Tech Problem Aggregator

I ran the scan and will now try to send.

Thank You

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

I need to see the dds logs in order to help you.

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post/attach the logs in your next reply.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

------------------------------------------------------

2 more replies

i tried downloading a game from History Channel and I get an error message that states; Please set registry key HKLM\Software\Microsoft\.NET Framework\InstallRoot to point to the .NET Framework install location. I installed HijackThis as specified in a forum and this is what I received:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:16:45 PM, on 2/7/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 SP3 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\History Channel Games\kgsystray\Kuma_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.yahoo.com/?fr=w3i&type=W3i_SP,204,0_0,StartPage,20110104,16897,0,6,0

A:HKLM\Software problem

Welcome to TSG, munec01.

Before you go and start messing around with the registry keys, do you have .NET installed? If not, or you are not sure, try installing the latest version from Microsoft's website.

1 more replies

My printer continually needs me to re-load/run the driver/software program [LEXMARK_S300_wcr_64_en.exe] each time I use it after starting my computer. When I try to initially print a document in MS-Word 2010 I get a pop-up box stating to the effect that " printer communication has been lost". If I reload the above note program with the drivers etc. printing will run fine. However, if I re-boot my computer I need to re-run and load the printer program [LEXMARK_S300_wcr_64_en.exe], with the devices etc. to get things to print again.

I assumed that my AVAST antivirus could have been the problem so I uninstalled it a few months ago and put on Microsoft PC Essentials. Since this did not change things I just recently re-installed the AVAST antivirus.

I do not think this is a Firewall issue as I can print at times. ESET online scanner has been run recently as a check and any malware from that, if any at all, should have been cleaned. I am very cautious and I do not get too many infections. I get a number of tracking cookies periodically which I get cleaned out after running Super AntiSpyware-free.

I use AVAST AV, OpenDNS with encryption, Malwarebytes-Pro, Firefox browser, Keyscrambler add-on for encryption, WOT, and run Super-AntiSpyware periodically among measures to maintain protection. I have some sites blocked in my hosts file using MVPH hosts etc. I also have System Mechanic...just re-installed. I use Auslogics Defragmenter/Optimizer periodically as needed instead... Read more

A:Printer Communication Problem- HKLM BootExecute Corruption

I would like to confirm that there is no active malware on my system and I would like to repair/ replace any corrupted files or registry keys. Hopefully, after the system is back to normal the printer communication issue will be corrected. If there are any other modifications that need to be done I would like to address that as well. I did notice a number of "missing files" in the HiJackThis log. I appreciate any assistance. Thank you.

2 more replies

Hi,
I searched the BC site and the index for virus/trojan/spyware/malware removal, and I couldn't find this specific hijacker. If removal info for this is posted elsewhere on the site, please pardon my ignorance. This item was found by StopZilla, and the Hijacker warning has been popping up like crazy for the last couple of days. My Windows XP firewall is on, and I run Avast antivirus, and also have AdAware Anniv. Edition (freeware edition) and StopZilla (obviously) paid edition installed for my system security.

A:problem with hijack: HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_GUSBSTOI

1 more replies

Just installed new 48 speed burner--newly completed CD's when played on a multi disc STEREO, upon completion just stops and will not move automatically to play the next cd. I am using another writer (16 speed ) as a CD ROM and when cd's are made on that writer , it works correctly. Existing CD's move properly .

Speed works properly except that it only gives me options up to 40 speed even when I insert a 46 speed media-- that's not a big problem unless it relates to the above major problem---

I am using ROXIO 5 software on XP with 2.4 g cpu

Help would be greatly appreciated. Thanks Ralph

A:Completed burned CD Play PROBLEM

Make sure you set it up to close the disk.

It isn’t that unusual for the burner to analyze the CD and decide it shouldn’t be burned at the speed on the CD media box. It would be unusual if the media was Taiyo Yuden, Sony or Fuji, but not so for rebadgers who grab whatever is cheap like TDK, Imation, Maxell or a long list of discounted El Cheapos.

2 more replies

I just tried to load a program from the CD/DVD drive and it is not working. I cannot find a driver for it. How can I find out what make and model # the drive is and then I can get a driver. IDE\CdRomHL-DT-ST_RW/DVD_GCC-4247N_______________1.02____ That's what I got from device manager, properties, details, hardware Ids. If I should post this in another forum let me know.

A:CD/DVD drive problem. Just completed cleaning laptop from virus with TechSpot help

Optical drives don't need any extra drivers.

One of these may help:
1. Uninstall the drive through Device Manager.
Restart computer. The drive will be automatically reinstalled.
or...
2. http://support.microsoft.com/kb/314060
Restart computer.
or...
Double click on cdgone.zip to unzip it.
Right click on cdgone.reg, click Merge.
Accept registry merge.
Restart computer.
or...
4. Go to Device Manager, click a "+" sign next to IDE ATA/ATAPI Controllers.
You'll see two items:
- ATA Channel0 (or Primary Channel)
- ATA Channel1 (or Secondary Channel)
Right click on each of them, and click Uninstall. Confirm.
Restart Windows. They'll be automatically reinstalled.

1 more replies

I ran Spyware Doctor and it found software in HKLM and I don't know how to get rid of it. I can't cut and paste it. There is download accelerator, Stoolbar, bargain buddy, MoneyTree/DyFuCa, ClickSpring, Top Rebates or Web Rebates, 2nd thought.com, whazit,ncase, I've been to the PCHell website but I'm still having trouble.

I figure I can try to fix it myself instead of buying a bunch of programs to get rid of garbage not knowing if they will even work.
Thank you

A:something in HKLM I don't want

First look in add/remove, some should be there for uninstalling. Get and run Ad-aware.

3 more replies
Q: Hklm

Can anyone tell me how to find the HKLM keys in regedit?

I have some problem that does not allow me to open regedit.exe, but I can open regedit32,
could that be the source of my problem?

A:Hklm

Start > Run > type " regedit " (without the quotes)

Or

Start > Run > type " regedt32 " (without the quotes) NOTICE THAT THERE IS NO 'I' in edit.

Are you saying one of those doesn't work?
And with the one that does you cannot see HKEY_LOCAL_MACHINE?
Or does that clear things up?

4 more replies

Hey guys,

New to the forums here and i absolutely need help. Ive looked all around for a solution to this and although ive found some good answers, none are particular to my case. Heres the story (ill try to keep it short as possible):

Im installing Windows 7 ultimate onto an aunts computer.
They had Windows 7 RC1 on it before this (they wanted to upgrade it obviously since its going to expire soon).
The ORIGINAL OS they had on the computer (a Dell) was XP.

Now, i did a clean install and everything was working smoothly. I walked away from the comp and i came back and suddenly it said this: The computer restarted unexpectedly or encountered an unexpected error. Windows installation cannot proceed. To install windows,
click "OK" or restart the computer, and then restart the installation.

Now, restarting the computer just leads to this same screen so basically im going in a circle. The big problem i am facing is that she DOES NOT have the XP Recovery Disc, so i cant even go back to the original OS.

So i am in a big pickle here and i could really use some help. Is this disc im using now corrupted? In which case should i try to get another and do that?
Any help would be really appreciated.

A:Windows 7 install problem "Setup cannot be completed"

Take a look at these posts:

http://www.sevenforums.com/installat...-problems.html

Tutorial quick reference list for Installing Windows 7

Questions to use for help with Installation Issues

Clean Install Windows 7

USB Windows 7 Installation Key Drive - Create

9 more replies

Hi!

I really need to get rid of these Registered HKLM files. They seemed to be innofensive and installed by Microsoft but since I have them, my computer is very slow.
Here they are:
1-HKLM\SOFTWARE\Microsoft\Windows NT\Current\Version\Winlogon
2-HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\Current\Version\Winlogon
3-HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components

I suspect that they are more of them
Thanks,
Hugo

A:How do I get rid of those «HKLM sofware»... ?

Are you referring to registry entries?

7 more replies

Anyone know what these registry keys relate to?

HKEY_LOCAL_MACHINE\Software\781\0000060501097653\5406
HKEY_LOCAL_MACHINE\Software\781\0000060501097653

More replies

Backed up some data from another PC and in doing so infected my desktop. Running slowly; something causes my VPN connect window to pop-up. Help/assistance greatly appreciated!

DDS (Ver_09-01-07.01) - NTFSx86
Run by RickAdmin at 8:26:16.85 on Thu 02/05/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.667 [GMT -5:00]

AV: avast! antivirus 4.8.1296 [VPS 090204-0] *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe

============== Pseudo HJT Report ===============

mSearch Bar = hxxp://rd.yahoo.com/customize/yessentials_cq/defaults/sb/*http://www.ya... Read more

A:HKLM Trojan

Hello and welcome to TSF.

Sorry for the delay in response. No malware is showing in the logs. If you still require assistance, we would like to see the latest state of your system. So, please post a fresh DDS log as it has been a while since you posted, and we'll take it from there.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please note that the forum is very busy and if I don?t hear from you in three days this thread will be closed.

2 more replies

Hi,

My computer has been acting funny since last night around 10pm. My internet browser(Mozilla Firefox) keeps opening on its own. It immediately opens to:

(DO NOT CLICK ON LINK. YOU MAY GET INFECTED)

the i.p. for the site is 70.38.98.32

I've used Malwarebytes' Anti-Malware and its removed several of the files infected in the registry and such. I woke up this morning and removed all of the quarantined items, restarted the computer. When I signed back on I was glad because it actually worked. Before It would freeze and not boot up the computer. I opened Mozilla Firefox to see if it would randomly open up a new window and go to the site again. It's still doing it.

