Tech Problem Aggregator

Gvx/DNSchanger Reposting Replied by accident

Q: Gvx/DNSchanger Reposting Replied by accident

Well i recently got hit on mozilla firefox with trojans,for example i would click on world of warcraft the website it would send me to abunch of sites but this did not happen on my google chrome then i ran Malawarebytes/Avast both said i had Trojan.DNSchanger/Alureon both have been quaratined but i wanna make sure its fixed.

DS (Ver_09-05-14.01) - NTFSx86
Run by Nicknels at 11:15:14.59 on Fri 05/22/2009
Internet Explorer: 7.0.6000.16830 BrowserJavaVersion: 1.6.0_13
Microsoft? Windows Vista??? Home Premium 6.0.6000.0.1252.1.1033.18.3070.1952 [GMT -7:00]

AV: avast! antivirus 4.8.1335 [VPS 090521-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Spyware Doctor *disabled* (Updated) {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: avast! antivirus 4.8.1335 [VPS 090521-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Windows\ASScrPro.exe
C:\Program Files\ASUS\ASUS Direct Console\LCMP.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ASUS\ASUS Direct Console\D3DCheck.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Steam\Steam.exe
C:\Users\Nicknels\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Nicknels\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page =
uDefault_Page_URL = hxxp://www.asus.com
mDefault_Page_URL = hxxp://www.asus.com
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Java? Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [Google Update] "c:\users\nicknels\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATKMEDIA] c:\program files\asus\atk media\DMEDIA.EXE
mRun: [IaNvSrv] c:\program files\intel\intel matrix storage manager\orom\ianvsrv\IaNvSrv.exe
mRun: [ASUS Screen Saver Protector] c:\windows\ASScrPro.exe
mRun: [DirectMessenger] "c:\program files\asus\asus direct console\LCMP.EXE"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\setpoint.lnk - c:\program files\setpoint\SetPoint.exe
IE: Open with WordPerfect - c:\program files\corel\wordperfect office x4\programs\WPLauncher.hta
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

================= FIREFOX ===================

FF - ProfilePath - c:\users\nicknels\appdata\roaming\mozilla\firefox\profiles\bvb50q7f.default\
FF - plugin: c:\users\nicknels\appdata\local\google\update\1.2.145.5\npGoogleOneClick8.dll

============= SERVICES / DRIVERS ===============

R0 iaNvStor;Intel? Turbo Memory Controller;c:\windows\system32\drivers\iaNvStor.sys [2009-3-9 209408]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-5-21 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-5-21 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-5-21 51792]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-5-21 38496]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

=============== Created Last 30 ================

2009-05-22 06:11 320,000 a------- c:\windows\system32\CF3581.exe
2009-05-21 22:42 320,000 a------- c:\windows\system32\CF13986.exe
2009-05-21 19:55 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-21 19:55 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-21 19:55 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-21 19:50 51,792 a------- c:\windows\system32\drivers\aswMonFlt.sys
2009-05-21 19:01 360,246,564 a------- c:\windows\MEMORY.DMP
2009-05-21 18:43 <DIR> --d----- c:\programdata\Kaspersky Lab
2009-05-21 18:43 <DIR> --d----- c:\progra~2\Kaspersky Lab
2009-05-21 16:09 <DIR> --d----- c:\users\nicknels\appdata\roaming\SUPERAntiSpyware.com
2009-05-21 12:49 <DIR> --d----- c:\programdata\Kaspersky Lab Setup Files
2009-05-21 12:49 <DIR> --d----- c:\progra~2\Kaspersky Lab Setup Files
2009-05-21 12:40 <DIR> a-d----- c:\programdata\TEMP
2009-05-21 10:37 <DIR> --d----- c:\users\nicknels\appdata\roaming\Malwarebytes
2009-05-21 10:25 <DIR> --d----- c:\programdata\Malwarebytes
2009-05-21 10:25 <DIR> --d----- c:\progra~2\Malwarebytes
2009-05-13 13:08 <DIR> --d----- c:\program files\Tortun
2009-05-11 21:09 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb21_01007.Wdf
2009-05-11 21:09 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-05-11 21:08 503,864 a------- c:\windows\system32\drivers\Wdf01000.sys
2009-05-11 21:08 35,896 a------- c:\windows\system32\drivers\WdfLdr.sys
2009-05-11 21:08 3 a------- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
2009-05-10 19:32 <DIR> --d----- c:\programdata\Azureus
2009-05-10 19:32 <DIR> --d----- c:\progra~2\Azureus
2009-05-10 19:32 <DIR> --d----- c:\users\nicknels\appdata\roaming\Azureus
2009-05-10 13:35 <DIR> --d----- c:\program files\Combined Community Codec Pack
2009-05-03 10:46 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-02 13:44 <DIR> --d----- C:\CFLog

==================== Find3M ====================

2009-05-22 07:44 45,056 a------- c:\windows\system32\acovcnt.exe
2009-05-22 06:06 32,156 a------- c:\programdata\nvModes.dat
2009-05-22 06:06 32,156 a------- c:\progra~2\nvModes.dat
2009-05-21 18:44 86,016 a------- c:\windows\inf\infstor.dat
2009-05-21 18:44 51,200 a------- c:\windows\inf\infpub.dat
2009-05-21 18:44 86,016 a------- c:\windows\inf\infstrng.dat
2009-04-09 02:55 2,828 a--sh--- c:\programdata\KGyGaAvL.sys
2009-04-09 02:55 2,828 a--sh--- c:\progra~2\KGyGaAvL.sys
2009-04-09 02:54 88 ---shr-- c:\programdata\BB40B05400.sys
2009-04-09 02:54 88 ---shr-- c:\progra~2\BB40B05400.sys
2009-04-08 14:29 56,448 a------- c:\windows\system32\drivers\xusb21.sys
2009-03-16 20:16 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-16 20:16 14,848 a------- c:\windows\system32\apilogen.dll
2009-03-16 20:16 25,600 a------- c:\windows\system32\amxread.dll
2009-03-11 11:05 268,800 a------- c:\windows\system32\es.dll
2009-03-11 11:05 8,147,968 a------- c:\windows\system32\wmploc.DLL
2009-03-11 11:05 7,680 a------- c:\windows\system32\spwmp.dll
2009-03-11 11:05 4,096 a------- c:\windows\system32\dxmasf.dll
2009-03-11 11:02 269,824 a------- c:\windows\system32\schannel.dll
2009-03-11 11:01 2,028,032 a------- c:\windows\system32\win32k.sys
2009-03-10 03:01 174 a--sh--- c:\program files\desktop.ini
2009-03-10 02:53 665,600 a------- c:\windows\inf\drvindex.dat
2009-03-10 01:59 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-03-10 01:59 61,440 a------- c:\windows\system32\winipsec.dll
2009-03-10 01:59 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
2009-03-10 01:59 272,896 a------- c:\windows\system32\polstore.dll
2009-03-10 01:55 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2009-03-10 01:55 160,768 a------- c:\windows\system32\PortableDeviceTypes.dll
2009-03-10 01:55 95,232 a------- c:\windows\system32\PortableDeviceClassExtension.dll
2009-03-10 01:52 205,824 a------- c:\windows\system32\msoeacct.dll
2009-03-10 01:52 87,040 a------- c:\windows\system32\msoert2.dll
2009-03-10 01:52 39,424 a------- c:\windows\system32\ACCTRES.dll
2009-03-10 01:51 704,000 a------- c:\windows\system32\PhotoScreensaver.scr
2009-03-10 01:51 24,064 a------- c:\windows\system32\wtsapi32.dll
2009-03-10 01:51 542,720 a------- c:\windows\system32\sysmain.dll
2009-03-10 01:51 502,784 a------- c:\windows\system32\wlansvc.dll
2009-03-10 01:51 297,984 a------- c:\windows\system32\wlansec.dll
2009-03-10 01:51 290,816 a------- c:\windows\system32\wlanmsm.dll
2009-03-10 01:51 67,584 a------- c:\windows\system32\wlanhlp.dll
2009-03-10 01:51 47,104 a------- c:\windows\system32\wlanapi.dll
2009-03-10 01:49 194,560 a------- c:\windows\system32\WebClnt.dll
2009-03-10 01:45 376,320 a------- c:\windows\system32\winsrv.dll
2009-03-10 01:45 49,664 a------- c:\windows\system32\csrsrv.dll
2009-03-10 01:40 297,472 a------- c:\windows\system32\gdi32.dll
2009-03-10 01:37 374,456 a------- c:\windows\system32\mcupdate_GenuineIntel.dll
2009-03-10 01:36 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-03-10 01:36 2,560 a------- c:\windows\apppatch\AcRes.dll
2009-03-10 01:36 2,144,256 a------- c:\windows\apppatch\AcGenral.dll
2009-03-10 01:36 449,536 a------- c:\windows\apppatch\AcSpecfc.dll
2009-03-10 01:36 537,600 a------- c:\windows\apppatch\AcLayers.dll
2009-03-10 01:36 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-03-10 01:36 4,247,552 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-03-10 01:36 1,687,040 a------- c:\windows\system32\gameux.dll
2009-03-10 01:35 303,616 a------- c:\windows\system32\wmpeffects.dll
2009-03-10 01:33 1,194,496 a------- c:\windows\system32\msxml3.dll
2009-03-10 01:33 2,048 a------- c:\windows\system32\msxml3r.dll
2009-03-10 01:32 414,208 a------- c:\windows\system32\msscp.dll
2009-03-10 01:31 356,864 a------- c:\windows\system32\MediaMetadataHandler.dll
2009-03-10 01:31 392,192 a------- c:\windows\system32\FirewallAPI.dll
2009-03-10 01:31 396,800 a------- c:\windows\system32\MPSSVC.dll
2009-03-10 01:31 86,016 a------- c:\windows\system32\icfupgd.dll
2009-03-10 01:31 61,952 a------- c:\windows\system32\cmifw.dll
2009-03-10 01:31 16,896 a------- c:\windows\system32\wfapigp.dll
2009-03-10 01:30 178,688 a------- c:\windows\system32\iphlpsvc.dll
2009-03-10 01:29 2,048 a------- c:\windows\system32\tzres.dll
2009-03-10 01:27 1,244,672 a------- c:\windows\system32\mcmde.dll
2009-03-10 01:27 428,032 a------- c:\windows\system32\EncDec.dll
2009-03-10 01:27 292,352 a------- c:\windows\system32\psisdecd.dll
2009-03-10 01:22 104,448 a------- c:\windows\system32\DWWIN.EXE
2009-03-10 01:21 2,923,520 a------- c:\windows\explorer.exe
2009-03-10 01:19 167,424 a------- c:\windows\system32\tcpipcfg.dll
2009-03-10 01:19 24,064 a------- c:\windows\system32\netcfg.exe
2009-03-10 01:19 22,016 a------- c:\windows\system32\netiougc.exe
2009-03-10 01:14 181,760 a------- c:\windows\system32\fsquirt.exe
2009-03-10 01:13 1,585,664 a------- c:\windows\system32\setupapi.dll
2009-03-10 01:10 223,232 a------- c:\windows\system32\WMASF.DLL
2009-03-10 01:10 9,728 a------- c:\windows\system32\LAPRXY.DLL
2009-03-10 01:10 2,048 a------- c:\windows\system32\asferror.dll
2009-03-10 01:09 268,288 a------- c:\windows\system32\mcbuilder.exe
2009-03-10 01:09 223,232 a------- c:\windows\system32\SLC.dll
2009-03-10 01:09 33,280 a------- c:\windows\system32\slwmi.dll
2009-03-10 01:09 566,784 a------- c:\windows\system32\SLCommDlg.dll
2009-03-10 01:09 351,232 a------- c:\windows\system32\SLUI.exe
2009-03-10 01:09 186,368 a------- c:\windows\system32\SLLUA.exe
2009-03-10 01:09 57,856 a------- c:\windows\system32\SLUINotify.dll
2009-03-10 01:09 2,605,568 a------- c:\windows\system32\SLsvc.exe
2009-03-10 01:09 39,936 a------- c:\windows\system32\slcinst.dll
2009-03-10 01:08 712,192 a------- c:\windows\system32\WindowsCodecs.dll
2009-03-10 01:08 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2009-03-10 01:08 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll
2009-03-10 01:05 14,848 a------- c:\windows\system32\wshrm.dll
2009-03-10 01:04 11,776 a------- c:\windows\system32\sbunattend.exe
2009-03-10 01:02 83,968 a------- c:\windows\system32\dnsrslvr.dll
2009-03-10 01:02 24,576 a------- c:\windows\system32\dnscacheugc.exe
2009-03-10 00:58 622,080 a------- c:\windows\system32\icardagt.exe
2009-03-10 00:58 97,800 a------- c:\windows\system32\infocardapi.dll
2009-03-10 00:58 11,264 a------- c:\windows\system32\icardres.dll
2009-03-10 00:58 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-03-10 00:58 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-03-10 00:58:21 A------- 326,160 c:\windows\system32\PresentationHost.exe

