Tech Problem Aggregator

No Sound/5 steps completed

Q: No Sound/5 steps completed

I recently had a virus and used HP recovery and now I don't have any sound. I originally posted this in the sound card forum and was instructed by deejay100six to go through the five steps of identifying a virus. I completed those steps and below is my Panda Scan results. I have the hijackthis results when ever you need them. I originally went through all of the basic steps to fixing the sound problem but nothing worked. Thanks again in advance.

ANALYSIS: 2008-08-16 02:24:44
PROTECTIONS: 1
MALWARE: 19
SUSPECTS: 2
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.8.1229 [VPS 080815-0] 4.8.1229 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00096188 spyware/searchcentrix Spyware No 1 Yes No hkey_current_user\software\dynamic toolbar
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
00139535 Application/Processor HackTools No 0 Yes No C:\Program Files\roguescanfix\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{DD9CB1FB-3F7A-40CF-B44C-DD1502404737}\RP38\A0013180.exe[smitRem/Process.exe]
00139535 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{DD9CB1FB-3F7A-40CF-B44C-DD1502404737}\RP38\A0013197.exe
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][3].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
;===================================================================================================================================================================================
SUSPECTS
Sent Location 
;===================================================================================================================================================================================
Yes C:\hp\bin\KillIt.exe 
Yes C:\Program Files\Common Files\Real\Toolbar\RealBar.dll 
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description 
;===================================================================================================================================================================================
;===================================================================================================================================================================================

A: No Sound/5 steps completed

I need some help here guys. Below is my hijackthis results.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:50 AM, on 8/23/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O4 - Global Startup: Updates from HP.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1218596244359
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 11183 bytes

4 more replies
Answer Match 72.24%

Here is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:05:14 PM, on 1/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\system32\vtutq.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run... Read more

A:Completed 2/5 steps - please look over this and tell me what to do

Hello

I needed you to go all the way through the steps. We prefer a more comprehensive set of logs to assist in detecting any malware that may be present. As noted in the final step (Step 5) of our sticky topic (Updated!) IMPORTANT - Read This Before Posting A Log, download Deckard's System Scanner (DSS) to your Desktop.

What DSS will do:create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review.
DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.


Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer"... Read more

19 more replies
Answer Match 72.24%

Avast seems to find a new malware every 20 min. I could not complete a panda activescan because the update would stall and hang at 19 %

Deckard's System Scanner v20071014.68
Run by Owner on 2008-05-30 21:04:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
102: 2008-05-31 01:04:12 UTC - RP583 - Deckard's System Scanner Restore Point
101: 2008-05-30 21:19:31 UTC - RP582 - Restore Operation
100: 2008-05-30 21:12:31 UTC - RP581 - Restore Operation
99: 2008-05-30 21:09:59 UTC - RP580 - Restore Operation
98: 2008-05-30 21:07:03 UTC - RP579 - Restore Operation


-- First Restore Point --
1: 2008-03-02 21:51:33 UTC - RP482 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-30 2111
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Awar... Read more

A:I have completed the 5 steps!

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.
Download SDFix and save it to your desktop.
Do not do anything with this yet!


Reboot
Reboot your system in Safe Mode.Restart the computer. The computer begins processing a set of instructions known as BIOS.
After hearing your computer beep once during startup, but before the Windows icon appears, press F8 (dependent on your system this may be F5 or another key)
Instead of Windows loading as normal, a menu should appear
Use the arrow key to highlight Safe Mode and press Enter.


SDBot FixRight click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the ... Read more

7 more replies
Answer Match 72.24%

I accidentally infected my computer with security toolbar 7.1. I have done the 5 steps and i did not get a log from that first scan but here is the log it gave me on the last one.

Deckard's System Scanner v20071014.68
Run by Alan Hickman on 2007-10-21 13:33:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
98: 2007-10-21 18:33:54 UTC - RP572 - Deckard's System Scanner Restore Point
97: 2007-10-21 10:02:26 UTC - RP571 - Software Distribution Service 3.0
96: 2007-10-21 09:56:58 UTC - RP570 - Installed Windows Defender
95: 2007-10-21 09:24:44 UTC - RP569 - Restore Operation
94: 2007-10-20 09:03:00 UTC - RP568 - System Checkpoint


-- First Restore Point --
1: 2007-08-01 05:41:11 UTC - RP475 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-10-21 13:35:50
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.ex... Read more

A:Completed five steps...here is the log.

Bump!

3 more replies
Answer Match 72.24%

Deckard's System Scanner v20070804.61
Run by HP_Owner on 2007-08-05 at 16:46:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis (run as HP_Owner.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:37:16 PM, on 8/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Common Files\AOL\1128887343\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Softw... Read more

A:Completed the 5 Steps

Please stay with this thread, and only post here for this problem. Do not start a new thread, otherwise it is too confusing...

Use Post Reply - left bottom corner. Thanks!!


Next, download ComboFix.exe

Save it to the Desktop

Double-click combofix.exe to run the program
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to stall.)