Results from the Malwarebytes' Anti-Malware from first scan to last:

Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 5.1.2600 Service Pack 3

1/4/2009 10:09:09 AM
mbam-log-2009-01-04 (10-09-09).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 199209
Time elapsed: 1 hour(s), 9 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 3... Read more

A:HKLM MS Juan

16 more replies

My Vista Ultimate O.S. registry entries do not seem to be being managed automatically.

I have entries for HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001 ... ControlSet070 and counting.

And the Select key is as follows:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\Select]
"Current"=dword:00000001 (1)
"Default"=dword:00000001 (1)
"Failed"=dword:00000000 (0)
"LastKnownGood"=dword:00000046 (70)

I would have only expected to have found a maximum of 4 ControlSet keys registered by Windows Vista, what is causing so many entries to be recorded ?

Why doesn't Vista clean up the old ControlSet entries ?

How can I fix this ?

Thanks in anticipation

A:HKLM\SYSTEM\ControlSet

Hello, and welcome to the Vista Forums!

Tricky question! You do have an awful lot. It is not exactly a bad thing, not that you ever said it was. Your Last Known Good Config is a high number, and that kind of suggests to me that Windows DOES think it is booting correctly, and evidently it is. This can happen if you have a lot of changes. Badly described. Certain big registry changes will cause the old Control Set to be changed - sometimes. Big is really when certainly values and keys are modified. I guess that my first line of research would be to export the SYSTEM sub hive into a textural .reg file, just as you did for the Select key. We could then write a very short script to split it up into Control Sets (it would take me a shorter time to write the script than to do it manually) and then to compare them all using a log comparator. It would be interesting to see if there is one particular entry which is constantly changing.

It is difficult, and non-definitive, but you certainly know what you are doing. What do you think about this approach?

Thanks, and good luck!

Richard

7 more replies

I have AVG 8 antivirus free, everytime I run a scan, the following is found

I remove it and it keeps coming back
I have removed it manually from regedit
I have googled it but find no specific description or origin
I found out that there is an ativirus program called Omniquad, but I never downloaded it or even knew about its existance until I started seeing this word in my scan reports

Windows defender does not detect this file or whatever it is... though

I am using a

HP pavillion dv2000
32 bits
intel R core tm2 duo cpu [email protected]
thanks a lot

More replies

postovani, molim vas da mi pomognete oko problema pronalaska navedenih fajlova jer imam problema oko otvaranja fajlova u my documents, ne radi se o download fajlu, nego o fajlovima koje sacuvam i tekstualne su naravi, a pronadjene preko interneta. unaprijed zahvaljujem za pomoc. vesna5264

A:Hklm\..\run:[my Web Search Bar]rundll32

We are sorry. I am unsure if any members here know Croatian language to be able to help you.

Can you reply here in English?

2 more replies

We have MS Access application which creates and read registry keys in HKLM. It worked fine in XP, but it doesn't create any registry keys in Vista. Any ideas?

Thanks,

A:Creating RegistryKeys in HKLM

Originally Posted by munnyp

We have MS Access application which creates and read registry keys in HKLM. It worked fine in XP, but it doesn't create any registry keys in Vista. Any ideas?

Thanks,

the relevant keys may no longer exist in vista's registry, or may have moved. If you can get the exact keys that need to be generated we may be able to help you

ken

1 more replies

Hello.I am using a batch file with the following code:copy Z:\run2.bat C:\run2.bat
echo Windows Registry Editor Version 5.00 > C:\temp.reg
echo. >> C:\temp.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] >> C:\temp.reg
echo "testing"="c:\\run2.bat" >> C:\temp.reg
REGEDIT.EXE /s C:\temp.reg
shutdown /t 00 /f /rWhen I reboot, instead of launching C:\run2.bat, I get nothing. I can verify that the key is imported to the registry correctly. But it doesn't start. Any ideas?Billy3

A:Batch File And The Hklm\~\run Key

Hello Billy.This is very strange. It's only for the RunOnce key that it doesn't work. I also tried:cmd /c "c:\run2.bat"from the runonce without success.When I put the exact same value into the Run key, it works fine .I guess you could accomplish the same thing by addingreg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce /v testing /fto the end of the batch script. Other than that I'm all out of ideas (for now anyways).I'll go and test this some more and get back to you if I find anything.With Regards,The Panda

5 more replies

What is this and it is a malware? Should it be taken off of my computer? I found it while scanning with Malwarebytes. There are two of them.
I have windows 7 operating system.
Please explain what needs to be done.

More replies

On several of the machines that I've worked on, under the HKLM...Run folder, I've found three subdirectories: IMAIL, MAPI and MSFS. Each is a type Reg_Z, each has a key named Installed with a value of one (1) and the MAPI sub also has an entry of NoChange, also with a value of 1. What are these subs and are they OK? Thanks as always. [Oh, how cool: Christmas smilies...]

A:Solved: HKLM...Run subdirectories

IMAIL: is an electronic mail solution for Internet and intranet messaging requirements. Easy to install and administer, IMail Server significantly reduces the cost of mail implementation and administration. Its features improve productivity and provide an alternative to proprietary systems or complicated UNIX-based Internet mail. IMail Server uses Simple Mail Transfer Protocol (SMTP) to send and receive mail over the Internet or internal TCP/IP network. There are also servers for LDAP, Finger, and Whois information. The Web Administration capability of the Monitor server allows system administrators to monitor the system and perform maintenance using a web browser on any computer. They can receive a notification when a service is down, and restart it. IMail Server provides:

&#8226; Full integration with the Windows user database
&#8226; Ability to base user mail accounts on an external database

IMail Server e-mail can be read with:
&#8226; Any POP3 mail client
&#8226; Any IMAP4 mail client
&#8226; Any web browser
MAPI: A programming interface from Microsoft that enables a client application to send to and receive mail from Exchange Server or a Microsoft Mail (MS Mail) messaging system. Microsoft applications such as Outlook, the Exchange client and Microsoft Schedule use MAPI. Simple MAPI is an enhanced version of the Common Messaging Calls (CMC) X.400 standard, while Enhanced MAPI adds full calendaring and workgroup capabilities. Collaborative Dat... Read more

2 more replies

Hi

We ran Superantispyware and have this: hklm/software/mrsoft. How do we remove. We have hijack this on our computer. It is quarrantined at the moment.

Thanks

A:How do I get rid of HKLM/software/mrsoft

Hi

We ran Superantispyware and have this: c/windows/system32/psl.dat and How do we remove. We have "hijack this" on our computer.
Thanks

13 more replies

I am getting slow internet connections and can only find one common error when I run AVG. Hklm/software/omniquad, I have avg remove it but it comes back. How do i solve this problem. I am running XP.Deckard's System Scanner v20071014.68Run by steve on 2008-06-10 15:06:42Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --87: 2008-06-10 22:06:47 UTC - RP87 - Deckard's System Scanner Restore Point86: 2008-06-10 22:02:40 UTC - RP86 - Software Distribution Service 3.085: 2008-06-10 20:44:41 UTC - RP85 - Software Distribution Service 3.084: 2008-06-10 04:24:45 UTC - RP84 - Software Distribution Service 3.083: 2008-06-10 02:18:37 UTC - RP83 - Software Distribution Service 3.0-- First Restore Point -- 1: 2008-05-20 00:34:49 UTC - RP1 - System CheckpointBacked up registry hives.Performed disk cleanup.-- HijackThis (run as steve.exe) -----------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:08:18 PM, on 6/10/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\... Read more

Welcome to the BleepingComputer Forums. Since it has been a few days, please post a new HijackThis log. Thank you for your patience.If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

2 more replies

Hey,

for some rather bizarre reason my computer had started to open a strange website called ''gameroover'' upon startup.
So I looked into this further using Hijack this and found the following :
''O4 - HKLM\..\Run: [Babakan] cmd.exe /k if %date:~6,4%%date:~3,2%%date:~0,2% LEQ 20131027 (exit) else (start Mod Edit:  Removed link - Hamluis.

But I have no clue on how to remove this, any help would be gladly appreciated.  I tried to fix it in Hijack this, but that did not help.
Thank you very much.

A:Help with removing HKLM file

You may post your HJT llog, along with the requested DDS log, at BC Virus, Trojan, Spyware, and Malware Removal Logs - http://www.bleepingcomputer.com/forums/forum22.html .  The folks there will assist you in determining what's up, since malware topics are not worked in the Windows 7 forum.

Louis

2 more replies

This is a fairly new entry. Is it anything I should be concerned about? Thanks for any help.

Logfile of HijackThis v1.99.0
Scan saved at 7:37:26 PM, on 6/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\VISION~1\ONETOU~2.EXE

A:Hklm Run [bnite] C:windows ??

Certainly looks unwelcome to me.

O4 - HKLM\..\Run: [BNITE] C:\WINDOWS\\\\\\\\\\
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} -

Run a scan again to ensure that it is gone. Post your new log here.

Run a scan using Panda ActiveScan http://www.pandasoftware.com/products/activescan. Post the log from the Panda scan here.

Any symptoms to report?

<edit>Oh yes....you have more than 1 AV product on your system...this can cause conflict. I'd recommend you choose one, and uninstall the other.</edit>

1 more replies

Something causing IE to go to ad webpages instead of the requested pages after a google search.

PANDA

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-10-04 14:10:34
PROTECTIONS: 0
MALWARE: 44
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================

A:HKLM/Software/Altnet

Hello and welcome to TSF
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

=========
Logs Required
log.txt
info.txt

If there is no response to this post within 72hrs, this thread will be closed.

9 more replies

I did a HijackThis scan today an noticed a new entry: HKLM\System\CCS\Services\Tcpip. After checking online I noted the Windows system uses a similar entry but CCS in the Windows entry is spelled out:CurrentControlSet. I am running Windows XP Home sp2. I am also using the VirginMobile broadband2go MC760 usb card for my online access. Is this something that needs to removed? Thanks for any advice you can give.