============= FINISH: 11:16:05.95 ===============

Here are the notes of the trojans from Malawarebytes
Database version: 2164
Windows 6.0.6000

5/22/2009 7:43:21 AM
mbam-log-2009-05-22 (07-43-21).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 145461
Time elapsed: 1 hour(s), 34 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\gxvxccounter (Trojan.DNSchanger) -> Quarantined and deleted successfully.
C:\Windows\System32\gxvxckpeeuvwcdxqgskhccrnxhcprrtxsqbnv.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\gxvxcwhoufafvpykuybmdxothaievbceyxewl.dll (Trojan.Agent) -> Quarantined and deleted successfully.


Also i had DNSchanger 3 days before noticed nothing changing beside me overreacting and trying to get rid of anything dangerous.
I also have this

Malwarebytes' Anti-Malware 1.36
Database version: 2166
Windows 6.0.6000

5/22/2009 8:18:26 PM
mbam-log-2009-05-22 (20-18-26).txt

Scan type: Quick Scan
Objects scanned: 66156
Time elapsed: 2 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Recently ran Also when i ran Avast! it Detected i had a JS:Pdfka[Expl] virus to that so thats in quaratine so far nothing weird has happen. Avast! Detected a file

Orignal File Name: Nps51A8.tmp

Virus Description: JS:Pdfka-HZ [Expl]

A: Gvx/DNSchanger Reposting Replied by accident

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

7 more replies
Answer Match 49.98%

Hi - I am at a relatives house in California for a few days and I'm trying to help them clean their badly infected computer while I'm here. The computer had numerous spyware and virus, all of which I've been able to eradicate using a combination of programs found on this site except the following which I need help with:When I run both Spybot and Malewarebytes' Anti-Malware it discovers the following modifications to these registery keys:Registry Data Items Infected:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.45 85.255.112.232 68.87.76.178 -> No action taken.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b5735b1b-1793-4c52-8aa4-6ddca7fdd7b6}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.45 85.255.112.232 68.87.76.178 -> No action taken.HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.45 85.255.112.232 68.87.76.178 -> No action taken.HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{b5735b1b-1793-4c52-8aa4-6ddca7fdd7b6}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.45 85.255.112.232 68.87.76.178 -> No action taken.HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.45 85.255.112.232 68.87.76.178 -> No action taken.HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\I... Read more

A:Zlob.dnschanger And Trojan.dnschanger

Hello thubs80,

I apologise for the delay, the forum is busy.

If you still need help, post a new HijackThis log.

2 more replies
Answer Match 49.98%

Hi - I am at a relatives house in California for a few days and I'm trying to help them clean their badly infected computer while I'm here. The computer had numerous spyware and virus, all of which I've been able to eradicate using a combination of programs found on this site except the following which I need help with:

When I run both Spybot and Malewarebytes' Anti-Malware it discovers the following modifications to these registery keys:

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.45 85.255.112.232 68.87.76.178 -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b5735b1b-1793-4c52-8aa4-6ddca7fdd7b6}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.45 85.255.112.232 68.87.76.178 -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.45 85.255.112.232 68.87.76.178 -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{b5735b1b-1793-4c52-8aa4-6ddca7fdd7b6}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.45 85.255.112.232 68.87.76.178 -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSe... Read more

A:Zlob.dnschanger And Trojan.dnschanger

I would like to see the smitfraudfix log please, hopefully you haven't been trying these fixes with teatimer running resident?http://www.bleepingcomputer.com/forums/t/131299/how-to-use-sdfix/If this is not vista would you run sdfix

7 more replies
Answer Match 48.72%

http://forums.techguy.org/virus-other-malware-removal/968738-google-redirect-virus-help.html

I have waited several weeks for a response to my support request (link above), and still have not gotten one. Why wont anyone help me?
 

A:Need Help, Nobody Has Replied.

other thread has been answered

you have to accept this is a volunteer site with hundreds of people needing help and only a few helpers and it is the holidays

this is a free service provided by volunteers who do this out of the goodness of their hearts

You could have taken your PC to a shop if it was urgent
 

1 more replies
Answer Match 48.3%

Hi, i have a AZ3-715 desktop, its microphone sound is very weak. listener adjusts speaker to maximun volume, but sound weak. please help 

A:This is a topic that you have replied to AZ3-715...

To help you troubleshoot low sound volume, please find the link given below and follow the step-by-step instructions mentioned on it:http://answers.microsoft.com/en-us/windows/forum/windows_7-pictures/microphone-volume-too-low/3241e6... If issue persists, please find the link given below and select the drop down option to choose ?Run troubleshooter? from left hand side and follow the on screen instructions:https://support.microsoft.com/en-us/instantanswers/a183aa8b-0eac-4566-867a-98d2761a770d/fix-sound-pr... Hope this will help you.

1 more replies
Answer Match 48.3%

Hi, i have a AZ3-715 desktop, its microphone sound is very weak. listener adjusts speaker to maximun volume, but sound weak. please help 

A:This is a topic that you have replied to AZ3-715...

To help you troubleshoot low sound volume, please find the link given below and follow the step-by-step instructions mentioned on it:http://answers.microsoft.com/en-us/windows/forum/windows_7-pictures/microphone-volume-too-low/3241e6... If issue persists, please find the link given below and select the drop down option to choose ?Run troubleshooter? from left hand side and follow the on screen instructions:https://support.microsoft.com/en-us/instantanswers/a183aa8b-0eac-4566-867a-98d2761a770d/fix-sound-pr... Hope this will help you.

1 more replies
Answer Match 47.88%

Topic moved by Moderator Louis on 1/11, no response in this forum yet.

http://www.bleepingcomputer.com/forums/topic437339.html

Thanks.

A:Topic not yet replied to in this forum

http://www.bleepingcomputer.com/forums/topic400074.html

3 more replies
Answer Match 47.46%

Didn't want contributors to think my topic was responded to.Accidentally posted 2 comments under topic Bootkit - Iexplorer running in background + hijacking google.I will be patient for are response.Thank you

A:Accidently replied to own post - Not a Bump

Since you are currently receiving help from shelf life here: http://www.bleepingcomputer.com/forums/topic438942.html/page__view__findpost__p__2569110 and to avoid any confusion, I'm going to close this thread.

Kindest Regards,
ST.

1 more replies
Answer Match 47.46%

Here is my Log




Deckard's System Scanner v20071014.68
Run by Cory on 2007-11-23 20:36:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
18: 2007-11-24 04:36:54 UTC - RP18 - Deckard's System Scanner Restore Point
17: 2007-11-23 11:56:14 UTC - RP17 - Today Is Thanksgiving
16: 2007-11-23 11:03:48 UTC - RP16 - Removed DriverMagic
15: 2007-11-23 10:41:55 UTC - RP15 - Installed DriverMagic
14: 2007-11-23 08:52:49 UTC - RP14 - Removed Java(TM) 6 Update 2


-- First Restore Point --
1: 2007-11-20 19:34:39 UTC - RP1 - System Checkpoint


The active scan found something i attached it and the extra text


Thank you so much?!!


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 248 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-11-23 20:37:59
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\syst... Read more

More replies
Answer Match 46.62%

Please help, it's driving me nuts that when I reply to a email in MS Outlook 2007, the little symbol that shows it has been replied to is missing. It's my fault, a while back, I right clicked on something and I know that I checked or unchecked it somehow and can't figure out how to get back in there to bring it back now.

Here is an image of what it SHOULD look like, but this entire column is missing in my Outlook 2007.

Appreciate any help!