When finished, a log, ComboFix.txt, is produced.

~~~~
Please post the ComboFix.txt, and a new HijackThis log in your reply.[/QUOTE]

19 more replies
Answer Match 71.4%

log listed below : DO YOU WANT THE PANDA SCAN SCAN ALSO?

had constant pop ups- they have stopped- system very slow..avast found virus in operating system-win32:agent-PSG [drp] and vtutr.dll -
trojans




I just know how to computer surf- my son goes to online school- so we really need this computer
log listed below

Deckard's System Scanner v20071014.68
Run by wpccs on 2008-02-03 18:09:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-02-03 23:09:39 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 248 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-03 18:13:54
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WI... Read more

A:hijackthis log- completed 5 steps

Hi dorimom, and welcome to TSF.

Sorry for the delay in looking into your log, as we are extremely busy as you may have noticed. If you still require assistance and are not seeking help elsewhere, then please carry out my instructions.

Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

--------------------------------------------------------------


Please download HijackThis. This program will help us determine if there are any spyware/malware on your computer. Double-click on the file you just downloaded. Click on the "Install" button. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

Close HiJackThis

--------------------------------------------------------------


Since it has been awhile... Please run Deckard's System Scanner (dss.exe) again, and post the resulting log.

--------------------------------------------------------------

Please include the following in your next reply:

C:\Deckard\System Scanner\main.txt

5 more replies
Answer Match 71.4%

ok, i know i have malware on my computer. i read the 5 steps to do first....

step one-
i ran ad-aware (i have pro edition), no problems found,
aswell as spy bot s& d and cwschredder, all fine

syep two-i have norton and avg, no problems

step 3-none from that list

step 4-none from that list

step 5-can't update from windows, just get errors

here is my hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 9:57:51 AM, on 5/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator.JBOOGY\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\stng260[1].exe
C:\Program Files\a-squared\a2guard.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Documents and Settings\Administrator.JBOOGY\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Inte... Read more

A:ok, difinitely need help. i have completed the five steps

Hi,

Quote:




If you are seeking help for spyware/antivirus issues, or wish to have your Hijack This log checked, please do not post here!




Post it at the HijackThis Log Help section. I think I mod will move this post.

5 more replies
Answer Match 71.4%

Deckard's System Scanner v20070905.67
Run by Tom Roach on 2007-10-01 10:32:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
104: 2007-10-01 14:32:38 UTC - RP355 - Deckard's System Scanner Restore Point
103: 2007-10-01 14:17:25 UTC - RP354 - Installed WinZip 11.1
102: 2007-09-30 07:00:16 UTC - RP353 - Software Distribution Service 3.0
101: 2007-09-29 17:11:48 UTC - RP352 - Removed Adobe? Photoshop? Album Starter Edition 3.2
100: 2007-09-29 16:55:46 UTC - RP351 - Installed Windows Internet Explorer 7.


-- First Restore Point --
1: 2007-09-24 19:33:06 UTC - RP252 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Tom Roach.exe) -------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-10-01 10:39:35
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16512)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\syst... Read more

A:WinAntiVirusPro - 5 steps completed

1. Download & Save this file to Desktop -> http://download.bleepingcomputer.com...a/ComboFix.exe

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that & a fresh Hijackthis log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

13 more replies
Answer Match 71.4%

Hello and thank you for any help you may be able to give. I've gone through the five required steps before posting my logs for help.

I've run Spybot, Adaware and SuperAntiSpyware and can't seem to clear up whatever the issue is.

Following are the required log files (as well as the "extra" text file attached):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:06:02 PM, on 1/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\vtsphlxp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program File... Read more

A:HijackThis Log - completed 5 steps

bump

anyone?

19 more replies
Answer Match 71.4%

Computer has a very slow startup. I cannot get rid of this Kodak Easyshare. Internet response time a bit faster, page to page.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 05:44, on 2008-03-19Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\Program Files\Common Files\AOL\1101823440\ee\services\safetyCore\ver210_5_2_1\aolavupd.exeC:\WINDOWS\system32\cisvc.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\WINDOWS\system32\lxczcoms.exeC:\WINDOWS\Explorer.EXEC:\Program Files\mcafee.com\personal firewall\MPFService.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\wanmpsvc.exeC:\WINDOWS\system32\fxssvc.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\MUSICMATCH\... Read more

A:All Steps Completed Up To Hijack

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis LogPlease also post the problems you are having.

1 more replies
Answer Match 70.56%

I'm using Windows XP, I installed, Spybot Search and Destroy and Spyware Blaster (basically completed all 5 steps).
The problem that I'm having is that my computer takes forever to turn on. Then there are alot of error messages (windows has encountered a problem in " " program and has to close), there are about 20 of these messages, all referring to windows/system32/XXXX.exe where xxxx are all different program files. Most of this started when my kids were playing an online game called Maple story (from Nexon) and a game called Banned story. I've also deleted a program called Absolute start up (that still seems to be lingering, as well as AOL instant messaging (aol always gives me problems). Also hard to get rid of is Spyware bot (as opposed to Spybot search and destroy). Previous to this mess that you see in my log, I ran my Mcafee virus scan and detected (& removed) several viruses (trojans, worms). I hope you can help me clean my mess! Please let me know if you need more info! I've attached the extra.txt. thank you!!!


Deckard's System Scanner v20070905.67
Run by Sandra on 2007-09-13 15:20:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
44: 2007-09-13 19:20:39 UTC - RP44 - Deckard's System Scann... Read more

A:Computer bogged down, I've completed the 5 steps

Hi.
Quite a bit to tidy up....



Go to Start > Run and type

cmd

and OK. Type the below commands and hit "Enter" after each line

sc stop g6euuloz4omli7
sc delete g6euuloz4omli7


Type Exit to close.


=================================

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


Open *notepad* and copy/paste the text in the quotebox below into it:



Quote:





File::

C:\WINDOWS\system32\bi.exe
C:\WINDOWS\system32\i.exe
C:\WINDOWS\system32\zpoaktwskm.exe
C:\WINDOWS\system32\hklsyrutqdfb.exe
C:\WINDOWS\system32\zkxl.exe
C:\WINDOWS\system32\bxhrwlxbmfmk.exe
C:\WINDOWS\system32\snu.exe
C:\WINDOWS\system32\mzzen.exe
C:\WINDOWS\system32\uxlahgmomyk.exe
O C:\WINDOWS\system32\eni.exe
C:\WINDOWS\system32\aoebviepf.exe
C:\WINDOWS\system32\saqxdpoh.exe
C:\WINDOWS\system32\vlxriufvzco.exe
C:\WINDOWS\system32\szwdlrxb.exe
C:\WINDOWS\system32\xijw.exe
C:\WINDOWS\system32\ftmvqslxii.exe
C:\WINDOWS\system32\rlpawdwuggsf.exe
C:\WINDOWS\system32\mih.exe
C:\WINDOWS\system32\kdepcd.exe
C:\WINDOWS\system32\dqwdsti.exe
C:\WINDOWS\system32\dvbeqh.exe
C:... Read more

15 more replies
Answer Match 70.56%

I am experiencing Browser hijacking and pop ups in new tabs.
nothing else yet, that I know of, except a ding (like the one we hear when we click on something that won't work) that just sounds for no reason.
Attached is the requested logs. Thank you so much, in advance.
**All scans were done in safe-mode**

DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by Owner at 13:01:21.76 on Mon 07/12/2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.363 [GMT -4:00]

AV: Norton AntiVirus *On-access scanning disabled* (Updated) {B5510F6F-87E1-47F7-A411-360BC453007C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
mDefault_Page_URL = hxxp://www... Read more

A:First Steps completed, ready for analysis

Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.
When finished, it sh... Read more

12 more replies
Answer Match 70.56%

Hi

Just the other night while reading a forum I regularly visit, popups started to happen, a TAG (SearchUs) icon appeared on the desktop, Outerinfo appeared in the task bar, MS Office install window pops up, and a few others.

I have AVG, SpywareBlaster, Spybot, and a few other on my PC. After running them Spybot was able to remove a few but the Smitfraud-C.CoreService remained. All of the above symptoms are still happening about every 15 minutes or so.

I completed the first 5 basic steps from this forum you are supposed to do before posting a log. AdAware detected nothing. Panda detected 1 Virus, 37 Spyware, and 6 Hacking Tools/Rootkits. Hopefully somebody can help me. Here is the info...

PANDA:

Incident Status Location

Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\vturppm.dll
Spyware:Spyware/Virtumonde ... Read more

A:Smitfraud-C.CoreService, completed the 5 STEPS

PS: It took me 5 hours to do the above (yes... 5 hours) and do the 5 steps.

I took the time to follow the forum rules when posting logs and asking for help.

I hope somebody takes the time to help so the hours I invested don't go to waste.

Many thanks.

8 more replies
Answer Match 70.56%

And by completed the steps i mean i wasnt able to partially do any of the five steps

Step 1: I cant access the add/remove programs option on the control panel, it comes up with this message.

This file does not have a program associated with it for performing this action. Create an association in the folder options control panel.

Step 2: I cant use email on the computer, keeps saying cookies are disabled even though i put it to allow all.

Step 3: Well i never cleaned the system so why bother trying to install these programs? I probably wouldnt be able to install them anyway.

Step 4: When i go to the update site, it says it cant continue because one of the following programs isnt working
Automatic Updates
BITS
event log
i follow there directions, my computer refuses to allow me to enable automatic updates

Step 5: im not downloading that program because the way it looks im gonna have restore my system

so is my system completly messed up or can you guys help me out?

More replies
Answer Match 69.72%

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:27:43 PM, on 3/11/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exeC:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exeC:\Program Files\Common Files\AOL\1133363615\ee\AOLSoftware.exeC:\Program Files\Yahoo!\Antivirus\CAVTray.exeC:\Program Files\Yahoo!\Antivirus\CAVRID.exeC:\PROGRA~1\Yahoo!\YOP\yop.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Yahoo!\Search Protection\SearchProtection.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\PROGRA~1\Yahoo!\browser\ycommon.exeC:\Program Files\CreataCard\Gold\FMRemind.exeC:\Prog... Read more

A:Hijack This Report-prior Steps Completed

Hello bigdaddy43 and welcome to the BleepingComputer Forums. Since it has been a few days, please post a new HijackThis log.Please tell me what is wrong with this computer. Thank you for your patience.

6 more replies
Answer Match 69.72%

Hi all,

this is my first post and I wish it was on better terms. I am getting pop ups telling me that I have Win32.trojan.rx My back round on my desk top turned red and I have no access to my task manager.

I have tried downloading DSS but cannot.

Things I have already tried (hopes this helps in coming to a quicker resolution)

1) Run Adaware in safe mode
2) Run Spybot in safe mode
3) Run Ez Armor virus scanner in safe mode
4) Run cc Cleaner in safe mode
5) Delete temporary internet files
6) down loaded but have not yet run AVG anti virus.
7) Looked for suppicious items in control panel (ad remove programs) found slotchbar but cannot remove it.
8) Made hidden files viewable

My biggest fear is that this trojan got a hold of my banking and credit information. Is there anyway to confirm?

Listed below is my Hijack this log. I know you are all very busy and appreciate your help.

Logfile of HijackThis v1.97.7