My HijackThis log:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe

More replies

When I opened regedit to remove the line nothing was there..

Should I be worried?

More replies

This has came up on my scan and I cant get rid of it. Any suggestions and how dangerous is it ? Thanks in advance, I am not technical minded so go easy

A:hklm\software\SPeeQ\absoluteHTTP

lainey63,

Hi and welcome to TSF.

Please note that this is under the supervision of an expert analyst.

Please read NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help and post/attach the three logs mentioned. These logs will give me a place to start and give you back a better working computer. If any problems completing, continue with next log and let me know what happened in your next post.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools (near top), then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Thanks. I can begin working on removing your malware when you submit those logs.

Please be patient with me during this time.

2 more replies

The folders under this were deleted without a prior registry backup Will this prevent the computer from booting up normally?

A:Solved: registry hklm/bcd00000000

It might. That is the boot code registry entry.

Run System Restore and choose the most recent entry. If you can't reboot when you try the next time, boot from the Windows 7 DVD and run System Restore from there. Restore Points have a copy of the registry.

3 more replies

Logfile of HijackThis v1.99.1Scan saved at 3:44:09 PM, on 2/4/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:E:\WINDOWS\System32\smss.exeE:\WINDOWS\system32\winlogon.exeE:\WINDOWS\system32\services.exeE:\WINDOWS\system32\lsass.exeE:\WINDOWS\system32\svchost.exeE:\WINDOWS\System32\svchost.exeE:\WINDOWS\system32\svchost.exeE:\WINDOWS\system32\spoolsv.exeE:\Program Files\AntiVir PersonalEdition Classic\sched.exeE:\Program Files\AntiVir PersonalEdition Classic\avguard.exeE:\Program Files\LogMeIn\RaMaint.exeE:\Program Files\LogMeIn\LogMeIn.exeE:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEE:\WINDOWS\system32\svchost.exeE:\WINDOWS\system32\ZoneLabs\vsmon.exeE:\WINDOWS\system32\MsPMSPSv.exeE:\WINDOWS\Explorer.EXEE:\Program Files\Microsoft IntelliPoint\point32.exeE:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeE:\Program Files\Muiltmedia keyboard utility\1.3\KbdAp32A.exeE:\WINDOWS\system32\ctfmon.exeE:\Program Files\MSN Messenger\msnmsgr.exeE:\Program Files\Mozilla Firefox\firefox.exeE:\Program Files\AntiVir PersonalEdition Classic&#... Read more

A:Dpf: , Service: , Hklm\..\run: , Winlogon Notify:

Hello,

What's the reason why you posted this log? Because I can't see anything suspicious here.

2 more replies

I have Windows 7 Ultimate, and every time i want to delete a key in HKLM/SYSTEM, i get "Cannot delete (key name): Error while deleting key" Here's what i've tried: setting Permissions on the key to full control for administrators group, owner, owner rights, SYSTEM, and my own admin account, NONE of that helps. Also, in 'Advanced security settings-->Owner, i changed it to my own admin account, and also ticked "replace owner on subcontainers and objects" but i get another error "Registry Editor could not set owner on the key currently selected, or some its subkeys." I even turned off User Account Control (UAC). What gives? Some help would be great.

A:Can NOT delete any registry key in HKLM/SYSTEM

Have a look here, it may put a bit of light on the subject.How to add, modify, or delete registry subkeys and values by using a registration entries &#40;.reg&#41; file

6 more replies

Hi, HKLM\SOFTWARE\Omniquad described by AVG antivirus as, adaware infection Rouge.Suspect dangerous object. This is removed at every daily scan but always comes back the next day. Can I get rid of it permenantly.

HiLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:57:22, on 30/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Anonymizer\Anonymizer Software\Anonymizer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Anonymizer\Anonymizer Software\common\AnonProxy.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=Presario&pf=desktop

16 more replies

i've messed up the permissions in the registry HKLM - got a blue screen AND not get a Blue Screen on boot up with an error x0000... and "system has been shut down".

i'm online with a dual boot Vista installation on the same machine.

what do i need to do to repair this? i didn't try Safe Mode, but i'm betting that won't boot either.

HELP???

thanks
gn

A:messed up permissions in registry / HKLM

Try to do System Restore

6 more replies

HKLM\SOFTWARE\Classes\Xmlmimefilter.XMLMimeFilterPP                                                                                                                            what the hell is this????????????????????? n how can  i get rid of this.................?????????????? plzzzzzzzzzzzzzzzz help me

A:HKLM\SOFTWARE\Classes\Xmlmimefilter.XMLMimeFilterPP

Topic moved to Am I Infected forum.

Louis

2 more replies

hi i wonder if sombody could give me some idea on how to find a file in my os i belive the file originated from downloading an error nuker program-which lead to these files being placed in my os which i can not find anywhere--thanks-
Scan saved at 12:57:53, on 30/06/2007
Platform: Windows Vista (WinNT 6.00.1904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\sttray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Registry Mechanic\RMTray.exe
C:\Windows\System32\ico.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Windows\System32\Pmxmiced.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\System32\mobsync.exe

A:Spyware Error Nuker Hklm Software

6 more replies

Apparently, my (HKLM:RUN) programs doesn't work on startup. I've used the guide and Googled some answers, yet they failed to work. I used Ccleaner to check what was wrong. It seems that the programs I wanted running on startup shows that it is enabled. I even checked with MSCONFIG and it showed that it was enabled. I restarted my computer and wasn't able to run it. What was able to work though was the Startup User way. I was wondering why my original HKLM:Run wasn't working.

Picture of Ccleaner Startup: http://i.imgur.com/sS8XkkJ.png

A:Programs unable to startup (HKLM:RUN) type

If this helps, I'm using a modified shell called BlackBox. I don't know if this affects it or not. A friend of mines uses it and was abled to have Skype start up normally. When I changed my shell back to original (the Windows default), my programs ran perfectly normal.

5 more replies

Entered regedt32.exe
located monitorizare

however, the moment I try to delete it or even move it the system hangs. Cannot work on the file. Tried all remedies as listed in the forum but failed.
Anti virus/spywares fail to show any problem.

HJTshows nothing. Help, if you any further ideas, most welcome

A:Similar Prob with HKLM Software\monitorizare

16 more replies

I was :shy: wondering if someone out there could tell me the steps to setting the registry key HKLM\Software\Microsoft\.NETFramework\InstallRoot to the .NET Framework install location.

I have been having some issues with a Windows Auto-Update (a few weeks ago) un-successfully loading. I finally had to hide the update all together because if inevitably prevented me from even booting the computer all together. I finally broke down and contacted Microsoft Corporation's Support Desk prepared to pay for the support to get me back in. After talking to the desk, they offered the assistance free for the "Update preventing a clean boot", so I got back in. I didn't quite pay much attention to what the rep did to correct the problem; but I was happy and thought the problem was over.

Yes, you guesed it, I still continued to have downloading issues with new program application setups...as with the Update downloads. I thought there might be issues with Windows Installer...which I did have a month or so ago. After installing Windows Recommended Updates--that issue too, was cleared.

Now I am trying to install the trial MS Office Pro 2010 Suite. It's giving me a dickens of a time to install. I tried a forum and by the time I ran through a few suggested solutions, I finally ended up with a suggestion about--you guessed it--.NET Framework. A suggestion was that I should go back and find a way to install that darn update that I hid, which actually wa... Read more

A:Point .NET Framework HKLM registry key to location

Hi -

Check to see if any other Windows Updates are missing.

Uninstall/ remove via removal tool any anti-virus apps, especially if 3rd party firewall present.

Regards. . .

jcgriff2

.

1 more replies

I downloaded RootkitRevealer and scanned 5/24/05 and again on 5/25/05 and this is what the scans came up with. I then did a deep search but could find nothing on my computer that matched any of these entries. I googled HKLM software and came
up with a with a match to the second entry (HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed) but it was in German
I BableFished the entry and the translation is below. I've read the info on Robert Hensings Window's Secure Initiative Blog
(http://blogs.technet.com/robert_hensing/archive/2005/01/17/354471.aspx)
and the information on Sysinternals web page.
To tell you the truth I'm barely able to use the MS-DOS command prompt, so this stuff is fairly over my head. If someone could point me toward some information I've missed? What's the significance of the "mismatched data"?

HKLM\SOFTWARE\Classes\webcal\URL Protocol 3/15/2005 7:28 PM 13 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 5/25/2005 5:33 AM 80 bytes Data mismatch between Windows API and raw hive data.
--------------------------------------------------------------------------

Babel Fish Translation

In English:
panda scan functioniert not after 1 second is it finished and it indicated that zero dateinen scanned, are infizeirt, verdachtig, and disinfected that is that suppl.-smooth-eat by RootkitReveal.
------------------------------------------------------------------------

A:Systernals RootKitReveal and the mystery of HKLM Software

Logfile of HijackThis v1.99.1
Scan saved at 11:59:54 PM, on 5/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SpywareGuard\sgmain.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

1 more replies

Hi All,
I am new to the forum so please excuse any mistakes I make. I hope someone can help with a dilemma I am having. I am not completely computer illiterate, I know a few basic skills, BUT in no way am efficient at most of the technical stuff, so any help that can be given, please do so in the most basic language (for practically a dummy! :) that you can.

I recently started playing an online game(not a gaming issue though I assure you) and have been "Tweaking XP" to perform better. In doing so, I came across a site that gave instructions on how to edit your XP registry settings to provide better Internet Speed (adjusting TCP window size,etc...) anyway, it guided you to the registry through the regedit run command, and pointed you to locate the:
HKLM\System\CurrentControlSet\Services\Class (etc...) ONLY when I went there and tried to find it, I found that I obviously do not have a "Services" folder under my \CurrentControlSet. It is nowhere to be found in that HKLM\System\CCS section, I have looked everywhere under that tree and there is simply NO Services. Is that even possible? Where is it, or where did it go?

