Avast WEBforum
Other => Viruses and worms => Topic started by: kissagain on March 17, 2013, 10:39:45 PM
-
My computer has a Malware problem, I truly believe. However, this post is a test, as I am NOT on MY computer at which I attempted to post with a request for assistance. My computer didn't allow the CAPTCHA to be accepted or sent or whatever the problem. Therefore I am testing to find out if the CAPTCHA works at the library computer and ONLY not at mine. If the CAPTCHA works with this test, I will then return with all the detail of my problem for help.
So, PLEASE reply to this post letting me know that it is received.
Thank you,
kissa
-
Hi what are the symptoms ?
-
Hi essexboy,
I hope I can continue my problem with this thread. I am going to try anyway.
Thanks for replying. I have been finding several symptoms, beginning with a short time after getting the many popups for "Malicious URL Blocked". Most of them indicate the infection to be URL:MAL. I have had a few indicate an infection for a jvascript or Jscript or something like that... "J*script". I dont'; have the exact on the script infection because I have misplaced my notes, including the print out that I made of your post titled "Logs to assist in cleaning Malware". with both popups I get the indication that they are happening in the svchost.exe. I have run a few of the programs in the past in attempting to get through onto the forum for help.
First to answer your initial question, the first thing I noticed was that I could not get to www.Google.com (still not able to). I get an error of page not available. My sound has stopped for me totally, my printer no longer will print, I cannot use any site that require CAPTCHA, inthat the words do not show for me to copy into a box (if I even get a box). There may be other syptoms that I am not recalling at this time or that I might not have realized in encountering.
I have run the first three of the programs that you request in your posting (named above). I am attaching all four of the log files that you request from them (Adwcleaner[S3], mbam-log-2013-3-18(17-54-06), the OTL, and the Extras(X)). I ran the programs and retreived the logs today with the exception og the Extras(X) file. There was not Extras file produced today, but the one that I have included was from the last time I ran the programs on my computer. If you find that you might need the logs from previous scan, I have them also.
I hope you will be able to help me with my rpoblem. Thank you for any help that you will be able to give me.
kissagain
-
also attach aswMBR log
-
OK this looks like we may need to run some repairs as we go. I will start off with three programmes to remove as much as possible and then try to do some repairs on completion
Please attach all logs
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
(https://dl.dropbox.com/u/73555776/OTL_Fix.GIF)
:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
:Files
ipconfig /flushdns /c
netsh int ip reset /c
ipconfig /release /c
ipconfig /renew /c
netsh winsock reset /c
:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN
Download the latest version of TDSSKiller from here (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) and save it to your Desktop.
- Doubleclick on TDSSKiller.exe to run the application
(https://dl.dropbox.com/u/73555776/tdss%20start.JPG)
- Then click on Change parameters.
(https://dl.dropbox.com/u/73555776/tdss%20Change%20param.JPG)
- Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
- Click the Start Scan button.
- If a suspicious object is detected, the default action will be Skip, click on Continue.
(https://dl.dropbox.com/u/73555776/tdss%20threat.JPG)
- If malicious objects are found, they will show in the Scan results and offer three (3) options.
- Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
- Get the report by selecting Reports
(https://dl.dropbox.com/u/73555776/tdss%20report.JPG)
- Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
Please copy and paste its contents on your next reply.
FINALLY
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here (http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html&pid=494216#entry494216)
- Double click on ComboFix.exe & follow the prompts.
- Accept the disclaimer and allow to update if it asks
- Allow the installation of the recovery console
(http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png)
(http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png)
- When finished, it shall produce a log for you.
- Please include the C:\ComboFix.txt in your next reply.[/b]
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
-
@ kissagain
The captcha requirement in the avast forums is an anti-spammer measure, but it is only for the first 3 posts. After that you should be OK in the forums without having to go to the library.
-
Essexboy
I have 1 question before I proceed. For the custom scan, "code: [select] or only the text that is in the lavender box?
kissagain
-
That is correct, if you click the underlined select it will highlight the necessary text for you to copy
-
essexboy
Yesterday I proceeded with the process you wanted of me.
I ran the OTL "RUN FIX" with the custom scan. It ran for at least over an hour when my computer sceen went into sleep mode and my desktop closed. I was not able to logon to my computer screen again. I had to perform a "hard" shutdown. I then left it off until today at which time I ran the OTL Quick Scan and have now attached that report. After running the OTL Quick Scan I downloaded and began the TDSSKiller.exe program. It ran for almost 4 hrs when I left home to come to the library for this reply. (I will abort it when I get home). When I left it seemed was still at the same point it was shortly after I left home, processed 4 objects and was still on the same object. (something like C:\WINDOWS\systems32\ASPI **** not sure the rest)
I will await your reply.