Scan saved at 2:34:58 PM, on 6/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDO... Read more

A:Win32.trojan.rx Need help (completed basic steps)

Update:

I also ran SmitFraudFix and had it clean files as well.

I dont know if the problem is fixed but I now have access to my back round and task manager. My computer is also NOT alerting me any more telling me I have a virus.

Im skeptical to think I am cured but I posted both the smitfraud fix log and a new Hijackthis log below. Please review and let me know. Thanks for your help.

SmitFraudFix v2.194[/B]

Scan done at 15:10:25.20, Sat 06/09/2007
Run from C:\Documents and Settings\John Pagnotta\Desktop\Antivirus\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

???????????????????????? SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

???????????????????????? Killing process


???????????????????????? hosts


127.0.0.1 localhost


???????????????????????? Generic Renos Fix

GenericRenosFix by S!Ri


???????????????????????? Deleting infected files

C:\WINDOWS\susp.exe Deleted

???????????????????????? DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{80D56E64-E792-4579-957C-DFA59D348CD8}: DhcpNameServer=167.206.245.71 167.206.245.70 167.206.245.7
HKLM\SYSTEM\CS1\Services\Tcpip\..\{80D56E64-E792-4579-957C-DFA59D348CD8}: DhcpNameServer=167.206.245.71 167.206.245.70 167.206.245.7
HKLM\SYSTEM\CS2\Services\Tcpip\..\{80D56E64-E792-4579-957C-DFA59D348CD8}: DhcpN... Read more

14 more replies
Answer Match 69.72%

Hello and this is my first post.. I'm using an account a friend let me use.

Earlier this week I was viewing a page in Internet Explorer(Mind that I don't prefer IE, I mainly use Firefox) and something attacked my system and started bringing up popups about a "free spyware remover" program, telling me my computer was infected. Knowing this was a hoax, I closed them, only to find that they'd uploaded something to my system. It seemed like adware. There was an icon in the taskbar that would not go away, saying the same thing as the popups- "Your computer is infected! Click here to download spyware remover!" On top of that, the files or whatever have disabled most administrative capabilities I once had, like the Control Panel, Add/Remove programs, and even the Desktop Properties menu.

Now I've tried at least 4 programs to rid myself of this annoying problem- Norton, SpyBot S&D, and none have fixed it.

A friend recommended me to you guys and it looks like you really know what you're doing. I've completed steps 1-5 to the best of my abilities as of now. I couldn't even do step 1 due to the fact that the malicious stuff has disabled my Control Panel. Step 2 concerning the Panda ActiveScan was unsuccessful, as the popup window doing the scan mysteriously closed part-way through the scan.

Anyway, here's the DSS and HijackThis reports. Any help is greatly appreciated. I want my computer back! And REVENGE!

Deckard's System Scanner v20070826.66
R... Read more

A:Spyware/Malware/SOMETHING Steps 1-5 completed(kind of)

Sorry for the double post, there doesn't seem to be an edit button.

Also try to keep it in layman's terms, I'm not that much of a computer wizard- just a gamer.

16 more replies
Answer Match 69.3%

Hi,

I have picked up a virus that has deleted my anti-virus programs and prevents me from installing any new ones. I can install them, but the "exe" file is immediately deleted. I am also prevented from booting into safe mode-I get a message that states there have been hardware or software changes that prevent this. I am also unable to activate my firewall protection. I would certainly appreciate any assistance!!!

Deckard's System Scanner v20070809.63
Run by rickir on 2007-08-15 at 07:28:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
97: 2007-08-15 12:28:55 UTC - RP796 - Deckard's System Scanner Restore Point
96: 2007-08-14 19:18:09 UTC - RP795 - Installed AVG 7.5
95: 2007-08-14 19:05:17 UTC - RP794 - Installed AVG 7.5
94: 2007-08-14 18:48:19 UTC - RP793 - Installed AVG 7.5
93: 2007-08-14 18:43:12 UTC - RP792 - Installed AVG 7.5


-- First Restore Point --
1: 2007-05-17 22:53:35 UTC - RP700 - Installed WordPerfect Lightning.


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as rickir.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:56:39 PM, on 8/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE:... Read more

A:Virus deletes antivius progs-steps 1-5 completed

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

I'd advise you to first back up any valued data now. If you really have a file infector, your OS may be in serious jeopardy. That said, you were able to run DSS, so it may just be that the infection is disabling the AV, not deleting it. I still see services from Avast in your logs.

---------------------------------------------------------------------------------------------

Please disable Winpatrol, as it may hinder the removal of some entries. You can re-enable it after you're clean.
Right click the running icon of winpatrol, and choose exit.

---------------------------------------------------------------------------------------------

Open HijackThis and click o... Read more

15 more replies
Answer Match 69.3%

--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
69: 2008-01-31 01:28:43 UTC - RP952 - Deckard's System Scanner Restore Point
68: 2008-01-30 17:13:30 UTC - RP951 - Software Distribution Service 3.0
67: 2008-01-29 04:16:44 UTC - RP950 - System Checkpoint
66: 2008-01-28 02:45:48 UTC - RP949 - Installed Ad-Aware 2007
65: 2008-01-27 08:45:23 UTC - RP948 - System Checkpoint


-- First Restore Point --
1: 2008-01-23 03:35:38 UTC - RP884 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 80% (more than 75%).
Total Physical Memory: 127 MiB (512 MiB recommended).
System Drive C: has 2.41 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-30 19:33:34
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDO... Read more

A:Spyware and viruses slowing computer (completed all five steps)

BUMP

Did I do something wrong? This is my third post and nobody has answered, I really need help.

2 more replies
Answer Match 69.3%

Deckard's System Scanner v20071014.68
Run by David Anderson on 2008-01-27 11:16:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
16: 2008-01-27 18:13:39 UTC - RP1115 - Software Distribution Service 3.0
15: 2008-01-27 17:26:16 UTC - RP1114 - Software Distribution Service 3.0
14: 2008-01-26 23:57:46 UTC - RP1113 - Software Distribution Service 3.0
13: 2008-01-26 23:04:19 UTC - RP1112 - Software Distribution Service 3.0
12: 2008-01-26 22:56:02 UTC - RP1111 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-01-11 13:37:32 UTC - RP1100 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-27 11:39:58
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\services.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Ap... Read more

A:spyguard pro infection (steps completed and logs are included)

Bump!

2 more replies
Answer Match 68.46%

Hi all,

Both firefox and ie are not working for many websites. Google search being diverted to ad sites. I have followed the 5 steps process and attached panda results and extra.txt files are attached. Main.txt contents is pasted below. Thanks a lot in advance for helping me.

Deckard's System Scanner v20071014.68
Run by KAravind on 2008-06-22 18:01:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2008-06-22 22:01:17 UTC - RP44 - Deckard's System Scanner Restore Point
1: 2008-06-22 07:24:21 UTC - RP43 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as KAravind.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:02:51 PM, on 6/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\WLTRYSVC.EXE
C:\WINNT\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\... Read more

A:IE popups + Google search not working in firefox - 5 steps completed

Hi, welcome to tsf!

sorry for the delay.

if you still need assistance, please post a fresh main.txt log.

1 more replies
Answer Match 68.46%

Hello,Great forum by the way! I have found tons of useful information here but unfortunately I am still experiencing some issues. A few days ago the computer was infected with Antispyware Soft. I received all of the typical infection signs and went through the manual self-removal steps. This stopped the issue of the false warnings but shortly after I noticed that I was experiencing the same redirect issue that others have experienced with this infection. I went through the manual steps including removing the Doc&Settings folders it created as well as the registry values. In the registry, there were some values listed as Antispyware Suite in addition to the 'Soft'. I also went through the steps on another forum's post before finding this one. None of the removers can locate anything now and I even ran a rootkit download tool that was recommended. It found one item, removed it and everything worked normally for a few minutes then more of the same redirect issue. Nothing so far has found anything else. Yet every time I try to perform a search, I get redirected. Sometimes without even running a search: just scrolling on a page will cause a redirect to one of several different sites but all seem to pertain to shopping, advertising or search sites.I have run so many things that I cannot remember them all now but I do know there is something definitely still on the computer but nothing is finding it. This is even causing the internet connection to go undetected a... Read more

A:Antispyware Soft Infection: Removal steps completed but still having issues....

Hello, KarenReyWelcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.If you do not make a reply in 4-5 days, we will have to close your topic.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if th... Read more

13 more replies
Answer Match 68.46%

Hello
I have been having an issue with Winantivirus pop-ups which have led to various spyware and adware infections. I have seen many variations to the pop-up including winantivius, winantiviruspro, errorprotection, winantispyware, as well as many pop-up and new browser window ads. I have also noticed minor degradation in system performance.

I have completed the 5 steps and have all logs from scans available.
Below is the main text file and attached is the extra text file from the Deckard scan.

I am not sure what additional information would be helpful to the analyst. One concern i have is that SP2 has already been installed. If anyone could assist I would greatly appreciate it.

Thanks
Matt

Deckard's System Scanner v20070905.67
Run by Matthew on 2007-09-07 18:52:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 4 Restore Point(s) --
4: 2007-09-07 22:52:52 UTC - RP217 - Deckard's System Scanner Restore Point
3: 2007-09-07 22:30:56 UTC - RP216 - Software Distribution Service 3.0
2: 2007-09-07 18:22:20 UTC - RP215 - Removed Get High Speed Internet!
1: 2007-09-07 16:32:35 UTC - RP214 - Installed Windows Internet Explorer 7.


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Matthew.exe) ------... Read more

A:Winantivirus and related PUP adware spyware issues. 5 steps completed

Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.
Put a check next to Run VundoFix as a task.
You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
When VundoFix re-opens, click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.

==============================

Please download Combofix from HERE

Save ComboFix to the desktop.

1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Post the contents of that log in your next reply with a new hijackthis log.
Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.

9 more replies
Answer Match 68.46%

Please help my laptop keep telling me i have worm.win32.netsky all 5 steps completed. Main.txt below and extra attached. Thanks for all the advice - newbie with no clue





Deckard's System Scanner v20071014.68
Run by Davinia on 2007-11-23 17:25:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
64: 2007-11-23 17:26:44 UTC - RP170 - Deckard's System Scanner Restore Point
63: 2007-11-22 21:44:56 UTC - RP169 - System Checkpoint
62: 2007-11-18 19:34:31 UTC - RP168 - Removed LiveUpdate Notice (Symantec Corporation)
61: 2007-11-15 13:27:46 UTC - RP167 - Software Distribution Service 3.0
60: 2007-11-13 16:15:21 UTC - RP166 - System Checkpoint


-- First Restore Point --
1: 2007-08-25 10:58:20 UTC - RP107 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-11-23 17:29:31
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32... Read more

A:laptop popup says it has worm.win32.netsky all 5 steps completed.

Apologies for the delay in responding.

The workload on this forum is intense, and sometimes it is not possible to respond to every
inquiry.


Please download SmitfraudFix
Extract the files to the Desktop