Also, I do know that I have several devices that are listed (in the system information via the dxdiag) under Sharing/Conflicting devices. Could this be a factor in the registry issue I have?

Any and ALL help is GREATLY appreciated. Thanks in advance.
Sincerely,
Nikki

A:Registry Issue: Entry in HKLM\System missing!

Welcome to TSF....

Before attempting to edit the registry it is always a good thing to back it up first so if you mess it up you can restore it.

Here is a link to a registry backup program that is absolutely fantastic it is called ERUNT

http://www.larshederer.homepage.t-online.de/erunt/

Remember to always keep a backup of two things:

How to perform a Repair Installation of Windows? XP.

(The Windows? XP CD will be required for this procedure.)

Please Note: Performing a “Repair Installation” in this manner does not delete any Personal Files, it just 'repairs' the core of the installation.
Restart the computer and as soon as it starts to 'fire up' continually tap the Delete key so that access can be made into the BIOS...once in here, reset the boot order this way...
• CD/DVD
• HDD (or IDE0)
• Floppy/Other device (if you don't have a floppy).
Insert the Windows? XP SP2 CD in the Drive; then, Save and Exit the BIOS.

Reboot the computer; a screen will appear, that says. .. Boot from CD.... Press any key to Boot from CD... follow the instruction... it will then progress to a Blue screen and load the basic drivers.

A prompt will appear to press r to enter the Recovery Console...PLEASE DO NOT DO THIS, as another option will come up to allow the option to 'Repair' the installation, and select the partition that needs repairing... please select this ... Read more

1 more replies

The last few days I've had hardly any internet connection due to loads of adware\hijackers\loggers etc that keep re-appearing (mostly) in; HKLM\Software\Microsoft\Internet Explorer\ActiveX Compatibility... AVG 8 catches the 200 some odd malware, but when I turn my computer on again they return. After reading various posts from searching about HKLM it seems like something starts up with windows that lets all this in. None of the common programs that I have has detected anything (Adware 07, Spywareblaster, Spybot, CCcleaner), so you folks are my best hope. I've run Deckard's scanner with Hijackthis (before scanning with AVG) to attach. The only other odd thing I've noticed is that MSN Messenger has been turning itself on and signing in sometime during the night. I don't usually run it unless I need to, but I've left my computer on overnight, running the various (ineffective) programs.Also sorry if this is covered somewhere else, but waiting 2-10 min for each page to load is driving me nuts. Your thanks for any input.Deckard's System Scanner v20071014.68Run by Greg on 2008-05-31 19:15:08Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --47: 2008-06-01 01:15:31 UTC - RP716 - Deckard's System Scanner Restore Point46: 2008-05-31... Read more

A:170-200 Malware/loggers In Hklm Everytime Computer Runs

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you.
I apologize for the delay getting to your log, the helpers here are very busy.

If you have resolved this issue please let us know.

2 more replies

Hello, New member in need of help. I can not find a way how to remove this registry (HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}) after deleting it with AdwCleaner. I restart my computer any time and it run a scan first thing, after i run rkill.exe and it still shows it as a registry and is never fully deleted. After a while (5min) if i log into my google chrome web browser it extensions that keep getting added without my permission and it causes adds to appear if i click a link. I appreciate any help i can receive as this is frustrating me. Thanks
FRST.TXT INFO-----------------------

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-02-2015
Ran by Joey Gorman (administrator) on JOEY on 24-02-2015 01:58:09
Loaded Profiles: Joey Gorman (Available profiles: Joey Gorman)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDI... Read more

A:Cannot get rid of HKLM\SOFTWARE registry, causing adds to pop up on chrome

9 more replies

While inspecting the HKLM\Software\Microsoft\WindowsNT\Current Version\winlogon I noticed the Default User Name still holds a previous record of previous ISP email address existing previous to Jan 2015.
I did go into the Microsoft account and change the default email for the Win10 Microsoft Acct when I changed servers.
Obviously, there hasn't been an issue with this inaccurate registry default user entry but I wondered if it should be changed in the registry.

The reason I went to that registry entry was due to the Pin log in routine.
Yesterday the pin log in was not acceptable and I had to use the original password. The Anniversary update kb3189866 has been installed for a few days so it isn't a direct result.
I thought it might be connected to the fact I was trying to get a share working from the laptop(Home,MS account) to the Desktop (Pro, local account, no log in).It was an unsuccessful effort.
This morning the laptop log in was a choice structure -use password or use pin-2 icons. Previously I just started typing the Pin into the log in bar.

More replies

I'm not sure what went wrong in my Windows 7 permissions configuration, but I just discovered that while being logging in as a Guest account I can add and remove keys from the HKEY_LOCAL_MACHINE\SOFTWARE registry key. Where do I need to look to change that? (Apart from disabling the Guest account.)

PS. I've been testing some backup programs lately and even though they're all now uninstalled, one of them might have done this.

PS2. I checked and my UAC is enabled.

A:How does Windows 7 built-in Guest account can write into HKLM key?

Hello,

Open the Registry Editor.
Right click on HKEY_LOCAL_MACHINE.
Choose "Permissions...".
Choose "Everyone", and uncheck the "Full Control" box.
Tick the "Full Control" box for users that you do want to allow to change that key.

2 more replies

I have AVG 8 antivirus free, everytime I run a scan, the following is found

Object type registry key
SDK Type Core

I remove it and it keeps coming back
I have removed it manually from regedit
I have googled it but find no specific description or origin
I found out that there is an ativirus program called Omniquad, but I never downloaded it or even knew about its existance until I started seeing this word in my scan reports

Windows defender does not detect this file or whatever it is... though

I am using a

HP pavillion dv2000
32 bits
intel R core tm2 duo cpu [email protected]
thanks a lot

A:Solved: HKLM/software/omniquad found with AVG 8 free

8 more replies

Dear Sirs,

I have run aground with this issue. I generally am able to keep things clean and running rihgt, but last week I during my bi-weekly check using MBAM it encountered FakeBill.CourtCologne and its assocated files. This is a family computer, and I do the maintenance on it. The Virus came back twice more.

So I ran Spybot S&D, and it found several items that I dutifully deleted. I then rebooted in SAFEMODE and then reran MBAM again it found the same FakeBill.CourtCologne and its assocated files again....which I thought odd. Then ran Spybot again and more issues appeared, so I deleted them, but one was HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe with some subkeys...one being Debugger REG_SZ "C:\Windows\System32\naerkuje.bak". I tried to deletee it but it would not. It also found another directory C:\Avenger, which it deleted, and it came back so I renamed it Bvenger, and successfully deleted that directory. Reading about this I have come to find htere is an issue with the Prevx folks, but

I then followed some advice for the same problem from Tom's Hardware website in the forums for malware removal pertaining to Debugger files. ...my mistake started there.... I could not delete the registry keyHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe. I foll... Read more

A:gromozon - and C:\windows\system32\naerkuje.bak in Debugger value HKLM\...

Ok, after wrestling with this a little more after being informed it might be several days before someone would be able to get to me. I put on my thinking hat for a bit....the reason I could not delete the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe was a permissions issue. I opened Task Manager, and I went to File>New Task (Run)>regedt32.

I then navigated to the key, and in the left window HighLighted it. I then went to menu tab above and clicked on Edit>Permissions. This brought up the dialog box, Permissions for explorer.exe. In the top there was Everybody, then the Add / Remove buttons, then below the Permissions for Administration, and below that the Advanced button.

I clicked the advanced button. This brought up a Permissions dialog box with four tabs....in this case all I concerned myself with was the first one...Permissions. I highlighted Everybody in that display box in the tab, and then went to the button marked Edit beneath it. This brought up another dialog box called Permissions Entry for explorer.exe...the difference is it is EDITABLE. I clicked the box in the lower section marked Full Control..this will check all the other boxes, then Clicked OK, then OK again on the next dialog box, then OK one last time on the last dialog box...then highlighted the key again....and deleted it.

I then rebooted the computer. All my icons and start and task bars ret... Read more

1 more replies

When ever I try to run any program that uses any type of framework i will get this error: Please set registry key HKLM\software\microsoft\.NETFramework\InstallRoot to the .net framework install location

I have tried almost everything to fix this error, I have used many repair/clean-up, I have uninstalled framework many times and done all the windows updates for it but no luck. I currently only have framework 4.5 up to date.

I have also checked where my installroot is being pointed to and it says "C:\Windows\Microsoft.NET\Framework64", I tried changing it to "C:\Windows\Microsoft.NET\Framework" but the error was still there.

A:set registry key HKLM\software\microsoft\.NETFramework\InstallRoot

Hi, and welcome to TSF.

If you downloaded a 64 bit version of something by mistake, simply renaming it would not make it 32 bit compatible.

Quote:

I have tried almost everything to fix this error, I have used many repair/clean-up

Did you try this one?

.NET Framework Setup Verification Tool User's Guide - Aaron Stebner's WebLog - Site Home - MSDN Blogs

So I have a better idea what you're running, please run this:
Go to start, search and type:- cmd,
Right click on the returned cmd.exe and select "run as administrator"
At the prompt in the cmd window, copy paste the following:-

Code:
systeminfo > 0 & notepad 0

Press enter

12 more replies

please can someone help me out and tell me what this is HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad i have never seen this before and i want to know if its spyware/virus and if so how do i remove it or is it apart of windows 7 its self and should i leeave it alone please help thanks

The key itself is legitimate but it depends what is loading under it. What is bringing your attention to this key?

