Windows Support Forum

One issue not resolved w/ Windows Recovery Removal

Q: One issue not resolved w/ Windows Recovery Removal

Hello,

I’ve ran into the Windows Recovery issue on three computers in the past couple of weeks.(XP, Vista, 7) I have followed the tutorials and have successfully removed each instance but have one underlying problem that I have not been able to resolve. The Start Menu/All Programs shows all program folders but does not have any program shortcuts within the program folders. This is just in the start menu. It is not limited to the current profile either. The problem exists even after creating a new profile.

I do not currently have log files to provide. I am a field technician and am not in front of the PC's anymore. Just thought I'd post and see if this was known and if there was a fix. If log files are needed then I can get then and post at a later date.

Thanks in advance.

DM

Relevancy 100%
Preferred Solution: One issue not resolved w/ Windows Recovery Removal

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/directdownload.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: One issue not resolved w/ Windows Recovery Removal

NV. I got it resolved.

http://www.bleepingcomputer.com/forums/t/400894/one-issue-not-resolved-w-windows-recovery-removal/
Relevancy 56.33%

I have quite a few sub-folders in the Windows\temp folder: _ISTMP0.dir, _ISTMP1.dir, etc., also CTZAPXX with sub -folder. Is it okay to delete them (these are dated Aug 2003)? Also, in my Windows folder, I have many folders .(in blue) $NtUninstallKB...$. Are these the updates I downloaded from the Windows site? Can I safely delete these (and the sub-folders within)? Many thanks for your response
 

Relevancy 53.75%

My computer was attacked by this virus. I have tried to run the RKill several times from several links as provided by Grinier in your website. But nothing is working. The black screen is still there and the fake warning signs are coming up. Please help.

A:Removal of Windows XP Recovery

Hello and welcome to the forum!RKill is not the only tool you need to remove this beast.Remove Windows XP Recovery Please follor the instructions in the link to remove it.

http://www.bleepingcomputer.com/forums/t/402122/removal-of-windows-xp-recovery/
Relevancy 53.75%

I was infected with the Windows recovery malware I followed the Windows recovery removal guide It seemed to work but after running unhide exe not all my files were shown and not of my start menu I then folowed the Preparation guide for use before using malware removal tools and requsting help DDS Ver - - - NTFSx Internet Explorer Run by Sarah at on - - Microsoft Windows Vista Home Premium GMT - AV avast Antivirus Enabled Updated C D F - -E C- AA- DAD F SP avast Antivirus Enabled Updated C E - -EBB - A A- CA AE B B SP Windows Defender Enabled Updated D DDC A- F- fae- E -DA C ACF Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k rpcss C Windows System svchost exe -k secsvcs C Program Files Trusteer Rapport bin Windows removal 7 help recovery RapportMgmtService exe Windows 7 recovery removal help C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k GPSvcGroup C Windows system SLsvc exe C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Program Files Alwil Software Avast AvastSvc exe C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Program Files Common Files Apple Mobile Device Support AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Program Files Microsoft BingBar SeaPort EXE C Program Files Secunia PSI PSIA exe C Windows system taskeng exe C Program Files Spyware Terminator sp rsser exe C Windows system svchost exe -k imgsvc C Windows System svchost exe -k WerSvcGroup C Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXE C Windows system SearchIndexer exe C Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exe C Windows system DRIVERS xaudio exe C Program Files Yahoo SoftwareUpdate YahooAUService exe C Windows system WUDFHost exe C Program Files Secunia PSI sua exe C Windows system Dwm exe C Windows Explorer EXE C Windows system taskeng exe C Program Files Windows Defender MSASCui exe C Windows RtHDVCpl exe C Windows zHotkey exe C Windows ModPS Key exe C Program Files Google Google Desktop Search GoogleDesktop exe C Program Files SiteAdvisor SiteAdv exe C Program Files Yahoo Search Protection SearchProtection exe C Program Files Alwil Software Avast AvastUI exe C Program Files Trusteer Rapport bin RapportService exe C Program Files Yahoo common YMailAdvisor exe C Program Files Windows Media Player wmpnscfg exe C Program Files iTunes iTunesHelper exe C Program Files Spyware Terminator SpywareTerminatorShield Exe C Program Files Common Files Java Java Update jusched exe C Windows System hkcmd exe C Windows System igfxpers exe C Windows ehome ehtray exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Users Sarah AppData Roaming Smilebox SmileboxTray exe C Program Files Secunia PSI psi tray exe C Windows system igfxsrvc exe C Program Files Windows Media Player wmpnetwk exe C Windows ehome ehmsas exe C Windows system svchost exe -k LocalServiceAndNoImpersonation C Program Files iPod bin iPodService exe C Windows system taskeng exe C Program Files Spyware Terminator SpywareTerminatorUpdate exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Windows system Macromed Flash FlashUtil q ActiveX exe C Program Files Internet Explorer iexplore exe C Windows system svchost exe -k SDRSVC C Windows system SearchFilterHost exe C Program Files Internet Explorer iexplore exe C Windows system SearchProtocolHost exe C Windows system DllHost exe C Windows system DllHost exe C Windows system wbem wmiprvse exe Pseudo HJT Report uStart Page hxxp www yahoo com fr fptb-ygames uSearch Page hxxp us rd yahoo com customize ie defaults sp msgr http www yaho... Read more