~~~~
Start the computer in Safe Mode:When the machine reboots, tap the F8 key before Windows starts
You are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Press Enter to boot into Safe Mode.

~~~~
Open SmitfraudFix Double-click smitfraudfix.cmd
Select Option 2 - Clean by typing 2 and press Enter (Deletes infected files)
You are prompted: Do you want to clean the registry? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
The tool also checks if a relevant file, wininet.dll, is infected.
You may be prompted to replace the infected file (if found).
Replace infected file? Answer Y (yes) and hit Enter to restore a clean file.

When it is done, a log named rapport.txt is created, listing infected files (if present).

~~~~
Restart the computer to complete the removal process.

~~~~
Next, download ComboFix
Save it to the Desktop

Double-click combofix.exe to run the program
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to stall.)

When finished, a log, ComboFix.txt, is produced.

~~~~
Run HijackThis once again to obtain a new log.

~~~~
Please post... Read more

4 more replies
Answer Match 68.46%

I haven't really scanned this computer ever, but the school I went to offered free antivirus software called Counterspy which I've used to scan recently. It detected a whole lot (with updated definitions) such as various pieces of spyware, and some trojans in my Outlook email, which I just ended up deleting as a whole, but I had a feeling there is much more going on.

I followed the steps and the only thing notable to point out about step 1 is that I had the viewpoint media player, which I uninstalled. I have no clue how that even got installed.

Here are the logs:

dss main.txt:
Deckard's System Scanner v20070826.66
Run by Admin on 2007-09-05 13:42:47
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 255 MiB (512 MiB recommended).
System Drive C: has 1.71 GiB (less than 15%) free.


-- HijackThis (run as Admin.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:34:00 AM, on 9/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Mi... Read more

A:Slow Computer..Kaspersky reveals 15 viruses.. HELP! 5 steps completed.

Please download Combofix from HERE

Save ComboFix to the desktop.

1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Post the contents of that log in your next reply with a new hijackthis log.
Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.

================================

Download Superantispyware (SAS) free home version from HERE


Install it and double-click the icon on your desktop to run it.
? It will ask if you want to update the program definitions, click Yes.
? Under Configuration and Preferences, click the Preferences button.
? Click the Scanning Control tab.
? Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others as they were.
o Click the Close button to leave the control center screen.
? On the main screen, under Scan for Harmful Software click Scan your computer.
? On the left check C:\Fixed Drive.
? On the right, under Complete Scan, choose Perform Complete Scan.
? Click Next to start the scan. Please be patient while it scans your computer.
? After the scan is complete a summary box will appear. Click OK.
? Make sure everything in the white box has a check next to it, then click Next.
? It will quarantine what it found and if it asks if ... Read more

5 more replies
Answer Match 67.62%

Thanks for your help. Chrome stalls and when closed it takes 5 or 6 tries to re-open. Start-up is also VERY slow? I completed the logs you need, I don't have a Windows Install disc or a Boot CD, but I have made a backup. thanks, - Jason



DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.13.2
Run by Jason at 14:00:44 on 2013-02-09
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3957.1656 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:... Read more

A:Completed initial scans/steps -- browser stalls and slow start-up

bump, please :)

3 more replies
Answer Match 62.16%

My computer began directing my searches to non-google sites and bringing up popups. I was running windows defender and AVG. I use firefox for browsing. All are up to date. Running Windows Vista Home in a newer HP desktop, wired connection. I was not able to update any programs (ad aware, spybot, AVG, windows defender, etc). Also, when I run hijack this I get an error message indicating that hijack this was "denied write access to the hosts file". Hijackthis automatic analyzers do note some problems files but when I check them and click fix, they are still there after I scan again (including after a reboot). That line is:"O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe"I (ignorantly) ran combofix already as directed by a related forum post. It indicated that there was a trojan infection, restarted the computer and instructed me to re-run. I did and it created a log, though I understand I'm not to post that unless directed. It helped, now I can update my programs and I have not been redirected when searching, but I'm sure I have not completely addressed the problem(s) yet, thus, the request for your help (thanks in advance).Below is the DDS log and attached is the, er, attach.txt file per these instructions:DDS (Ver_09-03-16.01) - NTFSx86 Run by Bedroom at 16:53:36.05 on Sat 03/21/2009Internet Explorer: 7.0.6001.18000Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3582.2192 [GMT -7:00]AV: AVG Anti-Virus Free *On-access scanning enable... Read more

A:Unknown malware or trojan - initial steps completed per initial posting instruction

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

2 more replies
Answer Match 50.4%

I'm sure installing "the" sound card for the first time is a simple process. I just don't know what it is. Can someone list the steps for me, please. Windows XP home.

Thank you in advance for your help.

Robert

A:Generic sound card; sequence of steps to install.

Hello and welcome to the forum!

There really is no such thing as a generic sound card driver.
There are hundreds,if not thousands, of variations of sound cards and chipsets on them.

What is the make/model of the system?
If it is a custom ssytem what sound card do you have?

Edit: Also, please clarify.
Are you installing a new sound card or do you just need to install the drivers for an existing one?

2 more replies
Answer Match 38.22%

I did not get any replies so will try this again with updated info. Downloaded Microsoft Pocket PC 2002 October 2002 Update(EUU3) to computer but when tried to sync it to handheld got message: "Synchronization Cannot be Completed Successfully" and have not been able to sync since then. Same message and then disconnects. Have reinstalled Activesync twice..even going to older version. Have done disc cleanup and defrag. Have deleted recent programs including the EUU3. Also soft resert on handheld although problem developed in computer before could sync to there. There is no problem in connection of handheld with computer..just will not sync. Any help much appreciated as cannot download or sync any material to handheld(iPAQ3835) at all.
Thanks!!! John
 

A:Synchronization Cannot be Completed..

6 more replies
Answer Match 38.22%

Keep getting the same error over and over, tried many things (inclduing scf /scannow) but to no avail.

Here is the bit from the log:


Code:
1348769 (3424) - winsat\logging.cpp:0815: --- START 2011\10\30 17:15:04 ---
1348769 (3424) - winsat\main.cpp:4301: Command Line = "C:\Windows\system32\winsat.exe" formal -restart clean -cancelevent 8e00fb41-d1d6-4e88-8347-83b99be94b73
1348769 (3424) - winsat\processwinsaterror.cpp:0095: ERROR: tried to read resource strings, unknown exception occured
1348784 (3424) - winsat\main.cpp:4474: > IsFormal=TRUE IsMoobe=FALSE.
1348815 (3424) - winsat\main.cpp:4585: Watch dog system enabled
1348815 (3424) - winsat\main.cpp:4600: Main watch dog timer set to 600.0 seconds
1348878 (3424) - winsat\main.cpp:2505: > DWM not running.
1348878 (3424) - winsat\main.cpp:2470: > EMD service will be restored on exit.
1348893 (3424) - winsat\syspowertools.cpp:0983: > Read the active power scheme as '8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c'
1348893 (3424) - winsat\main.cpp:2793: > power policy saved.
1348909 (3424) - winsat\syspowertools.cpp:1015: > Set the active power scheme to 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c'
1348909 (3424) - winsat\main.cpp:2814: > power policy set to maximum.
1349736 (3424) - winsat\logging.cpp:1763: ERROR: pahse enter/leave imballance
1349736 (3424) - winsat\main.cpp:0948: > IsOfficial=TRUE IsFormal=TRUE IsMoobe=FALSE RanOverTs=FALSE RanOnbatteries=FALSE
1349736 (3424) - winsat\main.cpp:1775: ... Read more

A:WEI test cannot be completed

What language is your OS currently using, and what was originally installed on it? Is one of the two English?

4 more replies
Answer Match 38.22%

Logfile of HijackThis v1.99.0
Scan saved at 16:26:28, on 08/01/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\David.DAVID-91YJAB3H3\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/
R1 - HKCU\Software\Micros... Read more

More replies
Answer Match 38.22%

Hi everyone!

Ive just completed my upgrade from an MSI 745 Ulta mobo and ATI Radeon 7000 series 64meg AGP x4 graphics card to an Abit NF7-S mobo and ATI Radeon 9550 AGP x8 256meg graphics card and I gotta say, boy what a difference.

Now I have to save up my pennies to get myself a better processor, I have an AMD Athlon XP Pro 2000 and was wondering what i should replace it with?

There's a fair ammount of choice out there so i was wondering if anyone has any recomendations?
 

A:Just completed an upgrade

Nice speed jump!
Upgrading always starts with budjet. If you are going to keep your Mb , then simply buy the best (fastest) CPU you can afford at the time.If you are saving pennies you will probably be able to get the quickest cpu your mb can handle.
 

5 more replies
Answer Match 38.22%

Hi,

Having successfully performed a 3 hour chkdsk by means of a downloaded microsoft program which did this automatically, the screen is left hanging and there is no option available to exit from it. I tried switching off and then on again but this just puts me back to the start of the chdsk routine which then completes again. So I'm stuck in a loop from which I can't escape !! What do you recommend ?

A:After chkdsk has completed

Hello ,

here is a shot in the dark

turn your system on & then back off

then un plug your system

them push your power button as if you wanted to start it and hold it for a count of 10

this will clear the compleat system of power and maybe reset way your system starts / you may want to reset the bios also by crossing the bios jumpers or just pulling the litheum battery from your mother board for at least 3 minutes

then try your system

you may be looking at wipeing the driver & reinstalling

have you tried to get into the recovery console useing the Windows XP cd ?

3 more replies
Answer Match 38.22%

Model HP 15 notebook PCProduct no. J8B82PA#ACJRam 4gbHard disk 1tb HDDProcessor Intel core i3 1.70 GHzWin does 8.1 64 bit

More replies
Answer Match 38.22%

I have a couple of Word 7 files which can't be moved, deleted or renamed. Any attempt results in a message: This action cannot be completed as it is in use by another program. It is not in use by any program I am aware of. When I open the file, it says (Read Only) in the title bar but the properties dialogue boxes are not checked as read only. Of course, I can't save any changes to the file unless I go to 'save as' but that still leaves me with an undeletable/uneditable file. I am using Vista Ultimate. Any help would be greatly appreciated.
Joan

A:This action cannot be completed...

Unless you're particularly interested in the mechanics of why this might be happening, I'd suggest booting to safe mode (press the F8 key early during Windows startup) and moving or deleting the files from there. You probably won't have trouble deleting the files that way.

37 more replies
Answer Match 38.22%

Finally got my gaming rig built and in perfect working order. Took me a while figure out how to put my two HDD into raid 0. One of the tech support guys at EVGA helped me out and said that HDDs have a hard time going into raid array if they have never been used, which was the case. I just installed some stuff on my two HDDs and reformatted the partition and BOOM it stopped giving me errors, LOL. Anywho here is the finished build:


Cooler Master Cosmos 1000 Silent Gaming Tower
EVGA 750i FTW Motherboard
Intel E8400 Wolfdale Processor
Xigmatek HDT-D1284 120mm Rifle CPU Cooler
MX-2 Thermal Compound
2x2GB OCZ DDR2 1066 5-5-5 18
2xEVGA 8800GTS in SLI
3xSeagate 7200.11 (2 in Raid 0, 1 backup)
Corsair 750TX Power Supply
Samsung DVD-RW w/ Lightscribe SATA
Liteon DVD-RW IDE
4 Scythe KAZE 120mm case fans (1 intake, 3 exhaust)
1 Stock Exaust Fan on HDDs


When I looked at the Case for the first time I couldn't believe how big it was, plenty of room to work in. The Scythe fans sound like a tornado when I first turn on the computer but it gets quite once the bios and PSU start regulating them and you can't notice it when playing games or listening to music. I bought a generic filter for the intake fan and realized that it wasn't needed because the case already comes with filters that you just slide off and wash.

This was my first build ever and I must say I'm quite pleased with the results. The bios defaulted the memory at 800mhz 1.9v so I bump... Read more

A:First Gaming Rig Completed

Cool. Looks like a good build.
 

7 more replies
Answer Match 38.22%

hey im having problems with installing windows xp SP3 i boot to cd do the whole installation thing for step 1 and then it restarts and then im waiting for the continuation of the installation but it doesnt happen it boots to cd again without me pushing anything

please help!!!!!!!!!!!!!
 

A:Installation not completed

6 more replies
Answer Match 38.22%

Good evening..i have just completed the combofix scan on my Openlabs Neko TSE. Which is my music workstation with a built in computer. Please can you review my log for further advice.? I really appreciate you for this. This workstation is the key to all my productions. I have been freaking out all night. Aloha!

A:completed combofix run

Hello,That request about NOT posting CF logs is primarily to keep people from running the program unsupervised.Please read this topic: http://www.bleepingcomputer.com/forums/t/273628/combofix-usage-questions-help-look-here/ which explains that reasoning further.Please follow the instructions in ==>This Guide<== starting at step 6.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Since you have run ComboFix, please include the ComboFix log in the new topic.If you cannot produce any of the other logs, then please create the new topic anyway, include the information that you were unable to produce the other logs and why and include the ComboFix log along with a description of your computer issues.Orange Blossom

1 more replies
Answer Match 38.22%

Desktop machine.
Windows Vista Home Prem. 32b.

The computer shut itself down a few days ago while it was copying for files.
Then, it behaved abnormally after restart.
A back to the factory status recovery was performed, but it did not complete the task.
The last part of the recovery did not run.
The recovery disks, burned right after the purchase of the machine and used before, were used and they ended the same way.
The last part of the recovery did not run.

There are 3 partitions on the HDD.
Partition 0, 20GB. hidden, keeping the recovery OS.
Partition 1. 223GB. partition C.
Partition 2. 220GB. partition D.

Question:
If partition C is formatted, can recovery OS be installed on partition C ?

Thanks.
 

A:Recovery can not be completed.

What's the brand name and model name and model number of that desktop?

What's the part/product number and/or service tag number and/or serial number on it?

Which country do you live in?

--------------------------------------------------------
 

3 more replies
Answer Match 37.8%

Hi, I have already run Ad-aware using the required settings multiple times and removed everything I can on my own. Ad-aware could not remove iboboi.dll and I believe that is the root of my problem. But on startup that file is gone.

Here is my hijack this log, with the analyzer. Thank you in advance for the help!

===========================================================================================================================
Log was analyzed using HijackThis Analyzer - Updated on 1/7/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVir... Read more

A:Urllogic Pop-ups, completed all prereqs

Let's see if these logs will show us anything:

The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! (Alternate Link if main link don't work) and install it. Do not run it yet.

Before doing anything, MAKE SURE that you can keep your computer on (at least until we get it fixed). This infection requires us to detect and remove it without rebooting or restarting your computer (unless the instructions say so). If you can't keep your computer on today, then I suggest that you don't get the logs yet until you are ready. With that said (when ready):

Open up HijackThis and go to Config->Misc Tools and check the first two boxes there. Now click on the Generate StartupList log button. Post that log in your next post.

Right click on this link and choose Save As...Save it to your Desktop. Make sure you have disabled any programs that may block/disable scripts (ex: Ad-Watch, TeaTimer, Norton, etc.). Double click on Silent Runners to run it. This will take a few minutes. It will create a file called Startup Programs followed by your computer name and current date. Open up that file and post all the contents here in your next post.

Download Find-qoologic. Unzip the files to your Desktop. Open the qoologic folder and run the qoologic.bat file. Wait a few minutes for it to finish. When the dos window disappears, go to your C: drive and open up the log.txt file. Copy and p... Read more

7 more replies
Answer Match 37.8%

Recently installed kaspersky pure 2. 0 .Getting error message that backup task has not been completed. I have read that this is a known issue. Is there a solution to correct this problem? Thanks.

A:backup task has not been completed

Welcome to Seven Forumsnancy159. As you say, this is a known issue






Quote:
5. Main known issues

The maximum size limit for Quarantine and Backup and Restore does not work.
Some application windows do not correspond to Microsoft computer management from keyboard standards.
Groups of windows cannot be closed through Windows 7 taskbar.
Application window cannot be closed through Windows 7 taskbar preview.
"A backup task has not been completed" status is displayed in the general protection status and in the Backup and Restore section when backup tasks are performed.
Protection parameters cannot be reverted to default values.
AVZ reports cannot be created under 64-bit operating systems.
In some cases, characters cannot be entered using the Virtual Keyboard in entry fields of web browsers or applications.
When in Safe Run mode, Microsoft Outlook Express (Windows Mail) email client may fail to display some email messages received from the standard Microsoft Windows environment.


Kaspersky PURE 2.0: commercial release (build 12.0.1.288)

Have you tried creating a backup task?

How to create a backup task in Kaspersky PURE 2.0?

A Guy

1 more replies
Answer Match 37.8%

I had a problem with my yoga 700 11". The laptop freezes every so often (3-6 hours). At first I thought it's the drivers that need to be updated, then Windows 10 updates, then BIOS update.I tried all of that but the problem still persisted. I did the recovery reset but still the same... I created Linux system on USB flash drive and booted the laptop with it. Even under Linux the laptop was freezing.I contacted lenovo support team and they said the laptop needs to be repaired and they send me the return free postage vocher. I put my laptop in the original box and posted it as I was instructed (for some reason it was send to Germany). The company name that issued me with the postage slip was MEDION AG - A Lenovo CompanyAfter 13 days I got an email saying:"...After assessing your device, the repair center has deemed that a repair cannot be completed under the manufacturer?s warranty due the case of the device showing signs of inappropriate treatment. ..." There were two pdf documents attached to the email. one with the detailed photos of the damage ( see photo attached) and the other one, the cost estimate document. In the document I was given two options:1. accept the cost of repair (£54.65)2. not accept and the laptop would be return to me (I would be still charged fat price of £44.07)My reply was that I do not recall the laptop having this damage and I always looked after it. I was suprised when I saw the photo. I also added that my main concern was that th... Read more

More replies
Answer Match 37.8%

I just started using Microsoft 2010 and in the Outlook tasks I have created recurring tasks. In the old XP version when I completed a recurring task, the completed task would move to the top of the list. Now, it just puts it below the original task. Is there a way to automatically move completed tasks to the top of the page?
 

More replies
Answer Match 37.8%

Hi I just completed my second homebuild, I installed windows 7 pro and have been running it for over two weeks now, (got it pre release from msdna for free, thats right free, gotta love being a student, as many copies of 7, vista, xp and visual studio, and tons of other cool software for nada.)

anyway:
asus m4a78-e mobo
8gb (4x2gb) ddr3 ram
amd phenom II 945 3.0ghz quad core processor.
xfx hd 4850 1gb gddr3 gpu 256 bit with 512mb onboard already
2 x 500gb hitachi deskstar hdd's
sunbeam acb9 acrylic green led pc case (12 green leds, with 5 80mm green led fans, and custom fan grills.)
19" tft
650tx corsair psu
onboard sound and networking

it works great, so far I haven't seen the cpu go over 8% you through stuff at it it gives you a blank look and shrugs, it took a virus scan, dreamweaver, word and a few web pages (chrome) at 8% for god's sake. Anyway i'm very pleased with it.

BUT it only lists one hdd in the my computer section and that is the drive that i installed windows on, I don't know if the other one is formatted or not, I would say not, the bios recognises both of them, but my computer displays only one, i have not used raid in any form. Whats the solution?


Thanks alot, bob.
 

A:New build completed, but second hdd not recognised by os?

you shoud try this :
On "My Computer" Icon right click it and click MANAGE, click on DIsk Management..you may find your C: drive as Disc 0. Then look if you find drives that is unallocated..if you find it, click on the on it, right click and format the drive and click ok..just wait to make a 100% and you should after that it is healthy and formatted and you should the other drives now..try this tnx
 

3 more replies
Answer Match 37.8%

A neighbor brought over his computer since he knows I help folks with infections.  It appears he already ran and removed infections found with SAS Portable and MBAM.  I can include those logs if you like so let me know.
 
DDS Log
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.25.2
Run by HP_Administrator at 12:32:46 on 2013-08-16
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.958.456 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalS... Read more

A:Infected PC with some Removal Completed

Attached file ...

3 more replies
Answer Match 37.8%

Hello,

Had the "Security Center" come up on this computer...got rid of it using the tutorials on this site, along with trying all the other suggestions for removing rootkits that may be causing the redirects. Some solutions seem to run their course, others don't. Still having issues: browser redirects, browsers stop working, MBAM errors, Start menu blank, "waiting for background programs to end" on shutdown.

So, not sure where to go from here. Help please.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Chance at 6:41:48 on 2012-01-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2379 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\wind... Read more

A:Completed all self-help tutorials, still have rootkit

Hello and Welcome to the forums!My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 31. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the runn... Read more

22 more replies
Answer Match 37.8%

The action can?t be completed because the folder or a file in it is open in another program. I suspect that my anti virus, Norton 360, is stopping me from deleting a specific folder, it happens only in one specific folder.
When I restart my computer, it takes time to the regular background tasks to "wake up", so I can delete it once the computer turns on, but then something stops me from deleting the folder. I am not sure if it is Norton 360, or another problem.
Would it be a Malware?

A:The action can’t be completed because the folder or a f...

not positive what it could be ,anything knowing computers .
to see if its Norton 360. disconnect from intern ,disable Norton360 temporally ,how to do so will be in the settings of Norton , after its disable try deleting file.

just found this in google ,how to disable Norton temporally .

Try right clicking on the 360 icon in your notification area. You should be able to disable protection features for a specified time. Remember that you are unprotected while doing this, so you should disconnect from the Internet while doing this. Remember to reset the protection when you are finished.

6 more replies
Answer Match 37.8%

G'day, I'm running Windows 7 Home premium on a Dell Inspiron laptop.

When I am trying to organise my music files and folders in my music Library I randomly get this error:

The action can't be completed because the folder or a file in it is open in another program.

But there can be nothing else open, no media player, (neither WMP or Media Monkey which I usually use), or any other window open at all. This is intermittent. Sometimes it works sometimes it doesn't.

For example; I just discovered that I have a Chris De Burgh folder with a couple albums in it and another folder titled Chris De Burgh - Greatest Hits. I decided to move the latter into the former and rename the latter to simply Greatest Hits. At first it wouldn't copy into the Chris de Burgh folder at all and the dreaded error came up. I clicked on another folder, went back and tried again and it worked. After putting the CDB-GH folder into the CDB one I tried to rename it, (without opening it). The action can't be completed blah blah blah. Retry doesn't work. This time I had to close windows explorer and open it again and browse to the folder and rename it.

Sometimes it works first go, sometimes you have to click elsewhere then come back to it, sometimes you have to close explorer, sometimes it simply refuses until I restart the pooter. I've tried deleting everything in the temp folder, (%temp%) but there are files in here which won't delete either coming up with the same message. I guarantee that the f... Read more

More replies
Answer Match 37.8%

I've ran Combofix, but need someone to look at my log file. I'm still having boxes pop up like my symantic anti-virus can't work because it is on a network resource that is unavailable. The log file is below. I would really appreciate any help I could get.Thanks,DonComboFix 10-12-09.04 - Todd 12/10/2010 16:39:31.1.1 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.70 [GMT -6:00]Running from: c:\documents and settings\Todd.PHILCON\Desktop\ComboFix.exeAV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\All Users\Application Data\FuhYQAtN.exec:\documents and settings\Don\Local Settings\Application Data\{127EBD9A-1C22-44C3-8173-3067BB23059B}c:\documents and settings\Don\Local Settings\Application Data\{127EBD9A-1C22-44C3-8173-3067BB23059B}\chrome.manifestc:\documents and settings\Don\Local Settings\Application Data\{127EBD9A-1C22-44C3-8173-3067BB23059B}\chrome\content\_cfg.jsc:\documents and settings\Don\Local Settings\Application Data\{127EBD9A-1C22-44C3-8173-3067BB23059B}\chrome\content\overlay.xulc:\documents and settings\Don\Local Settings\Applicat... Read more

A:Combofix completed - need help with log file

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting... Read more

2 more replies
Answer Match 37.8%

Not sure if this is the correct forum to post this in but..

Have installed Windows 8 64bit on three computers, all similar spec (amd a8 processors and gigabyte f2 motherboards with 8gig ram.)

Windows seems to be ok in every other respect other than I am getting an error in the metro store. When trying to install any app I get the error:

I have searched the internet for this error, and although I can find similar errors, I can see no one else having the error code with the same scrambled type.

We got around the error by signing in to a microsoft account, but then we are unable to create a pin for said account (the cursor just spins).

This happens on all three computers.

Any help greatly appreciated.

A:your purchase couldn't be completed

Have you tried copying & pasting the error code in Google ?

I find that helps.

EDIT--

I Googled & found nothing.

Perhaps this phone number will help.
I've used it & got good help from Microsoft.

Microsoft Product Support Customer Phone Number | Shortest Wait | Best Support | GetHuman.com

2 more replies
Answer Match 37.8%

I got my P50 a few weeks ago and yesterday its LCD went half black. OK, this happens.I turned it into authorized premium repair center and they got LCD replaced (as my P50 is under warranty). No big deal.However, they could not re-calibrate the new LCD screen because I do not run Windows on my P50 (running Kubuntu).It would not be a big deal either (the Panel Replacement Utility they have does not run on Linux, but I can live without that), however there is one worrying thing: by my request, they printed Lenove repair instructions for me where it is stated, that "Failing to run the Panel Replacement Utility program will require another LCD panel replacement". Please note "will require". My interpretation of this statement is that LCD will fail again unless I run this Panel Replacement Utility which requires Windows (not Linux version exists). Repair guys could not comment on that in either direction.REALLY????So, despite the fact that nor P50 user guide nor warranty description limit me from using non-Windows OS, the P50 cannot be repaired to be used in full capacity unless I use Windows.Do I miss anything? Is this an official position of Lenovo on non-Windows OS use on ThinkPad P50?

More replies
Answer Match 37.8%

hi there,
plese consider that who's writing (me) is a sw/hw total illiterate..
 
months ago i downloaded a .exe (then uninstalled) to upload videos on youtube and from that time:
 
- at every web connection (firefox), the start page is http://istart.webssearches.com + the last web page visited at previous connection (two windows). i set up new homepage but nothing changes.
- pop ups frequently open (then disabled via settings).
- mouse stops/blocks for a second while using it.
 
i downloaded combofix and let it run. everything seems worked correctly, but now i don't know how to proceed.
here below the log i got - integral copy&paste - now saved on desktop.
if i understood well, malware etc will be removed once combofix is uninstalled and i still have to uninstall it..
 
i hope you can help me about how to proceed.
 
thanks++
iggy
 
 
 
ComboFix 14-05-19.01 - user 19/05/2014  19.13.03.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.39.1040.18.1919.1432 [GMT 2:00]
Eseguito da: c:\documents and settings\user\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dati applicazioni\kp_0loor.pad
c:\documents and settings\user\Dati applicazioni\cacaoweb
c:\documents and settings\user\Dati applicazion... Read more

A:ComboFix ran&completed - don't know how to proceed

..if i understood well, malware etc will be removed once combofix is uninstalled and i still have to uninstall it.. ...that is not true...  Hello iggy1427,my name is Jo and I will help you with your computer problems.Please follow these guidelines:Logs can take a while to research, so please be patient.Read and follow the instructions in the sequence they are posted.print or copy & save instructions.back up all your private data / important files on another (external) drive before using our tools.Do not install / uninstall any applications, unless otherwise instructed.Use only that tools you have been instructed to use.Copy and Paste the log files inside your post, unless otherwise instructed.Ask for clarification, if you have any questions. Stay with this topic til you get the all clean post.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.***1. Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.Vista / Windows 7/8 users right-click and select Run As Administrator.A Notepad document should open automatically called checkup.txt; please post the contents of that document.***2. Download OTL to your desktop.Double click on the icon to run it.Vista / Windows 7/8 users right-click and select Run As Administrator.Make sure all other windows are closed and to let it ... Read more

3 more replies
Answer Match 37.8%

Hi
 
Looking for some help resolving this issue. Computer was acting strange. Scanned with Norton 360 and Malwarebytes and found nothing. Ran TDSSkiller, found and removed a rootkit. Now, when I try to  run Combofix, it stops at Stage 48. The hard drive light is solid, so I figured it would eventually complete, but it does not.
 
Can you help?
 
thanks
 
drobtoy

A:stuck on 'Completed Stage_48'

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

19 more replies
Answer Match 37.8%

hi guys,

every single time I try to rename a folder the boring message "The action can't be completed because the folder or the file is in use" appears even if apparently neither the folder or a file in it is in use.

What I have to do is: Task Manager > Explorer.exe > End Process > File > New Task > Explorer.exe and I am able to rename the folder.

It is a really boring process and I find this process really stupid. The folders I am trying to rename are full of pictures, I think it is something related to the Thumbs files.

Anybody of you have the same issue? Any possible solution?

Thanks

A:PLEASE HELP - The action can't be completed because the folder....

OpenedFilesView - View opened/locked files in your system (sharing violation issues)
Download somewhere at bottom of page.
What file is opened by explorer.exe in that folder?

9 more replies
Answer Match 37.8%

I've run CHKDSK on a couple of laptops today, and in each case, after hanging for ages around 10-11%, the laptop rebooted while my back was turned. (The process was run at boot and the internet was not connected at the time.)

Is there a way to check if the process completed and what it did?

There is a CBS log with today's date, with entries that correspond time-wise to the CHKDSK activity, but I don't understand them. At the end there are several entries like this:

Can anyone explain what this means please, and if I have a problem?

Coincidentally (or not) There are similar 'Failed to internally open....' entries in the CBS log from when I turned the laptop back on later in the morning.

A:How do I know if CHKDSK completed successfully?

Hi, check this tutorials CHKDSK - Check a Drive for Errors in Windows 8 and Check Disk (chkdsk) - Read Event Viewer Log - Windows 7 Help Forums to see if they will help you.

Good luck, werty

3 more replies
Answer Match 37.8%

After the automatic update this morning my desktop shows normal - BUT NO MOUSE. A warning pops out in the lower right corner that says something about the update did not complete - Click for details, But I can't click on anything!!!
 

A:W10 Update not completed - No Mouse

Can you use the cursor arrows to navigate there?
 

2 more replies
Answer Match 37.8%

I am using SQL Server 7.0.
I have databases DB1 (only current values) and DB2 (both current and old - keeps history). When I update (or insert), on DB1, a copy of the row I am working on has to be sent to DB2 using a trigger. What gets completed first? The update process on DB1 or the action started by the trigger? I am asking this because of what I found at this site:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/architec/8_ar_da_1tup.asp

…..
You can use the FOR clause to specify when a trigger is executed:
AFTER
The trigger executes after the statement that triggered it completes. If the statement fails with an error, such as a constraint violation or syntax error, the trigger is not executed. AFTER triggers cannot be specified for views, they can only be specified for tables. You can specify multiple AFTER triggers for each triggering action (INSERT, UPDATE, or DELETE). If you have multiple AFTER triggers for a table, you can use sp_settriggerorder to define which AFTER trigger fires first and which fires last. All other AFTER triggers besides the first and last fire in an undefined order which you cannot control.

AFTER is the default in SQL Server 2000. You could not specify AFTER or INSTEAD OF in SQL Server version 7.0 or earlier, all triggers in those versions operated as AFTER triggers.

…..

This statement sounds confusing?
 

A:Which is completed 1st? a transaction or a trigger?

Enforcing Business Rules with Triggers
Microsoft® SQL Server™ 2000 provides two primary mechanisms for enforcing business rules and data integrity: constraints and triggers. A trigger is a special type of stored procedure that automatically takes effect when the data in a specified table is modified. A trigger is invoked in response to an INSERT, UPDATE, or DELETE statement. A trigger can query other tables and can include complex Transact-SQL statements. The trigger and the statement that fires it are treated as a single transaction, which can be rolled back from within the trigger. If a severe error is detected (for example, insufficient disk space), the entire transaction automatically rolls back.
This means that the trigger completes before the transaction, you can rollback a transaction within a trigger as mentioned above so in your case the action started by the trigger completes before the update action.
 

2 more replies
Answer Match 37.8%

I apologize if this forum is meant for tech people as I'm a novice computer user, but I really need help.  I have Windows 7 x64 and I used RoboCopy for the first time, and have messed up royally.  I was trying to copy folders and files from my
computer to an external hard drive.  My external hard drive had important files and folders on it already, and I thought that copying more data using RoboCopy would just add to it, but it deleted everything that was on the external hard drive when it
copied the additional data.  
Can I undo what just happened?  Is there any way to revert?  Or maybe there's some way to recover that deleted data?
I used:  Robocopy C:\Users\Name\Documents F:/MIR /dcopy:T
I would be really grateful to be helped.  Thanks in advance.

More replies
Answer Match 37.8%

I'll give some background.

I have a tri-boot setup. Windows 8 one ssd, windows 7 pro on a second ssd and ubuntu 13.04 on a partition on a 2 gig raid 1. The boot partition is on the windows 7 ssd. All drives are on the same Intel controller. Prior to the 8.1 attempt it worked. I'd boot the w7 ssd and a black win7 style boot screen would appear with the 3 OS choices. I'd been using win 8 as primary since it's release with no real issues.

I updated through the store early today and the process had a hitch after the first reboot but I rebooted and it completed the install. Windows 8.1 started and walked me though an initial setup. Once in, all looked pretty much unchanged. The only issued was it asked me to reinstall some XLan software.

I rebooted to check my other OS's and the problems began. I boot up, it loaded the blue win8 boot screen with all 3 OS present when I attempted to boot ubuntu it went to a black screen with no possible input. Hard rebooting brought up the grub bootloader (not win8 bootscreen) and I was able to enter ubuntu. Same thing happened with win 7 pro. I soft rebooted and the win 8 bootscreen appeared. Choosing win 7 took me to a hung black screen - hard reboot directly started up win 7. Restarting to win 8 bootscreen again and choosing win8.1 took me to another black screen - Hard reboot from there started up a win 8 repair process.

This is always the case with each of the 3 OS's. I have found that I can get into win8 if I enter through safe mode ... Read more

A:8.1 update completed but problematic

I have the exact same problem. I even had the XLan error you described. Once I restarted the computer, it always go to a black screen. I do not have multiple OS's to boot into, but the black screen always comes up after the little blue windows 8 loading screen.

If you get your issue solved, please report back.

Update:

When I tried your suggestion of enabling Debugging, it loaded up. However, 1-2 minutes later it would freeze and I would have to push the reset button on the machine. In Safe Mode, I didn't have any of the freezing, but when I tried to uninstall Norton Internet Security, it would freeze. After a restart, I downloaded the Norton Removal Tool, and removed Norton. At this point, starting Windows 8.1 with Debugging allows me to stay freeze-free. However, trying to start up without Debugging gives me the same black screen.

Another thing to note is that when I have all non-Microsoft services stopped, I still get the black screen upon bootup. I'm not quite sure what Debugging mode does in terms of bootup, but its definitely a workaround for now. I used msconfig.exe to keep debugging turned on for now.

Again, if someone figures out the fix, report back.

2 more replies
Answer Match 37.8%

Hi, I just built a new computer, and it's running XP Pro 64-bit. It ran fine for the first week, but now I'm getting a problem everytime I open "My Computer". Instead of showing my drives, it does the search animation. After a minute or two, it will either find all the drives, or it will say something like "This operation could not be completed because (something) is being used by another program." and gives me two options: "Retry", or "Switch To". When I click "Switch To" it opens my "Start" menu.

A (possibly) related problem is when I open IE, I get shown a set-up menu, but when I click "Save Changes" the webpage hangs. I can bypass this and use the internet fine though. Also, my computer randomly hangs sometimes when playing games.

I'm pretty disappointed with all these errors on what was supposed to be my fresh computer... Any help is appreciated.
 

More replies
Answer Match 37.8%