1 more replies

I've followed MSKB artilce 314060 to delete the upper and lowerfilters under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}, but there are multiple entries. how do I find the right ones to delete?

A:mulultiple hklm class entries prevent dvd install

{4D36E969-E325-11CE-BFC1-08002BE10318} is not the same entry listed on the microsft page which is {4D36E965-E325-11CE-BFC1-08002BE10318}. Make sure you select the correct one. Once you are there, in the pane on the right side of the window there should be an object titled: "UpperFilters" but NOT the one titled "UpperFilters.bak"

I would also recommend making a backup of your registry just in case you delete the wrong one. I deleted the wrong entry out of my registry once and ended up having to reinstall windows because I had not made a backup.

1 more replies

I am having the same problem, I have repeated reinstalled Print shop 22 and the same message appears.  I called Broderbund and they said since the product was old, I would have to look on the web for answers!

A:Re: Error Opening HKLM with all access setting up the regist...

pagosaprincess Hello;Allow me to welcome you to the HP forums!Your post has been split off into its own thread, so there is no previous information for us to go on. You haven't told us the model of your HP PC, and you haven't told us what OS version it is running.  We need both pieces of information. If you don't know the OS, this will help:  http://windows.microsoft.com/en-us/windows/which-operating-system We can proceed once you provide the information.Thanks

3 more replies

I have an older version of Printshop that I have been running on my computer for years.  Now when I open Printshop it opens but is locked up.  I can't even close the program without using Task Manager.  I tried doing a repair on the program using the install disk and I get the error message "Error Opening HKLM with All access setting up the registry".  I was advised to Un-install Microsoft.netframework1.1 and then reinstall it along with Printshop.  Tried this and still no difference.  I tried going to command promp and checking for corrupted files or issues and everything checks out OK.  I have tried defragmenting hard drive and that hasn't helped.  I un-installed my latest Windows updates and tried Printshop with no change.  I then re-installed the updates and tried again with no change.  I then reverted back to a previous version and tried again with no change.  I'm not very computer savvy and I'm at the end of my rope so to speak on what to do/try next.  PLEASE HELP!

A:Error Opening HKLM with all access setting up the registry

Hello @DPusey, Welcome to the HP Forums, I hope you enjoy your experience! To help you get the most out of the HP Forums I would like to direct your attention to the HP Forums Guide First Time Here? Learn How to Post and More. I understand that your desktop computer is getting an error message when opening Printshop for your computer. Did this program first come with your desktop? Does Printshop work on another Windows 7 computer? Have you tried opening the program using a different User Account? Please re-post with the necessary information, this way I will be able to research this further for you. I look forward to your reply!Cheers!

6 more replies

Good afternoon!  We're not sure if this is the right topic to post this area, we believe our equipment is not infected.  With the aim of curiosity yesterday, used the FRST 64 to check on our equipment and we can see through the log, the registry, areas that require attention, specifically in the area HKLM Group Policy restriction on software.  Equipment operating normally. . . Previously we used the most different software (Combofix, Adwcleaner ...) and commands (sfc / scannow, chkdsk c: ...) to see if we could fix this situation. . . What did not occur.  Given the above we would appreciate knowing which one (s) to (s) implication (s) of "attention" in the Goup Policy restriction, since I'm not understand the purpose OS?  Besides Fixlist the FRST, no other way to correct this situation?  No need this fix?  Thanks for your attention!  FRST 64 log: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-04-2014 01Ran by Dell (administrator) on DELL-PC on 26-04-2014 15:33:47Running from C:\Users\Dell\DesktopWindows 7 Home Basic Service Pack 1 (X64) OS Language: Portuguese BrazilianInternet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/... Read more

A:HKLM Group Policy restriction on software "Attention"

Welcome to the forum.

There are various sources of Group Policy restrictions. In some cases malware uses them to enforce restriction on security programs and prevent them from functioning normally. In some cases those restrictions are set by the system administrators to prevent the users or the malware from doing harm. In your case it is the latter.

The purpose is preventing CryptoLocker Ransomeware from infecting your system.

Information about the sofware that you are using to prevent the infection is here: http://www.foolishit.com/vb6-projects/cryptoprevent/

In short, this is nothing to worry about as those restrictions are set to prevent the known malware files from running. You have already run many security software and don't need to run more.

3 more replies

http://forums.techguy.org/malware-removal-hijackthis-logs/480860-solved-strange-hjt-log-item.html

A previous poster, in this forum posted his/her hjt (see the above link), and had a pending question that it seems they answered for themselves, and did not share with this forum (perhaps because they couldn't post to the forum in a reply?? don't know.

My question, extends the above thread with this follow-up:

O4 - HKLM\..\Run: [PD0870 STISvc] RunDLL32.exe P0870Pin.dll,RunDLL32EP 513

1) what is: “O4 - HKLM\..\Run: [PD0870 STISvc] RunDLL32.exe P0870Pin.dll,RunDLL32EP 513”
2) where does it come from (or we think it comes from- Creative ;
3) is it part of something else?
4) how would I reinstall it, or if necessary remove it.

If this helps: there is a P0870Srv.exe in c:\windows\system32
From Creative Technology Ltd V1.0.2.0
Dated 11/7/2006 (which was before this computer was hand-me-down to me.
Just looking for some insight... thank you.

A:O4 - HKLM\..\Run: [PD0870 STISvc] RunDLL32.exe P0870Pin.dll,RunDLL32EP 513

Do you have a Creative device?

It seems to be related to Creative "LiveMotion".

3 more replies

I noticed a new icon on my desktop and start menu toolbar of a JAVA cup. And when I run HJT, I see a new item (see below) that wasn't there before.

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

Is this a bad thing? Should I delete it?

Thanks!

A:New HJT item: O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_0

Checks with Sun's Java updates site to see if newer Java versions are available. Visit http://java.sun.com http://java.sun.com or just run the Java Plug-In Control Panel
http://castlecops.com/startuplist-3552.html

3 more replies

In trying to figure out which exact Registry keys got changed or removed to prevent my F8 key working when I boot, I noticed some of the subkeys under both Minimal and Network safemode boot are deadends; either the CLSID is not defined, or it leads to a non-existent file. And some of those files are suspectly named to me anyway, but I have no definitive list to go by to check them.

I know one of the obvious things a virus kit will do (if permissions allow it) is modify the safe mode lists to load their junk to perpetuate the problem and inhibit your ability to think you can fix it. Or turn off F8 to get to safemode via keyboard, which is what I think something did a while ago  and is my reason for looking at this part of the Registry in the first place.

So, even if there is technically nothing bad happening since those items no longer lead to actual files to load, I would like to know which ones they are and have the option to remove them. It unnerves me to leave dangling entries in such an important list as the SafeMode and SafeMode with Networking sanctioned load lists. There is a very short-list of very specific items that should be in these failsafe lists, and most if not all are sfc-level known quantities right?

Do any of the usual tools help correct this orphaned safemode subkey issue? I have run mbam, mbar, combofix and other tools in the past, but any fixes they performed did not cleanup those keys (although I ... Read more

More replies

Was following a Win7Forum thread to edit power settings in registry and I noticed 50+ PowerSchemes folders (ie; "381b4222-f694-41f0-9685-ff5bb260df2e", etc...) inside ..\Power\User; 8-folders in User\Default\PowerSchemes -and- the rest in User\PowerSchemes.

How many should there be? I'm asking because I'm troubleshooting why Windows continues to change power & display settings upon & after Sleep-mode.

System has been scanned with many types of scanning software.

Suggestions?

A:HKLM\Software\Policies\Microsoft\Power\User has 50+ PowerSchemes

I have no Power subkey under HKLM\Software\Policies\Microsoft

Quote:
reg query HKLM\Software\Policies\Microsoft

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Cryptography
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\PeerDist
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Peernet
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT

1 more replies

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:34:05 AM, on 5/20/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows�... Read more

A:can't delete R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

2 more replies

A coworker asked me to look at her laptop (Gateway Viper-SR,Vista Business SP 2) to fix a Citrix-related problem and I ran a full system scan in Safe Mode using MBAM 1.75.0.1300 for standard maintenance. It pulled up 2 entries in the Registry Values Detected section of the log:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegEdit (HiJack.Regedit)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegEdit (HiJack.Regedit)

There were no other infections or problems detected elsewhere in the system. Her system is not slow or exhibiting any other issues that may indicate an active infection but I don't want to send the machine home until I am reasonably sure there is not a lurking rootkit,etc.

Is this just a false positive or a signal to do more extensive testing?

A:[Hijack.Regedit] flagged for registry keys DisableRegEdit (HKCU+HKLM)

I typically see this output from MBAM due to a GPO being in place. Do you know if your organization would have a "prevent registry editing tools" policy in place?

2 more replies

Logfile of HijackThis v1.99.0
Scan saved at 16:26:28, on 08/01/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\David.DAVID-91YJAB3H3\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/

More replies

Avast seems to find a new malware every 20 min. I could not complete a panda activescan because the update would stall and hang at 19 %

Deckard's System Scanner v20071014.68
Run by Owner on 2008-05-30 21:04:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
102: 2008-05-31 01:04:12 UTC - RP583 - Deckard's System Scanner Restore Point
101: 2008-05-30 21:19:31 UTC - RP582 - Restore Operation
100: 2008-05-30 21:12:31 UTC - RP581 - Restore Operation
99: 2008-05-30 21:09:59 UTC - RP580 - Restore Operation
98: 2008-05-30 21:07:03 UTC - RP579 - Restore Operation

-- First Restore Point --
1: 2008-03-02 21:51:33 UTC - RP482 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-30 2111
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe

A:I have completed the 5 steps!

