gerbil

Neitz, check in the root of each affected drive to see if there is a file called autoruns.inf: if so, delete it. Then... ==Please download Malwarebytes' Anti-Malware from: [url]http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html[/url] or: [url]http://www.besttechie.net/tools/mbam-setup.exe[/url] =Dclick that file, mbam-setup.exe, to install the application, -ensure that it is set to update and start, else start …

you most likely have some malware causing this issue.. but I cannot ell what it is from your post. Why not run a hijackthis log and post it as a next step?

Your sys is totally safe from intrusion with a decent firewall running. On the other hand... why waste the electricity? Think of the earth, just a little bit.

In safe mode.. rename your MBAM and hijackthis exe files to say, mm.exe and ht.exe, try then to run them.

Plastered, that does look like a firewall problem. But shutting it down likely will not fix it- you must uninstall/reinstall it.

Mmm... okay, go into safe mode, rename mbam.exe to boom.exe, try to run it there for a start.

In Safe Mode delete these tow files: ckaafkkerqmyugky.dll and cfrdxdijbmienkkc.dll. You might aslo check in system32\drivers for a file commencing with tdss..., a .sys file. Rename it. Say to tdss...sys.bak Next, rename the MBAM installer, delete the other MBAM files, run the installer, rename the mbam.exe to boom.exe, see if …

"i have 10 years of info on the computer that i can't lose" Oh, yes you can.... but probably not from this problem. Did the error screen list any codes, name any files? too fast to read? You can use the Pause key, hit Enter to continue. That board has …

Ah.. you just beat me to it, crunchie. In general....that is a legitimate winsock file in the hijackthis report - it is Windows Parental Control service, and in any event Hijackthis should NOT be used to modify the contents of winsock.

Guy... look at my post in this thread, and follow its instructions in yours. [url]http://www.daniweb.com/forums/thread147529.html[/url]

Hello, Ed, let's assume for a start that DEP is doing the right thing, and saving you from some malware that your AV does not see. It happens.... and you CAN turn DEP off, but as I said, let's assume that it is doing the good job that it should …

Perhaps it is due to RAM errors. Try swapping it out if you have multiple sticks.

Most likely, if this is a repetitive event, you have some badly coded malware on board. Or it could be due to not being up-to-date with Windows Updates... help us by using the Click Here link in the error window to find what module is causing the problem in svchost.

Hello, bati. Start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked. O4 - HKCU\..\Run: [SystemManger] C:\Program Files\Internet Explorer\iexplorer.exe O4 - HKUS\S-1-5-21-1935655697-1897051121-725345543-500\..\Run: [SystemManger] C:\Program Files\Internet Explorer\iexplorer.exe (User '?') O13 - DefaultPrefix: O13 - WWW Prefix: O13 - Home Prefix: …

I bet heaps that Crunchie is going to ask for that comboFix log... it's in C:\.

I am surprised that you bothered posting to ask ... if you must borrow a sys to use an optical drive to load up a pendrive .... why not just borrow the optical drive? I am not sure on this... but I have a feeling that windows only installs from …

You will need to download these files onto a thumbdrive; rename the mbam and hiujackthis exe files before running them in safe mode [eg, mm.exe and ht.exe]: ==download hijackthis: [url]http://www.majorgeeks.com/download5554.html[/url] -copy it to a new FOLDER placed either alongside your program files or on your desktop and then... -in that …

Bit of infection still in there, so for a start: ==Please download Malwarebytes' Anti-Malware from: [url]http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html[/url] or: [url]http://www.besttechie.net/tools/mbam-setup.exe[/url] =Dclick that file, mbam-setup.exe, to install the application, -ensure that it is set to update and start, else start it via the icon, and UPDATE it. Select "Perform QUICK Scan", then click …

Which AV. Some, eg, Norton, AVG, require a special uninstaller tool to be run. The slowness is most likely due to a confused AV installation - all file activity, traffic is monitored by the AV.

It is probably the log that some installer makes and refers to when installing software, also may be used by an uninstaller. If you are concerned about malware run a scan.

Days with restore points are in bold type. Check in CP, System that you have restore enabled for drives you wish it to be on, and that you have provided sufficient disk space so that points will be made.

Well, simplest way is to rclick your IE icon, go Properties, Shortcut, Advanced. You will work it out from there.

F2 - REG:system.ini: UserInit=userinit.exe This entry appears wrong to me. The now defunct system.ini: Userinit entry was to point the system to the userinit files to use.. this is now done by registry keys, not an ini file. That entry points to a particular key's value [name, if you like], …

Most usually external, hails. And you do not say what connection you have from your modem, or whether your modem is internal.. ie a card. But if so, it would have a socket on it protuding to rear. So. Some modems use USB, or Ethernet cables, some offer both. If …

98 is way before my time with computers. To wipe a drive you need software which will repetitively write ones and zeroes to all of it. It's out there. Some firewall apps include it as a tool. But why would you wish to do that if not to hide tracks? …

.