A:Windows 7 recovery removal help

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
Because of this, you must reply within three days failure to reply will result in the topic being closed!
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.____________________________________________________This is a manual fix for Vista/Windows 7 users:1. Copy the entire content of this folder:C:\Users\user_name\AppData\Local\Temp\smtmp\1and paste it to this folder:C:\Program Data\Start Menu2. Copy the entire content of this folder:C:\Users\user_name\AppData\Local\Temp\smtmp\2and paste it to this folder:C:\Users\user_name\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch3. Copy the entire content of this folder:C:\Users\user_name\AppData\Local\Temp\smtmp\3and paste it to this folder:C:\Users\user-name\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar4. Copy the entire content of this folder:C:\Users\user_name\AppData\Local\Temp\smtmp\4and paste it to this folder:C:\Program Data\Desktop-- Note: The "Start Menu", "Quick Launch" and "Desktop" folders are system folders. In order to see them, you need to Reconfigure Windows to show hidden files, folders. In Windows Explorer go ... Read more

http://www.bleepingcomputer.com/forums/t/401679/windows-7-recovery-removal-help/
Relevancy 53.75%

I can't believe I did it... I can't believe that after all of these years a program pops up and asks me for my credit card information and I just plugged it in. **Sigh** Now that I have the public shame out of the way, I am attempting to follow the removal guide for "Windows 7 Recovery" and have downloaded multiple forms of the RKill software but am unable to run it. It downloaded as an .exe but am constantly being prompted to select a program with which to run the file. Is this a symptom of the virus? Other programs are executing fine. I have tried running it from the desktop and via the computers start menu->search function to no avail.

Thanks in advanced for any help!

Ok, now I can't run ANY programs... sigh (not closing browser window)

A:Windows 7 Recovery Removal

Greetings 13inaryStar and Welcome to the Forums,

Tell us please, what operating system has this infection?

http://www.bleepingcomputer.com/forums/t/405699/windows-7-recovery-removal/
Relevancy 53.75%

On a Windows XP Pro SP3 computer after removing Windows Recovery spyware with rkill and Malware bytes and also running UNHIDE to remove the hidden attribute to files everything is back to normal except the programs shown in all programs are empty. Can you please advise how to get these back?