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.
Do not do anything with this yet!

Reboot
Reboot your system in Safe Mode.Restart the computer. The computer begins processing a set of instructions known as BIOS.
After hearing your computer beep once during startup, but before the Windows icon appears, press F8 (dependent on your system this may be F5 or another key)
Use the arrow key to highlight Safe Mode and press Enter.

SDBot FixRight click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the ... Read more

7 more replies

Good evening..i have just completed the combofix scan on my Openlabs Neko TSE. Which is my music workstation with a built in computer. Please can you review my log for further advice.? I really appreciate you for this. This workstation is the key to all my productions. I have been freaking out all night. Aloha!

A:completed combofix run

Hello,That request about NOT posting CF logs is primarily to keep people from running the program unsupervised.Please read this topic: http://www.bleepingcomputer.com/forums/t/273628/combofix-usage-questions-help-look-here/ which explains that reasoning further.Please follow the instructions in ==>This Guide<== starting at step 6.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Since you have run ComboFix, please include the ComboFix log in the new topic.If you cannot produce any of the other logs, then please create the new topic anyway, include the information that you were unable to produce the other logs and why and include the ComboFix log along with a description of your computer issues.Orange Blossom

1 more replies

Hi,

Having successfully performed a 3 hour chkdsk by means of a downloaded microsoft program which did this automatically, the screen is left hanging and there is no option available to exit from it. I tried switching off and then on again but this just puts me back to the start of the chdsk routine which then completes again. So I'm stuck in a loop from which I can't escape !! What do you recommend ?

A:After chkdsk has completed

Hello ,

here is a shot in the dark

turn your system on & then back off

them push your power button as if you wanted to start it and hold it for a count of 10

this will clear the compleat system of power and maybe reset way your system starts / you may want to reset the bios also by crossing the bios jumpers or just pulling the litheum battery from your mother board for at least 3 minutes

you may be looking at wipeing the driver & reinstalling

have you tried to get into the recovery console useing the Windows XP cd ?

3 more replies

Here is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:05:14 PM, on 1/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"

A:Completed 2/5 steps - please look over this and tell me what to do

Hello

I needed you to go all the way through the steps. We prefer a more comprehensive set of logs to assist in detecting any malware that may be present. As noted in the final step (Step 5) of our sticky topic (Updated!) IMPORTANT - Read This Before Posting A Log, download Deckard's System Scanner (DSS) to your Desktop.

What DSS will do:create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review.
DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and

19 more replies

I did not get any replies so will try this again with updated info. Downloaded Microsoft Pocket PC 2002 October 2002 Update(EUU3) to computer but when tried to sync it to handheld got message: "Synchronization Cannot be Completed Successfully" and have not been able to sync since then. Same message and then disconnects. Have reinstalled Activesync twice..even going to older version. Have done disc cleanup and defrag. Have deleted recent programs including the EUU3. Also soft resert on handheld although problem developed in computer before could sync to there. There is no problem in connection of handheld with computer..just will not sync. Any help much appreciated as cannot download or sync any material to handheld(iPAQ3835) at all.
Thanks!!! John

A:Synchronization Cannot be Completed..

6 more replies

Model HP 15 notebook PCProduct no. J8B82PA#ACJRam 4gbHard disk 1tb HDDProcessor Intel core i3 1.70 GHzWin does 8.1 64 bit

More replies

Hi everyone!

Ive just completed my upgrade from an MSI 745 Ulta mobo and ATI Radeon 7000 series 64meg AGP x4 graphics card to an Abit NF7-S mobo and ATI Radeon 9550 AGP x8 256meg graphics card and I gotta say, boy what a difference.

Now I have to save up my pennies to get myself a better processor, I have an AMD Athlon XP Pro 2000 and was wondering what i should replace it with?

There's a fair ammount of choice out there so i was wondering if anyone has any recomendations?

Nice speed jump!
Upgrading always starts with budjet. If you are going to keep your Mb , then simply buy the best (fastest) CPU you can afford at the time.If you are saving pennies you will probably be able to get the quickest cpu your mb can handle.

5 more replies

Keep getting the same error over and over, tried many things (inclduing scf /scannow) but to no avail.

Here is the bit from the log:

Code:
1348769 (3424) - winsat\logging.cpp:0815: --- START 2011\10\30 17:15:04 ---
1348769 (3424) - winsat\main.cpp:4301: Command Line = "C:\Windows\system32\winsat.exe" formal -restart clean -cancelevent 8e00fb41-d1d6-4e88-8347-83b99be94b73
1348769 (3424) - winsat\processwinsaterror.cpp:0095: ERROR: tried to read resource strings, unknown exception occured
1348784 (3424) - winsat\main.cpp:4474: > IsFormal=TRUE IsMoobe=FALSE.
1348815 (3424) - winsat\main.cpp:4585: Watch dog system enabled
1348815 (3424) - winsat\main.cpp:4600: Main watch dog timer set to 600.0 seconds
1348878 (3424) - winsat\main.cpp:2505: > DWM not running.
1348878 (3424) - winsat\main.cpp:2470: > EMD service will be restored on exit.
1348893 (3424) - winsat\syspowertools.cpp:0983: > Read the active power scheme as '8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c'
1348893 (3424) - winsat\main.cpp:2793: > power policy saved.
1348909 (3424) - winsat\syspowertools.cpp:1015: > Set the active power scheme to 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c'
1348909 (3424) - winsat\main.cpp:2814: > power policy set to maximum.
1349736 (3424) - winsat\logging.cpp:1763: ERROR: pahse enter/leave imballance
1349736 (3424) - winsat\main.cpp:0948: > IsOfficial=TRUE IsFormal=TRUE IsMoobe=FALSE RanOverTs=FALSE RanOnbatteries=FALSE
1349736 (3424) - winsat\main.cpp:1775: ... Read more

A:WEI test cannot be completed

What language is your OS currently using, and what was originally installed on it? Is one of the two English?

4 more replies

hey im having problems with installing windows xp SP3 i boot to cd do the whole installation thing for step 1 and then it restarts and then im waiting for the continuation of the installation but it doesnt happen it boots to cd again without me pushing anything

A:Installation not completed

6 more replies

I have a couple of Word 7 files which can't be moved, deleted or renamed. Any attempt results in a message: This action cannot be completed as it is in use by another program. It is not in use by any program I am aware of. When I open the file, it says (Read Only) in the title bar but the properties dialogue boxes are not checked as read only. Of course, I can't save any changes to the file unless I go to 'save as' but that still leaves me with an undeletable/uneditable file. I am using Vista Ultimate. Any help would be greatly appreciated.
Joan

A:This action cannot be completed...

Unless you're particularly interested in the mechanics of why this might be happening, I'd suggest booting to safe mode (press the F8 key early during Windows startup) and moving or deleting the files from there. You probably won't have trouble deleting the files that way.

37 more replies

Finally got my gaming rig built and in perfect working order. Took me a while figure out how to put my two HDD into raid 0. One of the tech support guys at EVGA helped me out and said that HDDs have a hard time going into raid array if they have never been used, which was the case. I just installed some stuff on my two HDDs and reformatted the partition and BOOM it stopped giving me errors, LOL. Anywho here is the finished build:

Cooler Master Cosmos 1000 Silent Gaming Tower
EVGA 750i FTW Motherboard
Intel E8400 Wolfdale Processor
Xigmatek HDT-D1284 120mm Rifle CPU Cooler
MX-2 Thermal Compound
2x2GB OCZ DDR2 1066 5-5-5 18
2xEVGA 8800GTS in SLI
3xSeagate 7200.11 (2 in Raid 0, 1 backup)
Corsair 750TX Power Supply
Samsung DVD-RW w/ Lightscribe SATA
Liteon DVD-RW IDE
4 Scythe KAZE 120mm case fans (1 intake, 3 exhaust)
1 Stock Exaust Fan on HDDs

When I looked at the Case for the first time I couldn't believe how big it was, plenty of room to work in. The Scythe fans sound like a tornado when I first turn on the computer but it gets quite once the bios and PSU start regulating them and you can't notice it when playing games or listening to music. I bought a generic filter for the intake fan and realized that it wasn't needed because the case already comes with filters that you just slide off and wash.

This was my first build ever and I must say I'm quite pleased with the results. The bios defaulted the memory at 800mhz 1.9v so I bump... Read more

A:First Gaming Rig Completed

Cool. Looks like a good build.

7 more replies

Deckard's System Scanner v20070804.61
Run by HP_Owner on 2007-08-05 at 16:46:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 504 MiB (512 MiB recommended).

-- HijackThis (run as HP_Owner.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:37:16 PM, on 8/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Common Files\AOL\1128887343\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe

A:Completed the 5 Steps

Please stay with this thread, and only post here for this problem. Do not start a new thread, otherwise it is too confusing...

Use Post Reply - left bottom corner. Thanks!!

Save it to the Desktop

Double-click combofix.exe to run the program
(Don't click on the window while the program is running, it may cause your system to stall.)