Should I rerun TDSSKiller.exe
Thanks
kissa
-
Hmm that seems a tad weird
Could you go direct to the combofix stage please, but when you download combofix rename it to Gotcha as something is a tad hinky here that is not showing in the normal scans
-
essexboy,
Again, I seem to have another problem. I ran the ComboFix (after ownload, named it Gotcha) It got stuck at a point that says "Completed Stage_48" (still open and stuck, on my computer) obviously without a log (I even checked).
Thanks
kissa
-
Could you stop combofix please. Reboot to safe mode and then retry from there
-
I rebooted into safe mode, choosing the command prompt mode. Then I had further options. I then selected microsoft windows, which brought me to a windows logon with only the admin icons. I logged on which then opened a command prompt window. I entered the command "run" then the path for "gotcha.exe" (on the desktop). I got a return msg saying, " 'run' is not recognized as an internal or external command operable program or batch file."
It has been a long time since I have used commands within a prompt mode.
Please explain for me to get to where I need to go to run the "gotcha.exe" (ComboFix.exe renamed as previously directed)
I have shut down my computer at home and will be waiting for a hopeful quick reply here.
Thank you,
kissagain
-
When you get to the safe mode menu select "safe mode with networking"
This will then bring you to the windows desktop and you can run from there
-
essexboy,
I was able to get ComboFix to run in safe mode. However, again, it ran up to the same point and no log .... "Completed stage_48".
(FYI - able to now post from home without the CAPTCHA)
kissagain
-
OK these JS files are causing a problem.. So reboot to normal windows, run an OTL scan
Then do not reboot until I give you the next fix.. I will be here for a while
-
essexboy,
I didn't understand why I hadn't gotten a reply sooner (didn't notice the "page 2") but finally found it a little while ago.
I have done another "Run Scan" with the OTL and have attached the log here.
kissagain
-
No problem, you will be amazed at how many times I miss page 2
How is the computer behaving now ?
-
My printing is still getting a "communication not available" msg and my sound has not returned. I try "google.com" and I get a "404 Not found".... no changes that I notice, but I'm not sure how much could be wrong either. I have not gotten any of the " Malicious URL Blocked" msg either for awhile (even before making contact with you, only periodically), with exceptin a few days ago.
The other msg that I had pop up witinmy "problem period" has been the Malicious URL but it was "Object: JS: Script JP-inf[trj] Process: C:\windows\system32\svchost.exe" ("Process" and "Object" may be in wrong order). I have rcently fund ypaperwith this info, but it have been quite awhile since having that popup.
-
Lets run a repair on the main system files, this could take up to 30 minutes to run
Download Windows Repair (all in one) from this site (http://www.tweaking.com/content/page/windows_repair_all_in_one.html)
Install the programme then run
(https://dl.dropbox.com/u/73555776/waio%20start.JPG)
Go to step 3 and allow it to run SFC
(https://dl.dropbox.com/u/73555776/waio%20step3.JPG)
On the start repairs tab click start
(https://dl.dropbox.com/u/73555776/waiostart%20rep.JPG)
Select the following items and tick restart system when finished
(https://dl.dropbox.com/u/73555776/waio%20rep%20list.JPG)
-
I ticked the "restart system" when finished and started the repairs. I left home for a time, then to return to find "time lasped 2hr 47mins". Then I noticed I was to disable antivirus. I then disabled it "until restart of system". The repairs are still ongoing, now at elasped time: 2hr 55mins. I am wondering if I might need to begin over (still running) considering I had not disabled Avast?
-
PS - When I came home, the Progress bar said, "Repair Jobs: 3/18" and it is still there with TIme elapsed: 3hrs 43mins (now).
-
PPS - time lapsed: 9hrs 22mins and still at the same place: Repair Jobs: 3/18 (repair internet explorer),
FYI- Not sure if it matters, but I don't think I have updated IE since I got the computer several years ago. I use Firefox for my browser.
I'm closing "Tweakng.com" until further notice from you.
-
OK I will reduce the number of repairs
Just tick the ones shown below
-
ok. Just did the repair run. It took less than 5 mins. After restarting, and once logged into my user Window (also Admin) and connected to internet, almost an immediate popup of the alert "Malicious URL Blocked" by avast. Still same Process and objects... URL:MAL and C:\windows\systems32\svchost.exe
Still no sound for my Windows start up. Have not yet checked other problems. I'm ready to proceed with further instructions.