A:MS Outlook 2007 - My REPLIED TO symbol is missing

You might know, I've spent a LOT of time trying to figure this out, and right after I post this thread, I figured it out. The field is called ICON, I just had to add it back in by right clicking, then "arrange by" and then "custom" and then click on "fields" and then add "ICON" to the right column from the left column and there it is! Done! I've done search after search and asked every computer guru I knew and nobody knew how to do it. I can't believe I just figured it out! lol. Happy.

3 more replies
Answer Match 46.62%

Normally when I reply to a message Outlook 2013 displays an open envelope with an arrow pointing to the left next to the original message in my inbox (see attached picture).
However recently I have noticed this sometimes does not display and all it shows is the time the message arrived.
I find the icon useful as a quick check that I replied.
Any suggestions why it does not always show?
 

A:Outlook 2013 Replied icon missing

[/url] upload gambar[/IMG]

OK Have managed to upload the picture via a picture hosting site
 

1 more replies
Answer Match 46.62%

Hello Guys,

I had a listing up on Amazon.com, and got an inquiry from an individual who wanted to purchase the item and have it shipped to Nigeria. I was cautious from the start, but I decided to reply, just to see if this guy was truthful.

However, I didn't realize that my first and last name would be displayed with my email that I sent. I gave no other information than my name.

Can they do anything harmful with my name? Can they Google it and find out a lot? Please help.
 

A:Replied to a Scam Message, gave no information

Hi AhrenBa
I wouldn't worry too much. Unless your first name is either Bill or Donald and your last name is Gates or Trump it's unlikely that anyone would go to the time and expense to find out anything useful for scamming or taking advantage of you. It's a lot harder to get info on an average person (as opposed to someone with a bit of fame) than you think. And that's assuming they could narrow it down to you from the possible thousands of others who share your name.

On another note, you are now rich$$$. You'll probably get the E-mail shortly notifying you by name that you have won the Nigerian Lottery and you only have to send a modest fee for release of the funds. You might also be contacted by the lovely and charming Jasmine, who is a member of Nigerian Royalty,or possibly her equally charming sister Fatima, and needs your help to transfer her large inheritance$$$ out of her country. She will be most pleased to share it with you. All she needs is your bank account number to transfer the funds. Good deal.
In short, be alert, expect some interesting mail for a while and have a good laugh.
T.
 

2 more replies
Answer Match 46.62%

I'm using Outlook 2007 to pull my hotmail account. Everything works as it should except everytime I reply (but not when I generate an original email) to an email it automatically sends it to my inbox. There are no rules or exceptions set for this. Anyone have any ideas on this? I can live with it but would prefer not to....
 

A:Outlook 2007 replied emails sent to inbox as well....

10 more replies
Answer Match 46.2%

I stayed on my computer lastnight for a while and everything seemed to be working fine. I left it on overnight as i do sometimes, and when I woke up this morning it was on a different desktop. I went to shutdown and the only option it gave me was to log off or switch user. so i chose log off and when i did it took me to the normal log in screen. when i tried to log on a box popped up and said unable to load this profile insufficient resources will load a default profile and had a box to click ok. i did a manual shutdown and restarted and then it loaded but had taken away my background picture but now everything "seems" to be working and back to normal. I have been infected before and now to come here first to make sure that this suspicious behavior is not due to a virus or some other infection. I should note that I did a revo pro uninstall yesterday to clear up some space on my comp. I deleted temp files, removed the bits of stuff left over from my recycling bin, and cleared my browsers. I dont know if this has anything to do with it or not? while it was cleaning the leftovers from the recycle bin it took like three hours to do and right at the end a box popped up and said low memory and when i checked my space it was almost depleted completely. but then a couple seconds after revo was done it went back to the normal memory amount....so i didnt think much of it htought it was just because revo was running. now i am not so sure? I am running a dell with xp and have a... Read more

A:REPOSTING THIS

<<...a box popped up and said unable to load this profile insufficient resources will load a default profile...>>That's indicative of a damaged profile. Routine enough in Windows to be well-documented. Such can prevent a user from logging on, which is why a default profile was used and why your desktop may have been a bit different.I would suggest creating a new profile for yourself...and then transferring data from your old profile to the new. Once that is done and you are satisfied that everything works as it should...delete the old profile.See Copy Data from a Corrupted User Profile to a New Profile in Windows XP - http://support.microsoft.com/kb/811151.Louis

8 more replies
Answer Match 46.2%

Logfile of HijackThis v1.98.2
Scan saved at 10:13:06 AM, on 7/19/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\clipsrv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\System32\S3tray2.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Microsoft Works\WksWP.exe
C:\Program Files\Microsoft Works\MSWorks.exe
C:\Program Files\Microsoft Works\wkgdcach.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
C:\WINDOWS\slrundll.exe
C:\Documents and Settings\Ted Pastrick\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\M... Read more

A:reposting: Please help with HJT log for XP

http://forums.techguy.org/t382523.html

Please reply to your original thread....plus, you need to get the new version of Hijack This. You are running an older version.
 

1 more replies
Answer Match 46.2%

I'm using Microsoft Outlook (2002) and it was working fine until this morning.
I keep important emails, even if I have replied to them, or forwarded them, in my inbox, to check later on them. This morning all the replied and forwarded arrows were gone. After having replied to an email, I don't see the replied sign, but when checking the deleted items after deleted the replied messge, it is under deleted items, with the replied arrow.
While checking today flight schedules for the year, I changed the system date to December 2006 by mistake and corrected it afterwards. It happend after that. Is it just a coincidence or can it be related to that? Does anyone know a solution? Thanks in advance. You can also email me at [email protected]
 

A:OUtlook doesn't show replied emails anymore

maybe there were archived...when you changed the date.
 

3 more replies
Answer Match 46.2%

In my old computer Windows XP I use Outlook Express-6. Whenever I migrate the data from DeskTop to LapTop, all data was always transfered successfully with "arrow mark" in already replied mails.

But when I migrate Windows Live Mail 2011 from DeskTop to LapTop, there is no "arrow mark" in already replied mails, so I don't know which mail I have already replied (although I can check in sent items).

Is there anyway to migrate messages with "arrow icon" in already replied mails?
Please help.

KAMARU
Tokyo-Japan
 

More replies
Answer Match 46.2%

Hey guys, thanks for being an awesome forum. Unfortunately my first thread was made apparently during a busy time period and didn't get replied to until much later, by that time it was closed. So here we go again! I just get random pages every 3 or 4 google search clicks. So thanks for your time and I hope we can work this out!
----------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:16:31 AM, on 1/31/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Progr... Read more

A:XP Pro, Google Search = random ad page! (First thread never replied to)

6 more replies
Answer Match 45.78%

I saw here a way/mark to mark for a reposted question. Sorry but I could not find it.

My qustion is this:

--------------------------------------------------------------------------------

Hi,
I have two machines that are running the same programs and systems except one thing. Desktop is XP, laptop is pro. The laptop is the issue, I find the security center and firewall are not loading at startup. I can manually start them both and have gone admin tools > services > set security center to auto (it's constantly at disable at restarts) and start the center and the firewall.

Restart the computer and it's all back to "disabled" and not starting.

I've run AVG, windows malware, malwarebytes,spybot search, Trend, little registry cleaner all to no avail. I have not done these in safe made if it might make a difference. Adaware is also running.
I got the suggestion from MS to reset the Winsock and Reinstall the Netfw.inf file. Another strike.
I can't say I know when this began, I just when it started, I noticed it a few weeks ago.

Other suggestions?
Thanks

A:reposting question

You may have a security/Firewall program that turns Windows Security Center off. Norton's software does this as it feels it's Firewall is superior. If not, you can try this solution http://windowsxp.mvps.org/wscsvcfix.htm

1 more replies
Answer Match 45.78%

I got some sort of window popup ad malware. when i restarted my pc it said eding program 'winpop.exe' which i figure may something to do with this. I disabled winpop and that seemed to stop it until i restrated my pc and it was running again. What shoudl I do?
Thanks

A:reposting- please help w/ malware

ok my anti virus fouind some things but even after it 'got rid of them' the popups still happen- in IE only, not firefox- help?!?!

15 more replies
Answer Match 45.78%

http://www.bleepingcomputer.com/forums/topic436236.html

A:reposting here after 3 days elsewhere lol

posted

1 more replies
Answer Match 45.78%

We have three users on this computer. when opening up. each user gets a different pop up box.
c\windows\system32\info32.exe
c\windows\system32\scrnsize.exe
c\windows\system32\vidntl.exe
run adaware spybot and cw shredder as per DVK01 POSTING.
could somebody check the log below and give some advise.
newbie so not too technical please.

Logfile of HijackThis v1.97.7
Scan saved at 14:12:40, on 17/05/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Exif Launcher\QuickDCF.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YPAGER.EXE
C:\... Read more

A:Reposting for a friend in need

15 more replies
Answer Match 45.78%

I have received 2 different viruses in 2 months. Norton has offered little repair of it's own. The viruses "lllisting(1).htm" and "transparent(1).gif" are not on the list of their trojans. All I know according to the properties tab is they are trojans and are rare.

I first quarantine first. Then vecause they have both infected 2 areas in my "temporary internet folder" I just open the folder and delete everything. Then I empty the recycle bin. The exact locations are........

C:\Documents and Settings\Cora\Local Settings\Temporary Internet Files\Content.IE5\41MJSXUB

and

C:\Documents and Settings\Cora\Local Settings\Temporary Internet Files\Content.IE5\KXQN49AZ

When I run Norton and it does not detect a virus can I assume I am free to shop on-line and other things or is the virus in any way maybe still there?

I wish these losers with porn sites looking for someone's e-mail box to advertise by stealing my password (happened once), too much time on their hands or too much anger would all leave my alone. Or maybe find one another and screw each other and leave us nice people alone.
 

A:Please someone respond! Keep reposting!!!

Download Spybot Search & Destroy and Ad-Aware -- install both programs.

Download all updates for each program before running them.

Run one of the programs, then reboot. Run other program.

Download HijackThis, run it, click on scan, do not check any boxes, save the log, copy the Hijack Log and post it.
 