When finished, a log, ComboFix.txt, is produced.

~~~~

19 more replies

Desktop machine.
Windows Vista Home Prem. 32b.

The computer shut itself down a few days ago while it was copying for files.
Then, it behaved abnormally after restart.
A back to the factory status recovery was performed, but it did not complete the task.
The last part of the recovery did not run.
The recovery disks, burned right after the purchase of the machine and used before, were used and they ended the same way.
The last part of the recovery did not run.

There are 3 partitions on the HDD.
Partition 0, 20GB. hidden, keeping the recovery OS.
Partition 1. 223GB. partition C.
Partition 2. 220GB. partition D.

Question:
If partition C is formatted, can recovery OS be installed on partition C ?

Thanks.

A:Recovery can not be completed.

What's the brand name and model name and model number of that desktop?

What's the part/product number and/or service tag number and/or serial number on it?

Which country do you live in?

--------------------------------------------------------

3 more replies

I accidentally infected my computer with security toolbar 7.1. I have done the 5 steps and i did not get a log from that first scan but here is the log it gave me on the last one.

Deckard's System Scanner v20071014.68
Run by Alan Hickman on 2007-10-21 13:33:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
98: 2007-10-21 18:33:54 UTC - RP572 - Deckard's System Scanner Restore Point
97: 2007-10-21 10:02:26 UTC - RP571 - Software Distribution Service 3.0
96: 2007-10-21 09:56:58 UTC - RP570 - Installed Windows Defender
95: 2007-10-21 09:24:44 UTC - RP569 - Restore Operation
94: 2007-10-20 09:03:00 UTC - RP568 - System Checkpoint

-- First Restore Point --
1: 2007-08-01 05:41:11 UTC - RP475 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 504 MiB (512 MiB recommended).

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-10-21 13:35:50
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe

A:Completed five steps...here is the log.

Bump!

3 more replies

I'll give some background.

I have a tri-boot setup. Windows 8 one ssd, windows 7 pro on a second ssd and ubuntu 13.04 on a partition on a 2 gig raid 1. The boot partition is on the windows 7 ssd. All drives are on the same Intel controller. Prior to the 8.1 attempt it worked. I'd boot the w7 ssd and a black win7 style boot screen would appear with the 3 OS choices. I'd been using win 8 as primary since it's release with no real issues.

I updated through the store early today and the process had a hitch after the first reboot but I rebooted and it completed the install. Windows 8.1 started and walked me though an initial setup. Once in, all looked pretty much unchanged. The only issued was it asked me to reinstall some XLan software.

I rebooted to check my other OS's and the problems began. I boot up, it loaded the blue win8 boot screen with all 3 OS present when I attempted to boot ubuntu it went to a black screen with no possible input. Hard rebooting brought up the grub bootloader (not win8 bootscreen) and I was able to enter ubuntu. Same thing happened with win 7 pro. I soft rebooted and the win 8 bootscreen appeared. Choosing win 7 took me to a hung black screen - hard reboot directly started up win 7. Restarting to win 8 bootscreen again and choosing win8.1 took me to another black screen - Hard reboot from there started up a win 8 repair process.

This is always the case with each of the 3 OS's. I have found that I can get into win8 if I enter through safe mode ... Read more

A:8.1 update completed but problematic

I have the exact same problem. I even had the XLan error you described. Once I restarted the computer, it always go to a black screen. I do not have multiple OS's to boot into, but the black screen always comes up after the little blue windows 8 loading screen.

Update:

When I tried your suggestion of enabling Debugging, it loaded up. However, 1-2 minutes later it would freeze and I would have to push the reset button on the machine. In Safe Mode, I didn't have any of the freezing, but when I tried to uninstall Norton Internet Security, it would freeze. After a restart, I downloaded the Norton Removal Tool, and removed Norton. At this point, starting Windows 8.1 with Debugging allows me to stay freeze-free. However, trying to start up without Debugging gives me the same black screen.

Another thing to note is that when I have all non-Microsoft services stopped, I still get the black screen upon bootup. I'm not quite sure what Debugging mode does in terms of bootup, but its definitely a workaround for now. I used msconfig.exe to keep debugging turned on for now.

Again, if someone figures out the fix, report back.

2 more replies

I had a problem with my yoga 700 11". The laptop freezes every so often (3-6 hours). At first I thought it's the drivers that need to be updated, then Windows 10 updates, then BIOS update.I tried all of that but the problem still persisted. I did the recovery reset but still the same... I created Linux system on USB flash drive and booted the laptop with it. Even under Linux the laptop was freezing.I contacted lenovo support team and they said the laptop needs to be repaired and they send me the return free postage vocher. I put my laptop in the original box and posted it as I was instructed (for some reason it was send to Germany). The company name that issued me with the postage slip was MEDION AG - A Lenovo CompanyAfter 13 days I got an email saying:"...After assessing your device, the repair center has deemed that a repair cannot be completed under the manufacturer?s warranty due the case of the device showing signs of inappropriate treatment. ..." There were two pdf documents attached to the email. one with the detailed photos of the damage ( see photo attached) and the other one, the cost estimate document. In the document I was given two options:1. accept the cost of repair (£54.65)2. not accept and the laptop would be return to me (I would be still charged fat price of £44.07)My reply was that I do not recall the laptop having this damage and I always looked after it. I was suprised when I saw the photo. I also added that my main concern was that th... Read more

More replies

A neighbor brought over his computer since he knows I help folks with infections.  It appears he already ran and removed infections found with SAS Portable and MBAM.  I can include those logs if you like so let me know.

DDS Log

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.25.2
Run by HP_Administrator at 12:32:46 on 2013-08-16
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.958.456 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService

A:Infected PC with some Removal Completed

Attached file ...

3 more replies

Hi, I just built a new computer, and it's running XP Pro 64-bit. It ran fine for the first week, but now I'm getting a problem everytime I open "My Computer". Instead of showing my drives, it does the search animation. After a minute or two, it will either find all the drives, or it will say something like "This operation could not be completed because (something) is being used by another program." and gives me two options: "Retry", or "Switch To". When I click "Switch To" it opens my "Start" menu.

A (possibly) related problem is when I open IE, I get shown a set-up menu, but when I click "Save Changes" the webpage hangs. I can bypass this and use the internet fine though. Also, my computer randomly hangs sometimes when playing games.

I'm pretty disappointed with all these errors on what was supposed to be my fresh computer... Any help is appreciated.

More replies

Hello,

This is a follow-up to my original thread here -

http://www.sevenforums.com/crashes-d...ease-help.html

I completed 1 RMA with HP and the teleplan service center guys sent me the machine back with the note - no issues found, reloaded OS. This time they loaded the OS with SATA controller as IDE as opposed to the default RAID setting that had come when I had purchased the system.

I let it run overnight hoping for the best but see the BSOD error in morning - I would really appreciate if somebody can pin point the issue so in the next RMA I can advise HP Teleplan guys about it - they seem to not spend great deal of time researching the issue but try to do a quick fix that obviously didn't work.

PS - my System specs -

System Manufacturer/Model Number HP Pavilion Elite HPE-210F
OS Windows 7 Home Premium 64 Bit
CPU AMD Phenom(tm) II X4 945 Processor, 3000 Mhz, 4 Core
Motherboard H-RS880-uATX (Aloe)
Memory 8 GB PC3-10600 MB/sec (message as PC3-8500)
Graphics Card ATI Radeon HD 5450
Sound Card Integrated Realtec ALC888S Audio
Monitor(s) Displays Acer? H243H
Screen Resolution 1920 x 1080
Keyboard HP USB
Mouse Microsoft Compact Optical Mouse Model: 1016
PSU Bestec 300W
Case Mid-size ATX
Hard Drives Western Digital Caviar Green WD10EADS-65M28X
Internet Speed ATT DSL 6 MBPS

A:1st RMA completed - still random BSOD

Your dumps indicate conflicts and memory corruption. Uninstall Symantec using this removal tool: Tool. Many third party security programs create conflicts with Win 7 and Norton is no exception. Norton was involved in one of the crashes. Download and install Microsoft Security Essentials. It will not cause conflicts. Make sure Windows firewall is turned on.

Uninstall or upgrade CyberLink. Its driver, 000.fcl, Fri Sep 26 09:11:22 2008, is out of date. Outdated drivers can and do cause conflicts and BSOD's.

I find another slightly out of date driver loaded on your system. Update this driver from the link provided.

Quote:
usbfilter.sys Fri Apr 03 07:39:51 2009 - AMD USB Filter Driver (likely part of the chipset drivers). http://support.amd.com/us/Pages/AMDSupportHub.aspx. Update this driver.

Follow these suggestion, reboot and let's see if your system is more stable. Post back and let us know. If you get anohter BSOD, upload it and we will go from there.

Code:
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0xfffff80002804000 PsLoadedModuleList = 0xfffff80002a41e50
Debug session time: Thu Dec 16 09:41:31.624 2010 (GMT-5)
System Uptime: 0 days 8:53:11.013
...............................................................

8 more replies

I apologize if this forum is meant for tech people as I'm a novice computer user, but I really need help.  I have Windows 7 x64 and I used RoboCopy for the first time, and have messed up royally.  I was trying to copy folders and files from my
computer to an external hard drive.  My external hard drive had important files and folders on it already, and I thought that copying more data using RoboCopy would just add to it, but it deleted everything that was on the external hard drive when it
Can I undo what just happened?  Is there any way to revert?  Or maybe there's some way to recover that deleted data?
I used:  Robocopy C:\Users\Name\Documents F:/MIR /dcopy:T
I would be really grateful to be helped.  Thanks in advance.

More replies

I've ran Combofix, but need someone to look at my log file. I'm still having boxes pop up like my symantic anti-virus can't work because it is on a network resource that is unavailable. The log file is below. I would really appreciate any help I could get.Thanks,DonComboFix 10-12-09.04 - Todd 12/10/2010 16:39:31.1.1 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.70 [GMT -6:00]Running from: c:\documents and settings\Todd.PHILCON\Desktop\ComboFix.exeAV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\All Users\Application Data\FuhYQAtN.exec:\documents and settings\Don\Local Settings\Application Data\{127EBD9A-1C22-44C3-8173-3067BB23059B}c:\documents and settings\Don\Local Settings\Application Data\{127EBD9A-1C22-44C3-8173-3067BB23059B}\chrome.manifestc:\documents and settings\Don\Local Settings\Application Data\{127EBD9A-1C22-44C3-8173-3067BB23059B}\chrome\content\_cfg.jsc:\documents and settings\Don\Local Settings\Application Data\{127EBD9A-1C22-44C3-8173-3067BB23059B}\chrome\content\overlay.xulc:\documents and settings\Don\Local Settings\Applicat... Read more