A:Windows Recovery Removal

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
Because of this, you must reply within three days failure to reply will result in the topic being closed!
Please do not PM me directly for help. If you have any questions, post them in this topic.
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.____________________________________________________This is a manual fix for XP users:1. Copy the entire content of this folder:C:\Documents and Settings\user_name\Local Settings\Temp\smtmp\1and paste it to this folder:C:\Documents and Settings\All Users\Start Menu2. Copy the entire content of this folder:C:\Documents and Settings\user_name\Local Settings\Temp\smtmp\2and paste it to this folder:C:\Documents and Settings\user_name\Application Data\Microsoft\Internet Explorer\Quick Launch3. Copy the entire content of this folder:C:\Documents and Settings\user_name\Local Settings\Temp\smtmp\3and paste it to this folder:C:\Documents and Settings\user_name\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar4. Copy the entire content of this folder:C:\Documents and Settings\user_name\Local Settings\Temp\smtmp\4and paste it to this folder:C:\Documents and Settings\All Users\DesktopIf the above does not work then you can restore the defaults for the Start Menu, Accessories and Administrative Tools as follows:Restor... Read more

http://www.bleepingcomputer.com/forums/t/400860/windows-recovery-removal/
Relevancy 53.75%

I got the Windows XP Windows Recovery XP Removal Recovery virus As per your instructions I ran rkill and it worked I think Your instructions then Windows XP Recovery Removal referred me to the TDSS remover and I ran that and rebooted The windows XP recovery instructions told me not to reboot but they also told me to follow the directions for the TDSS remover which then told me to reboot so I did That seemed to bring windows XP recovery back so I ran rkill again which seemed to remove it - again Then I ran the TDSS remover which didn t find anything Then i continued with the windows XP recovery removal instructions which told me to download and install malwarebytes anti-malware i downloaded started the installation process and before it could finish installing a window popped up entitled quot setup quot and told me quot access is denied quot I clicked okay and the next window told me quot Setup is not complete Please correct the problem and run Setup again quot I know I still have a problem because when I open My Documents it looks like nothing s in the folder Please help David DDS Ver - - - NTFSx Internet Explorer Run by David Boynton at on - - Microsoft Windows XP Home Edition GMT - AV Antivir Solution Pro Enabled Updated BC D C - F - b- C C- E B CF F Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C WINDOWS system spoolsv exe C WINDOWS system acs exe svchost exe C Program Files Spyware Doctor BDT BDTUpdateService exe C Program Files TOSHIBA ConfigFree CFSvcs exe C Program Files Java jre bin jqs exe C Program Files Nero Nero Nero BackItUp NBService exe C TOSHIBA IVP ISM pinger exe C WINDOWS system IoctlSvc exe C WINDOWS system svchost exe -k imgsvc c TOSHIBA IVP swupdate swupdtmr exe C WINDOWS system ThpSrv exe C WINDOWS system TODDSrv exe C Program Files Yahoo SoftwareUpdate YahooAUService exe C WINDOWS Explorer EXE C Program Files Apoint K Apoint exe C Program Files Atheros ACU exe C Program Files Camera Assistant Software for Toshiba traybar exe C Program Files TOSHIBA TouchPad TPTray exe C WINDOWS system thpsrv exe C WINDOWS system igfxpers exe C WINDOWS RTHDCPL EXE C Program Files TOSHIBA E-KEY CeEKey exe C WINDOWS system TDispVol exe C WINDOWS system igfxsrvc exe C WINDOWS system ZoomingHook exe C Program Files TOSHIBA TOSHIBA Zooming Utility SmoothView exe C WINDOWS system TPSMain exe C Program Files Apoint K HidFind exe C Program Files TOSHIBA TOSHIBA Direct Disc Writer ddwmon exe C Program Files TOSHIBA TOSHIBA USB Sleep and Charge Utility TUSBSleepChargeSrv exe C Program Files Nero Nero Nero BackItUp NBKeyScan exe C Program Files Apoint K Apntex exe C WINDOWS system TPSBattM exe C Program Files Spyware Doctor pctsTray exe C WINDOWS system ctfmon exe C Program Files Messenger msmsgs exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Documents and Settings David Boynton Desktop dds scr C WINDOWS system WSCRIPT exe Pseudo HJT Report uStart Page hxxp www yahoo com fr fp-yie uDefault Page URL hxxp www yahoo com fr fp-yie uWindow Title Windows Internet Explorer provided by Yahoo uInternet Settings ProxyServer http uInternet Settings ProxyOverride lt local gt mSearchAssistant BHO amp Yahoo Toolbar Helper d -c f - efb- b - eca - c program files yahoo companion installs cpn yt dll BHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - c program files common files adobe acrobat activex AcroIEHelperShim dll BHO PC Tools Browser Guard BHO a f d b- - ff -b - cce e - c program files spyware doctor bdt PCTBrowserDefender dll BHO RealPlayer Download and Record Plugin for Internet Explorer c e -b - bc - - c ca - c documents and settings all users application data real realplayer browserrecordplugin ie rpbrowserrecordplugin dll BHO C C A-E - b - D - CECB - No File BHO Java Plug-In SSV Helper bb-d f - c-b eb-d daf d d - c program files java jre bin ssv dll BH... Read more