-
OK do you have a USB drive handy ? If so we will work outside of windows
Download Peazip (http://peazip.googlecode.com/files/peazip-4.7.3.WINDOWS.exe) to the desktop
Run and install the programme
As it installs this page will show, deselect the AVG ticks
Press decline and it will then install cleanly
(https://dl.dropbox.com/u/73555776/peazip.jpg)
Download the following files to the desktop .. Right click the links and select save as...then select desktop
Rufus (http://rufus.akeo.ie/downloads/rufus_v1.3.2.exe)
OTLPE_standard (http://oldtimer.geekstogo.com/OTLPEStd.exe)
Right click OTLPE on your desktop and select ..Open as archive
(https://dl.dropbox.com/u/73555776/Unzup%20archive.png)
Select OTLPE standard
(https://dl.dropbox.com/u/73555776/select%20archive.PNG)
Click Extract, ensure that desktop is selected
(https://dl.dropbox.com/u/73555776/extract%20archive.PNG)
Insert the USB stick Then run Rufus
(https://dl.dropbox.com/u/73555776/rufus.JPG)
Select the ISO file on the desktop via the ISO icon.
Press Start Burn
(https://dl.dropbox.com/u/73555776/RufusISO.JPG)
Once the USB has burnt then
- Download Farbar Recovery Scan Tool (http://download.bleepingcomputer.com/farbar/FRST.exe) and save it to the flash drive.
- Reboot your system using the boot USB you just created.
Note : If you do not know how to set your computer to boot from USB follow the steps here (http://www.hiren.info/pages/bios-boot-cdrom)
- As the Programme needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)
- Your system should now display a Reatogo desktop.
- Locate the flash drive and run FSRT
- The tool will start to run.
(http://i1224.photobucket.com/albums/ee362/Essexboy3/Farbar/FRST2.gif)
- When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
-
Only one question before I begin this preceding process:
Once I have the Reatogo Desktop and after finding the FRST.txt log, will I be able to locate and use Firefox to access this forum to reply with the log OR will I have to go to another computer to send the log and read your next reply? I'm am believing I will be okay at my own computer, but want to ask to be sure.
-
No you should be able to access the net from the reatogo desktop and firefox is already on it
-
essexboy,
ANOTHER problem! I have one USB (recognized and use with my computer) but didn't want to loose files, etc that is on it. So purchased another one for this process. I insert it to run rufus. It is noticed with an icon in "tray" BUT it is not recognized in "My computer" nor by rufus (the "Start" is greyed out still).
What now?! :(
-
Can you burn a CD ?
If so then double click the OTLPE.exe file and it will burn it to a CD
You can boot from that
Then add FRST to the USB (it is a small file) and then run from the reatogo desktop
-
I burned OTLPE.exe to a CD, downloaded and ran FRST.exe (FRST.txt is attached). I then rebooted into the Reatogo desktop. I was trying to locate Firefox on Reatogo but only saw Internet explorer. I tried to access the internet. I opened to use it, but seemed not to be able to access the web on it. I then searched the "All Programs" for Firefox, located it and attempted a connection via that browser... no luck again. I was thinking I could probably reboot into Windows again to communicate via the Forum, clicked on "shutdown" and Reatogo didn't seem to do anything for at least 10 minutes (may need to cold boot), at which time I left as was and am presently at library again, to send the FRST.txt file. I'll be here for a little while and check again for your reply, before returning home and cold booting into Windows.
-
Found it
ATTENTION ===> 0 byte partition bootkit on partition 1
I will need to use one of Farbars other tools to kill this
Download ListParts64 (http://www.bleepingcomputer.com/download/listparts/dl/78/) to the USB where you have FRST
Go to the Reatogo desktop and run Listparts
The tool will start to run.
(https://dl.dropbox.com/u/73555776/listparts.GIF)
Press Scan button.
It will make a log (results.txt) on the flash drive. Please copy and paste it to your reply.
-
downloaded ListParts64... (back to home).... opened Reatogo Desktop... looked for "ListParts" program icon on desktop... couldn't find one and searched "all Programs", none to be found... ran ListParts64.exe (via "My Computer" on the desktop) from my USB drive.... I got an error msg which said "D:\ListParts64.exe is not a valid Win32 application"... started to reply but decided to try again... rebooted into Reatogo... clicked on "My Computer" but it didn't respond... hit "alt+ctrl+del" and back toreply now.... with no result.txt file..... Not sure if I did something wrong?
