Tech Problem Aggregator

Protection System removal

Q: Protection System removal

A friend had the Protection System variant of Fake AV on is Vista PC. I was able to remove with malware bytes and cleaned up the registry with Regmechanic. the system appears to be fine Scans with Malware Bytes, AVG 8.5, Trend micro's root kit buster and house call all come up clean at this point. However as all of you are saying AVG 8.5 is out of date that is where I am running into issues. When I try to install AVG 9.0 it tells me that there is a conflicting software package installed: Protection System, and will not complete the install.I have searched the registry, and file system for anything that might be telling AVG that it still exists but am coming up with nothing.Below is my hijackthis log, possibly someone here knows what I have overlooked or can spot it in the log.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:54:57 PM, on 4/9/2010Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v7.00 (7.00.6002.18005)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Apoint\Apoint.exeC:\Windows\System32\WLTRAY.EXEC:\Program Files\Apoint\ApMsgFwd.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exeC:\Program Files\Wave Systems Corp\SecureUpgrade.exeC:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exeC:\Program Files\AVG\AVG8\avgtray.exeC:\Program Files\Apoint\HidFind.exeC:\Program Files\Apoint\Apntex.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files\Dell V305\dldtmon.exeC:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exeC:\Windows\System32\KADxMain.exeC:\Program Files\Dell V305\dldtMsdMon.exeC:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\User\Downloads\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com" target="_blank" class="invilink">http://www.dell.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.comR1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080410R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhostO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dllO2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dllO3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dllO4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hideO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exeO4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exeO4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exeO4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exeO4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exeO4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"O4 - HKLM\..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exeO4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exeO4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupO4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exeO4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exeO4 - HKLM\..\Run: [dldtmon.exe] "C:\Program Files\Dell V305\dldtmon.exe"O4 - HKLM\..\Run: [dldtamon] "C:\Program Files\Dell V305\dldtamon.exe"O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /backgroundO4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exeO4 - HKLM\..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exeO4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunO4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupO4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -schedulerO4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exeO4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exeO4 - Global Startup: VPN Client.lnk = ?O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO13 - Gopher Prefix: O16 - DPF: {00906302-0F14-442C-B39C-275F61BC25BC} (atSdaCfg Control) - file:///D:/autorun/atSdaCfg.CABO16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.in.honda.com/Rraaapps/RRAAsec/C...tingActiveX.cabO16 - DPF: {297DE2B6-509A-4B36-93C5-A65276606900} (RRAAINAX_02.RRAAINAX) - http://www.in.honda.com/rraaapps/rraasec/c...AX/RraainAX.CABO16 - DPF: {4E8AEBE0-31A6-43B0-A429-748DB14A70A0} (SysEngW2k Control) - file:///D:/autorun/PC-CONFIG-CHECK.CABO16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mwmus.webex.com/client/v_mywebex-mw...bex/ieatgpc.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{EB16C970-514E-49F3-AD65-BC7E969A23DE}: NameServer = 24.92.226.11,24.92.226.12O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (file missing)O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dllO20 - Winlogon Notify: gemsafe - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dllO23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exeO23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exeO23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exeO23 - Service: dldtCATSCustConnectService - Unknown owner - C:\Windows\system32\spool\DRIVERS\W32X86\3\\dldtserv.exeO23 - Service: dldt_device - - C:\Windows\system32\dldtcoms.exeO23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeO23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exeO23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - PC Tools - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exeO23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exeO23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exeO23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exeO23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exeO23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exeO23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exeO23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exeO23 - Service: NTRU TSS v1.2.1.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exeO23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exeO23 - Service: WaveEnrollmentService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exeO23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE--End of file - 10808 bytesthanks In advance

A: Protection System removal

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREWe also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:Why we request you disable CD Emulation when receiving Malware Removal AdviceThen create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:How to create a GMER log

2 more replies
Answer Match 63.42%

I am running Windows XP. Yesterday I got the "System Progressive Protection" virus. I used Malwarebytes to remove it and I can now use the computer but I have "iexplore.exe" running all the time. I tried to delete it in the Task Manager but it pops back up immediately. Also, I am using MSE and it now pops up every few minutes with a "Detected threats are being cleaned" message.
What do I do now?
I have attached the files I believe will be needed.
Thanks in advance.
 

More replies
Answer Match 48.72%

So I followed the directions for the automated removal of the AV Protection virus. I was able to download and run the TDSSKiller, but once it scanned my computer it was not able to find the virus. Since it was not able to find anything, obviously it could not remove it. It is still on my computer so I need to know what to do from here? Thank you so much for any help

A:AV protection removal help!

This is what came up when the rKill was run:
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 11/23/2011 at 23:58:22.
Operating System: Windows ™ Vista Home Premium
Processes terminated by Rkill or while it was running:

C:\Users\Aimee Costa\AppData\Roaming\356C6\824A7.exe
C:\Windows\SysWOW64\ping.exe
Rkill completed on 11/23/2011 at 23:58:36.

4 more replies
Answer Match 48.3%

It seems that even after uninstalling the SBC Online Protection software - yes, the whole thing - the control panel still remains in the windows taskbar. I found some SBC made software that claims to remove these remnants:

http://download.yahoo.com/dl/controls/yaxclean/yaxclean.exe

but it just deleted some dll's and the SBC taskbar thing didn't go away. I eventually removed yop.exe from startup and that disabled it but didn't remove it.
 

More replies
Answer Match 48.3%

is there any kind of free software or program that gets rid of the itunes protection from its songs so i can play them on my xbox 360? if not is there any other way i can remove this?
 

A:itunes protection removal?

Sorry, we cannot assist with this topic:
Read the Forum Rules before posting again.
# Circumventing Copy Protection - While we believe it's reasonable to make backup copies of CDs and DVDs that you own, a lot of people break copy protection for the wrong reasons. The law is still vague, at best, as to if it is legal to break copy protection in order to make such a backup, even for personal use. (The DMCA, for example, seems to make it illegal.) As a result, we do not allow discussion of how to break copy protection at this time. If we can find a nice way to draw the line, we may reconsider this in the future as laws get sorted out.Click to expand...


# Other Illegal Activities - As you might expect, we don't want anything illegal going on here. Users cannot post hacks, cracks, pirated software, or anything of the like. Furthermore, we do not allow instructions on how to complete illegal activities, such as pirating. Please don't ask for advice on using illegal software, as it will be removed.Click to expand...

Closing thread.
 

1 more replies
Answer Match 48.3%

I'm liking what I'm reading here about the free version of AVG anti virus.
what I'm wondering is does it protect and remove Trojans?

thanks!
 

A:Trojan protection/removal

Yes. I've used AVG for awhile now. I think it's great.
 

1 more replies
Answer Match 48.3%

i have windows xp home edition. i now have norton antivirus 2004. it is about to expire. i want to install avg. should i delete norton? how do i do that if the answer is yes> what about any thing in nortons vault?
 

A:virus protection removal

Check this out:
http://service1.symantec.com/SUPPOR...sf&view=docid&dtype=&prod=&ver=&osv=&osv_lvl=
 

1 more replies
Answer Match 48.3%

Hi all,
Requested Files attached

Original post below:
My PC is is/was infected by "Best Malware Protection". I've run Malwarebytes Anti malware and Combofix which seems to gotten rid of the annoying pop-ups - and to all intents and purposes has fixed the problem. I manually removed via HiJackthis's delete on reboot feature the hosts file that was permanently locked.

However when I now run Combofix it still tells me that a real time scanner is active - and tells me it is called Best Malware protection - asks me to disable this before continuing.

I cant seem to disable and am hoping someone can explain what i need to do to remove/disable. Besides this, computer seems to be running fine again.

Thanks everyone,
Mark

A:Best Malware Protection removal

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
Do not d... Read more

2 more replies
Answer Match 48.3%

Followed instructions from here:http://www.bleepingcomputer.com/virus-removal/remove-security-protectionTDSS Killer detected something, but it was locked so it took no action to clean or remove.Proceeded with RKILL and MBAM install, but of course MBAM isn't able to update. What do I do from here? ThanksAlso, what advice can I give to my family to avoid this? Only 4 weeks ago my everybody's computer except mine was infected with XP Home Security (All have AV software). They do a fair amount of e-mail, youtube, browsing, etc., and they know not to blindly click on links/downloads. Any other advice you can suggest I give to the less-technologically literate, to help avoid infections in the future? Thanks*I tried running DeFogger first and the TDSSKiller again, and now it says "no infections found." MBAM still doesn't update.**Edit AGAIN - Ran SmitFraudFix, then realized I didn't even plug in the ethernet cable. Was able to update MBAM after and everything is working fine now, though I think SmitFraudFix may have partially fixed the problem? I was able to run programs (including mbam) upon reboot without having to use rkillHere's the log:.DDS (Ver_2011-06-12.02) - NTFSx86 NETWORKInternet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15Run by Administrator at 21:17:27 on 2011-06-20Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3006.2723 [GMT -7:00].AV: BitDefender Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}AV... Read more

A:Security Protection Removal -

Hi, Welcome to Bleeping Computer.My name is Shannon and I will be working with you to remove the malware that is on your machine.I apologize for the delay in replying to your post, but this forum is extremely busy.Please Track this topic - On the top right on this tread, click on the Option button, and, in the drop-down list, click on 'Track this topic'. Under Subscription Information, click on 'Immediate Email Notification' and then click on the Proceed button at the bottom.Do Not make any changes on your own to the infected computer.Please set your system to show all files.Click Start, open My Computer, select the Tools menu and click Folder Options.Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.Uncheck: Hide file extensions for known file typesUncheck the Hide protected operating system files (recommended) option.Click Yes to confirm.Now, let's look more thoroughly at the infected computer -We need to see some information about what is happening in your machine. Please perform the following scan:We need to create an OTL Report
Please download OTL from here:Main MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Change the "Extra Registry" option to "Use SafeList"Push the button.Two reports will open, copy and paste them into your reply:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedPlease note: ... Read more

2 more replies
Answer Match 48.3%

I recently was using my computer, when randomly I started getting google redirects. Next time I turned on my computer I had a cloud protection window popping up, and every few minutes different security warning windows popping up. I have malware bytes and rkill already on the computer but everytime i run malware bytes it closes after just a few seconds. I understand that this also uses rootkits so I downloaded tdskiller which literally didn't do anytihng it only scanned 270 items and found nothing. I then downloaded sophos anti rootkit which seems to find the infected files but says clean up not recommended for this file. If anyone could provide any help on how to get this off my computer it would be greatly appreciated. Thank you.
Also I'm running windows 7 home premium if that matters.

A:Cloud protection removal help

With the information you have provided I believe you will need help from the malware removal team. Please make sure that you read the information about getting started first.Then start a new thread HERE and include or required logs.Including a link to this thread will be helpful. Good luck and be patient. Help is on the way!

1 more replies
Answer Match 48.3%

I have this trojan that I cant get rid of. My operation system is Windows ME. The virus is located in the "c:\_restore\temp\" file. When I try to get rid of it it says that it cannot be removed. When I try to remove it manually it says that the file is in use. Please reply to this forum I need help despratly.
 

A:Virus Protection/Removal

Turn off System Restore

Run the virus scan again and it should be gone.

Then re-enable system restore.
 

1 more replies
Answer Match 48.3%

I have a post here: http://www.bleepingcomputer.com/forums/t/311540/how-do-you-bill-charge-for-malware-removal-and-computer-updates/ that discusses the aspects of how you would bill a customer when you have done a malware removal and complete update / protection of system that takes many hours to complete.One of the things I note in that post is there would likely be comments on what you would do to speed up the process or how you would go about doing it to keep the total hours down to a minimum.What I would like to discuss here is how and what do you do to keep the total number of hours down when you are doing a complete malware cleaning of a unit with your average to tough malware as well as when you are having to completely update the OS (service packs), install anti-malware tools, update programs, and etc to make the system as defensive as you can for your customer.Let me give some examples from the other post and then please give feedback on how you handle these situations.Let's say I have a client with a personal computer. They have 80GB of actual data all on the same drive as the OS, they have very little protection in place, their OS is multiple service packs behind, and they have multiple unknown pieces of malware on the system.So let's say you go through the normal process of running the 2 to x number of tools you normally would run to clear of malware. You also go through your own personal investigation to catch things not found by the anti-malware tools. You then ... Read more

More replies
Answer Match 48.3%

I have a post here: http://forums.techguy.org/general-security/918356-how-do-you-bill-charge.html#post7342582 that discusses the aspects of how you would bill a customer when you have done a malware removal and complete update / protection of system that takes many hours to complete.

One of the things I note in that post is there would likely be comments on what you would do to speed up the process or how you would go about doing it to keep the total hours down to a minimum.

What I would like to discuss here is how and what do you do to keep the total number of hours down when you are doing a complete malware cleaning of a unit with your average to tough malware as well as when you are having to completely update the OS (service packs), install anti-malware tools, update programs, and etc to make the system as defensive as you can for your customer.

Let me give some examples from the other post and then please give feedback on how you handle these situations.

Let's say I have a client with a personal computer. They have 80GB of actual data all on the same drive as the OS, they have very little protection in place, their OS is multiple service packs behind, and they have multiple unknown pieces of malware on the system.

So let's say you go through the normal process of running the 2 to x number of tools you normally would run to clear of malware. You also go through your own personal investigation to catch things not found by the anti-malware tools. You then p... Read more

A:How would you go about doing malware removal and protection?

6 more replies
Answer Match 47.88%

Hi all,

Recently, my wife's computer got hit by the AV protection 2011. First, when she clicks on any links returned by google search, she would get redirected to some weird sites. Then, AV protection 2011 hi-jacked her computer completely. I followed the removal guide on bleepingcomputer, and now the computer is a lot better. However, sometimes, she would still get redirected. Now, IE doesn't work at all. She can open IE, but she can't go to any site. When IE is opened, the mouse cursor would disappear as well. She has to use google chrome to go online. What should we do next?

I did the TDSSKiller scan, and it found nothing. Below are my most recent Malwarebyte and TDSSKiller scan log.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8191

Windows 6.1.7601 Service Pack 1 (Safe Mode)
Internet Explorer 8.0.7601.17514

11/18/2011 7:22:33 PM
mbam-log-2011-11-18 (19-22-33).txt

Scan type: Full scan (C:\|Q:\|)
Objects scanned: 775
Time elapsed: 21 second(s)

Memory Processes Infected: 3
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
c:\program files (x86)\LP\9186\A8F.exe (Trojan.Dropper) -> 1428 -> Unloaded process successfully.
c:\program files (x86)\211C5\lvvm.exe (Trojan.Dropper) -> 936 -> Unloaded process successfully.
c:\Us... Read more

A:AV protection 2011 removal aftermath.

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Please download GMER from one of the following locations and save it to your desktop:Main Mirror
This version will download a randomly named file (Recommended)Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
GMER will open to the R... Read more

1 more replies
Answer Match 47.88%

Hey guys,

Karlos has been helping me on this thread below to solve my Bsod's he has instructed me that I need to remove Themida protection driver and to follow the instructions for this forum.

(other thread)
http://www.techsupportforum.com/foru...ml#post7010386


(dds info)

KDDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10586.20
Run by Kyle at 15:14:30 on 2016-04-23
Microsoft Windows 10 Education 10.0.10586.0.1252.44.2057.18.16314.12864 [GMT 10:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus *Enabled/Updated* {3FB17364-4FCC-0FA7-6BBF-973897395371}
SP: Bitdefender Antispyware *Enabled/Updated* {84D09280-69F6-0029-510F-AC4AECBE19CC}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall *Enabled* {078AF241-05A3-0EFF-40E0-3E0D69EA140A}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\WIN... Read more

More replies
Answer Match 47.88%

I recently installed a new virus protection program(Norton Internet Security Online) and have been having problems eversince. I now get a message that my computer has had a serious error and wants me to send a message to Microsoft, also it shuts down and reboots seemingly at random. I tried to run a scan using the new virus program but the computer shuts down and reboots after it scans a particular number of files, then I tried running Windows Malware Removal Tool that also makes it shutdown and reboot. I'm including the files in the error report, the error signature, and a logscan from Hijack this. Hopefully you can give me some help.

THANKS
haneline
files included in error report
C:\DOCUME~1\Larry\LOCALS~1\Temp\WERe270.dir00\Mini012810-16.dmp
C:\DOCUME~1\lARRY\LOCALS~1\Temp\WERe270.dir00\sysdata.xml
error signature
BCCode: 9c BCP1 : 00000002 BCP2 : 8054E0F0 BC3 : F6002000
BCP4 : 0000017A OSVer : 5_1_2600 SP : 3_0 Product :256_1
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 2:50:13 PM, on 1/28/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\Progra... Read more

More replies
Answer Match 47.88%

Hiya,

I am trying to follow your instructions to remove Smart Protection 2012 from my computer.
I have followed the steps as far as unchecking the proxy server in LAN settings.
I'm still unable to connect to the internet - in the bottom right hand corner where the icons usually are there is only the time! My network connection icons aren't there. Not sure where to go from there (I'm currently using a different computer).

Thanks!

ThePanda

A:Help! Smart Protection 2012 removal

DownloadFSS Checkmark Internet ServicesClick on "Scan".Please copy and paste the log to your reply.

8 more replies
Answer Match 47.88%

Hi People,
Can anyone tell me how the heck I can remove write protection applied by
Windows Xp to both of my flashdrives for some reason only it knows so that
I can add files to the drives which I am unable to do at this time.
The OS is xp pro with `1Gb coarsair Memory 240Gb drives in raid1 & A 80Gb
Spare IDE Drive , as these drives cost me 3/4 of a weeks pension I am not
AHappy Bunny right Now .

Thanks For Any Help

Blackdog
 

A:flashdrive Write Protection Removal

11 more replies
Answer Match 47.88%

Hey guys, noticed this. I have a fairly new computer, was told I didn't need anti virus removal.  I noticed since i downloaded bittorrent my computer has shown signs of slowing down. My spotify is being really choppy when playing music as well.
That windows essintial was all I needed, any thoughts on that? Anyways I have this spigot on my computer, i downloaded malwarebytes and it detected a lyrics malware program. Any suggestions?
 
 
 
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.11.18.06
 
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16736
nikol_000 :: NIK [administrator]
 
Protection: Enabled
 
11/18/2013 11:32:30 AM
mbam-log-2013-11-18 (11-32-30).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204430
Time elapsed: 8 minute(s), 33 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
C:\Users\nikol_000\AppData\Local\Temp\Stub\881489336\cr.exe (PUP.Optional.AdLyrics) -> Quarantine... Read more

More replies
Answer Match 47.88%

The bogus anti-virus program Privacy Protection had pretty much locked my computer up. I tried a lot of things, but finally followed the steps from a Youtube video on removal (changed "privacy.exe" to "virus.exe," ran regedit and deleted privacy, deleted the privacy application). Privacy Protection seems to be gone, but my internet (and system restore)will not work. There is no connection detected. I reinstalled the network driver, but that didn't work. I've attached the gmer log (ark1), but I couldn't tell for sure that the scan had ended. I'd much appreciate your help.
Rob (sent from a different computer)
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Rob at 20:01:24 on 2011-12-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2453 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bi... Read more

A:No internet after "Privacy Protection" removal

Hello and welcome. Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I?ve given you the ?All clear.? Absence of symptoms does not mean your machine is clean! Please do not run any scans or install/uninstall any applications without being directed to do so.Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed. Download TDSSKiller.zip and extract TDSSKiller.exe to your desktopExecute TDSSKiller.exe by doubleclicking on it.Press Start Scan
If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"Then click Continue > Reboot now
Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txtPost that log, please. Download ComboFix from one of the following locations:Link 1 Link 2 VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this linkDouble click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Con... Read more

26 more replies
Answer Match 47.88%

Hello i am new to the tech guy forum, i bought a computer from my friend to find out the next day there verizon family protection on it and i asked his whole family but no one can remember it the pc is old but veeery reliable is there any way to get such a software taken off and i already tried to uninstall it using the default windows uninstaller it asks for a uninstall code which i dont have im not asking for a code im asking for a way to delete the files from the computer every single one of them. i have tried deleting the program file folder for it but there are still shards of the files left behind causing the internet to be blocked i have tried using perfect uninstaller but it doesnt work would anyone like to use teamviewer with me and formulate idea's of how to get it off. sadly if i cant get it off the pc isnt any good to me so i might have to throw it away.
 

A:Verizon family protection removal

best bet is to call verizon. If it is asking for a code to unlock it, we won't be able to assist you here.
 

2 more replies
Answer Match 47.88%

Hi ,
 
I updated a program the other day and I sped through it and realised they had offered me a product after I had accepted it, Spigot Inc Search Protection, so I figured it wasn't a big deal I would just go into Control Panel and remove it. Well, when I go into control Panel to remove it, I click uninstall and about 20 seconds later a box comes up "NSIS Error" "Error Launching Installer" so I cant remove it. I have run my anti virus and not picked it up, I have run Spybot and not picked it up.
 
Since it installed, my programs keep randomly minimizing and my home page is reset to Yahoo on all my browsers. I have done some googling and found it is supposed to come with a toolbar which I don't have on any of my browsers.  I have gone into msconfig and stopped it running at startup which I thought would stop it changing my homepages and search options but my homepage is still being changed. 
 
Anyone have any ideas?

A:Spigot Search Protection Removal Help...

Hello! Welcome to BleepingComputer Forums! My name is Georgi and and I will be helping you with your computer problems.Before we begin, please note the following:I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.The logs can take some time to research, so please be patient with me.Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.Instructions that I give are for your system only!Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please perform all steps in the order received. If you can't understand something don't hesitate to ask.Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.  STEP 1  Please download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your... Read more

11 more replies
Answer Match 47.88%

Hey guys, noticed this. I have a fairly new computer, was told I didn't need anti virus removal.  I noticed since i downloaded bittorrent my computer has shown signs of slowing down. My spotify is being really choppy when playing music as well.
That windows essintial was all I needed, any thoughts on that? Anyways I have this spigot on my computer, i downloaded malwarebytes and it detected a lyrics malware program. Any suggestions? I have a windows 8.
 
 
 
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.11.18.06
 
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16736
nikol_000 :: NIK [administrator]
 
Protection: Enabled
 
11/18/2013 11:32:30 AM
mbam-log-2013-11-18 (11-32-30).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204430
Time elapsed: 8 minute(s), 33 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
C:\Users\nikol_000\AppData\Local\Temp\Stub\881489336\cr.exe (PUP.Optional.AdLyri... Read more

A:Search Protection Spigot Removal

Hello nikseverson I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the sa... Read more

17 more replies
Answer Match 47.88%

Hi friends, can anyone help me, I have a problem with BT here in the UK as a BT customer that runs BT Net protection by McAfee. After Yahoo was compromised this week I was advised to delete and re-install the McAfee protection, however, it cannot re-install due to the ATT Yahoo Online Protection 1.0 being on the computer.

I believe this is an old BT protection that was in partnership with Norton. However it does not appear on my computer so impossible to delete.

Thanks for your suggestions. As can be seen I am not a tech expert at all just a grey haired loser in this area of competence.
 

A:Removal of ATT Yahoo Online Protection 1.0

Just a comment. Just to make sure,are you saying that AT&T Yahoo Online Protection 1.0 does not show up in Add/Remove programs?
 

1 more replies
Answer Match 47.04%

I foolishly downloaded Symantec Endpoint from the University that I go to, only to find out that there is no removal tool for Endpoint. I've decided that what ever extra protection Endpoint adds to my system isn't worth it, since I don't really trust it anyway, and it uses up a considerable amount of system resources and isn't very friendly when scheduling scanning times.

So I want to remove it. From previous Symantec software encounters I've learned that if you want to uninstall a symantec product, and then replace it with another (in this case just the University's Symantec Antivirus) there will most likely be trouble if you don't remove all files of the previous software.

Honestly, after my experience with Norton 360 I never wanted to EVER have to put another symantec product on my system. However, see as it is the University's ResNet policy that you have to use one of their Symantec products or you can't get on the internet, my hand is kind of forced.

So the questions are:
1. How do I remove symantec endpoint from my system/where can I get a removal tool?

**Note**(I've looked around and apparently Cleanwipe will do the job, but you have to call Symantec in order to get a copy. And THEY say that they abide by the Universities' policies and that you have to have the University submit a ticket in your name. Then you call the University line and they no absolutely nothing about it, and say call Symantec. So it goes ... Read more

A:Solved: Symantec Endpoint Protection Removal

8 more replies
Answer Match 47.04%

What is the best virus protection/removal/firewall software. We have Mcafee but I don't think it is very good.
 

A:Best Virus Protection/Removal/Firewall Software

Hi,
That's a very open question and there are loads of opinions! Here's a link to to a TSG thread to get you started:
http://forums.techguy.org/general-security/603629-security-help-tools.html

Here are some more suggestions at the well regarded indpendent review site Tech Support Alert:
http://www.techsupportalert.com/best_46_free_utilities.htm

Richard.
 

1 more replies
Answer Match 47.04%

Hey everyone,

I currently have McAfee installed on my PC.
I'm not sure which version but it's definitely
from the yar 09.

I hear(d) good things about McAfee (and
Norton) but I'm wondering if it's possible
to get something better that will handle
and remove virus' from my computer completely
that doesn't involve me cleaning out my
PC completely.

Does anyone know of any good virus removal
methods or software that I can purchase?
 

A:AntiVirus Protection/Removal Software Question

13 more replies
Answer Match 47.04%

Hello all,

I have the malware Security Protection on my desktop. A quick search on google can show you what it is. Anyway, I have run MBam numerous times, each of which has removed, it seems, a portion of Security protection. However, a link of security protection still winds up residing on my decktop as well as a reloaded version of SP later on. I cant seem to fully get rid of it. any ideas?

SW
 

A:security protection malware complete removal

Hiya and welcome to Tech Support Guy

Can you run the tools in this thread:

http://forums.techguy.org/virus-other-malware-removal/943214-everyone-must-read-before-posting.html

And then post the following:

1. Copy and paste the HijackThis log.
2. Copy and paste the contents of the DDS.txt file.
3. Upload as an attachment the Attach.txt file. There is no need to zip it as suggested in the DDS instructions
4. Copy and paste the contents of the ark.txt file.

Regards

eddie
 

1 more replies
Answer Match 46.62%

I've had the System Integrity Scan Wizard, PC-Antispyware, and Security System Protection Control Panel popups and my backround change to a blue colour. After reading some of the posts here and running Spybot Search and Destroy, Ad-Aware 2007, RegCure and Malwarebytes Anti-Malware it seems as if that problem was solved, but now everytime I put my pc on I get these messages:The first one says "rundll32.exe - Bad Image : The application or DLL C:\WINDOWS\system32\qpfrsnow.dll is not a valid Windows image. Please check this against your installation diskette" and the second one says "RUNDLL -Error loading C:\WINDOWS\system32\qpfrsnow.dll%1 is not a valid Win32 application".The disk that I got when I bought my pc was Windows XP Home Edition SP1. I downloaded SP2 from the internet.I'm attaching all of the logs you need to assist me, because I don't know if and how badly my pc is still infected.I attached 4 log files: 1. DSS Main.txt 2. DSS Extra.txt 3. Kaspersky 4. DSS Main.txt - after the Kaspersky reportThank you for taking the time to look into my problem.DSS MAIN.TXTDeckard's System Scanner v20071014.68Run by Parratjie on 2008-04-17 09:29:31Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------... Read more

A:System Integrity Scan Wizard, Security System Protection Control Panel

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =O4 - HKLM\..\Run: [e43075dd] rundll32.exe "C:\WINDOWS\system32\qpfrsnow.dll",b================Click Start -> Control Panel -> Add Remove Programs and uninstall these programs:J2SE Runtime Environment 5.0 Update 11 Java? 6 Update 2 Java? 6 Update 3 Java? SE Runtime Environment 6 Update 1Reboot and post a new hijackthis log.

37 more replies
Answer Match 46.62%

I've had the System Integrity Scan Wizard, PC-Antispyware, and Security System Protection Control Panel popups. They've been very stubborn but after reading some of the posts here and running Spybot, Adaware, SmitfraudFix, Panda Activescan, Housecall, Stinger Avert, Windows Defender, and SDFix, I am now getting only one popup, which shows up as a blank white rectangle in the center of the screen (and now I can't click "Close" to get it off the screen, since the "Close" option is missing). From the size & shape, I believe it's the Security System Protection Control Panel. Would you please review my HijackThis log? Also, in some of the posts I've noticed recommendations to update Java. Is that needed in my case? Thanks very much for your help.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:55:55 PM, on 3/28/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Sh... Read more

A:System Integrity Scan Wizard, Security System Protection Control Panel

The blank popup appeared to be repopulated with information over time...apparently the spyware refreshed itself. I also learned from Task Manager that all of my popups were from the System Integrity Scan Wizard. After some more searching, I found the name (in my case, yzqrqzkp.exe) and told Norton Firewall to block it from accessing the internet. I used HijackThis to fix it and then deleted it and a namesake (YZQRQZKP.EXE-1253B76A.pf) from Windows\Prefetch (not sure that was necessary but deleted it anyway). My only concern is that from what I read, there should have been another copy in \Local Settings\Application Data, which I didn't find. I updated Java per instructions in another post, also turned System Restore off and on. I think the PC is now clean, but would you review my latest HijackThis log to be sure? Thanks very much.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:05:26 AM, on 3/30/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Syman... Read more

14 more replies
Answer Match 46.62%

I have windows 7 home premuim 64 bit
I went to create restore point on my new dell and after about an 1/2 hour of waiting for SR to open up I got this:

You have no Restore Points. Use System Protection to create restore point.
When I attempt to turn on System Protection, it doesn't show any drives available when it opens -- it just says that it's searching for available drives and it keeps searching and doesn't stop. Eventually, I'll receive the following Error Message:

"There was an unexpected error in the property page: System Restore encounter an error. Please try to run System Restore again (0x81000203)." also all button are greyed out. I wanted take an image to show you but that's not working either. Is there hope?

Thank you.

 

A:Windows 7 Home Premuim System Restore and System Protection not working.

16 more replies
Answer Match 46.62%

My PC is infected with 3 malware popups named Security System Proctection Control Panel, System Integrity Scan Wizard and Security System Warning (the last one telling me I have Abebot). I have tried to get rid of them with Kaspersky Antit-Virus, Adaware, spyware sweeper, and SpybotSD, but they are still running. I didn't run the online scan by Kaspersky because I have the most recent version installed and running on my PC. When I ran a rootkit scan with KAV, it took just over four hours and reported my PC was clean. So for whatever reason Kaspersky is not picking up these three forms of malware. Following all other directions on your preliminary instruction list I used Deckard's System Scanner to make two Hijack This files. They are pasted in below. Please take a look and tell me what I should do to get rid of this malware. Thank you very much for this valuable service you are providing.-- Dark EagleDeckard's System Scanner v20071014.68Run by Perry H. Chesnut on 2008-04-18 23:11:18Computer is in Normal Mode.--------------------------------------------------------------------------------Backed up registry hives.Performed disk cleanup.-- HijackThis (run as Perry H. Chesnut.exe) ------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:47:35 PM, on 4/18/2008Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:F:\WINNT\System32\smss.exeF:\WIN... Read more

A:Security System Protection Control Panel & System Integrity Scan Wizard Popups

Hello Dark Eagle. to BleepingComputer.comMy name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)Please give me some time to look over your computer's log(s).Please take note of the following:In the meantime, please refrain from making any changes to your computer.Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Finally, please reply using the button in the lower left hand corner of your screen.See you soon,Billy3

2 more replies
Answer Match 46.62%

I am running Windows XP Pro, version 2002, SP3 on a Dell Lattitude D630 laptop. I recently was hit with the Google redirect virus redirecting to 63.209.69.107 and others. About the same time a new shortcut appeared on my desktop called "Security Protection". I downloaded and ran Malwarebytes. I ran it several times until it not does not find anything malicious. The problem now seems to be twofold. When the computer is connected wirelessly or with cable there seems to be internet activity happening but I can not access the internet at all. I can connect to my VPN (Sonicwall) but can not connect to my server at work. Also the shortcut is still on my desktop. Not sure if it is just the shortcut or if I still have some thing there.

I have been here before and got great assistance. Could use help again.

A:Google redirect and "security Protection" shortcut removal

We have a removal guide for this infection here: http://www.bleepingcomputer.com/virus-removal/remove-security-protection Please let us know if this resolves your issues.

Orange Blossom

1 more replies
Answer Match 46.62%

Assalamo Alikum
Hello to All
thanks for registeration in this forum..... my first problem is this that i have a flash drive 4 gb kingston but there is no help in any forum to solve my problem that my drive is write protected and not formate and no viruse scane programme apply on it but it works with its data alreeady in folder mp3 songs but nothing to re inter any file how i remove my write protection and formation of drive in possible mode there is no switch on it ....please as soon as possible help me...
 

A:Removal of Write Protection on Kingston 4GB Flash Drive

have a problem in my flash drive 4 gb kingston in mode of write protected how can i remove it
 

7 more replies
Answer Match 46.62%

I?m running Windows XP (2002). Yesterday, I had the ?Hard Drive Diagnostic? issue that I removed using the self-help guide. I ran rkill, Malwarebytes? Anti Malware, and Unhide.exe. Doing so took care of all problems and put all of my documents back in the ?my Documents? folder, except that the start menu shortcuts were not there (a bunch of empty folders where I anticipated links to MS Word and the like) and the background of my desktop had changed to the basic blue (or whatever that color is). I tried to follow the advice today of disabling antivirus software and running unhide.exe again; however, I was shortly being bombarded with the annoyance of Malware Protection. (I should note just prior to doing disabling AV software, I ran a Malwarebytes scan to make sure I wasn?t missing anything and came up with zero infected files.)

I tried starting in Safe Mode with Networking and running rkill; however, every time that I did so, the command window would open and state hat it was running and to be patient. Less than a half minute later, I would get a desktop message: ?Windows is running in safe mode. This special diagnostic mode of Windows enables you to fix a problem which may be caused by your network or hardware settings. Make sure these settings are correct in the Control Panel and then try starting Windows again. While in safe mode, some of your devices may not be available. To proceed to work in safe mode, click yes. If you prefer to use System Restore to restore your co... Read more

A:Malware Protection removal and TDSS Killer not working

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator&#... Read more

29 more replies
Answer Match 46.62%

Hi My name is ALYSSA,
OK IVE TRIED EVERYTHING
im at my wits end.
this is what is going on with my computer.

ITS WINDOWSXP SP3
DELL DIMENSION DE051
-FIREFOX (LATEST VERSION) CRASHES UNEXPECTEDLY ALLLLLL THE TIME, RANDOMLY.
-I had issues installing Malwarebytes Anti-Malware, I renamed the files and Installed it, I checked: check for updates
and launch program....NOTHING HAPPEND....
-I tried to download HIJACKTHIS so I could post a log and remove the viruses/malware and it wouldnt run install.
-I have NORTON360. It found :
-->PACKED.GENERAL.200 or something like that...AND FAILED TO REMOVE, QUARENTINE (ECT.)
buut i dont think this is the only problem, i think my computer is infected way more.
-When I use firefox && I search a website and click on a link (ON GOOGLE) takes me to an advertising site..SO
I have to goto the CACHE version when web browsing.
-The Computer has startup issues and when I turn it on I have to goto BOOTMENU and click option 2-for it to even work

I AM DESPERATE !!
please help me !!!!!!!!!!!!!!!

thanks a ton

A:cant install removal and protection programs, heavily infected? HELP !!!!

Hi Alyssa let's see if we can get in like this.Next Please install RootRepealGo HERE, and download RootRepeal.zip to your Desktop. Tutorial with images ,if needed >> L@@K.Unzip that,(7-zip tool if needed) and then click RootRepeal.exe to open the scanner. Next click on the Report tab, now click on Scan. A Window will open asking what to include in the scan. Check all of the below and then click OK.DriversFilesProcessesSSDTStealth ObjectsHidden ServicesNow you'll be asked which drive to scan. Check C: and click OK again and the scan will start. Please be patient as the scan runs. When the scan has finished, click on Save Report. Name the log RootRepeal.txt and save it to your Documents folder (it should automatically save it there). Please copy and paste that into your next reply.

3 more replies
Answer Match 46.62%

Hello and thank you for your time.

I was browsing a week or so ago when a window popped up, AV Protection 2011, that I could not easily close. I forgot how I eventually closed it, but by that time my Firefox had been hijacked, searches were redirected. I restored the system to a previously good state using Windows system restore, but that didn't help, so I came here to bleepingcomputer. I found the removal guide for AV Protection 2011 and followed the instructions. Upon reboot Firefox.exe could not be started, so I uninstalled and reinstalled Firefox. That allowed me to start the browser, which no longer redirected searches. Then I noticed that I could not start Thunderbird, so I uninstalled and reinstalled that program, too. Thunderbird worked fine and I thought I was out of the woods. A day or so later my virus protection software, Symantec, reported a number of Trojans. I ran Malwarebytes again, in safe mode, but no infections were reported. I started going through the steps to post a new topic here. The first attempt to extract gmer.zip was blocked for security reasons, so I scanned the zip file for viruses and Symantec reported that gmer.zip and gmer.exe were both trojans and quarantined them. I disabled Symantec as much as I could (it could not be fully disabled) and was able to extract the zip file. While running gmer Windows failed (quick blue screen) and restarted. I disconnected my machine from the network, uninstalled my virus protection software... Read more

A:Followed AV Protection 2011 removal guide but still infected with rootkit

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/430393 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

9 more replies
Answer Match 46.62%

Hello,

I have recently just successfully cloned my Old primary 1TB Western Digital HDD onto my new 1TB Samsung EVO SSD to increase hard drive performance to give it a quick boot up and to enable Windows and my programs to load a lot quicker and perform better with multi tasking. My laptop is one of the bigger 17inch Acer models which comes with two hard drive bays. So once I had wiped my older WD HDD I then inserted a new 2 TB Seagate hard drive into the second bay to be able to store it for personal and media files, and any other imprtant data, to keep it the SSD as the primary hard drive and just for OS and programs only. My system runs the Windows 8.1 OS and is 64 bit.

However, I wanted to create a restore point and upon doing so, I found that System protection was turned off for all my both my hard drives.

I thought I had managed to somehow enable system protection on my C:/ Dive (including the partioned / drive on the same hard drive) on my SSD, and yet though it shows them enabled, it shows the word missing next to them, and I am assuming this is telling me the previous restores are missing; whether as a result of cloning I don't know. The other weird thing is further up the properties page it also shows the C\ and D:\ Drive but turned off.

So I thought I would try increasing the disk space usage, since it was showing it at 0, and it would allow me to do so and returned the message: 'There was an unexpected error in the property page: The system cannot fin... Read more

More replies
Answer Match 46.62%

Hello,

I have recently just successfully cloned my Old primary 1TB Western Digital HDD onto my new 1TB Samsung EVO SSD to increase hard drive performance to give it a quick boot up and to enable Windows and my programs to load a lot quicker and perform better with multi tasking. My laptop is one of the bigger 17inch Acer models which comes with two hard drive bays. So once I had wiped my older WD HDD I then inserted a new 2 TB Seagate hard drive into the second bay to be able to store it for personal and media files, and any other imprtant data, to keep it the SSD as the primary hard drive and just for OS and programs only. My system runs the Windows 8.1 OS and is 64 bit.

However, I wanted to create a restore point and upon doing so, I found that System protection was turned off for all my both my hard drives.

I thought I had managed to somehow enable system protection on my C:/ Dive (including the partioned / drive on the same hard drive) on my SSD, and yet though it shows them enabled, it shows the word missing next to them, and I am assuming this is telling me the previous restores are missing; whether as a result of cloning I don't know. The other weird thing is further up the properties page it also shows the C\ and D:\ Drive but turned off.

So I thought I would try increasing the disk space usage, since it was showing it at 0, and it would allow me to do so and returned the message: 'There was an unexpected error in the property page: The system ca... Read more

More replies
Answer Match 46.62%

Hello,
 
I have recently successfully cloned my Old primary 1TB Western Digital HDD onto my new 1TB Samsung EVO SSD to increase hard drive performance to give it a quick boot up and to enable Windows and my programs to load a lot quicker and perform better with multi tasking. My laptop is one of the bigger 17inch Acer models which comes with two hard drive bays. So once I had wiped my older WD HDD I then inserted a new 2 TB Seagate hard drive into the second bay to be able to store it for personal and media files, and any other imprtant data, to keep it the SSD as the primary hard drive and just for OS and programs only. My system runs the Windows 8.1 OS and is 64 bit.
 
However, I wanted to create a restore point and upon doing so, I found that System protection was turned off for all my both my hard drives.
 
I thought I had managed to somehow enable system protection on my C:/ Dive (including the partioned :D/ drive on the same hard drive) on my SSD, and yet though it shows them enabled, it shows the word missing next to them, and I am assuming this is telling me the previous restores are missing; whether as a result of cloning I don't know. The other weird thing is further up the properties page it also shows the C\ and D:\ Drive but turned off.
 
So I thought I would try increasing the disk space usage, since it was showing it at 0, and it would allow me to do so and returned the message: 'There was an unexpected error in the property page: The system... Read more

More replies
Answer Match 46.2%

Please help!!! Pics included to explain the situation
Basically after installing some new software for my phone my windows 7 laptop crashed - it flashes a blue screen and restarts on boot up I can get to image 1 page to try a system repair
But then I need to enable system protection.. Image 2
Is there any way I can do this through a command prompt??
Thank you in advance!!!

A:Enable system protection to preform system restore

Sorry images didnt upload???

9 more replies
Answer Match 46.2%

I've tried to open System Protection in System in the Control Panel but it will not work. It gives an error of 0x81000203. I've rebooted and attempted but get the same thing each time.

A:System Protection not working in System Control Panel

Follow instructions on this page error code 0x81000203__ - Microsoft Community

Scroll to the 2nd answer by Meghmala

6 more replies
Answer Match 45.78%

I've had this virus/bug before and have removed it in the past, but this time I got it I followed directions on bleepingcomputer (ie: downloading and running rkill, turning off the bogus proxy settings, and running an updated version of malware bytes in safe mode) but I was still getting redirects when searching google. While trying to figure out what was wrong, I somehow got reinfected with the same fake antivirus removal software bug. I decided it was best to go ahead and post my particular problem so I can get a specific response rather than continuing to take shots in the dark based on other people's problems. So, I am sorry if this is redundant and I will happily follow a link to the correct fix if it is already out there. I just want to make sure I am solving this once and for all. Thanks so much in advance!!!DDS Text:DDS (Ver_10-03-17.01) - NTFSx86 NETWORK Run by casandra at 10:28:12.29 on Fri 07/02/2010Internet Explorer: 7.0.5730.11Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.740 [GMT -4:00]AV: eTrust ITM *On-access scanning enabled* (Updated) {33EA71EA-56CF-40B5-A06B-BD3A27397C44}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\system32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\internet explorer\iexplore.exeC:\Docu... Read more

A:Bogus Anti-spyware Removal/Virus protection and Google Redirects

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

3 more replies
Answer Match 45.36%

My Toshiba Notebook (x64) (running Windows 7) has stopped being able to open/run programs. I've been using safe mode to try and find a cure, and safe mode works fine. I ran a few antivirus programs that detected a few things, but none of them solved this issue. Using System Restore seems to be the only thing I can really do, but I've been having some troubles with it.

Only one System Restore point shows up, and it's only from a few days ago, which isn't far back enough to fix my problem (I've already tried restoring it to that point). There are no other options as you can see here and here.

I tried to create my own restore point, but ran into some problems. When I go into "System" the "System Protection" option is missing. I only have these three options:

When I use the search bar to find it instead, "Create a restore point" comes up, but when I click and it opens System Properties, the "System Protection" tab is missing.

When I looked it up, someone had suggested running Regedit and checking HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\SystemRestore\DisableSR but I couldn't get that far.

If anyone could help me out, it would be greatly appreciated.

A:Troubles with System Restore/System Protection

Hello esu and welcome to Seven Forums.

Have you verified that System Protection is turned on? (If it is, try turning it off, restarting the computer, turning it back on, and restarting the computer one more time.)

System Protection - Turn On or Off

See if you can manually create a restore point.

System Restore Point - Create

If not, your computer may have damaged or corrupt sytem files. Try running a system file checker scan from an elevated command prompt (option two.) If problems are found, run the scan 3 times and make sure to reboot the computer immediately after each of the scans.

SFC /SCANNOW Command - System File Checker

4 more replies
Answer Match 45.36%

Hi Everyone

I went on my laptop this morning and it said I needed to run a system restore. Unfortunately when I try to it says I need to enable system protection on my C drive. I've been searching the web for a solution for the past couple of hours and it seems like quite a common problem. However I've tried all of the suggested solutions and nothing seems to work. I'm not the most computer literate so some of the suggested didn't make the most sense. If anyone has any suggestions to help the matter it would be very much appreciated.

Thanks

A:How do I enable system protection for system restore?

System Protection - Turn On or Off

3 more replies
Answer Match 45.36%

Hi, I defragged my registry (castigate me later, please), and well, my system crashed. I'm running Windows 7 Home Premium 64 bit on a Lenovo laptop, and on startup, I get a blue screen claiming that the OS couldn't boot, and the option to try a system repair. After analysis, it says that it can't repair the system automatically, and offers more advanced options. I can try a system restore, but after selecting a restore point (clearly the one created before defragging the registry), system restore says that I must enable system protection on the drive. I don't remember disabling it, and I don't know how to enable it without access to the desktop.
From those same advanced recovery options, I can use a system image recovery (don't have an image to recover from), the windows memory diagnostic (it claims there's no memory error), or the command prompt. I know very little about using the command prompt, but I can open the task manager at least, though not explorer.exe or msconfig.exe (the prompt claims they're invalid commands).
I've tried booting in safe mode, with the last known good configuration, with boot logging, and everything else from that menu, as well as a Windows 7 recovery disc (though I believe this disc just provides the same options as those installed on the laptop.
If possible, I'd like to know how to enable system protection from the command prompt window so that I can continue with the system restore. I'm quite certain that the error lies in the defragmentation... Read more

A:System Restore - Enabling System Protection

right click my computer/properties/advanced system settings/system protection/ high light your drive, click configure,now click( restore system settings and previous versions of files)
OK and exit

7 more replies
Answer Match 45.36%

I need help on how to remove the (system reserved) folder under Available Drives in protection settings. On all my other computers it is not shown. Not sure why it is there as it does not show anywhere else on computer as a drive. I guess it just bugs the hell out of me not knowing why it's there. Any help would be appreciated.

A:In System Protection under Available Drives (System Reserved)

Look in Disk Management and see if the Reserve has a partition letter.

9 more replies
Answer Match 45.36%

 I have a screen shot of it.  There is the Local Disk (C:) listed and then this other.
 Capture.PNG   126.43KB
  0 downloads

A:Under System Prop, and System Protection what is (C:) Missing ?

Post an Image from Disk Management Screen.
 
Control Panel / Administration Tools / Computer Management / Disk Management.
 
This will show all current active drives.
 
 
 

11 more replies
Answer Match 45.36%

I have a Win10 Pro and ran MR to create a system image backup.
It went well but it turned of system protection.
A message shows up with a warning yellow triangle that reads.
Using system protection on a drive that contains system image backups will cause other shadow copies to be deleted faster than normal.
--- How do I stop system protection from being turned off?

I have another Win10 computer and created a MR system image backup on that one also.
System protection wasn?t turned off on that one.

I do not use shadow copies: If shadow copies are in use on my computer it doesn?t matter to me if that is the case as I don?t know how to use them anyway. I just don?t want system protection turned off.

A:I donít want system protection turned off when I do a MR system image

Hi,

The available disk space on the pc with the warning issue is probably too small to store both backup images (MR) and system protection image.






I do not use shadow copies:



Actually you do. System Protection is a form of Shadow Copying.

Furthermore, it's not wise policy to store backups on the same physical drive as your system. Still better than nothing but all in all not sound practice.
Better to store back up on an ext. removable drive.

In the mean time you could reduce the amount of space allocated to System Protection and see if that helps any.

Cheers,

1 more replies
Answer Match 44.94%

Hi,Repeated popups and warnings led to a Google search on the Subject above and finding this forum.I initially attempted a "Restore Point" rollback but that would not complete successfully.I then completed the following -- Uninstall "XP Anti-Virus"- Ran SmitfraudFix- Ran SDFix- Ran ComboFix- Installed and Ran HijackThis(Attempted a "Fix Checked" without success of "O2 - BHO: (no name) - {EE5A1465-1E73-4784-8F63-45983FDF0DB8} - C:\WINDOWS\system32\awtuvULB.dll")- Installed and Ran SUPERAntiSpyware(found 0 errors or problems in any category)HijackThis still displays "O2 - BHO: (no name) - {EE5A1465-1E73-4784-8F63-45983FDF0DB8} - C:\WINDOWS\system32\awtuvULB.dll" which concerns me so I am posting so the guru's can check out the logs....As a newby to the forum I appreciate any help/advice :^) Thanks.Deckard's System Scanner v20071014.68Run by administrator on 2008-04-18 16:18:31Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --96: 2008-04-18 23:18:37 UTC - RP324 - Deckard's System Scanner Restore Point95: 2008-04-18 22:49:23 UTC - RP323 - Installed SUPERAntiSpyware Free Edition94: 2008-04-18 21:40:02 UTC - RP322 - Restore Operation93: 2008-04-18 21:27:20 UTC - RP321 - Restor... Read more

A:Removal Of Xp Anti-virus, Privacy Protector, Error Cleaner And Spyware&malware Protection

Hello there and welcome to Bleeping Computer's security forum.My name is David, I will be helping you with your log today.It is a good idea to print off these instructions. There is a possibility some of the instructions will need to be carried out where internet access is not available. It is important that you complete the instructions in the right order, and that you don't miss out any steps.Please set your system to show all files. Click Start, open My Computer, select the Tools menu and click Folder Options.Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.Uncheck: Hide file extensions for known file typesUncheck the Hide protected operating system files (recommended) option.Click Yes to confirm.Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:O2 - BHO: (no name) - {EE5A1465-1E73-4784-8F63-45983FDF0DB8} - C:\WINDOWS\system32\awtuvULB.dllO20 - Winlogon Notify: awtuvULB - C:\WINDOWS\SYSTEM32\awtuvULB.dllO21 - SSODL: DriveSys - {7dc6ff88-ddc9-4b18-a143-ef3f8f110be0} - C:\WINDOWS\Resources\DriveSys.dll (file missing)O21 - SSODL: SysBoot - {fd5ffa08-e23f-467f-867a-8a5770344bc3} - C:\WINDOWS\Resources\SysBoot.dll (file missing)Click on Fix Checked when finished and exit HijackThis.Make sure your Internet Explorer is closed when you click Fix Checked!Open hijackthis, click 'conf... Read more

1 more replies
Answer Match 44.1%

I love my computer and hate to see it act like this, so i need help from you guys on how to remove this alert balloon that keeps popping up from my taskbar and keep it gone. also i keep getting many popups, a lot of which never load. i think this might have to do with some fake active x thing i installed. i downloaded hijackthis and here is the report: (i noticed 4 new processes running on task manager, too. this might have to do with it all: iesmin.exe, iesmn.exe, imsmain.exce, and imsmn.exe) PLEASE HELP ME!!! thank you!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:57:13 PM, on 9/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svc... Read more

A:Help! Bogus System Alert Removal & Pop Up Removal

6 more replies
Answer Match 43.68%

Oh i can not get system restore to open but it works in safe mode not in regular mode.

A:Need help system protection not there on system properties

Hi,

Welcome to Seven Forums.

Run Regedit and check the following registry key:

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\SystemRestore\DisableSR.

If the key is present and has any value other than 0 then system restore is disabled and the system protection tab will be hidden.

Viruses often disable this by setting this registry key. Often they will also disable the task manager and regedit too.

If you get a message saying regedit has been disabled by your administrator then it's quite possible you have been targeted by a virus, in which case a full scan of your system is a good idea.


As always, before making changes to your registry, back it up.

hth
Tanya

4 more replies
Answer Match 43.68%

Hi,
I wanted to start system restore. The window shows: to create a restore point

open System Protection.

When this link is clicked, the System Properties dialog is opened by

SystemPropertiesProtection.exe

But the Tabs "System Protection" and "Remote" are missing in this dialog.

Something is wrong with the installation, but I cannot do new clean installation as many software is installed upon the platform. I have mounted the Vista installation DVD with "GImageX", but I do not know which files or Registry Entries I have to extract.

Any ideas? Thanks in advance for any help.

More replies
Answer Match 43.26%

Hi all
I want to disable "hardware, Advanced, System Protection, Remote" tabs from system properties dialog box( screen shot attached).
The user should only able to access change computer name feature. Other feature should be disabled/removed.
I there any way to achieve it?
thanks in advance.


IMG]https://social.technet.microsoft.com/Forums/getfile/703346[/IMG]

A:disable "hardware, Advanced, System Protection, Remote" tabs in system

I'm inclined to say no, for a very simple reason.
Changing the computer name requires administrator access. Given that, the user already has full control over the entire computer, therefore he can change whatever he wants.
What's the purpose of such "limitation"?

4 more replies
Answer Match 43.26%

I have been infected with protection system and the instructions say to run malwarebytes but when I try to run it it just stops. Is there another way to get around this. I work from home and this is ruining my day. I also tried to use spyware doctor but I can download the updates to run the program... I'm hoping somebody can help Edit: Moved topic from XP to the more appropriate forum. ~ Animal

A:protection system

Did you rename Mbam.exe to something else? Name it tatertot.scr and try to run itAlso try Dr Web Cureit:Please download Dr.Web CureIt, the free version & save it to your desktop. DO NOT perform a scan yet.Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".Scan with Dr.Web CureIt as follows:Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current versionRead the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.The Express scan will automatically begin.
(This is a short scan of files currently running in memory, boot sectors, and targeted folders).If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.When complete, click Select All, then choose Cure > Move incurable.
(This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)Now put a check next to Comple... Read more

1 more replies
Answer Match 43.26%

Hey all, I've ran into a huge problem... My aunt dropped off her family computer yesterday and I've been working on it for a few hours now and to say the least I'm completely stumped. There's this fake anti virus program called Protection System which does it's thing, I'm sure you know all about it. Anyway, I've done a few hours worth of research, read countless "fix it" articles and forum post and nothing has worked yet. At this point I need to rest my eyes and my mind and ask you all for your help.The biggest problem is no programs that could solve the problem or aid in solving the problem work. The real anti virus was disabled and broken, malwarebytes wouldn't install so I renamed it, it then installed halfway before freezing. I played around with that for a while and I got it to install. Couldn't run the program after that, so I renamed the that. It finally opened but as expected the scan shut the program down. After it crashed during the scan malwarebytes was completely inoperable, couldn't even delete it with out a restart. At that point I had enough, I was preparing to post a topic in the "HijackThis Logs and Virus/Trojan/Spyware/Malware Removal" forum but after several attempts it appears that not even your DDS Tool works. I'm just so frustrated right now...To clear a few things up. I've been trying everything in and out of safe mode, same results. Also, all the games on the computer appear to work, iTunes works, Quickbooks work, AIM works. I'm pretty sure every progr... Read more

A:Protection System

We Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.----------------------------------Please note: If Rootrepeal fails to run, try this step: Click Settings - Options. Set the Disk Access slider to HighAlso try: right-click on rootrepeal.exe and rename it to tatertot.scr

4 more replies
Answer Match 43.26%

How to turn on System protection using/through Ubuntu?

A:System Protection

Look over here:
The Ubuntu Forum Community - Ubuntu Forums

2 more replies
Answer Match 43.26%

I am running Vista Home premium, but see no evidence that it is creating restore points automatically every 24 hours. I can create restore points manually but they are the only ones that show under system protection. Should I not be seeing, "system scheduled checkpoint" in system restore? Thanks.

A:System Protection

I suspect that a system setting has been changed that prevents this from occurring - have you changed any of the system settings/services or used a tweaking/protection utility that might have caused this?

1 more replies
Answer Match 43.26%

How do I go about turning ON System Protection.

When I go to restore my system from a Restore Point, I get a popup saying "System Protection" is turned OFF and I need to turn it back ON.

A little help please. Thank you.

More replies
Answer Match 43.26%

Hello everyone ... Really hoping you can help me.

I use Firefox browser and gmail or yahoo for mail. I have Fix-It Professional 6 which I just ran for any viruses, mal ware, spy ware and ad ware.

For about the past week or so, every time I start my machine, I get a window called Windows PC Defender inside of which is a"My Computer" window. I cannot close this window but I can minimize it and open an additional window.

This address appears in the location window -
hxxp://my-systemprotection.net/?p=WKmimHVl...nBkaF%2FEkKE%3D

In the My Computer it shows the Windows shield logo along with System Folders, My Documents, Hard Drive and Security. Next to each, flashing in red is notification that I have 5 viruses in the System Folders, 7 in My Documents, 12 in my Hard Drive and that "Security has been damaged by virus" in the Security. Additionally, below that is a separate window "Your Computer is Infected" and shows a long list -

W32.Benjamin.Worm Virus High
Trojan virtumonde Virus Critical
AdvWare.Hotbar Virus High
[email protected] Virus Medium
Trojan.Qoologic - Key Logger Virus High
SHeur.ZSQ Virus High
Adware.Win32.Winad Virus Critical
Trojan-PSW.Win32.LdPinch.abm Virus Critical
Backdoor.Win32.Haxdoor.gu Virus High
Magic DVD Ripper Virus High
Trojan.Fakealert.355 Virus Medium
Trojan-Downloader.Win32.Small.dge Virus High

Recommend: Click "Start Protection" button to erase all threats
When I have clicked on "Star... Read more

A:my-system protection

Hi Cailleach Echo, welcome to BC I have moved your topic to the "Am I infected? What Do I Do?" forum since you appear to be infected by a rogue security product. This will allow our members who specialize in malware removal to find your topic more easily.I've always been warned not to open anything that ends with ".exe"Sound advice. You're infected with some sort of rogue security program. These programs falsely warn that your computer is infected (like in the list of baddies you were given) and then prompt the user (you) to download a file to "clean" the computer. Do not download anything it asks you to. Do not purchase any program it recommends. It is a scam and will only serve to make the situation worse.

3 more replies
Answer Match 43.26%

Ive noticed every once in a while that my system protection keeps turning it self on, even though I have manually shut it off?

What could be affecting this? (I want it off because I back up regularly)
 

A:System Protection...

I don't have an answer but do have some advice.

System protection is different than backing up data, system protection backs up critical system registries and other settings normal backups do not, it would be wise to leave this setting On.

.
 

1 more replies
Answer Match 43.26%

How does System Protection work...does it save information to a separate partition?

I have a 7gb partition on my drive that I do not know what it is for. I deleted it and was am thinking of adding it to my main C: partition. Did destroy the System Protection partition?

A:System Protection?

That partition was likely put there by the manufacturer to help you restore the PC to factory specs if you ever needed to do that.

If you in fact deleted the partition and do not have "recovery disks", you will have problems restoring to factory specs.

Do you have any install discs at all? What happens if your hard drive fails in 30 minutes?

System protection is not the same as "system restore", which you may be thinking of. System restore returns the operating system to the way it was on the date the restore point was made---typically somewhere in the last couple of weeks-----not to factory specs. System restore points are stored on your C drive along with Windows.

Can you post a screen shot of Disk Management?

9 more replies
Answer Match 43.26%

I am curious I was reading a previous thread which concerned a Teacher, Wendy and her issues with her current computer instructor. When following the thread a program I have never heard of, HijackThis was mentioned several times. Is this a program that just simplly reports problems to the user or is it like Spybot S&D(which I am currently using) in that it can also fix any possible security issues. If HijackThis can do the previous: fix report and whatever else; then what additional advantages does it provide the user that Spybot doesn't support, and would U use this in place of Spybot S&D or something else.
 

A:system protection?

It is not an automated tool, and provides no judgement or recommendations on removal. It simply shows what is present in several locations of the registry and file system - you have to know what you're looking at to use it to delete entries.
When I think it's preferable that dll's are unregistered etc., I will often recommend that SpyBotSD be run first and then use HJT to look and see if it missed something.

You can see some instructions at http://tomcoyote.org/hjt/ if you want to look at it.
 

1 more replies
Answer Match 43.26%

In my system properties under system protection, the c drive sys pro is on but on my d drive (restore) the sys pro is off. Should i turn it on?Is it able to vreate sys restore points when the sys protection is off?

A:my system protection

Hello @hunterm1 Welcome to the HP Support forum. Thank you for your post.Probably you have one HDD drive and C:\, D:\, etc.. - these are not called drives but partitions - part of the whole thing - one HDD. No problem. The D:\ partition is usually your recovery partition and Windows System Restore is off there for a reason - you should not and need not to attempt to turn it on. This drive should have no changes usually - its purpose is to keep the original version of your operating system, settings, drivers, original image and to be able to restore your PC to factory default condition.  Let me know if you have any other questions.

1 more replies
Answer Match 43.26%

No matter what I do system protection somehow always manages to turn it self back on

How can I PERMANTLY KILL THIS PROCESS? Is it a service?



I WANT IT GONE FOR GOOD

A:Ive had it with System Protection...

Go to control panel, admin tools, services, volume shadow copy, but that may cause more problems than it solves.

9 more replies
Answer Match 43.26%

What would be the best antivirus for pc.I need a antivirus that is not slow and that protects my pc very good.I need sugestions!

A:System Protection

Welcome
First forget best, it is subjective.
However, I and many members use the free
Microsoft Security Essentials
Free Malwarebytes and the Windows Firewall
I also use winpatrol. It takes a picuture of your HD. Anything is installed, it asks if you want it. If you say no, it restores what you had. Has other features too.
http://www.av-comparatives.org/
This list is already outdated. Microsoft has just finished testing on 2.0. It is now available.

2 more replies
Answer Match 43.26%

I just finished "cleaning out" an old Dell desktop. I deleted a lot of files. I don't intend to un-delete any of them (couldn't anyway, because I did a wipe of the free space), but the thought occurred to me, what if I wanted to un-delete one of them? In the old DOS days, I could do that without software (like Recuva). But with NTFS file systems, I note that there is a system setting called System Protection that provides a built-in way to recover deleted files, as long as you haven't overwritten them. I checked the settings for this app on my desktop. System Protection is Off for both of my drives, so that's apparently the default.

Question: What are the downsides of turning that On? My guess would be that it burdens the MFT with more entries, thereby slowing drive performance. Is that true and are there any other downsides?

A:System Protection

The only real downside to turning on System Protection is that is consumes some disk space but you can control that. The impact on performance is insignificant.

5 more replies
Answer Match 43.26%

Yesterday I, as always before, was going to do monthly Macrium Reflect system backup. As per usual I did all the AV, HW and software checks, made sure windows and SW was up to date, absolutely everything works as good as ever. At the end of those checks I did sfc /scannow but would not go past 58%. Dism also got stuck at some 20% on or offline, in safe mode too.
All disks are in perfect shape and so are drivers etc.
Before I do something radical like restoring last moth's Macrium backup or doing windows repair I would like to see if there's something less radical to troubleshoot this problem.
I still have W10 on another disk to fall back to if necessary so in no way I could be left without OS on this computer. Willing to try anything. Any ideas ?

A:System protection

Hi Mike,
Personally I don't have a problem with this but some people do with:
The Scoop On KB 3022345 System File Corruption
You might want to uninstall this update if installed.

3 more replies
Answer Match 43.26%

Hey all, I've ran into a huge problem... My aunt dropped off her family computer yesterday and I've been working on it for a few hours now and to say the least I'm completely stumped. There's this fake anti virus program called Protection System which does it's thing, I'm sure you know all about it. Anyway, I've done a few hours worth of research, read countless "fix it" articles and forum post and nothing has worked yet. At this point I need to rest my eyes and my mind and ask you all for your help.The biggest problem is no programs that could solve the problem or aid in solving the problem work. The real anti virus was disabled and broken, malwarebytes wouldn't install so I renamed it, it then installed halfway before freezing. I played around with that for a while and I got it to install. Couldn't run the program after that, so I renamed the that. It finally opened but as expected the scan shut the program down. After it crashed during the scan malwarebytes was completely inoperable, couldn't even delete it with out a restart. At that point I had enough, I was preparing to post a topic in the "HijackThis Logs and Virus/Trojan/Spyware/Malware Removal" forum but after several attempts it appears that not even your DDS Tool works. I'm just so frustrated right now...To clear a few things up. I've been trying everything in and out of safe mode, same results. Also, all the games on the computer appear to work, iTunes works, Quickbooks work, AIM works. I'm pretty sure every progr... Read more

A:Protection System

Hi Mike,

do you still have your aunt's PC and do you still need help?

regards _temp_

3 more replies
Answer Match 43.26%

Why can I not save restore  points when I have it set to restore previous versions of files only?  It shows system protection turned off when set this way. Only way it will show turned on is if I have setting and files turned on.

A:System Protection

Hi -
System Restore is just that - System Restore -
I have not been able to set mine to restore only one file / folder to an earlier time, unless I have a backup made.
 
However I may have missed a setting that I could not find, but I can only set mine to System Restore -
 
More general information ..............

 What files are changed during a system restore ?
 

System Restore affects Windows system files, programs, and registry settings. It can also make changes to scripts, batch files, and other types of executable files created under any user account on your computer. System Restore does not affect personal files, such as e-mail, documents, or photos, so it cannot help you restore a deleted file.
NOTE :: If you have backups of your files, you can restore the files from a backup.

 
Always create a backup of your system prior to doing any System Restore
 
Open System Restore and follow the links in that area as to what you will restore and what you can do there.
There is a lot of helpfull information listed there -
 
Thank You -

1 more replies
Answer Match 43.26%

Hi. I suddenly got a ?Security Center Alert? pop-up in my computer. I have tried what other users tried before. The thing is that now it uninstall Avast antivirus, don?t let me install MBAM (or any program at all), can?t connect to the Internet or access the Windows Task Manager. I also tried to run the Hjack but it simply won?t run.

Please help.

A:Protection System Again

Welcome to BCTry to run both of these and save the logsWe Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.-----------------------------------------------1. Download Win32kDiag from any of the following locations and save it to your Desktophttp://ad13.geekstogo.com/Win32kDiag.exehttp://download.bleepingcomputer.com/rootr.../Win32kDiag.exe2. Double-click Win32kDiag.exe to run Win32kDiag and let it finish.3. When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.4. Double-click on the Win32kDiag.txt file that is locate... Read more

1 more replies
Answer Match 43.26%

How do I go about turning ON System Protection.

When I go to restore my system from a Restore Point, I get a popup saying "System Protection" is turned OFF and I need to turn it back ON.

A little help please. Thank you.

A:System Protection

  
Quote: Originally Posted by huffman


How do I go about turning ON System Protection.

When I go to restore my system from a Restore Point, I get a popup saying "System Protection" is turned OFF and I need to turn it back ON.

A little help please. Thank you.


See this tutorial.

System Protection - Turn On or Off

2 more replies
Answer Match 43.26%

My System in "System Properties" has its "Protection" as OFF
Start > Control Panel > System > System Protection > System Properties (dlg) > System Protection (tab)


I am trying to clean up my Registry after uninstalling "CutePDF"
- three lots of bundleware with one double negative opt-out that I thought I had outsmarted
- CutePDF do not supply an "uninstaller" any more for their free CutePDF
- Revouninstaller did not detect any registry items
- CCleaner does not find any of the CutePDF registry entries
- a manual trawl/search has found two keys each with 29 data entries
- created a restore point, as insurance
- disabled the "CutePDF" keys by renaming the keys with a "_obs" affix string
- rebooted and no problems
Q1: Should the "System" protection be Off or ON
- my inclination is to change it to ON
- but I would like to check with those who really know first (no guesses)

I know ... I know ... an image would have been simpler
- but I am not "there" yet ... when my busy meter slows down to insane

A:System Protection is OFF

It should be on if you want the protection of system restore.

9 more replies
Answer Match 43.26%

I was looking around in system properties and under system protection, device updates the top box was checked, I changed it to what it is now and want to make sure this is ok.
 

A:System Protection

It's far better than just "OK" when you have the system running satisfactorily. It's the only way to avoid the nasty surprises when Windows "updates" to incorrect drivers.
 

3 more replies
Answer Match 42.42%

Hello guys

I needed to do a system restore this morning and when I looked and the drive options there all in an odd sort of order.I only have system protection activated on my system drive so i thought that would be at the top of the list like it always has been but its not.I dont know what order there in it makes no sense.Its not causing me any problems but just wondered how other peoples partitions and drives are ordered I always thought it was by letter but not the case here.Does anyone know how to re order them.

Mine are E:80gig
F:18gig
C:system 80gig
D:120gig

Thanks

Danny

A:System Protection Strange

Do they appear in right order under disk management?

9 more replies
Answer Match 42.42%

I have been infected with what looks like several viruses. Unable to complete full virus scan although the following were quarantined: Trojan.Metajuan, Packed.Generic. 200, scmhux.exe and Packed.Generic.233. Also have lovely porn links on desktop, which I have removed. Tried to run DDS, but just sits there, all the while pop ups for Protection System download, Window security center alerts and various.exe - bad image error messages. Tried to run rootrepeal, but will not let me save log. Was able to get a log from hijackthis. Please help me to find what needs to be removed. Thanks in advance for any help. See hijackthis log below:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:27:35 PM, on 9/8/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceServic... Read more

A:protection system and bad image pop ups

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 42.42%

Hello-
I am trying to fix a friends' laptop that appears to have been infected with Protection System malware. PC Info: Dell Vostro 1500, Windows XP Home, SP2.

At the moment, I cannot seem to get the laptop to access the internet, whether itís because of the virus or because it is not set up to access my cable modem. I have left it disconnected from our network to avoid any cross infections with my good pc. Can I download programs to a USB stick using the good pc, and transfer them to the sick pcís desktop- if you donít see a problem with this method, then Iíd prefer to continue using it.

When I try to install Malware Bytes from the .exe on the desktop, the install procedure seems to begin, then disappears completely from view, and doesnít even appear in Task Manager.

HijackThis seems to install ok from the desktop, but when I try to run the program, I can see it begin to list programs, but the after less than 2 seconds it, too closes and disappears.

Other issues: Restarting/Shut Down gets stuck and I have to hold down the power button to shut off.

Would greatly appreciate any help you can give.
 

More replies
Answer Match 42.42%

I need help to configure system protection settings (Attachment). I don't understand the 'Restore Settings' in 'Configure'. I need an explanation or directions to a suitable tutorial, where I can understand how to set this up.

Thank you.

A:How to set system protection settings

You want 'Restore system settings and previous versions of files' selected, under 'Restore Settings'.

System Protection - Turn On or Off - Windows 7 Help Forums

System Protection - Change Disk Space Usage - Windows 7 Help Forums
--
What is System Restore & How to Create a Restore Point in Windows

How to Configure The Way System Restore Works & How to Disable It
--
Configure System Restore in Windows | www.winhelp.us

2 more replies
Answer Match 42.42%

Pretty much any form of antivirus/antispyware programs that are installed have stopped working (IE: malwarebytes, spybot, HiJack This, and Panda) and wheni click some of them it says, "Application cannot be executed. The file is infected. The file is infected. Please activate your antivirus software."

Task manager also does not seem to work and gives the above error message. I also get some popups related to Protection System.

The DDS program/logger didn't work and also gave the above error; however, I was able to get a RootRepeal log and have attached it.

Thanks for your time.