1 more replies
Answer Match 45.78%

Logfile of HijackThis v1.99.1
Scan saved at 8:39:51 PM, on 1/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\EARTHL~2\PROTEC~1\ADSSER~1.EXE
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\EarthLink TotalAccess\FastLane2\IPMon32.exe
C:\Program Files\EarthLink TotalAccess\FastLane2\IPClient.exe
C:\Program Files\EarthLink\Protection Control Center\elnk_pcc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bi... Read more

A:REPOSTING: Pc Under Attack...my First Hjt Log Please Help!!

closed

multiple postings about the same problem just confuses the issue

all replies here

http://forums.techguy.org/security/430877-pc-under-attack-my-first-hjt-log-please-help.html
 

1 more replies
Answer Match 45.78%

Hi,

I think my HJT post got lost in the shuffle so I'm reposting, with an updated log.

I have lots of problems -- blue screen of death (actually grey), hanging, sluggish, missing files, etc. It was suggested by Mark at the Vista forum that I should post here and also include a link back to my previous post. http://forums.techguy.org/windows-vi...ml#post8295250

Everything requested is below except #2 DDS, which wouldn't cooperate.

Many thanks,
Jane

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:56:55 PM, on 3/30/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Smart PDF Creator\SmartSoft PDF Printer Agent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
C:\Win... Read more

More replies
Answer Match 45.78%

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

A:reposting as directed

Hello three day bumpIt has been Three days since my last post.do you still need help with this?do you need more time?are you having problems following my instructions?if after 48hrs you have not replied to this thread then it will have to be closed!Gringo

3 more replies
Answer Match 45.36%

I have posted a few months ago but the situation has gotten worse - now I can't even launch Windows normally. I am using Windows XP SP3 currently. I have used both Malwarebytes and Spybot to try and delete the malicious entries, but they both did not come up with anything.

Someone please help - I really need to use the computer for work and schoolwork. Whenever I boot up the computer, it only loads a prompt where I can choose to run Windows in Safe Mode or Normal Mode. However, the normal mode always crashes.

Please advice in the first steps.
 

A:Windows Crashed, only Safe Mode allowed. Haven't got replied since November.

16 more replies
Answer Match 45.36%

My browsers keeps giving me error messages, won't work properly, I have to hit the 'reload page' button too many times before I can see the page I'm trying to see. It's a real pain in the neck that affects all my browsers. I've run all kinds of clean up software and even sent the pc to the techs that recomended a complete overhaul: XP Reload. I've been working on this clean up for weeks now and even have posted else where. With all do respect to the other forum I would like to post here to see if we can find this problem. Thank you.
http://icrontic.com/forum/showthread.php?p=657787#post657787.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:09:38 PM, on 12/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\b... Read more

A:Browser Hijacked: RePosting

bump
 

2 more replies
Answer Match 45.36%

I posted this on April 10th and didn't get a response. I'm now getting an error message that says, "Windows - no disk found". So I'm guessing it has wiped out my op system as well.

Here's the email from April 10th. Please let me know. I will donate!

Well, I'm back to donate more money! My home PC was hijacked last night and I do not have access to anything. None of my application icons (in the bottom right hand corner) are popping up. I can't even boot up in safe mode. I can access a couple of things on my desktop. Fortunately, my HJT shortcut was there and I ran it, copied it to my flash drive, and I'm sending to you via my office computer. I do have access to the internet. However, it's very slow. In addition, the spyware is prohibiting me from visiting your site. I get redirected to another site.

Please review my HJT log and let me know what I should do. Thanks!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:08:33 PM, on 4/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\SEA\smc.exe
C:\Program Files\Symantec\SEA\snac.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bi... Read more

More replies
Answer Match 45.36%

My pc is running slow. My husband has the same type pc. We are both using DSL, but my computer runs much slower. I ran a bunch of scans with his assistance: Ewido, Ad-Aware, AVG, Web. Dr, PandaActive Online Scan, and HiJackThis. I have attached below.

When he was comparing out system32 files to see if he had a trojan keylogger, he noticed a bunch of files on my pc that weren't on his. Upon researching it I have lots of Chinese Input Method Editors (IME) which allow control of my pc. I tried to delete these, but they come back as soon as I delete them. The files I found suspicious are: winar30.ime, wingb.ime, winime.ime, winpy.ime, winpy.mb (which searched as okay?), winsp.mb, winsp.ime, winzm.ime, winzm.mb, chajei.ime, cintlgnt.ime, imekr6.ime, phon.ime, pintlgnt.ime.

Will ou please look over anythins and see if I have a problem? thanks

lynette

Here's my HJT log
Logfile of HijackThis v1.99.1
Scan saved at 5:08:41 AM, on 12/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~... Read more

A:No help since Monday 12/4. Reposting for help please!(Moved to XP)

I ran all the scans after making hidden files/sxtensions viewable and unclicking the hide operation system option, like you suggested on his reply. Do I need to change that abck or leave it after we get this issue resolved?

14 more replies
Answer Match 45.36%

Referred here from: http://www.bleepingcomputer.com/forums/t/206354/please-help-need-advice/ ~ OBThis is a reposting of a "Google redirect problem" to this forum as instructed by one of your experts.I was asked to post a DDS log but I had a problem running that (screen flashes and disappears)I saw that an alternative was to run RSIT and I have attached the log below for review.ThanksLogfile of random's system information tool 1.05 (written by random/random)Run by Davinder at 2009-03-03 23:36:17Microsoft Windows XP Professional Service Pack 3System drive C: has 61 GB (34%) free of 180 GBTotal RAM: 2046 MB (64% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:36:27 PM, on 3/3/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\system32\DVDRAM... Read more

A:Google redirect reposting

I know you Guys are really busy but Ive not had any response since the 4th, Also my computer now slows down and freezes continuously, forcing me to manually reboot. I am also unable to bring up Task Manager.
Now Im really worried! I thought it might be wise to back up my files. The Google redirect problem persists and I am scared each time I connect to the internet.

3 more replies
Answer Match 45.36%

*Hey im reposting this as its been 3 days with no response. I realize its voluntary I jsut want to make sure my post didnt slip through the cracks.*

My laptop is registered with my colleges WiFi system. As part of that I am required to run a program called trend officescan. Every time I go to a new page on Chrome it pops up that Office scan blocked the URL http://i.trkjmp.com/crossdomain.xml.
This is quite annoying and I had both MalwareBytes and Trend officescan perform complete scan of my computer but they found nothing. Here are my logs and what steps should be take to stop this.

HJT:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:43:39 PM, on 11/9/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files (x86)\Voobly\voobly.exe
C:\Program Files (x86)\SafeConnect\scClient.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
C:\Users\Ryan\Documents\xdcc-1.8.0-full\xdcc.exe
C:\Users\Ryan\Desktop\DCGExtensionScript2.2.exe
C:\Program Files (x86)\Nero\SyncUP\SyncUP.... Read more

A:Reposting Virus removal

closed
you do NOT make duplicates

If there has been no reply, to your original post after a couple of days then reply to it with the word bump
 

1 more replies
Answer Match 45.36%

Does anybody see anything wrong with my HJlist that would help my pc run better?

A:Reposting to move closer to top

Your issue is being handled here:

http://www.techsupportforum.com//sec...us-trojan.html

DO NOT post a new topic for the same issue.

DO NOT bump unless 24 hours have passed since your last reply.

Thanks.

1 more replies
Answer Match 45.36%

alright here's my problem: none of my shortucts work at all. i have to manually go through my computer and program files and stuff to open up programs. also, none of the programs work in the start menu. everytime i try to open a program, it looks like this:

then i'd have to choose the program from the list so i can run the program. all the .exe files have this icon
and on the start menu, all the programs end with .lnk

here is my HijackThis log if you need it:

Logfile of HijackThis v1.97.7
Scan saved at 8:00:19 PM, on 10/3/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\atievxx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Kazaa... Read more

A:problem with shortcuts [reposting]

Hi xtian
Run hjt in safe mode and fix these items.Any files/folders that I have highlighted will also need to be removed from your hard drive as well as from the log. Make sure to have your system set to show hidden files and folders... Check Here.Update to hjt v1.98.2 and post a new log when finished....

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.begin2search.com/sidesearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.begin2search.com/sidesearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4... Read more

1 more replies
Answer Match 45.36%

Hi,

I've just started having some trouble with my computer. When. I turn it on, it will post and the windows loading screen will come up, but then it just beeps at me for another post. It does the same thing if i try to start in safe mode. The command prompt will get so far and then start again.

I'm running Windows xp Pentium quad core processor, 4gb RAM,

Any help you can give would be great,

Dom

A:computer won't boot, just keeps reposting

Could be a Hardware issue, have you recently upgraded any components? Try moving the memory sticks around. When it beeps is it a few short beeps or just the normal beep when it posts? Check all Hard Disk cables, Make sure the memory is seated properly. If you have another PC, you can test the hard drive and other components to see if they are faulty.

14 more replies
Answer Match 44.94%

Hello All,
This is a repost to my post on March 6th. Any help would be greatly appreciated.

It seems I have the a.doginhispen, b.skitodayplease malware. It shows in my history and periodically as a tab in IE 7. IE 7 sometimes shuts down without warning.

I followed the 5 steps but could not get the panda scan to work. I hope this gives enough. Thank you in advance for your help


Deckard's System Scanner v20071014.68
Run by Scott on 2008-03-06 20:51:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-03-07 03:51:14 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-06 20:54:09
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.... Read more

More replies
Answer Match 44.94%

Hello again,

I posted this issue a couple of weeks ago - please see below for the detailed description of the problem. (I didn't get a chance to check the responses and the thread was closed due to lack of activity - I was waiting to get a harddrive enclosure so I can back up my stuff before trying anything).

Now, I have backed up the data and I am ready to resolve the issue - and need help with figuring out where the problem is. If it is a problem with the Windows somehow, I am willing to try the system restore as a last resort but before I do that I would like some advice from the experts. Also, this laptop didn't come with a Microsoft or anyother CD so I am assuming that there is a partition on the harddrive for restoring the laptop to the original factory set-up.

I appreciate your help with this.

--------------------------------------------------------------------------------

Hello,

I have a Dell Inspiron E1705 Laptop with Windows XP Media Center Edition 2005.

When I start the laptop, sometimes it get stuck or freezes even before asking me to log in and I see the message "Windows is starting up" but nothing happens.

Sometimes, I get to the screen to log on and after entering the password, I get to my desktop window and the mouse remains active (it moves but I cannot select/start any programs) for sometime then a screen appears from Windows Security Center warning that No Anti-Virus was found on the computer and I should download one... Read more

A:Dell Laptop Freezing - Reposting

I am moving the issue to the hardware forum. Please close this thread.

1 more replies
Answer Match 44.94%

*ETA* My bad, I posted this is virus removal?then I saw that since I have a HJT logfile, I should post it here..*~*~*~After some research, I believe I am infected w/ a Vundo trojan..It started with my facebook page displaying in an abbreviated 'all text' format on occasion, then myspace..now it has been like this for 3 days..and quite honestly, I am jonesing...lol.. crazy.gif blink.gif wacko.gifand I have discovered that it is not a Java glitch, or an internet connection issue..from all appearances it in this Vundo virus...and from everything I have read it is a BUGGER to get rid of..and I am at the end of my rope..ANY help at all would be greatly appreciated..I have posted my logfile from HijackThis...I hope this is enough info!Thanks so much!TiffanyLogfile of Trend Micro HijackThis v2.0.2Scan saved at 4:13:31 PM, on 4/13/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\AVG\AVG8\avgtray.exeC:\Windows\ehome\ehtray.exeC: ... Read more

A:trojan.vundo? help!! (reposting in right place!)

Please download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.NEXTPlease download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSITBefore you click "Continue", make sure you change the List files/folders created or modified in the last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two lo... Read more

2 more replies
Answer Match 44.94%

I posted about a month ago and MSF wasn't any help. So please see the testing done then.

In mean time I continue to get BSD's (and a couple crashes) - many at start up and with loud buzzing/ringing noises - but at other times also in different programs.

I was able finally to run the hard drive test requested - had to do make another cd - so maybe the first was bad. The first time I got it to run it was hung up for well over an hour at 39% (I left - so not sure how long) and when I came back not only still at 39% but at first thought that someone's smoke detector was going off but it was my computer making that noise. The second time I ran it it worked and didn't see any problems.

The RAM test - I've tried with 3 different cds and 2 different flash drives - always when I try to access it it goes back to windows without running. I've tried to run this test at least 20 times.

Now every time I'm on the computer programs aren't working or working well so I think files are getting corrupted.

My computer is totally clean of spy/malware/viruses. 3 people have told me it's hardware - some believe hard drive and/or motherboard, memory and/or other problems, video card and/or motherboard.

Any ideas what the problem may be - since it won't run the RAM test - memory (at the least)? Would that start to corrupt my files after 4+ months of this going on?

Also, if not the hard drive, but other hardware, will I have to do a clean formatting to get it to work or (I ... Read more

More replies
Answer Match 44.94%

Have an urgent need to repost an earlier housing ad. Went through all the steps, but no feedback whatever after submission. Tried posting a new ad, but again no feedback. Don't know how to contact appropriate CraigsList staff to resolve this issue. Never had difficuly in past. Can anyone help?

A:Can't get CraigsList process to accept an ad reposting.

Welcome to TSF....

With all of the security things going on like spam blockers etc it is hard to keep up with them it could be something as simple as a pop-up blocker being turned-on. I would suggest to contact the Craigslist and ask to have tech support. Here is a good start to contacting them

http://www.craigslist.org/about/sites.html

1 more replies
Answer Match 44.1%

I was hoping someone could look at this log
My friend has IE-Spyad--script-defender

Spybot is clean
adware is clean
Spyblaster is up to date
Norton antivirus is clean

I am wondering about the R1 And all of the OSEENUS are they ok?
His computer seems to be running very slow, there are a bunch of this stuff
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
I cleaned all the temps, cookies, history
ran cleanup

Here is the log

Logfile of HijackThis v1.99.1
Scan saved at 1:27:50 PM, on 1/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost... Read more

More replies
Answer Match 44.1%

Crossposting on advice.

Hey everyone, long time since I've posted here... I'm trying to pin down why my computer shuts down during normal usage at total random. I haven't made any changes or anything, simply was checking the news on google one day, and the browser hung. So I closed it. Next thing I know my computer shuts down, dwwin.exe pops up saying it fails to initialize, so I'm thinking something is failing but I don't know what.

I'm fairly certain this is some kinda worm or virus, however spybot catches nothing, I've run hijackthis and think I cleared it out ok.., I emptied my cache's, temp files, temporary internet folder, doublechecked my running services and everything. I'm stumped, and really don't feel like a system reinstall. The reason I suspect this is a virus is well, I had system restore points out the *** last time I restored, and now everything is cleared except yesterday's checkpoint. I have it set to checkpoint every day, so something obviously cleared all of the previous files (any way to restore those and I can restore to a previous date?)

Here's my hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 10:15:03 PM, on 8/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx... Read more

More replies
Answer Match 44.1%

So when i ever i click on a link from a google search i am redirected to a new website. I haven't recently downloaded anything that i think maybe the cause. My computer is just an old hp running xp with 768mb ram. The problem happens in all browsers but the ones i use most are Firefox and Chrome all updated to their newest version. I do not have access to a boot CD or recovery disk.
Edit:
So its been over a week now so i decided to repost this I even bumped the thread (after 72 hours) and still no response. For a while the problem stopped and i wouldn't be redirected but the problem has come back again. These are all the scans from the original post. And i haven't really added or removed much since then (except for nortun scan).

It wont let me upload my attach.zip again so here is the original thread with the upload.
http://www.techsupportforum.com/f50/...us-536855.html
DDS (Ver_10-12-12.02) - NTFSx86
Run by Administrator at 12:00:17.73 on Sat 12/18/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.759.187 [GMT -5:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6... Read more

A:Google Redirecting Virus (reposting after 2 weeks)

Hello and welcome to Tech Support Forum.

I am currently assessing your situation and will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this, click Thread Tools, then click Subscribe to this Thread. Under the Notification Type: title, make sure it is set to Instant notification by email, then click Add Subscription.

Please be patient with me during this time.

Meanwhile, please make a reply to this topic to acknowledge that you have read this and is still with me to tackle the problem until the end. If I do not get any response within 3 days, this topic will be closed.

19 more replies
Answer Match 42%

Hi !

Something about my system:

Win xp home edition with sp2. I use mozilla firefox for surfing internet.
I have installed avg free edition, spyware doctor, spybot S&D


This problem is from my workplace comuputer.
The problem started yesterday when I inserted my memory stick in one usb port, and I saw on it to items:

1. a autorun.inf file
2. a recycler folder wich contained a boot.com file

both hidden.

I tried to delete them but after a few seconds they appeard again. After a while I saw that every partition has those files and folder on the root directory. I dont know if I took those files from somebody else.

Then I ran spybot and it showed me Zlob.DNSCharger.Rtk and Zlob.DNSChanger both regitry changer. And some cookies. I tried to fix those two but it didn't work. At a new scan spybot found them again.

Yesterday I ran an online scan from bitdefender (it showed my some infections), and those two zlobs didnt dissapeared. I scaned with mcafee wich was installed on my computer, nothing seemed to be wrong.

Today when I opened my computer the files autorun.inf and boot.com dind't appeared again. But after a while a window appeard with some srolldown box wich wrotes "choose profile" and it has "outlook" option. I closed the window, it didn't appear again.

I want to add that when I was hired here this computer wasn't a new one, it has been used by sombody else, so I don't know if it contains cracked programes. I know for ... Read more

A:Can not eliminate Zlob.DNSChanger and Zlob.DNSChanger.Rtk

Bump, please.

"2. a recycler folder wich contained a boot.com file" here I misspelled a word. I ment recycled.

Now I updated my windows with SP3.
Other issues: i had spy bot sd version 1.5.2. i uninstalled it and installed 1.6.0. when I restarted computer after instalation, the windows didn't boot up. It restarted over and over until I chose last good configuration to load.
I observed that my dns settings were changed and I changed them back; they dindn't rechange back since then.
I don't see a real threatning but my spy bot keep finding me those 'zlob'. I hope someone is available for me.

1 more replies
Answer Match 39.9%

I am so sorry folks i should also tell you that i have been using ccleaner the following are my HJT and adsspy logs Logfile of HijackThis v1.99.0Scan saved at 3:52:51 PM, on 1/18/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\sdkyz32.exeC:\Program Files\WinZip\WZQKPICK.EXEC:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYSC:\WINDOWS\system32\sdkbi32.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\mike\My Documents\Unzipped\hijackthis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\rgxpf.dll/sp.html#14044R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\rgxpf.dll/sp.html#14044R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Defaul... Read more

A:My new log since the accident

Please post this log in your thread where I am already helping you, otherwise we get confused.

1 more replies
Answer Match 39.9%

My son accidentally placed the operating disc for Windows XP Home Edition for a PC in his Sony Laptop Originally running Windows XP Professional. How can I remove Windows XP Home so that the computer will recognize everything?

A:Accident

and welcome to the Forum

What do you have now? . . Two operating systems or just Home?

1 more replies
Answer Match 39.9%

I accidently loaded Voodoo 3dfx on my computer and now my video is all messed up I can not read anything. How do I get this straighted out. I am not real computer savy so I really need help...please
 

A:accident

6 more replies
Answer Match 39.48%

a few days ago, I went to the "safely remove hardware" icon and clicked "stop" on the USB Port option.

Today, when I tried to get photos onto my comp by inserting the memory chip into the SD/mini/MMC/RS and the computer wouldn't reconize it. I went to my computer and checked to see if the icons, and none were there.

I tried restarting my comp, but that didn't help.

How do I retrieve the hardware?

A:[SOLVED] Accident

Remove the SD/mini/MMC/RS docking bay and the reinsert it into your PC, this is assuming that the device you inserted the memory chip into is connected through USB.

7 more replies
Answer Match 39.48%

I accidentally downloaded the incorrect student version from Digital River. I meant to go with the 64 bit but installed the 32 bit. I'd already done the install before I realized my error. I contacted Digital River and they are refunding my money for the 32 bit purchase. I have since purchased the 64 bit version but can't figure out how to install it. I'm getting an error message when I try to do the install. Is there something I'm doing wrong? I'm pretty confused right now.

A:Installed 32 Bit On Accident

  
Quote: Originally Posted by adam42381


I accidentally downloaded the incorrect student version from Digital River. I meant to go with the 64 bit but installed the 32 bit. I'd already done the install before I realized my error. I contacted Digital River and they are refunding my money for the 32 bit purchase. I have since purchased the 64 bit version but can't figure out how to install it. I'm getting an error message when I try to do the install. Is there something I'm doing wrong? I'm pretty confused right now.


Welcome to the forums...

What error message are you getting? And at what point are you getting it?

9 more replies
Answer Match 39.48%

So I formated my main partition on my toshiba and I know what your thinking already. That I know nothing of pc's but i learn from trial and error. But my problem is I made a boot disc for windows 7 with torrents, and I got some progress and I have know idea what to do. I boot the pc and it boots up with only freedos settings it says freedos 2006 1.0 and it gives me different ways to boot up but no matter which one I pic always gives me the same error message.
FreeDOS HIMEM64 3.26 [Aug 25 2006] (c) 1995, Till gerken 2001-2006 tom ehlert
himem - always on a20 method used
kernel: allocated 43 diskbuffers = 22876 bytes in hma
freecom version 0.84-pre2 xms_swap [Aug 28 2006 00:29:00]
can not redirect output to file 'temp.bat'
bad command or filename - "temp.bat"
file not found.- 'A:\temp.bat'
checking for cdrom driver or c:\fdbootcd.iso...
El-torito bootable cd-rom driver for dos v1.4, http://www.nu2.nu/eltorito/
(c)2000 by gary tong
(c)2001-2002 by bart lagerweij
no booted cd-rom found.
driver not installed
there is no cdrom, or the wrong cd-rom!

if any one has seen this please help.
 

A:formatting accident

11 more replies
Answer Match 39.48%

For the record: I am Win98 and ME certified and knowledgeable with DOS.
I am a 'shift-del' freak and was cleaning my desktop, 3 weeks ago and accidentally included my coin logs(I've been working on these for 3.5 years). Being an XP user and knowing XP doesn't use DOS, I thought there was no chance of getting them back; I just found out I was wrong and with the proper tools I can. I never did this before, but so need to. Please help.

UPDATE: A friend referred me to "recuva" yoake a recovery, of about 15 files(MSWord), I got back 2 and one was my buff(buffalo coin) logs. However later I discovered;both files will not open. Windows says, "word cannot find compressor for..." I'm clueless here. Plus after choosing to unhide all files and folders, I ran into 2 files that have the names I lost; but they begin with "~$", only have 1K and the icon is light colored. What is this? Any chance of recovery nof these 4 and others.?
 

A:'shift-del' by accident

there are quite a lot of recovery programs available

I have used www.z-a-recovery.com a digital camera free recovery on the site and recovered 100 images off a CF card , so i know some of these work well

From a Elvandil Post
Here's a list. If the free ones don't see anything, forget the pay ones. I know Pandora is still around and has updated recovery software. And the other day, someone used the Disk Investigator at the bottom, which is meant to show you how much stuff is still on your drive after you thought you cleaned it, and they managed to get all their files back. Dr. Freeware is pretty new and updated not too long ago, with other useful tools, too.

Here's the list, anyway (I have more if you run out ):

Free recovery applications:

Dr. Freeware Boot CD (also has partition tool, drive cloner and imager)
DiskDigger & NTFSWalker
Pandora Recovery (Free for personal use)
Smart Data Recovery
Recover Files
Roadkil's Undelete
Recuva
Restoration
Free Undelete (NTFS only)
Softperfect File Recovery
ADRC Data Recovery Tools
Undelete Plus
Data Recovery
PCI File Recovery
DriveRescue
Ultimate Data Recovery
Disk Investigator

Commercial:

O&O Disk Recovery
Paragon Mount Everything (Mounts any file system, CD/DVD burning, File Manager, Partitioner)
GetDataBack (For FAT or NTFS)
Ontrack EasyRecovery Pro
File Scavenger
Recover My Files
RecoverPlus Pro
Zero Assumption Recovery
[email protected] File Recovery
Final Recovery
Recover4All Professional
Easeus Data Recove... Read more

1 more replies
Answer Match 39.48%

Hi everyone.

I am having a very similar issue as OP, but I "accidentally" [STUPID ME.....] did diskpart/clean (only clean) on a remote HD (149Ghz size with no partition on it).

I am still reading through this thread and hopefully I will be able to recover my data on this remote HD. I have been using TestDisk, EaseUS partition recovery to scan (only quick scan so far) w/o any luck yet. At this moment I am running Partition Recovery quick scan now. Since I do not have any partition on this HD, I am not sure if I am doing the right thing.... I only store pictures (tons of them) and some docs on it. I am on Page 9 of this thread, I will keep reading and trying.

Thanks in advance for helping me,
Lucy

A:Diskpart By Accident

Originally posted here diskpart/clean by accident....need to recover partitions,begging :'(

Moved to allow better help

5 more replies
Answer Match 39.48%

Hi all,

I'm not pc savvy at all so this message comes with a tad bit of panic!

My mother accidently hit "log off" instead of restart using windows XP. Now she gets a blue screen that says "Welcome" on the left and my family's name with a chess board icon on the right. There's a button on the bottom that says "turn off family computer". We cannot get to the desk top no matter what we try. We can only shut it down. We think she hit log off-- since it's a family computer we never use this function. Can anyone tell me how to get back to the desktop? (she's quite upset because we're not sure what happened exactly, and not sure what to do)

ANY help or suggests are welcome! Thanks much!
 

A:XP help-- logged off by accident!

9 more replies
Answer Match 39.48%

Hello-I have a windows xp (version 2002) Asus EeePC and I think I might have downloaded a virus accidentally whilst on a music radio website. I found that it messed up my internet browser and it would directly open to a website called "partner12.mydomainadvisor.com" Please advise what I should do to clean this up! I have changed the default from the wierd website to "google.com" but it still will default to this website "partner12..." if the domain name does not exist. i used to have norton antivirus but the subscription ran out and i did not renew...I know I should probably get something to protect my computer as well from now on. Thank you
 

More replies
Answer Match 39.48%

When I was reformatting my computer i deleted a part of my drive that i think was really important. It was drive E:. After the reformatting I tried to go on the internet. I tried to go on wireless but, I didn't have a wireless internet icon for my wireless card so I plugged it in. Still i could not go on the Internet. Then I tried to open some programs and half of them would load the others I would get error reports from.
I think the reason it doesn't work is because of the drive I accidently deleted. Is there any way that I could get the data back without taking it to a repair shop? Thanks for any help. Oh and I cant put my laptop on standby either.
 

A:Deleting accident

9 more replies
Answer Match 39.48%

General Info

Windows 8 pro
Laptop
Cant do anything on computer
using a different laptop right now

I was in regedit trying to delete an instant savings app that had found its way into my computer. I believe i was in Local_Users and i know i went to the software folder. I accidentally deleted the software folder and I couldnt use any programs. I couldnt use a system restore because it gave me an error so i decided to reboot and go into safe mode and do it there but it didnt work. I have been trying to figure all of this out with windows technicians and didnt get anywhere. I cant do anything on my broken computer because when i boot it up, it skips the boot menu and i cant get it into safe mode or anything. it goes straight to the lock screen and I cant read any texts and can only put in my password. After I put in the password, it gives me a black screen for a few seconds with a blue spinning wheel on my mouse and it goes back to the lock screen. My idea was to load the cd I have with the win8 pro back onto my computer and that would reset the registry but I dont know how to do this because I cant do any functions on my pc at the moment. any help would be great. Sorry for all the bad writing, I am trying to finish a lot of homework and figure out this problem at the same time.

Thank you,
Alex
 

A:Accident in regedit

6 more replies
Answer Match 39.48%

hi guys im new to this software i didnt really no what this was all for really and me being one for downloading any thing and trying n e thing ive come across a kinda thing in which i have put my self into a lot of bother.
I kinda did the scan on the hijackthis software and kinda clicked every thing.
in doing so i have stopped them all.
in realising this i turned it all back on. thankfully i did a backup and it worked.
unforatuatly i deleted the back up and then scanned for things i didnt want.
i found a few things and then ticked them.
accidently ticked my firewall or some thing to do with my firewall and now it doesnt work.
ive reinstalled it 4 times and still it wont let n e traffic through.

is there any help i can get from some one so ui can turn it back on.
cheers.


luke
ps i have a log of wat i scanned just now if thts needed to help

A:accident prone please help

Welcome to TSF.

That's not good. That's the main reason we tell users not to use this program on their own since it can cause damage. Do you have an older log of what you had before you did the fixes? If not, tell us what you fixed if you can remember.

Post your new log you have now and we'll take a look at it. What firewall program are you using?

5 more replies
Answer Match 39.48%

I noticed a slowdown on my computer this past week,
so i stupidly ran combofix thinking it would solve the problem.
i think it may have deleted something very important,
and now my computer wont load passed the:
"start windows normally; safe mode; safe mode w networking; etc" menu.
im afraid there's nothing i can do at this point.
i need help please!
 

A:ComboFix Accident!

7 more replies
Answer Match 39.48%

I'm using windows XP and in network connections I accidently deleted my lan connection icon. (I know that sounds goofy) Then the recycle bin got emptied before I could restore it Since I am using DSL I obviously need this, but it will not even detect the hardware to make a new connection. I've spent hours trying to figure this out, and read everything about LAN in the microsoft help and support.
please help!
 

A:threw away my lan by accident

8 more replies
Answer Match 39.06%

I might have erased something on regedit that is preventing me from startying any app right now. The only way to get to my web browser is through the "run" option. When ever I attempt to load something, "mozilla, explorer or any other app" I get an error message:

This file does not have a program associated with it for performing this action. Create an association in the Folder Options control panel.

All this is due to a stupid adware they I cannot get rid of but some help would be nice. Thanks again.
 

A:Erased script by accident.

XP??? Use IE

EXE FIX http://www.kellys-korner-xp.com/regs_edits/exefix.reg -

save target as exe.reg - double click - boot
 

2 more replies
Answer Match 39.06%

By Accident I Unplugged My Computer while it was on and now i am worried that my movie files will be corrupted...they seem to play fine...but i am still worried....please could somebody please help by telling me if any of my files will become damaged...thank you
 

A:By Accident I Unplugged My Computer While It Was On

Unless the files were open and being played or saved at the time of the power loss, there should be no damage.

But remember that power can do out at any time and hard disks die without warning (quite often, these days), so all your important data must be backed up. Since you are so worried it would suggest you have no backup plan. Maybe time to get one?

As an example I backup all new data every day, to a second and totally separate hard drive, then all data to DVD every week. Every DVD is "verified" to ensure that no files are corrupt in the copy process.
 

3 more replies
Answer Match 39.06%

I'm not sure how it happened, but I managed to perform a system recovery on my VAIO sz330p. Is there any possible way to undo this a get my system back to the way it was before?? Or at least retrieve some files I had on before? Unfortunately I never turned my system restore on because I didn't exactly know how to so I can't configure my laptop back to a specific date...

Is there anything I can do? If I took my laptop to a technician would he/she be able to undo the recovery?
 

A:help me! accident system recovery!!

7 more replies
Answer Match 39.06%

hi

had security tool malware on my laptop

ran malware anti to remove it and it said i had an infected userinit.exe

so i deleted userinit.exe (big mistake)

i have xp but do not have xp install cd

i have a floppy drive and a thumb drive

cannot get back to my desktop NOR can i get to a c:\ anymore in safe mode

believe i need to copy userinit.exe from somewhere back into c:\windows\system32 but do not know how with what i have to work with

please help

tx
 

A:deleted userinit.exe by accident

There is a backup copy in C:\Windows\System32\dllcache

most of the time it is compressed in this folder.

Here is a copy of it from my XP installation (uncompressed)
See attached
You will need a XP install CD and use recovery environment to copy the file to the proper place, or use an Ubuntu boot CD to do it.

Here is an article on using a Ubuntu CD to copy data off an unbootable windows PC, one could also use it to copy a file to a Windows folder.
http://www.howtogeek.com/howto/wind...backup-files-from-your-dead-windows-computer/
.
 

1 more replies
Answer Match 39.06%

pc has 2 drives in it. c: and d:. i was installing xp pro on c: and during the install the process asked me if I wanted to delete partitions. I selected the wrong one (d: ) and deleted it. I did not format it. Is there a way to get all the data off that drive? I tried PC Inspector File Recovery but that program does not get all the files. It seems to pick up only on directories and nothing else. This d: drive is in a pc that has win2k pro with SP4 and windows no longer sees this drive. any help would be appriciated
 

A:deleted partition by accident

7 more replies
Answer Match 39.06%

I made a data disc (CD-R) with nero 5.5 (size of data 400mb) and accidently my daughter did another burn (size of data 2mb) on the same disc, her data is there, have I lost mine completely? I seem to recall reading somewhere that there is a program for retrieving the older data?
 

A:Data disc accident

6 more replies
Answer Match 39.06%

hi, i had a lot of music and shows on my computer. i decided to buy an external hard drive to put all of my multimedia on it. i tripped on my external hard drives power cord and it fell to the ground and broke. aside from the external hard drive, is there a way to recover the files on my computer? please help.
 

A:deleted files on accident

This one gets high marks. Maybe worth a try.

http://www.recuva.com/
 

3 more replies
Answer Match 39.06%

I went and inadvertantly disabled both monitors on my Ti4600 vid card. I just wanted to disable one as I thought having two caused problems using my mouse with the game Manhunt(retail copy). Mouse buttons worked but movement didn't.I tried three mice-optical,usb,ps/2 etc.I noticed the mouse cursor spanned both monitors during gameplay.
I installed on a slower machine (single monitor) and the mouse function as it should(ver slow computer though).
BACK TO ORIGINAL PROBLEM-I disabled one monitor, but picked the wrong one, went to disable the second and now I can't get any view of my desktop in order to re-enable them. Switched plugs, switched monitors et al.
PLEASE HELP WITH ANY OF MY PROBLEMS !!!!!!!!!!
AMD cpu:2.6g
1gig ram
ti4600 vid.
creative audigy aud.
 

A:Disabled both monitors by accident!!!!!!!

Have a look on this site http://www.waterwheel.com/Guides/how_to/monitor/monitors.htm
 

2 more replies
Answer Match 39.06%

Long story short I was removing a virus and deleted it by mistake.

so everytime I log in it kicks me straight back out. Im on a different laptop to post here, what can I do?

Appreciate any help.
 

A:Deleted userinit.exe by accident!

No help? Really need that back
 

2 more replies
Answer Match 39.06%

I uninstalled my nvmixer and i need to get it back if its possible. I have no idea what to do. Anyone know?
 

A:nvmixer uninstalled by accident

http://downloads.guru3d.com/download.php?det=761
 

1 more replies
Answer Match 39.06%

Hi.

I got an OEM version of Windows 7 Home Premium 32-bit with my PC, which is capable of 64-bit.

I've read that the serial key is legal for either version, 32-bit or 64-bit, but the DVD I got only has 32-bit version.

How can I get a new DVD with the 64-bit version, as I got 8 gigs of ram and I can't use them.

I bought and built the computer myself and made a mistake when I ordered Windows, and asked for 32-bit because I was scared of compatibility, and I opened and installed it already, so I can't take it back.
Help

A:Windows OEM 32-bit bought by accident,need 64-bit DVD

You can try contacting whoever supplied you with the 32bit disc and explain your mistake... they may send you a new 64bit one... You may just have to bite the bullet and purchase the 64bit version...

4 more replies
Answer Match 39.06%

Hello, I recently purchased Dell XPS 8700 that came with a 2tb harddive formatted with GPT. The computer came with Windows 8, and I wanted to downgrade to Windows 7. However the windows installer wouldn't install on any of the current partitions, so I deleted every partition with gParted and proceeded to install Windows 7 successfully onto the one giant partition. Since I deleted all the GPT partition information (Idiotically), I am unable to make more partitions and dual boot.

So my questions are: Is my harddrive as of right now in MBR or GPT? And how would I add the GPT partitions back, as in the primary and secondary GPT headers?

Edit: I am attempting to dual boot with Xubuntu 14.04 and Windows 7 Professional, both 64bit and the computer has the UEFI, I think. Am I better off using MBR or GPT to dual boot? I only want two OS's and a shared data partition.

A:Deleted all the GPT Partitions by accident

Quote:
Since I deleted all the GPT partition information (Idiotically), I am unable to make more partitions and dual boot.




Deleting all GPT partitions is a recommended step to downgrade "Windows 8" as "Windows 7" is known to not much liking GPT based UEFI boot mode. Although "Win 7" 64 bit edition may boot from a GPT disk, i prefer MBR partitioning especially in case of dual booting with Linux.The only mistake you made here is not to partition the disk at the time of install. Fortunately you can split the single large "C" partition to two or three small partitions with the help of "Partition Wizard" free edition.
Download link : Best Free Partition Manager Freeware and free partition magic for Windows 7, Windows 8, Windows Vista and Windows XP 32 bit & 64 bit. MiniTool Free Partition Manager Software Home Edition.
What you need to do is first shrink/resize "C" and create one or more new partitions using the free space.
How to shrink partition : Shrink Windows partition with partition manager - MiniTool Partition Wizard.

Video guide : How to Move/Resize Partition with partition manager? Partition Wizard Move/Resize Partition Video Help.

4 more replies
Answer Match 39.06%

Hi,
I was going to check if my external HDD needed to be defragged. I was in the wee window that asks about checking the disk for errors and decided to do that, there's always two options, one is always automatically ticked and there's another one that said something about find and attempt to restore corrupt files, that is never ticked and I never choose it, until today. All I noticed was it found 1024 files, and I clicked proceed, it processed or fixed etc and i went back to the pc after an hour and decided just to cancel as it seemed to be stuck at 2025 files checked.
Once i clicked cancel I couldn't get access to my external HDD and when I right on 'My Computer' it says it's NTFS files and is full but windows can't get access to it, i thought i'd try restoring it and i can see that out of the 1TB I have used 330GB which is what my disk was like before my mistake.
as with most people I have all my most important stuff saved there away from my C drive.
Ok, sorry for waffling on, can anyone tell me if I am able to restore my drive back to what it was (Would that have been FAT32 files?)
 

A:Changed HDD to NTFS by accident

9 more replies
Answer Match 39.06%

I wasn't sure where to post this but that's how desperate I am. I deleted my picture folder from my Laptop, that runs windows Vista, how can I get them back? they are not in the trash bin, I checked but for some reason nothing get send it to the trash can, it just delete and that's it.

Please any help??????
thank you

Jaime
 

A:Files deleted by accident

6 more replies
Answer Match 39.06%

I am currently running on Vista Home Premium OS and in error deleted my Recycle Bin. Whoops........!!!!!!!!!!!!!!!!!!!!!! .....I know pretty stupid. I have tried to do a System Restore twice and am being told the System Restore did not work. I'm in a panic here. Can someone please HELP me to restore the Recycle bin back to my desktop.

Thanks in advance.
 

A:Deleted Recycle Bin by Accident

Try this:

Right-Click desktop
Select Personalize
Select Change Desktop icon on the left hand side
Check Recycle Bin and hit apply

Does that work?
 

2 more replies
Answer Match 39.06%

I recently built the computer shown in my specs. I didn't get to joining the existing homegroup quick enough. My wife needed files from one of the homegroup laptops. Having not joined, my wife attempted it but ended up creating a new homegroup on the new build. When I go into homegroup (start menu) I don't have the option to join a homegroup, nor do I have one to leave the homegroup.

So how do I delete the new homegroup created, so I can join my established group?

A:New homegroup created by accident

What you need to do is remove each computer from the new homegroup.

Once you've done that, the homegroup will no longer exist, leaving you free to rejoin your original homegroup.

Leave a homegroup

4 more replies
Answer Match 39.06%

I'm a begginer on computers and I have a HP pavilion a1520n with Windows XP media center edition 2005. I accidently deleted a file and now every 30 seconds I get an automatic pop up saying " the feature you are trying to use is unavailable. Click ok to try again, or enter an alternate path to a folder containing the installation package 'EZARC.msi" . I can't figure out what to do. Sometimes there's another pop up that says, "Try the installation package again using a valid copy of the installation package 'EZARC.msi' " Can someone please put an end to my computers suffering because of its idiotic owner?
 

A:Ive deleted files on accident, HELP!

Hi friikenfreezin84

Welcome to Tech Support Guy Forums!