-
Hi that was my stupid fault I forgot that reatogo is a 32 bit operating system
Download this one to your USB
ListParts (http://www.bleepingcomputer.com/download/listparts/dl/77/) This is the 32bit version.. Once we run the listparts fix it will be gone
-
Hi,
Success in running Listparts... :) results.txt attached.
Immediately upon rebooting to Windows and opening browser, I got the Avast alert: "Malicious URL Blocked" again.... infection- URL:Mal in Process- C:\Windows\systems32\scvhost.exe
-
OK download the attached fix.txt to the same USB as listparts
Run the Reatogo desktop
Run Listparts as before
Press Fix
What will then happen is the 0byte partition will be set inactive
The proper partition will be set active
The proper partition will be set inactive
The proper partition will then be set active for the last time
The 0byte partition will then be removed
Once it has completed it will make a log on the USB drive, post that
Reboot to normal windows and let me know if the alerts cease
-
MAJOR problem!!!! I CANNOT reboot into normal Windows (I am again at the library!)
Reminder: I have not been able to use any browser for my communications with you within the Reatogo desktop since I have been using it. I have been back and forth between Reatog and normal Windows.
When I rebooted to go into normal Windows (and did a COLD boot for normal windows) I get the same message on a black bootup screen: "Reboot and select proper Boot device or Insert Boot Media in Selected Boot device and press any key."
You will find the PLfixlog.txt attached.
I am also WORRIED NOW.... when I inserted my USB drive into this computer at the library I had a notice that "a new device was installed but computer will need to be restarted to complete" something to that main effect) that is not to happen nor has it happened to me in the past by inserting my USB drive.
I will be here at the library for a little while waiting your next instruction.
-
OK download this fix, and then run from list parts as before.
I have had a quick word with Farbar and the custom is used only for Vista and above, which was why the script did not run
-
okay... on my way back home to run this new fix file...... I hope there won't be any problems with this library computer!! But I'm not sure if i will know about it, if there is.
I will send new fixlog after I run the listparts with this fix.... either from home or from library again IF it does't work.
-
BACK at the library ... that only means that AGAIN my computer did NOT bootup into normal Windows! It still brought up the same message for inserting a boot device (same as mentioned in reply #36).
I ran the fix again and you will find attached the most recent PLfixlog.txt
I will be waiting for reply....
-
Jus waiting to have a word with Farbar about this meanwhile
Run the reatogo desktop
At the Reatogo desktop. Double click MBRFix. A command prompt will be presented. Type the following commands and press Enter after each line:
C:
cd C:\
MbrFix /drive 0 fixmbr
Exit
-
I will follow those instructions and leave computer as it will sit until I return tomorrow to the library (if need to) for your further instructions, after your talking with Farbar. I will be leaving library in 20 mins, as it will be closing for the day. I will check for further instruction before leaving here if you may send within 15 mins.
-
OK he is not online at the moment
-
Hi essexboy,
I am back at the library, was hoping for a reply but I see none. I will be here for an hour this session.
In the meantime, I have typed as you requested previously. In typing the third line, I got a msg saying: " 'Mbrfix' is not recognized as an internal or external command operable program or batch file." At this line I typed it in various ways: (1) all with no spaces, (2) space after "Mbrfix" (3) space after each of following: "Mbrfix", "/drive" and "0" and "fixmbr", all resulting in the same msg. However, I used only the zero for the "0". If it is to be the letter "O" I was mistaken. I also changed what I saw as a forward slash, into a backward slash with a resulting msg of "The system cannot find the path specified." This is how I left the sceen on my computer. I have not yet typed the "Exit"
Waiting for further instruction.
kissagain
-
This was in the box that MBRFix opened ? If so add a /yes at the end
MBRFix /drive 0 fixmbr /yes
-
OK ... will do and return later (about 2-3 hrs) for what I might find in further instructions.
-
OK failing that do you have a windows CD.. If not I can give you a download link to create one
-
hi
I have been gone from library, until now, receiving latest msg, but not home.... yes, I have a Windows CD, but will that reboot for me without reformatting the hard drive? I certainly hope so.
(reply very soon please... got to go again!)
-
Absolutely, all files will be retained
http://www.geekstogo.com/forum/topic/138-how-to-repair-windows-xp/
-
ok.... I'm back (library)... I did not see your latest msg until now...
I went home, inserted my Windows CD and it began Windows setup (with me getting nervous), stopping at a blue screen that had the following (as you may expect):
Welcome to Setup
This portion of setup program prepares Microsoft(R) Windows(R) XP to run on your cmputer.