Trying to restart will not allow me to login, keeps telling me wrong pass word, (didn't think i had setone yet)think its microsoft thats causing the problem, it says i need a removeable media, what the hell is one ofthem. i'm already on line at home.     Can anyone help me please 

A:New netbook setup not completed,

Hello, Thank you for posting in the HP Support forum. Is this re. Windows login ? You can't login to Windows? If yes, I have encounter such a problem once only but was with Win 8. Anyway - if this is a new computer you can revert the software back to factory default settings. Eventually you should create a local account (not login with Microsoft account). At the end, you can always migrate the local account to Microsoft account. If this is not re. Windows login, please provide back details.

1 more replies
Answer Match 37.8%

Thanks a lot to everybody who paid attention to my problems with windows 7 installation.

Finally I went to my university and took from their a windows 7 pro dvd and everything worked perfect. I also managed to install the windows over both windows XP and 7 thanks to your advices and tutorials.
Thanks a lot once again from the not so hot now Greece

A:Installation completed with success!!!!

You're welcome! Thanks for posting back. It means a lot to those that have worked hard to help others when they come back with thanks.

2 more replies
Answer Match 37.8%

Hello,

This is a follow-up to my original thread here -

http://www.sevenforums.com/crashes-d...ease-help.html

I completed 1 RMA with HP and the teleplan service center guys sent me the machine back with the note - no issues found, reloaded OS. This time they loaded the OS with SATA controller as IDE as opposed to the default RAID setting that had come when I had purchased the system.

I let it run overnight hoping for the best but see the BSOD error in morning - I would really appreciate if somebody can pin point the issue so in the next RMA I can advise HP Teleplan guys about it - they seem to not spend great deal of time researching the issue but try to do a quick fix that obviously didn't work.

Appreciate all your help !

PS - my System specs -

System Manufacturer/Model Number HP Pavilion Elite HPE-210F
OS Windows 7 Home Premium 64 Bit
CPU AMD Phenom(tm) II X4 945 Processor, 3000 Mhz, 4 Core
Motherboard H-RS880-uATX (Aloe)
Memory 8 GB PC3-10600 MB/sec (message as PC3-8500)
Graphics Card ATI Radeon HD 5450
Sound Card Integrated Realtec ALC888S Audio
Monitor(s) Displays Acer? H243H
Screen Resolution 1920 x 1080
Keyboard HP USB
Mouse Microsoft Compact Optical Mouse Model: 1016
PSU Bestec 300W
Case Mid-size ATX
Hard Drives Western Digital Caviar Green WD10EADS-65M28X
Internet Speed ATT DSL 6 MBPS

A:1st RMA completed - still random BSOD

Your dumps indicate conflicts and memory corruption. Uninstall Symantec using this removal tool: Tool. Many third party security programs create conflicts with Win 7 and Norton is no exception. Norton was involved in one of the crashes. Download and install Microsoft Security Essentials. It will not cause conflicts. Make sure Windows firewall is turned on.

Uninstall or upgrade CyberLink. Its driver, 000.fcl, Fri Sep 26 09:11:22 2008, is out of date. Outdated drivers can and do cause conflicts and BSOD's.

I find another slightly out of date driver loaded on your system. Update this driver from the link provided.





Quote:
usbfilter.sys Fri Apr 03 07:39:51 2009 - AMD USB Filter Driver (likely part of the chipset drivers). http://support.amd.com/us/Pages/AMDSupportHub.aspx. Update this driver.


Follow these suggestion, reboot and let's see if your system is more stable. Post back and let us know. If you get anohter BSOD, upload it and we will go from there.

Code:
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0xfffff800`02804000 PsLoadedModuleList = 0xfffff800`02a41e50
Debug session time: Thu Dec 16 09:41:31.624 2010 (GMT-5)
System Uptime: 0 days 8:53:11.013
Loading Kernel Symbols
...............................................................
................................................................. Read more

8 more replies
Answer Match 37.8%

Dear Broni and All,

I have completed all steps, and ran the security programmes recommended in this thread:

http://www.techspot.com/community/topics/keep-getting-stupid-shopping-malware-installed.208648/

However, I am still getting pop-ups and adware related problems, which means that the underlying problem has not been resolved.
These are the programmes that I have run (today, 18/05/2015):
-RogueKiller
-Mbar
-AdwCleaner (it removed NickelBlock, AllCheeiaPPPriCe, DowwnSaave, SaVieNeewaApupoz)
-Junkware Remover
-Farbar Recovery Tool
-Farbar Security Scanner
-Security Check
-Tempfile Cleaner

I am currently running Sophos.
My laptop runs Windows 8.1, and Combofix does not support it.
The antivirus that I have is Kaspersky (I previously had Microsoft Security Essential), and Windows Defender. The malware was not detected by a Kaspersky and Spybot full scan a few days ago. However, on the 26th of April, I manually uninstalled some adware, and then ran full scans, which showed nothing.

As you can imagine, I don't think I have many options left, and formatting my laptop is a dreadful prospect. I was wondering if you could give me some advice.
I have kept all logs of the security programmes that I've run.

Thank you in advance, and looking forward to hearing from you.
 

A:Completed all instructions, but still getting adware pop-ups

Welcome aboard

Never follow steps from other topics. Every computer is unique.

Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

57 more replies
Answer Match 37.8%

Hello TSF -

Recently, i have had a problem with my system restore. After i attempt a restore, the computer reboots fine and acts as if it did the restore, but when i sign it, i get a messege saying system restore incomplete, or something along those lines. I decided to check the sr.inf file, right clicked and clicked install, but it said i need a windows XP sp3 cd, and i only have the original SP2 cd, not Sp3. Also i'm not sure if that will even fix the probem, has anyone else seen this problem? any help would be greatly appreciated!

-Thank you.

More replies
Answer Match 37.38%

I posted this in the previous thread in the networking section and was advised to follow the 5 step guide and post the logs in here.

This is the previous post and the logs.

I have had a read of the alot of forums including this one and noticed a few people having similar issues however no solid solutions have been offered.
Many claim the problem relates to malware but i see no evidence of that.

The Situation.
I have recently moved into a new place and have connected to a freedom plus cable internet account with Optus in Australia, They have supplied me with a wireless netgear cable modem (CG814Wg v3) and a Netgear Wireless USB adapter (WG111 v2) However I am currently connected to the modem with an Ethernet cable. To try and Diagnose my problem.

The Issue
Upon starting the computer all software has access to the internet without hitch however after a short period of time (Between 5mins and 30mins) All software will lose access to the internet. MSN messenger will say it cannot establish a conection, Mozilla FF will show a blank page with "Done" in the loading progress bar displayed, IE will say it can not access the webpage and games will stay at the connecting phase indefinetly. Windows will claim the connection is still active and pinging google via command prompt returns positive results with no loss. Repairing the connection does nothing, the only thing that allows me access again is to restart the computer. The same issue occurs regardless of wea... Read more

A:Completed the 5 step Logging Procedure Now after your help :)

During boot up this morning I opened device manager and ended the process tree on
Explorer.exe and then started it again. Since doing so I have not dropped out yet, However the net is still running rather slow.

3 more replies
Answer Match 37.38%

I ran the scan and will now try to send.

Thank You

A:HKLM Problem - Download Completed

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

I need to see the dds logs in order to help you.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post/attach the logs in your next reply.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

------------------------------------------------------

2 more replies
Answer Match 37.38%

So I finally got everything ready for a complete format and reinstall. Everything went smooth but now im stuck with no drivers. Figures i found the program that backs up your drivers after i finished it. Anyways, i went to the Dell site(own a dimension 3000) on my laptop and downloaded the driver restore tool onto my thumb drive. I used to program on my desktop and it recognized that the hardware didn't have drivers but then didn't restore anything. Can someone help me out here and maybe point me in the correct direction to find my drivers. Thanks.
 

A:Completed hard drive format

12 more replies
Answer Match 37.38%

I have a Word 2007 form template that is locked so that the users can fill in the forms, but there are several areas of the form where the user can input addresses and they will need to copy these addresses after the form is filled out in order to make mailing labels, so I need some code or a macro to unprotect the form so that they can copy the addresses. I don't want to show them how to manually unlock forms because some of them can get pretty creative and I don't want them changing the ORIGINAL form template.
 

More replies
Answer Match 37.38%

Just wanted to add my story, similar to above.  Product# F3F15UA#ABA, 10" Pavilion notebook.  Win 10 Anniversary Edition update will not install. Machine gets to 32% and then locks up completely; grey blank screen. Have to unplug and remove battery to shut down.   After powering back, automaticaly recovered to previous version of Win 10 (1511).  Machine now almost unusable since it spends all day re-downloading the update files and then doing an automatic update reboot every evening. This has happened 4 times already; now keeping it in airplane mode.  Was on MS Assure service for hours.  2nd  tier guy said to just wait for MS to come out with a revised version of the update. Tried installing MS registry update fix (MSI) issued 10/5, but did not fix the problem. I have a completely clean machine, all drivers up-to-date, nothing installed except Office 365 and 7-Zip.  Installed Win 10 1511 as a complete replacement (OS and all apps) a few months ago and performance improved tremendously.  Except for this update problem, after the OS replacement PC works very well (for a slow, under-memory PC).  I mainly use it to take to meetings to give PowerPoint presentations, for which it works just fine.  I never do email with it or download apps. Above reply suggests updating from a USB after a image backup.  Can try that to see if I get a better result, but wonder if it would be better to skip "update" and, i... Read more

More replies
Answer Match 37.38%

Export SharedTaskScheduler key
------------------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

A:Smitrem And Rogue Scan Completed... Still Need Help.

If your still having problems after using the self-help guide, then please read and follow all instructions in the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". You may have performed some of these steps already. About half way down are instructions for downloading HijackThis and creating a log.When you have done that, post a log in the HijackThis Logs and Analysis Forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. Please include the top portion of the HijackThis log that lists version information. An expert will analyze your log and reply with instructions advising you what to fix.Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff ... Read more

1 more replies
Answer Match 37.38%

@DerbyDad03 provided the following code, which I amended the targets to suit my personal needs:Private Sub Worksheet_Change(ByVal Target As Range) If Target.Column = 1 Then If Target = "Closed" Then Application.EnableEvents = False If Target = "Moved" Then Application.EnableEvents = False nxtRow = Sheets("Closed").Range("A" & Rows.Count).End(xlUp).Row + 1 Target.EntireRow.Copy _ Destination:=Sheets("Closed").Range("A" & nxtRow) Target.EntireRow.Delete End If End If Application.EnableEvents = TrueEnd SubThe code works for my spreadsheet when I select 'Closed' in Sheet 1, moving it to Sheet 2 perfectly. Any chance anyome could show me an amended code to prompt more than one word (target) to move a row to another sheet? Using the above example, when 'Closed' or 'Moved' is selected from a drop down list, the row moves to another sheet. Appreciate it.

More replies
Answer Match 37.38%

I try to change the priority of warcraft 3 but it tells me "the operation could not be completed access is denied". Yes I am the only user and administator on the pc so how can I make the warcraft 3 priority higher? I play the game sometimes and when I do I lag in this game called green td because of to many monsters or something. I know its not my pc because I can play GTA IV on high/highest on all settings at 1920x1080 resolution with a solid 25 fps with normal priority. Anyways here my specs:

AMD Phenom II X2 511 3.4Ghz
5gigs of ddr3 ram
Nvidia Geforce 9600 GSO verto 768MB GDDR3
750GB HD with 435GB free

Green td is the only game I lag at so I wanna try changing the priority but I can't so any help would be great.

I also have a good internet plan so I am not sure why I lag. I have a 25/25 Mbps plan from verizon fios.

A:the operation could not be completed access is denied

Hello iseeu1001,

Why do you want to change the priority of Warcraft (I am assuming the process)?

Also, I am not familiar with Green TD... I don't know if changing the priority of the process will help your lag at all.

11 more replies
Answer Match 37.38%

I have an Excel work book used to track purchase orders that are to be shipped and received. We have 4 sheets "To Be Received" "Received" To Be Shipped" "Shipped" What I want to be able to do is select an entire row and cut and paste it to the other sheet (ie. "To Be Shipped" sheet to "Shipped" sheet) I am having trouble getting it to work on active rows. Any help would be very much appreciated
 

A:Move a completed order from one worksheet to a second