A:very bad "Protection System" Malware

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download and run Win32kDiag: Download Win32kDiag from any of the following locations and save it to your Desktop. Download Win32kDiag (Win32kDiag.exe) - #1 Download Win32kDiag (Win32kDiag.exe) - #2 Download Win32kDiag (Win32kDiag.exe) - #3 Double-click Win32kDiag.exe to run Win32kDiag and let it finish. When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program. Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.Download and run a batch file (peek.bat): Download peek.bat from the download link below and save it to your Desktop.Download peek.bat Double-click peek.bat to run it.A black Command Prompt window will appear shortly: the program is running. Once it is finished, copy and paste the entire contents of the Log.txt file it creates as a reply to this post.==========Please post the following logs in your next reply:* Win32kDiag.txt* Log.txt

27 more replies
Answer Match 42.42%

Hello! I have visited the site before and have browsed through the topics and easily removed virus. This time I have this pesky Protection System virus that keeps on appearing after I have scanned using Malware. I also keep getting Security Center Alerts telling me about trojans such as Rootkit.Win32.Agent.pp and it gives me an option to enable protection but have decided not to mess with anything like that. I hope someone can help me please. THANK YOU!
I will paste my MalWare log.
Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 3

9/15/2009 7:21:32 PM
mbam-log-2009-09-15 (19-21-32).txt

Scan type: Full Scan (C:\|)
Objects scanned: 200701
Time elapsed: 1 hour(s), 12 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{5e2121ee-0300-11d4-8d3b-444553540000} (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\protection system (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfu... Read more

A:need help removing Protection System

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download ComboFix from one of these locations:Link 1Link 2Link 3Important!You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Make sure that you save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow ... Read more

9 more replies
Answer Match 42.42%

Protection System has installed itself and seems to be keeping me from running Malwarebytes to clean it up. Every time I try to run it, I get a split-second hourglass, then nothing.
I managed to get Malwarebytes installed by renaming it, but that cute little trick didn't work for executing the program.
I get frequent pop-ups and system stalls. Any help would be greatly appreciated.

DDS is pasted below, and rootrepeal report is attached.

Thank you!
DDS (Ver_09-07-30.01) - NTFSx86
Run by Administrator at 23:00:03.54 on Wed 09/09/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.18 [GMT -5:00]

AV: Protection System *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
AV: eTrust EZ Antivirus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
FW: eTrust Personal Firewall Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:\WINDOWS\system32\spoolsv.exe
svchost.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\CA\eTrust EZ Armor ... Read more

A:Protection System Infection

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.??If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine.??Please perform the following scan:Download DDS by sUBs from one of the following links.??Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool.??No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 42.42%

After reading your website I am sure I have System Progressive protection. I read the user guide written by Lawrence Abrams and have tried it a couple of times. I am using windows XP. I have followed the steps each time, but it does not seem to work. I boot into safe mode and then download one of the RKill downloads and it does it's thing and then posts a report on my desk top. Each time I have attempted to remove the vius/worm I have tried a different version of RKill. So then I move on to scanning my computer. I use Microsoft Security Essentials. I have run full scan twice and found and removed "unwanted software". Then when I have removed it I am prompted to "restart" the computer to let changes take effect. When it boots back up in normal mode the System Progressive Protection thing pops up again and obviously I did not get rid of it. I would guess one of two things is going on. Either it is not stopping the virus when I run RKill or I am rebooting back into normal mode and I should not be doing that. What should I do? With this description can you tell what I might be doing wrong? I know this is not a really serious problem but I would prefer to get rid of it. I am so close to fixing this issue but I can't seem to completely get rid of this thing. Please help. By the way. Thanks for the site. You all do wonderful work here. Thanks again. Looking forward to hearing from someone.

A:System Progressive Protection

Can anyone help me with the issue I am having? Thanks.

5 more replies
Answer Match 42.42%

Here is my log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:44:04 PM, on 6/30/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exec:\Program Files\Common Files\Symantec Shared\ccProxy.exec:\Program Files\Common Files\Symantec Shared\ccSetMgr.exec:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exec:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\HPZipm12.exec:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\ehome\ehtray.exeC:\Program Files\Java\jre1.5.0\bin\jusched.exeC:\windows\system\hps... Read more

A:Protection System Malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 42.42%

I recently had a power outage while Windows 7 (x64) was loading. System booted up fine. I went to do a system restore, but could not. When I go to select a restore point is says, "System Protection is turned off". I never turned it off and it will not let me turn it on. The C:\ clearly shows protection is turned on, but when I select system restore it says it is turned off.










I think I read most of the posts here on this issue, but no go. What I have tried:Manually create restore point- Works fine. Repeated many times.
.
Turned System Protection Off and then back On- No difference
Ran WMI.bet- No change
Deleted all restore points- No change
Ran VSS List Shadows- Got hits even though I had deleted all restore points
Verified VSS is on- I have seen posts to say set to manual and set to auto. I have done both. No difference.
SFC /SCANNOW- Found no integrity violations
Tried to do a Repair Install- Cannot. I am running SP1. Comes back saying it cannot be done.
Any ideas would be appreciated.

A:System Protection will not turn on

Try again in this admin account Built-in Administrator Account - Enable or Disable

9 more replies
Answer Match 42.42%

Hi, My cat has given birth to 4 beautiful kittens. Woo-Hoo.

Obviously i have taken photos of the cute little critters and transfered them to a folder on my pc.

I used G6 Utilities to rename and enumerate all the pictures. When i look in the folder now there are several pictures missing. Fortunately i have found them. Unfortunately i found them by showing Protected Operating System files.

After googling for a while i have only managed to find out how to disable the File System Protection for all of Windows. Before i attempt this i would like to know if it will allow me to recover the pictures or if it is just better to delete them and take new ones.

Or does anyone know of another way to remove this protection? Any software that may help?

Thanks in advance.
 

A:System File Protection on a jpg?????

7 more replies
Answer Match 42.42%

Hi
I am having a problem with this program called Protection System which is totally messing with my computer and I tried to run Root Repeal and it produced a whole list of files that are blocked and there is a wierd symptoms with my computer going on when nothing is running.
Please help me with this as I use my computer everyday and it is messing with my productivity.

Thanks

A:PLEASE!!!! I have a problem with the protection system!!!!

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until ... Read more

2 more replies
Answer Match 42.42%

I have done 2 installs of Windows 8 RP (build 8400) and it seems the System Protection of off by default. I need to turn it on and allocate disk space.
If I turn System Protection off it fails to warn or delete previous restore points. This does not effect me creating restore points manually.
Anyone come across this before and what is going on.
Robert...

A:System Protection in Windows 8 RP

Hello Robert,

It works the same way for that as in Windows 7 for me. When you turn system protection off, does currant usage drop to zero afterwards like below? This is not the same as what the max usage is set for. Max usage is just how much it can use when system protection is turned on.

System Protection - Turn On or Off in Windows 8

3 more replies
Answer Match 42.42%

Logfile of random's system information tool 1.06 (written by random/random)Run by Owner at 2009-09-01 18:01:20Microsoft Windows XP Home Edition Service Pack 2System drive C: has 51 GB (34%) free of 147 GBTotal RAM: 895 MB (21% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:01:42 PM, on 9/1/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16876)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\TGTSoft\StyleXP\StyleXPService.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\CyberLink\Shared Files\RichVideo.exeC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\COMMON~1\Stardock\SDMCP.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\system3... Read more

A:protection system virus

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.??If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine.??Please perform the following scan:Download DDS by sUBs from one of the following links.??Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool.??No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

4 more replies
Answer Match 42.42%

Here it is, I turned on my Acer laptop last night and would not boot to desktop. Safe mode will not run as it should do, system restore will not repair any problems, I cannot get to desktop full stop. Although I can get to a system restore which displays 3 potential restore points but when i click I cannot go any further because it says 'you must enable system protection on this drive' how can I do this if I cannot boot correctly?

I am totally lost on this one!

I downloaded the win 7 beta a few months back and had win vista preinstalled. Someone please help me!!

A:System protection = lost!

First open a command terminal ... enter cmd in the search box ... enter sfc /scannow .. let it check your system files... reboot .... this should resolve your problem ... let us know your results...

Welcome to Seven Forums!

9 more replies
Answer Match 42.42%

Hi, all. First, thank you for everything you do. I've come to this site a couple of times over the years and your advice has been incredibly helpful. I really appreciate it.
Now I have my own problem with a malware issue.
My computer has become disabled. It boots to the desktop, but I cannot access anything with my mouse, and when I place the cursor in the taskbar, the hourglass icon appears. Sometimes the Protection System window would appear trying to tell me about some fake virus problems and to do an install.
I was able to delete any mention of Protection System from the registry through safe mode with command prompt, then regedit. That removed the Protection System screen from startup, but I still can't run any scans to send to you for review.
Nothing works! I have to unplug the machine to turn it off!
Is there any other way to use your recommended scanning programs to get this fixed?
I am running Windows XP with Service Pack 3.
 

A:Protection System has taken over computer

Bump, please!

I am still having this nasty malware problem. I can't perform a HJT scan using the suggested methods.
 

1 more replies
Answer Match 42.42%

I've been directed here after having my post confirmed at http://www.bleepingcomputer.com/forums/t/255937/fake-windows-security-center-alerts-and-failure-to-open-anti-spyware-programs/.My OS is vista and I can get screen shots of the fake security system/protection system if needed.Here's the log that I got before my comp crashed (I tried several times, but it crashed at the same spot each time.)Log file is located at: C:\Users\Alastor\Desktop\Win32kDiag.txtWARNING: Could not get backup privileges!Searching 'C:\Windows'...Found mount point : C:\Windows\AppPatch\Custom\CustomMount point destination : \Device\__max++>\^Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DF2.tmp\ZAP2DF2.tmpMount point destination : \Device\__max++>\^Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5937.tmp\ZAP5937.tmpMount point destination : \Device\__max++>\^Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP6E9B.tmp\ZAP6E9B.tmpMount point destination : \Device\__max++>\^Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP81A.tmp\ZAP81A.tmpMount point destination : \Device\__max++>\^Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPAB7C.tmp\ZAPAB7C.tmpMount point destination : \Device\__max++>\^Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE752.tmp\ZAPE752.tmpMount point destination : \Device\__max++>\^F... Read more

A:Windows protection system

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Please note, I normally request a DDS log, but since you have this rootkit, I'll hold off. Please let me know if you're there and I'll pass this off to a member of the HJT team.Information on A/V control HERE

36 more replies