*To set up Windows XP now, press ENTER
*To repair a Windows XP installation using Recovery Console, press R.
*To Quit Setup without installing Windows XP, press F3
UPON reading everything carefully, I pressed the F3 button to quit, being nervous otherwise. Upon doing so, there was NO response... nothing! So I didn't press any there keys to even find out if they would work.... and here I am. I can go back home and press either of the other keys but now am nervous that they won't work at all and I will then be "scared". Which would you want to to do and what should I expect??!
AND what would you want me to do with the URL you have left in your last msg?
Waiting...... :-\
-
Ok, in reviewing last few posts, I am understanding that the link was for creating the Windows CD? OR am I mistaken?
-
Just read your linked page.... I'm ready to return home to continue with the Windows repair process, hoping that the correct key (ENTER) will work. In either case, I will return to the forum one way or the other but at this point, I believe it will be tomorrow and most likely about 22 hrs from now (that is, if the setup does not work) or a little later.
until then....
-
OK I am sorry this is turning out like this, apparently it is a new variant. I may have another one like this now, so I working extremely cautiously on that one
-
I'm back at the library. I tried rebooting with the Windows disk again, following the instructions at that link you left. I hit the ENTER key to setup Windows XP. Then at the next screen with the License agreement I pressed the F8 key as instructed. I did NOT get any reaction. With the Setup screen (pressing the F3 key to exit setup) and this License agreement screen, it appears my FUNCTION KEYS aren't working. I don't normally use them so wouldn't known if they had been working or not. I COLD BOOTED into the Reatogo desktop again and it is there waiting for me to proceed with whatever you might suggest next.
With your other postings of the "new variant", I am hoping things go well with mine (!!!!) as well as any others in the future. The only thing I can lose now is ..... my data. Speaking of which, maybe I need to backup my files that are on there. Apparently that won't be possible with a flashdrive. I will need help in backing up if you think I should.
Well, I'm ready to proceed with whatever you have next for me to do.
-
You can back up all data from the Reatogo desktop, although it will need to be to a USB unless you have two CD drives
From the Reatogo desktop could you run a Listparts scan as we need to look for some info there
(https://dl.dropbox.com/u/73555776/listparts.GIF)
-
So much for backing up my data- USB is not recognized (as shown/determined previously) and only have one CD drive.
Ok, I am attaching the Result.txt log after running it about an hour ago, 2:08pm 05/04/2013 (noticing the timestamp is in the future at 06/04/2013... within past couple weeks my computer has changed the time somehow. I hope that is not a new problem.)
-
OK download and run this fix.txt for listparts ... Then cross your fingers
Download the attached fix.txt to the same USB as Listparts
Run listparts and select Fix
Try a reboot
-
We have good luck on the reboot with normal Windows!! :) Also checked for Google.com. I have that back. I still have no sound, nor printer. On the printer I get a msg saying "The printer is not able to communicate with the computer". The speakers are not even indicating power with the power indicator light. I am not sure about anything else that might have been wrong yet.
-
OK repair time now, as an aside we have discovered what happened
Once I removed the 0byte MBR it disabled the remainder of the Listparts script. Hence no partition was made active. So if I had just re-run one part of the script we would not have had that hassle.. Lesson learnt
Lets now check out the services initially and progress from there
Download and run farbar service scanner (http://download.bleepingcomputer.com/farbar/FSS.exe)
(http://i1224.photobucket.com/albums/ee362/Essexboy3/Farbar/FSS-1.jpg)
Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.
-
Farber Service Scanner... scanned.... log attached
-
PS--- last night as I shutdown my computer, Windows was giving a msg of "Installing ## of 19 updates"... just curious if that might have been only updates to windows or other updates of within windows and my programs.
-
OK main services are good, could you now run combofix.. It should complete, if it asks for an update allow it to do so
Once that has done we will look at the printer and sound
Edit : the updates are probably last months
-
I do not know if the log was to be "saved" someplace on my computer but I couldn't find it AND I saved the txt file that was listed in a NOTEPAD window onto my desktop so as to be able to attach it for you.... ComboFix log file attached.
FYI- in searching for the resulting file, there was only one found titled changelog.txt located in C:/ProgramFiles/Tweaking.com/Windows Repair (All in One), Modified on 3/4/2013
-
That looks to be the last of the malware (the log is at C:\combofix.txt)
Now for the printer and sound
What error do you get when you try to print
What error shows when you try to adjust the sound
-
PRINTER:
ERROR when trying to print:
Communication Not Available
The printer cannot communicate with the printer.