A:Combofix completed - need help with log file

2 more replies

Hello and thank you for any help you may be able to give. I've gone through the five required steps before posting my logs for help.

I've run Spybot, Adaware and SuperAntiSpyware and can't seem to clear up whatever the issue is.

Following are the required log files (as well as the "extra" text file attached):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:06:02 PM, on 1/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\vtsphlxp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe

A:HijackThis Log - completed 5 steps

bump

anyone?

19 more replies

Computer has a very slow startup. I cannot get rid of this Kodak Easyshare. Internet response time a bit faster, page to page.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 05:44, on 2008-03-19Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\Program Files\Common Files\AOL\1101823440\ee\services\safetyCore\ver210_5_2_1\aolavupd.exeC:\WINDOWS\system32\cisvc.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\WINDOWS\system32\lxczcoms.exeC:\WINDOWS\Explorer.EXEC:\Program Files\mcafee.com\personal firewall\MPFService.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\wanmpsvc.exeC:\WINDOWS\system32\fxssvc.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\MUSICMATCH\... Read more

A:All Steps Completed Up To Hijack

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis LogPlease also post the problems you are having.

1 more replies

Dear Broni and All,

I have completed all steps, and ran the security programmes recommended in this thread:

http://www.techspot.com/community/topics/keep-getting-stupid-shopping-malware-installed.208648/

However, I am still getting pop-ups and adware related problems, which means that the underlying problem has not been resolved.
These are the programmes that I have run (today, 18/05/2015):
-RogueKiller
-Mbar
-AdwCleaner (it removed NickelBlock, AllCheeiaPPPriCe, DowwnSaave, SaVieNeewaApupoz)
-Junkware Remover
-Farbar Recovery Tool
-Farbar Security Scanner
-Security Check
-Tempfile Cleaner

I am currently running Sophos.
My laptop runs Windows 8.1, and Combofix does not support it.
The antivirus that I have is Kaspersky (I previously had Microsoft Security Essential), and Windows Defender. The malware was not detected by a Kaspersky and Spybot full scan a few days ago. However, on the 26th of April, I manually uninstalled some adware, and then ran full scans, which showed nothing.

As you can imagine, I don't think I have many options left, and formatting my laptop is a dreadful prospect. I was wondering if you could give me some advice.
I have kept all logs of the security programmes that I've run.

Thank you in advance, and looking forward to hearing from you.

A:Completed all instructions, but still getting adware pop-ups

Welcome aboard

Never follow steps from other topics. Every computer is unique.

Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

57 more replies

Deckard's System Scanner v20070905.67
Run by Tom Roach on 2007-10-01 10:32:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
104: 2007-10-01 14:32:38 UTC - RP355 - Deckard's System Scanner Restore Point
103: 2007-10-01 14:17:25 UTC - RP354 - Installed WinZip 11.1
102: 2007-09-30 07:00:16 UTC - RP353 - Software Distribution Service 3.0
101: 2007-09-29 17:11:48 UTC - RP352 - Removed Adobe? Photoshop? Album Starter Edition 3.2
100: 2007-09-29 16:55:46 UTC - RP351 - Installed Windows Internet Explorer 7.

-- First Restore Point --
1: 2007-09-24 19:33:06 UTC - RP252 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Tom Roach.exe) -------------------------------------------

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-10-01 10:39:35
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16512)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe

A:WinAntiVirusPro - 5 steps completed

2. Double click on combofix.exe & follow the prompts.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

13 more replies

I got my P50 a few weeks ago and yesterday its LCD went half black. OK, this happens.I turned it into authorized premium repair center and they got LCD replaced (as my P50 is under warranty). No big deal.However, they could not re-calibrate the new LCD screen because I do not run Windows on my P50 (running Kubuntu).It would not be a big deal either (the Panel Replacement Utility they have does not run on Linux, but I can live without that), however there is one worrying thing: by my request, they printed Lenove repair instructions for me where it is stated, that "Failing to run the Panel Replacement Utility program will require another LCD panel replacement". Please note "will require". My interpretation of this statement is that LCD will fail again unless I run this Panel Replacement Utility which requires Windows (not Linux version exists). Repair guys could not comment on that in either direction.REALLY????So, despite the fact that nor P50 user guide nor warranty description limit me from using non-Windows OS, the P50 cannot be repaired to be used in full capacity unless I use Windows.Do I miss anything? Is this an official position of Lenovo on non-Windows OS use on ThinkPad P50?

More replies

hi there,
plese consider that who's writing (me) is a sw/hw total illiterate..

- at every web connection (firefox), the start page is http://istart.webssearches.com + the last web page visited at previous connection (two windows). i set up new homepage but nothing changes.
- pop ups frequently open (then disabled via settings).
- mouse stops/blocks for a second while using it.

i downloaded combofix and let it run. everything seems worked correctly, but now i don't know how to proceed.
here below the log i got - integral copy&paste - now saved on desktop.
if i understood well, malware etc will be removed once combofix is uninstalled and i still have to uninstall it..

i hope you can help me about how to proceed.

thanks++
iggy

ComboFix 14-05-19.01 - user 19/05/2014  19.13.03.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.39.1040.18.1919.1432 [GMT 2:00]
Eseguito da: c:\documents and settings\user\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\user\Dati applicazioni\cacaoweb
c:\documents and settings\user\Dati applicazion... Read more

A:ComboFix ran&completed - don't know how to proceed

3 more replies

I've run CHKDSK on a couple of laptops today, and in each case, after hanging for ages around 10-11%, the laptop rebooted while my back was turned. (The process was run at boot and the internet was not connected at the time.)

Is there a way to check if the process completed and what it did?

There is a CBS log with today's date, with entries that correspond time-wise to the CHKDSK activity, but I don't understand them. At the end there are several entries like this:

Can anyone explain what this means please, and if I have a problem?

Coincidentally (or not) There are similar 'Failed to internally open....' entries in the CBS log from when I turned the laptop back on later in the morning.

A:How do I know if CHKDSK completed successfully?

Hi, check this tutorials CHKDSK - Check a Drive for Errors in Windows 8 and Check Disk (chkdsk) - Read Event Viewer Log - Windows 7 Help Forums to see if they will help you.

Good luck, werty

3 more replies

Hello TSF -

Recently, i have had a problem with my system restore. After i attempt a restore, the computer reboots fine and acts as if it did the restore, but when i sign it, i get a messege saying system restore incomplete, or something along those lines. I decided to check the sr.inf file, right clicked and clicked install, but it said i need a windows XP sp3 cd, and i only have the original SP2 cd, not Sp3. Also i'm not sure if that will even fix the probem, has anyone else seen this problem? any help would be greatly appreciated!

-Thank you.

More replies

Not sure if this is the correct forum to post this in but..

Have installed Windows 8 64bit on three computers, all similar spec (amd a8 processors and gigabyte f2 motherboards with 8gig ram.)

Windows seems to be ok in every other respect other than I am getting an error in the metro store. When trying to install any app I get the error:

I have searched the internet for this error, and although I can find similar errors, I can see no one else having the error code with the same scrambled type.

We got around the error by signing in to a microsoft account, but then we are unable to create a pin for said account (the cursor just spins).

This happens on all three computers.

Any help greatly appreciated.

Have you tried copying & pasting the error code in Google ?

I find that helps.

EDIT--

Perhaps this phone number will help.
I've used it & got good help from Microsoft.

Microsoft Product Support Customer Phone Number | Shortest Wait | Best Support | GetHuman.com

2 more replies

Hi I just completed my second homebuild, I installed windows 7 pro and have been running it for over two weeks now, (got it pre release from msdna for free, thats right free, gotta love being a student, as many copies of 7, vista, xp and visual studio, and tons of other cool software for nada.)

anyway:
asus m4a78-e mobo
8gb (4x2gb) ddr3 ram
amd phenom II 945 3.0ghz quad core processor.
xfx hd 4850 1gb gddr3 gpu 256 bit with 512mb onboard already
2 x 500gb hitachi deskstar hdd's
sunbeam acb9 acrylic green led pc case (12 green leds, with 5 80mm green led fans, and custom fan grills.)
19" tft
650tx corsair psu
onboard sound and networking

it works great, so far I haven't seen the cpu go over 8% you through stuff at it it gives you a blank look and shrugs, it took a virus scan, dreamweaver, word and a few web pages (chrome) at 8% for god's sake. Anyway i'm very pleased with it.

BUT it only lists one hdd in the my computer section and that is the drive that i installed windows on, I don't know if the other one is formatted or not, I would say not, the bios recognises both of them, but my computer displays only one, i have not used raid in any form. Whats the solution?

Thanks alot, bob.

A:New build completed, but second hdd not recognised by os?

you shoud try this :
On "My Computer" Icon right click it and click MANAGE, click on DIsk Management..you may find your C: drive as Disc 0. Then look if you find drives that is unallocated..if you find it, click on the on it, right click and format the drive and click ok..just wait to make a 100% and you should after that it is healthy and formatted and you should the other drives now..try this tnx

3 more replies

Hello,

Had the "Security Center" come up on this computer...got rid of it using the tutorials on this site, along with trying all the other suggestions for removing rootkits that may be causing the redirects. Some solutions seem to run their course, others don't. Still having issues: browser redirects, browsers stop working, MBAM errors, Start menu blank, "waiting for background programs to end" on shutdown.

So, not sure where to go from here. Help please.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Chance at 6:41:48 on 2012-01-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2379 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted