any info.
-Nate

A:"System Reserved (C:)" and "Local Disk (D:)" ??

Try removing the System Reserved drive letter in Disk Management to see if Win7 claims C instead. It sometimes works.

There is no reason you can't operate with Win7 as D even though it is meant to always assume the C letter unless it's installer is run from another OS.

But if you do I would not allow a drive letter for SysReserved as programs can write to and corrupt it, especially the ability to make Win7 backup images.

Now that you know you can clean install Win7 without needing XP on the HD, I would strongly consider booting the installer to do a Custom install, choose Drive Options to Delete all partitions, Create new as you wish, then Format before installing to first partition after SysReserved it will create for you. The installer will see an OS at boot to allow use of Upgrade version key upfront during install.

Here are tips to get a perfect reinstall - use the ones which apply: Clean Reinstall steps

2 more replies
Answer Match 74.34%

In my "services" tab in my "system configuration utility" (accessed via 'msconfig', I count about 75 entrees......all of them checked. Now, I know there a some of them that I need......for example: "AVG Update Service". But there are many (most, in fact) that I haven't a clue about what they do or if I really need them. For example: "Cryptographic Services". What in hell is that? What I'd like to do is disable all the stuff that I don't really need, so that I'm not wasting resources. Thanks for any help anybody can give. If you really come through, another donation will be on the way. But don't get the idea that this is a bribe.

pjblevin
 

A:"services" tab in "system configuration utility"

6 more replies
Answer Match 74.34%

or i should say they open for a split second and then disappear. so i go to run and type in msconfig and the box opens and closes immediately. i go to control panel and click system and again appear/disappear. what to do???
 

A:"msconfig" and "system" boxes... can't open

16 more replies
Answer Match 74.34%

Hello everybody. Here's my story. I have 2 HDDs:
1) 1TB with 2 partitions: System (where Windows 7 is installed) and Hard Disk (with programs)
2) 500GB with 1 partition: Storage (with all the unnecessary files I don't want to delete)

My problem is that the last partition became Active and System. It happened like that. I had some troubles with SATA cable so I had to disconnect my main HDD and connect DVD-Drive with that same cable and my main HDD with the one I used for DVD-Drive. What I didn't notive at first was that the 500GB hard disk became the first one in the boot row. After some time I noticed that Storage became my Active and System partition. I tried making the partition with Windows Active and making that one Inactive but I couldn't load the system after that, I had BOOTMGR is missing error, so I had to swich back with Paragon software. Any ideas how can I make my original System partition to be active and system and that useless partition to become simple data storage once again?

A:Partition is "Active" and "System" though it shouldn't be

Plug 1tb into first SATA port, mark it Active using Diskpart from Win7 DVD Repair Conosle or Repair CD, or use free Partition Wizard bootable CD. Then mark Inactive 500gb plugged into Disk1.
DISKPART At PC Startup
Partition - Mark as Active (Method Two)

Set 1tb on DISK0 as first HD to boot in BIOS setup, after DVD/CD drive.

Boot the Win7 DVD Repair console or Repair CD to Startup Repair - Run 3 Separate Times until Win7 starts on its own and is correctly marked System Active. You may have to unplug the 500mb HD if it interferes.

2 more replies
Answer Match 74.34%

Would like to not have UAC pop-up for files & folders on non-C: drives, so expect they need to have "full control". Default is Special Permissions. Is there a way to default to "full control" when new folders are created, or do I need to mod permissions for each one? Note that I am NOT talking about anything on the o/s drive C:.

A:Permissions for non-system, "user" drives; not "c:"

How about right clicking the non C drive - clicking Properties - Security tab? Setting full control there for the entire drive? Does that work for you bro?

Thanks,
Robo

9 more replies
Answer Match 74.34%

I double-click and get "search" instead of "open"--only when I click a disk, like Hard Drive C: or Floppy A: or CD F: and so on.

It didn't used to do this, so I must've inadvertently changed some setting somewhere, but darned if I can find it now.

Any ideas?
 

A:Solved: On the "my computer" list, I double-click on disks and get "search" instead of "open"

12 more replies
Answer Match 74.34%

Ok, so im new here so hey everybody..

to the point: my laptop is "stuttering"/lagging/skipping.
whatever you wanna call it its doing it.
my video/music/and cursor skip every second for a splt second it starts on start-up and dont stop til i turn my laptop off. it happens in a pattern its not random, ive done checked my drivers, spyware, and m RAM is good.. so can someone please help me? ***could it be because my battery wont hold a charger? so it has to be hooked up to the charger at ALL times or it dies Example: is the charger not got the "juice" to run the laptop by itself so it studders/skips..*** i dont know if this has anything to do with my problem but i ran "event viewer" and found this : The following boot-start or system-start driver(s) failed to load:
Cdrom
Imapi
redbook

PLEASE HELP




OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: Genuine Intel(R) CPU T2250 @ 1.73GHz, x86 Family 6 Model 14 Stepping 8
Processor Count: 2
RAM: 502 Mb
Graphics Card: Mobile Intel(R) 945GM Express Chipset Family, 224 Mb
Hard Drives: C: Total - 39723 MB, Free - 23484 MB; D: Total - 12684 MB, Free - 3633 MB;
Motherboard: Dell Inc., 0FF049, , .HWPLLB1.CN1296167S5169.
Antivirus: McAfee VirusScan, Updated: Yes, On-Demand Scanner: Disable
 

A:Solved: Whole computer "studders"/"skips"/"lags" .. have event viewer report (PLEASE

6 more replies
Answer Match 73.92%

Newly purchased Laptop with windows 8.1 OS preinstalled. We have successfully added this system to domain. While accessing the application after logging into the domain with Domain Credential, we found below attached error where  user is having local
admin previledges and  the UAC disabled.

A:"This application can't open" --- There is a problem with " application name" . Contact your system administrator about reparing or reinstalling it

Hi,
Firstly, please enable UAC and restart your computer to test if this problem resolved.
If problem persists, try to use APP troubleshooter to check APP problem, if there is any reports, please feel free let us know.
Windows App troubleshooter:
http://go.microsoft.com/fwlink/p/?LinkId=268423

Roger Lu
TechNet Community Support

5 more replies