SOUND:
First, I DID have a green power indicator light on one of my speakers that worked(speakers are constantly on and plugged into computer for power). IT has not worked since I lost Windows in the Bootup process.
As for adjusting and error msgs, I went into the Control Panel to test. I adjusted the volume there without any problems... no error messages. BUT of course, still now sound.
-
OK could you go to control panel > device manager and let me know if there are any yellow exclamation marks
-
First, I now have power on my speakers... to my embarrassment, something fell from my desk and unplugged the power cord from speaker (but still no sound). :-[
As for locating the Device Manager, I was not able to. I looked in the "Classic View" as well as the "Category View" of the Control Panel. However I did go into Sound and Audio Devices Properties under Hardware and each device stated "This device is working properly".
-
Okay! LOCATED the Device Manager as you pictured. But here are NO... NONE... that have yellow exclamation marks... I even expanded "folders".... none!
-
Do you have the discs to reinstall the printer ?
If not we will use the generic windows ones
-
re-installed the printer.... got to "print test page"... clicked ok... NOTHING!
-
What is the printer make. Have you unplugged the printer and then replugged it in ? Also is it a USB or LPT type printer
-
Lexmark Z2300 series.... USB type... unplugged and replugged... "Communication Not Available" error msg
-
OK I have found the relevant Lexmark page, just looking through it now
-
First could you confirm that these elements are present on your system http://support.lexmark.com/library/LEXMARK/Software%20and%20Networking2/Operating%20System%20Pics/WinXPdvmgr.jpg
-
Next download the print spooler registry file from here https://dl.dropbox.com/u/73555776/Spooler.reg to your desktop
double click the file and allow it to merge
Then reboot and retry the printer
-
Not sure what you want me to do... I click on the link and it opens a new tab in my browser with what appears to be a NOTEPAD page of text.
-
For the reg fix right click the link an select save as... Then save to the desktop
It should then appear as a registry file
-
not sure what happened but I "started over" by unplugging power cord, turned on printer, then unplugged and replugged USB and Print job started to print... SO, Printer now WORKING! ;D
Now the sound....
-
OK what is the sound card that you have
again in device manager
Open the Sound Video Games controller
Right click the audio card and select properties
Select general or driver to see what make it is
-
yes... I have the Realtek High Definition Audio
Manufacture: Realtek
-
OK the latest XP driver is here http://www.filehippo.com/download_realtek_high_definition_audio_xp/
Download and then install
This is the download button (in the red square)
-
ok... clicked on it 3 times (including both the link (underlined words) and the green arrow) and nothing seems to be happening.
-
http://www.filehippo.com/download_realtek_high_definition_audio_xp/download/361da744f8663f3fb78f0e5682b3d7f8/
Try this one
-
how long should it take to download? I right clicked your link... "saved as" to my desktop then clicked on it, opening a browser tab page what showed "Your file is downloading" ....
as I was typing the above, the paged changed to show many apparent downloadable links. I clicked on "View more" in the Audio and Video category, but I am not sure which one to select.
-
Did you get the file download notification bar ?
It will appear at the top in XP
-
I don't think so. I didn't notice it.
-
OK just uploading it to my dropbox for you to collect... Back soon
-
Here you go use this download https://dl.dropbox.com/u/73555776/WDM_R271.exe
-
Window startup Music!! ... Music to my ears!!! :) :) :) Thank you, essexboy!
Are we done with this? if so, what all may I delete/uninstall that we used AND is there anything we used that you suggest on keeping?
-
OK lets clear the rubbish
Subject to no further problems :)
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean :thumbsup:
A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
Run OTL- Under the Custom Scans/Fixes box at the bottom, paste in the following
:Commands
[resethosts]
[emptytemp]
[CLEARALLRESTOREPOINTS]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
Remove ComboFix- Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
- In the Run box, type in ComboFix /Uninstall
(Notice the space between the "x" and "/")
then click OK
(http://i1224.photobucket.com/albums/ee362/Essexboy3/Misc%20screen%20shots/CF_Uninstall-1.jpg)
- Follow the prompts on the screen
- A message should appear confirming that ComboFix was uninstalled
Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.
: Keep Java Updated :
WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article (http://www.forbes.com/sites/eliseackerman/2013/01/11/us-department-of-homeland-security-calls-on-computer-users-to-disable-java/) and this article (http://www.nbcnews.com/technology/technolog/us-warns-java-software-security-concerns-escalate-1B7938755).