See post #4 here:
http://forums.techguy.org/multimedia/500953-ezarc-msi.html#post4145541

Let us know if that works for you or not.
 

1 more replies
Answer Match 39.06%

Hi all, i accidently deleted file which i have been update it everyday from beginning of 2010, it was in usb stick and excel file, tried "restoration 2.5.14", it had retrived more than 120,000 files, none of them was in the name of 2010, that's my deleted file's name, will anyone please help, thanks in advance
 

A:deleted file by accident!!!!!

Try Recuva.
 

3 more replies
Answer Match 39.06%

I'm convinced that I accidentally removed the DVD-R driver from my CD-RW/DVD-R drive. I have a Dell Inspiron 9100 and haven't been able to track down or successfully update the driver to fix this problem. Can someone help me? I'm really new at this. Thanks.
 

A:Removed DVD-R driver by accident

8 more replies
Answer Match 39.06%

Hello,

While I accomplished so much successfully setting up my computer in AHCI earlier, I now blew it all.

I had the SMART command failure error with my SSD, and received a new BIOS from my motherboard manufacturer. I applied it and "Loaded Optimized Defaults" in the BIOS as your supposed to. Stupid me, that means the motherboard activates IDE mode, but I installed Windows in AHCI mode.

So... I switched it back to AHCI after booting into IDE by accident and now I'm getting MBR Error. Is there any way to repair this? I have been trying to repair it through the Windows Install disk, using bootsec & command prompt to no avail.

Likely because where the screen pops up that says: "Use recovery tools that can help fix problems starting Windows. Select an operating system to repair" There's no option to select. So I elected to "Load Drivers" using iaAHCI.inf [Intel ICH10R] from the Intel RST installer (I extracted it on my Laptop). It still doesn't recognize it.
-->This is all pertaining to image 3. on the guide on the link HERE

If I HAVE to install Windows again, I have 2 storage drives installed as well, do I take them out to prevent them from being formatted? They are holding My Documents/My Pictures/My Music/My Videos etc.

Thanks!

A:MBR Error, After Booting in IDE (Accident)

Hello again.



You shouldn't have to reinstall, have a look at this tutorial at the link below, it shows how to enable AHCI after the OS has been installed and be sure to post back with any further questions you may have and to keep us informed.



AHCI : Enable in Windows 7 / Vista

9 more replies
Answer Match 39.06%

ive just managed to delete the whole of my lossles music collection by using shift and delete on the folder (wasnt concentrating)

can i get it back? thanks

A:shift and delete accident

Try Recuva: Recuva - Undelete, Unerase, File and Disk Recovery - Free Download

Ideally, you need an external drive to save the recovered files to.

8 more replies
Answer Match 39.06%

Hey guys, just opened up a link on steam from someone and stupidly opened and ran the file which was a .scr.
From a preliminary search it seems that I may have installed a Trojan, so any help would be appreciated.
 
Running a Windows 7, with the only security software being Microsoft Security Essentials (which a scan didn't turn up anything awry).
 
Many thanks for any help!
 
 
Edit: here's the logs of the security check I just ran
 Results of screen317's Security Check version 0.99.91  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 JavaFX 2.1.1    
 Java 7 Update 71  
 Adobe Reader 10.1.12 Adobe Reader out of Date!
 Google Chrome (39.0.2171.65) 
 Google Chrome (39.0.2171.71) 
````````Process Check: objlist.exe by Laurent````````
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 60% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 
 
 
And AdwCleaner
# AdwCleaner v4.104 - Report created 06/12/2014 at 22:12... Read more

A:.scr file opened on accident, what do I do?

Hi blavongtheung,
 
  to BleepingComputer.
 
 
Did you clean detections of adwCleaner?
Please post the results. 
You can find result log file  at "C:\AdwCleaner"
 
And hows your system working?
Are you having any issue?
 
 
 
 
Regards
Tenis
 

9 more replies
Answer Match 39.06%

Hello I'm not very clued up in VBA and tend to record macros and then tweak them. Today I used Ctrl-Break to stop a macro, but must have done something else accidentally as I have lost my VBA menus entirely. When I right-click the top of the screen all I see is Restore, Minimise and Close. The Restore Down button is also not working. I have attached a screenshot. I am using Excel 2013 and Windows 10. I have googled this extensively and tried many things, but nothing is working for me. Your help would be much appreciated as I have wasted half a day on this already and am ready to pull my hair out. Thanks!

PS I have also uninstalled and reinstalled Office and rebooted, to no avail.
 

More replies
Answer Match 39.06%

I recently clicked on the fn and f5 key together on accident and it messed with my screen and now my background is no longer full screen but small and centralised and everything has become smaller. I have tried adjusting my display, restarting multiple times and repressing the fn+f5 key but nothing seems to be working. Please help.

A:I pressed fn+f5 on accident and it messed with my ...

right click on your desktop, display settings, advanced display settingscheck your monitor resolution and set it correctly.

5 more replies
Answer Match 39.06%

Hi I accident deleted my photos and a video file on my memory card from my camera is there a way to recover them? The memory stick is Sony MEMORY STICK PRODu0 magic gate Mark2 2GB

The Camera is a Sony Cyber-shot

Thanks.

A:Deleted photos by accident

Take a look here: http://www.piriform.com/recuva

No guarantees, though.

2 more replies
Answer Match 39.06%

Hi guys,I wanted to split 8 gb file but instead of MBs I selected bytes so basically now I have alot of 4.1 kb files so I would appreciate if you could tell me how I can delete all the files quickly because manually deleting all the files is slow and I have some other stuff to do.

A:[SOLVED] Funny accident

In Computer select the first file scroll down the list to the last file you want to delete and press the Shift key and click on the last file press delete to send them to the recycle bin or hold the Shift key and press delete to permanently delete them.

3 more replies
Answer Match 39.06%

I have a 2TB external hard drive and a 1TB external hard drive.
I got a new 2TB internal hard drive and was installing Windows on it.
On the screen where it showed the connected drives, I stupidly forgot the 2 external drives were still connected. I thought somehow it was breaking up the new 2TB internal drive into 3 separate partitions. I clicked on the two external drives and deleted the partitions because I thought it would merge them. I DID NOT format luckily.
I am in the middle of running the Analyzer using TestDisk on the 2TB external. Since it is a 2TB hard drive, it is analyzing about 10% of the disk per day. So I guess it will take 10 days to finish. Small price to pay if I can recover all the data on these drives. One has all our home movies and photos and the other has all our scanned documents in PDF format. Sigh.
I am wondering if I am doing this the right way with TestDisk? Is there a faster way? When I deleted the partitions, the process took less than a second. The drives were partitioned to used 100% of the drive space. I read the page TestDisk Step By Step but still not sure if there isn't an easier way for my particular blunder. Nothing should be corrupted. Just deleted.
Thank you!
 

A:Deleted Partitions By Accident Please Help

Yes it should be faster. I thought there were two levels to the restore deleted partitions and only the deeper level involves scanning the surface for old deleted partitions.
 

2 more replies
Answer Match 39.06%

In trying to remove the log on screen on Win 7, I followed a
YOUTUBE video. It said to delete one of the owner files account icon, but when I did I didn't see the choice in the menu box of
[save files] ! Help what can I do?

YouTube - Broadcast Yourself.

This is the site.

A:deleted files by accident HELP!! Please

Enable the hidden Administrator Account. Then create a new user profile account with admin rights. If you can't log onto your computer at all even in Safe Mode then put the Windows DVD in and boot off of that and choose Repair My Computer.

4 more replies
Answer Match 39.06%

ok. i uninstalled soundmax from add/remove programs thinkin it was just another audio player i didnt need... sound doesnt work at all.. I HAVE A DELL 4600 PENTIUM 4... i went to device manager and under sound video and game controllers it says
-audio codecs
-legacy audio drivers
-legacy video capture devices
-media control devices
-unimodem half-duplex audio devices
-video codecs
and under other devices it has a question mark with an exclamation mark beside multimedia audio controller.. BUT THATS UNDER OTHER DEVICES.. i went to dell drivers and downloads and downloaded Analog Devices ADI 198x Integrated Audio, right after it finished.. or i think finished something poped up with a big red x the title was soundMAX - Installshield Wizard and in the box it read, "windows audio service has been enabled! please restart your computer and run this installer again". i did, and the exact same thing poped up. So, i decided to download soundmax file version:4.0.100.1189. i ran that program or driver or whatever it was and a box poped up with a big red x once again.. it read "Driver not found! Reboot your system, and run this setup again." i restarted the computer and installed the program again but again it said the same thing, at this point im stuck and dont know what the h*ll to do.:dead:.
 

A:Uninstalled Soundmax By Accident. Help!

And Its A Windows Xp Service Pack 2
 

3 more replies
Answer Match 39.06%

I had a problem with my ethernet not fully connecting to my computer saying that it was missing one or more network protocals. I tried to fix it by uninstalling it then reinstaling and now i dont know how to reinstall it!

More replies
Answer Match 39.06%

I reformat my pc and install XP but what problem I faced is "During the installation, the installation stopped and error messege occured." I can't remember what error is it...

Due to this problem, I had to reformat my pc again and install again since the OS repair not succeed. Because of this multiple times reformatting, I started worry about reliability of my hard disk drive.

What i want ask is " If i faced this problem in the future, any common solutions that can fix these kind of problems (if different of error messeges)".....

A:Accident occured during OS installation

you don't have to worry about the h/d
if you have problems with installing
check the disk is clean
try it with only one stick of ram in and reinstall the other ram when you have finished installing

2 more replies
Answer Match 39.06%

Ran an exe. file last night by accident that had appeared on desktop "stupid. It ran a dos app. ? Advanced properties= %SystemRoot%\SYSTEM32\AUTOEXEC.NT
%SystemRoot%\SYSTEM32\CONFIG.NT

Have a number of files in Windows directory (XP Pro) with same time. They are:

SchedLgU.Txt

bootstat.dat

wiaservc.log ([wiaservc] Opened log at 12/5/2004 01:58:56.140

0.log

wiadebug.log

setupapi.log

"Have not rebooted since incident"
Logfile of HijackThis v1.97.7
Scan saved at 11:45:10 AM, on 12/5/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Multimedia\main\LaunchPd.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.... Read more

More replies