nogdolan said:

I am having trouble getting it to work on active rows. Click to expand...

What trouble exactly? does the original row contain formulas?
 

1 more replies
Answer Match 37.38%

I have installed vista in safe mode when it restarted as finalization of installed then its not running. again Tried to install in safe mode. The message appeared " Windows did not completed installed, please restart . . . . I restarted , but it can not running windows, it hanged. please help me

A:Windows did not completed installation, please restart

Hi Douglasbradley,

Welcome to Vista Forums!

I must say you have me somewhat confused. I need your help clarifying the situation with more information and by answering some questions.

How exactly did you "install" Vista from safe mode? What exactly did you do (and what exactly are you trying to do and why are you trying to do it)? I don't quite understand the situation. Could you please explain in detail exactly what you are attempting, why you are attempting it, how you are attempting it, and the situation at the moment. What are you using to do the installation (a genuine Vista Installation CD, a Recovery Disk, a Recovery Partition, or what)? What method of installation are you using? What type of installation are you trying to do? Why are you trying to do it from Safe Mode (and can you get into safe mode now or are you unable to do so any longer)?

Thanks!

6 more replies
Answer Match 37.38%

I am really liking the expanded "notifications" section of Windows 10. Is there anything out there that allows for you to get OS operation notification E.G. File copy completed notification, and so on. It looks like right now it is only based on if the installed app supports it. I do a ton of file copying and moving and it would be nice to get it popping up and dinging saying it has completed.
 

More replies
Answer Match 37.38%

Intel Core 2 Duo E6750
2gb Ram DDR2 800mhz
Intel P35 Motherboard
Bundle of CPU, Mobo and RAM:240 pound
PowerColor ATI Radeon 3870 XT Xtreme graphics card:129 pound
Coolermaster Case and PSU:43 pound
SATA HDD:32 pound
DVD R/W DRive:19 pound
Windows Vista

or this psu(with my old case):60 pound
this would drive the total to 540 quid.

Overall=523 pound.

Will this all work together?
Is it good enough to be a gaming pc on Vista?
All components ok?
Unfortunately, i have a budget of 500 quid, which was broken a bit by Vista, so cant break it any further
Thanks
MrRandomer
 

A:Completed Idea for a rig. Comments and Ratings please?

that's one heavy computer... (just kidding)... I can't comment on the price, but the only think you listed that may not "work together" because it's often overlooked is the power supply. You didn't say which one you are using, but cheap power supplies and often those included with cases will not work with high-power systems (core 2 duo + 3870), even though the power supply may advertise high power ratings.
 

2 more replies
Answer Match 37.38%

Hi,

Today I keep getting this famous window popping up in the middle of my screen and no matter how many times I reboot it reappears again.
I know you've had threads on this before but I thought I should post a log from Hijack This in case my version is specific:

By the way I'm using Firefox not Internet Explorer

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:33:50, on 18/07/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\Program Files\AVG\AVG10\AVGCHSVX.EXE
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Acer\OrbiCam10\OrbiCam.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Google\Google Desktop Search\GoogleD... Read more

A:This action cannot be completed because the other program is busy etc..

16 more replies
Answer Match 37.38%

Just installed new 48 speed burner--newly completed CD's when played on a multi disc STEREO, upon completion just stops and will not move automatically to play the next cd. I am using another writer (16 speed ) as a CD ROM and when cd's are made on that writer , it works correctly. Existing CD's move properly .

Speed works properly except that it only gives me options up to 40 speed even when I insert a 46 speed media-- that's not a big problem unless it relates to the above major problem---

I am using ROXIO 5 software on XP with 2.4 g cpu

Help would be greatly appreciated. Thanks Ralph
 

A:Completed burned CD Play PROBLEM

Make sure you set it up to close the disk.

It isn’t that unusual for the burner to analyze the CD and decide it shouldn’t be burned at the speed on the CD media box. It would be unusual if the media was Taiyo Yuden, Sony or Fuji, but not so for rebadgers who grab whatever is cheap like TDK, Imation, Maxell or a long list of discounted El Cheapos.
 

2 more replies
Answer Match 37.38%

Computer goes through it's diagnostics, Dell splash screen, and finally the complete desktop appears. After 15 seconds, the computer shuts down. The power is still on as I can open and close the dvd tray. After waiting approx. 30 minutes, I am able to start the computer and the same thing happens. I have tried replacing the main power supply and the main fan circulation air over the CPU. Any ideas or suggestions?

More replies
Answer Match 37.38%

I cannot shut down program anymore via the task manager plz tell me why is the a fix
for this please i going crazy over this XP Pro
 

A:The operation could not be completed - access denied

Some programs cannot be terminated via task manager, however, try opening your web browser and then try to terminate it.
For Internet Explorer the process is IEPLORER.EXE or iexplorer.exe (WARNING!: Do not terminate explorer.exe, terminate iexplorer.exe)
For Mozilla Firefox the process is firefox.exe
good luck, smartguy01

 

1 more replies
Answer Match 37.38%

I'm installing some adobe software, which, for some reason, requires chrome to close.

When I close chrome.exe, I get this error:



This only happens to the main chrome.exe process, not the browser, extensions, etc.

I've tried restarting my computer, but it runs at startup and I still can't stop it.

A:Chrome.exe force close could not be completed.

try

Force browser processes to close
If a tab, window, or extension is not working properly, you can use the task manager in either Chrome or Windows to force it to close. Chrome uses a "multiple processes architecture", which means its processes are designed to work independent of one another. So issues in one tab shouldn’t affect the performance of other tabs or the overall responsiveness of the browser.

In many ways, the task manager is like a hospital monitor: you can use it to track the performance of its internal processes. If the browser seems to be sluggish, open the task manager to find details about each active process and close the one that seems to be using up a lot of resources.

Using Chrome’s task manager

Follow these steps to open the task manager:

Click the Chrome menu on the browser toolbar.
Select Tools.
Select Task manager.
In the dialog that appears, select the process you want to close. You’ll find five types of processes listed:
Browser: This process manages all your open tabs and windows and monitors them for suspicious activity. Close this process if you want to force everything in the browser to end.
Renderers: Each of the tabs and apps listed represents a renderer process. Close a tab or app if it isn’t displaying properly.
Plug-ins: If a webpage uses a special process to display rich content on its page, the process, also known as a plug-in, will be listed. Common types of plug-ins include Flash, Quicktime, an... Read more

2 more replies
Answer Match 37.38%

Hi Jason,

I have followed the steps outlined in the Malware Prep Guide. I was able to run both the DDS and GMER scans. The GMER scan completed with the message 'Warning, GMER has found system modification caused by ROOTKIT activity'.

FYI, I was unable to run Defogger - after downloading, received the message 'unable to open file'. I'm not exactly sure what disk emulation software is, but I am pretty sure that I have never intentionally loaded any.

I appreciate your time and support. One thing I have not found on the site is info on what this virus maybe doing while living on my machine. Is it safe to use IE? I'm avoiding important and high-risk things like banking and other financial transactions. Are there other risks?

Thanks again,

Jane

DDS log

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Jane at 17:39:04 on 2012-03-13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2940.292 [GMT -4:00]
.
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\install... Read more

A:Redirect Virus - scans completed

Original post was in 'Am I Infected' forum, dated 3/13, 9:46 am.

17 more replies
Answer Match 37.38%

I am using outlook 2003 with an exchange server. I use my task list as a todo list. When I mark something as complete I see it has a strike through. The next day I come to my computer and the item that I checked of and had a strike through is gone. Does any body know where this went? I would like to keep these items as a reminder for when I fill out my timesheet.

thanx
 

A:Solved: outlook completed tasks

6 more replies
Answer Match 37.38%

My computer keeps getting stuck whenever I try to turn it on. It gets stuck on the page that says " Usn journal varification completed "

I can never get off this page and I haven't beed able to get on the computer in two weeks

Does anyone know how to fix it??

A:USN journal verification completed. STUCK >:(

Press F8 at bootup. In the Advanced Boot menu try Safe Mode. Then you can do a System Restore to a time before this happened. If this also fails, if you have an XP CD boot off of that and get to the Recovery Console here type chkdsk /R and press enter. Check Disk will test the integrity of the HDD and files. It may take a while.
If you don't have an XP CD on another computer, download the ISO image for Seatools in my signature. Burn the image to CD using IMGBurn also in my signature. Boot off of the newly created CD and run the quick and long test on the HDD. If either test fails, the HDD needs to be replaced.

1 more replies
Answer Match 37.38%

Ok.. DDS file:


DDS (Ver_09-05-14.01) - NTFSx86
Run by Administrator at 17:16:58.42 on Mon 06/22/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1484 [GMT -4:00]

AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: ZoneAlarm Security Suite Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Progra... Read more

A:Gxvxc Data, completed instructions now

Hi,

Please do the following:

Please download ComboFix from Here or Here to your Desktop.
**Note:**In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**If you are using Firefox, make sure that your download settings are as follows:Tools->Options->Main tab
Set to "Always ask me where to Save the files".

During the download, rename Combofix to Combo-Fix as follows:




It is important you rename Combofix during the download, but not after.
Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Close any open browsers.
If there is no internet connection after running Combofix, then restart your computer to rest... Read more

8 more replies
Answer Match 37.38%

I completed Microbell's five step process. I am here because spybot found torpig but couldn't remove it. I could not update to SP1a or SP2, I received a set-up error noting it could not complete the install. Below is the main text file from dss with the extra text file attached. I am looking to clean out the torpig trojan and any other additional virus's. I would also appreciate any help on why I cannot update to SP1a or SP2
Deckard's System Scanner v20070426.43
Run by Unger's on 2007-05-17 at 22:58:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
68: 2007-05-18 03:58:32 UTC - RP383 - Deckard's System Scanner Restore Point
67: 2007-05-18 03:49:00 UTC - RP382 - Installed Windows XP Service Pack 1.
66: 2007-05-18 01:34:58 UTC - RP381 - Installed Windows Media Player 10 KB917734_WMP10.
65: 2007-05-18 01:33:23 UTC - RP380 - Installed Windows XP KB899587.
64: 2007-05-18 01:32:16 UTC - RP379 - Installed Windows XP KB924191.


-- First Restore Point --
1: 2007-02-17 12:38:29 UTC - RP316 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Unger's.exe) ---------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:02:22 PM, on 5/17/2007
P... Read more

A:Help with Torpig trojan, completed 5 step

Here is the info from the Panda log

Incident Status Location

Adware:adware/cws.searchmeup Not disinfected c:\windows\kl.exe
Adware:adware/webattaker Not disinfected c:\windows\uniq
Adware:adware/searchexe Not disinfected Windows Registry ... Read more

7 more replies
Answer Match 37.38%

When updating to Windows 10 Anniversery Update (1607) everything goes fine till the first restart of the computer.Nothing happens even if you wait for about 8 hours. The screen is blank and the keyboard does not respond. After having turned of the computer and started it again you get the information: "Restore the earlier version of Windows..."  (Windows10 for home use).

More replies
Answer Match 37.38%

How do I get game results after they are posted. In a close game, I don't even know who won!
 

A:EA Scrabble--don't get completed game info.

It is the latest version of ios on ipad 2
 

1 more replies
Answer Match 37.38%

Outlook 2000 SP3 in Internet Mail Only mode. The user is annoyed by a windows that pops up saying "The requested tasks were completed successfully". Is there a way to turn it off in Outlook 2000?

A:The Requested Tasks Were Completed Successfully

Found this suggestion:

"Bottom right hand corner of the Send/Receive box. Click on the push pin."
Mark

1 more replies
Answer Match 37.38%

I am running windows vista and a couple months back I got the Antivirus Action and used the guides here to rid the problem successfully. Twice. Thanks for the guides.

I got Antivirus Scan now and I went through the steps in the guide for this issue. Unfortunately I am still infected. I have tried the process again, however RKill and MBAM find nothing. I am able to run in Safe Mode (which I am doing now). When I first start safe mode Firefox does not attempt to use the proxy (and does not need the setting changed) IE does still require the proxy fix.

I'm hoping to avoid completely restoring the system...any advice? Thank you.

More replies