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser (http://www.geekstogo.com/2600/how-to-disable-java-in-your-web-browser/) and How to unplug Java from the browser (http://krebsonsecurity.com/how-to-unplug-java-from-the-browser/))
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
(http://img233.imageshack.us/img233/7729/mbamicontw5.gif) Malwarebytes (http://www.malwarebytes.org/mbam-download.php).
Update and run weekly to keep your system clean
Download and install FileHippo update checker (http://www.filehippo.com/updatechecker/) and run it monthly it will show you which programmes on your system need updating and give a download link
If you use on-line banking then as an added layer of protection install Trusteer Rapport (http://www.trusteer.com/Products/Trusteer-Rapport-for-Online-Banking)
It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit - Microsoft Windows Update (http://windowsupdate.microsoft.com)
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ? (http://www.geekstogo.com/forum/topic/225044-preventing-malware-and-safe-computing/)Keep safe :wave:
-
Whew!!! BRAVO!!!!!!!!!! ;D
-
essexboy,
when you had me install ComboFix, you had me rename to Gotcha.exe.... should I rename it back to Combofix.exe?
-
It was a journey wasn't it. But, as long as you are now happy and it is ticking over nicely ;D
Yes rename it please
-
I ran OTL cleanup (Run Fix- with the posted custom) twice with no luck...
The first time (immediately after I asked about renaming Gotcha.exe (Combofix). I let it run I let it run until I awoke about midnight last night (many hours), only to discover that the computer froze whereas I was not able to click on anything for it to respond... first click and including START to shutdown computer, then ALT+CTRL+DEL which also didn't respond. I needed to reboot.
The second time was this morning (after renaming Combofix, and inserting my USB drive (thinking it may have been needed because it was included in the fixes)) for about 3 hours at which time I again needed to cold reboot (again froze up).
I am now replying to let you know that the cleanup so far has not yet been successful. What is the next step?
kissagain
-
OK we will allow OTL to remove combofix, it is part of its routine anyway
Run OTL and press cleanup
-
Ooops reread it we will use a separate removal tool, this will also remove itself
- Download OTC (http://oldtimer.geekstogo.com/OTC.exe) to your desktop and run it
- Click Yes to beginning the Cleanup process and remove these components, including this application.
- You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
-
ok, I just ran OTL with the previously mentioned text (in Reply #89) Copied and Pasted into the Custom Box and clicked "Clean Up" Button instead of the "Run Fix" button. It ran for a second or two and requested the reboot (which I did). Now ComboFix is gone plus a few more empty spots on my desktop.
I was then reading the part in Reply #89 for deleting ComboFix and upon Typing the ComboFix Uninstall in the Run box, I then realized ComboFix was already gone.
Did something go wrong with my original attempt at running OTL when I clicked "Run Fix" and it didn't work? Should I go ahead and continue with the download of OTC?
-
PS- The items that we used and are still on my Desktop are:
AdwCleaner
Malwarebytes
Tweaking.com
Peazip
Rufus
OTLPEStd and OTLPE_New_Std
WDM_R271
and spooler.rg
-
I forgot how many tools we went through :-[
OK here we go :
Delete the following direct from the desktop
Rufus
OTLPEStd
OTLPE_New_Std
WDM_R271
spooler.rg
Uninstall the following via ADD/Remove in control panel
Malwarebytes
Tweaking.com
Peazip
Run AdwCleaner and press Uninstall
Tweaking.com and Malwarebytes may be useful programmes to keep
-
I put Rufus and others in previous list into the Recycle Bin. I will maintain Malwarebytes and Tweaking.com. I have read the last portion of Reply #89 recommendations and will follow that of Java, and more.
Now will begin my 24 hours of checking over.
Thank you again, essexboy, for your much appreciated help.
-
Glad to be able to eventually resolve the issue.
There is a small review for windows all in one here http://whatsonmypc.wordpress.com/2012/02/01/windows-repair/ and I have it on my system as a backup for anything I cannot fix
-
I have been Tech support for a computer software company more than 12 yrs ago and originally learned my "hands on" knowledge of a computer "behind the scenes" way back in 1989. I know how you could get some irritating and frustrating situations sometimes with computers and the ones running them. I have thought at different times somehow getting back into tech support. Don't get me wrong. I am by no means a computer geek... far from it. I will let you know how the computer appears to be working in a day or two.
:wave: ;)
-
One more thing.... I just had a popup that I have had in the past and I believe it started around the time of my first Malware problem but it hadn't shown itself for a while (then I forgot about it).