Go here, get hijackthis.... [url]http://216.180.233.162/~merijn/files/HijackThis.exe[/url] Save it into its own, new folder [beside program files is good, NOT in a temp folder or on the desktop]. Start it by dclicking the .exe file, and then CLOSE ALL OTHER APPLICATIONS AND WINDOWS. Press Scan and save a logfile. A notepad with …

Some deep lil memory about sound cards doing this nags at me, but won't come into the light. Check to see if they share interrupts [they will not if it is a PS2 mouse] - you do that in Device Mgr, View, Resources by Type/Connection. Try pulling the soundcard and …

Your mb manuf. site should have one such. eg ASUS Probe II But no emails, just popups/noise.

Firewalls integrate themselves pretty deeply into the sys [well, comprehensive ones do...] along the lines of AV services. Always check for removal tools from the makers sites when wanting to unistall such services. Here is one such for you: [url]http://www.zonealarm.com.au/special_tools/ZA_CLEAN.exe[/url] Run it, and let it restart the sys.

These entries point at the continued existence of a trojan which is using these two to redirect your connection.: R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local; Please post your Malwarebytes log, plus...: Combofix: ==Download this file to your DESKTOP: [url]http://download.bleepingcomputer.com/sUBs/ComboFix.exe[/url] .....or this file: [url]http://subs.geekstogo.com/ComboFix.exe[/url] -IMPORTANT! …

"My PC's had it" Does BIOS list your hd? Yes... then BIOS cannot actually access it because if it was doing so but failing, say, to find an OS it would mention it with an error message. No?... then maybe fool about with the cables WITH POWER OFF, PLUG PULLED. …

SyncBack.

Josh... services.exe... go into system32 and rename any services.exe you find there, say to servicesA.exe and so on. The real services.exe will be replaced in a few seconds by Windows File Protection System from a copy in cache. You will only be able to delete the renamed ones after a …

Moving to a new processor with two [synthetic two?] cores, Windows should have detected new hardware and requested new drivers? I take it that the Device Manager does not show both? Or if it does, that there are no errors shown? numproc is only used to limit the number of …

Is that a program? It looks like a webpage to me... and even if it uses ActiveX it won't appear in installed pgms list. But you may make shortcuts to such pages on your desktop... just check that in desktop properties you have not set the sys to regularly clean …

Please remove/uninstall either Avira or aSquared - only one AV service may be installed at any time; they interfere unpredictably [you may very well need to reinstall the one you wish to keep]. And while they were squabbling, your sys got infected. They should have detected this. Start hijackthis, use …

Rclick in the area you wish to modify [eg a free spot on the desktop, or in the start menu..], choose Properties, and the options to select/customise will be there.

That MBAM log is 2 weeks old. If it still jams go into Safe Mode and run it from there to begin with. You can also uninstall it, rename the installer file and install, rename the run file.... Don't forget to update MBAM.

Check under Internet Options in IE, Security tab, to see your settings for ActiveX controls. [press the Custom Level button]. You should enable the downloading and use of signed ones.

Get the Norton removal tool from their tech website for your old norton AV service. You may find you need to reinstall the new version.

And there is a delete button your keyboard... Now that might sound a bit flippant, but what software is going to know what is valuable to you, and what is not?

Run MBAM in Safe Mode. And then hijackthis. both can be downloaded and injected via thummbdrive. ==Please download Malwarebytes' Anti-Malware from: [url]http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html[/url] or: [url]http://www.besttechie.net/tools/mbam-setup.exe[/url] =Dclick that file, mbam-setup.exe, to install the application, -ensure that it is set to update and start, else start it via the icon, and UPDATE it. …

Why not get Process Monitor from Winternals? Start a capture session, dclick a file, and then sort through the events with the filters. The event times might be enlightening.

" Do I have to reinstall updates and service packs after the repair?" "Maybe" No maybe about it, you will need to dl all Windows updates again.

sarah, here is a lil file, REST2514.exe, which may help. don't use your normal pc on the net until you recover your lost files.... this file has the advantage of being downloadable onto a floppy, can be unzipped to the same floppy, and run from the floppy - no installation …

Hello, Justin... please reastart in Safe Mode, rename MBAM.exe and run it in there with these instructions [it is updated?, if not, use SM with Networking and update there]: Select "Perform QUICK Scan", then click Scan; the application will guide you through the remaining steps. ENSURE that EVERYTHING found has …

Ignore the minutiae of AV arguments... I use Avast [free], am very satisfied with it. Most reputable ones will do a job of protecting you, all will fail sometime on some particular virus [which, of course, you may never get..] because they just won't be ready for it. I'd try …

I do not see an infection.... but... Did you create these?... or at least the batchfile and the startup link? O4 - S-1-5-18 Startup: IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat (User 'SYSTEM') O4 - .DEFAULT Startup: IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat (User 'Default user') O4 - .DEFAULT …

Heya, natasha... This file, c:\windows\system32\bootok.exe, is okay. It is in the dllcache, also, from which the copy came: c:\windows\system32\dllcache\bootok.exe Event Viewer log records your deletion attempt and the replacement, it is verified M$. You have your very own executable!!? c:\documents and settings\natasha\natasha.exe Do this now: ==Please copy the text in …