It is a popup for ReimageRepair. It tells me my computer is unstable and has a button for me to "repair now" I have never clicked on it. But there is an icon for it in my Downloads folder also. Icon name is "Reimage Repair" and a shadowed part says "Reimage Downloader". Hovering over it I get the following info:
Discription: Reimage Downloader
Company: ReimageĀ®
Date created: 8/4/2012 4:54pm (it was late August that i noticed I couldn't access Google.com... 1st symptom I noticed)
Size: 276KB
If I were to move it to the recycle Bin, do you know if it will take car of the popups?
-
I thought I had killed that first time round. This programme can be deleted from the desktop as soon as it has run
Please download OTM (http://oldtimer.geekstogo.com/OTM.exe)
- Save it to your desktop.
- Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
- Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:Files
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\08t12jdo.default\extensions\bbrs_006@blabbers.com
C:\Program Files\ReImageCompanion
C:\WINDOWS\tasks\Reimage Reminder.job
C:\WINDOWS\reimage.ini
- Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
- Click the red Moveit! button.
- Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
- Close OTM and reboot your PC.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (S
-
Hi again,
I ran OTM. Here is the Results from under the Green Bar:
========== FILES ==========
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\08t12jdo.default\extensions\bbrs_006@blabbers.com\components folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\08t12jdo.default\extensions\bbrs_006@blabbers.com\chrome\content\cache folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\08t12jdo.default\extensions\bbrs_006@blabbers.com\chrome\content folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\08t12jdo.default\extensions\bbrs_006@blabbers.com\chrome folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\08t12jdo.default\extensions\bbrs_006@blabbers.com folder moved successfully.
C:\Program Files\ReImageCompanion folder moved successfully.
C:\WINDOWS\tasks\Reimage Reminder.job moved successfully.
C:\WINDOWS\reimage.ini moved successfully.
OTM by OldTimer - Version 3.1.21.0 log created on 04112013_221459
The downloader icon is still in the download folder AND I discovered the "full program" in "All Programs". Within that folder (Reimage Repair) there are (1)Reimage Repair (2)Run in Safe Mode (3)Uninstall and (4)Website
I am considering on clicking on the Uninstall but am wondering if there might be residual files left behind.
ALSO:
I got another Error msg today (various statements most recent pasted below)concerning Script. I have gotten these in the past since occasionally getting the "Malicious URL" Alert stating an Infection of: JS:Script IP-inf[Trj] in c:\Windows\System32\svchost.exe (as mentioned originally in Reply #2), BUT I have not seen an alert for some time since working at fixing my problems.
A script on this page may be busy, or it may have stopped responding. You can stop the script now, or you can continue to see if the script will complete.
Script: http://mail.yimg.com/zz/combo?nq/7136/yui/yui-min.js&nq/7136/oop/oop-min.js&nq/7136/attribute/attribute-min.js&nq/7136/event-custom/event-custom-min.js&nq/7136/event-base/event-base-min.js&nq/7136/event-delegate/event-delegate-min.js&nq/7136/event-synthetic/event-synthetic-min.js&nq/7136/event-resize/event-resize-min.js&nq/7136/event-focus/event-focus-min.js&nq/7136/event-key/event-key-min.js&nq/7136/base/base-base-min.js&nq/7136/pluginhost/pluginhost-min.js&nq/7136/dom/dom-min.js&nq/7136/node/node-min.js&nq/7136/json/json-min.js&nq/7136/querystring-parse-simple/querystring-parse-simple-min.js&nq/7136/querystring-stringify-simple/querystring-stringify-simple-min.js&nq/7136/cookie/cookie-min.js&nq/7136/plugin/plugin-min.js:179
-
hi kissagain,
url script link scanned @ urlquery.net gives this: http://urlquery.net/report.php?id=1949300 (http://urlquery.net/report.php?id=1949300) Note screenshot of url in upper right corner, blank.
I'd say you are almost there, keep going with it. More than anything else, essexboy has learned quite a bit from this, and you as well.
-
Just delete that entire folder as the working parts have been killed
There is a scripting error on that page, it appears to be related to an img on the yahoo messenger page. Do you need Yahoo messenger ?
-
Essexboy,
I deleted/uninstalled Reimage folder and the downloader file in my download folder. That is taken care of! :)
If I don't removed Yahoo messenger, could it cause more problems or effect the way other programs work? I might not need it and may delete it.
-
I would not have thought so as the error relates to the Yahoo messenger mail site, so that is probably the only one with a bad script