A:Windows XP Recovery Removal

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
Because of this, you must reply within three days failure to reply will result in the topic being closed!
Please do not PM me directly for help. If you have any questions, post them in this topic.
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.____________________________________________________Please download UnHide.exe by Grinler.It will unhide folders/files that were set to be hidden by the infection you had.NEXT:Rootkit UnHooker (RkU)Please download Rootkit Unhooker from one of the following links and save it to your desktop.Link 1 (.exe file)Link 2 (zipped file)Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.Double-click on RKUnhookerLE.exe to start the program.
Vista/Windows 7 users right-click and select Run As Administrator.Click the Report tab, then click Scan.Check Drivers, Stealth Code, and uncheck the rest.Click OK.Wait until it's finished and then go to File > Save Report.Save the report to your Desktop.Copy and paste the contents of the report into your next reply.-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a pa... Read more

http://www.bleepingcomputer.com/forums/t/399584/windows-xp-recovery-removal/
Relevancy 52.89%

Hi everyone,
I'm using on Windows 7 professional box, and recently became infected with the Windows 7 recovery fake AV. I performed the removal process as instructed here: http://www.bleepingcomputer.com/virus-removal/remove-windows-7-recovery
Had to recreate a few shortcuts and run the unhide.exe program to be able to see my documents.
But firewall log picked up my machine talking to a bunch of different places outside my firewall, and I was getting browser redirects. So I tried running TDSSkiller but couldn't get the program to launch, even after renaming it.

I was able to run AVG anti-rootkit but it didnt pick up anything.

Any help would be greatly appreciated.

A:TDSSkiller won't Run after Windows 7 recovery removal.

Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The log can also be found here:C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txtOr at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt======================================Please download GMER from one of the following locations and save it to your desktop:Main Mirror
This version will download a randomly named file (Recommended)Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.IMPORTANT! If for some reason GMER refuses to run, try again.If it still fails, try to UN-check "Devices" in right pane.If still no joy, try to run it from Safe Mode.

http://www.bleepingcomputer.com/forums/t/404226/tdsskiller-wont-run-after-windows-7-recovery-removal/
Relevancy 52.89%

I did find steps on the website but so far no success Originally the XP Anti-spyware virus showed Booted to safe mode Tried to launch Malwarebytes and the virus came up virus Removal XP Windows Recovery Went to http www bleepingcomputer com virus-removal remove-win- -internet-security- Followed instructions and left Malwarebytes running Malwarebytes was told to clean the malware problems it found On boot up a Windows XP Recovery virus showsGo to http www bleepingcomputer Windows XP Recovery virus Removal com virus-removal remove-windows-xp-recoveryFollow instructionsTried to run rkill scr and got userinit exe Windows cannot access the specified device path or file You may not have the appropriate permissions to access the items Went back to the original instructions and they said to run iexplore exe Ran that Ran TDSSKillerIt found rootkit win TDSS tdl Selected Cure Selected continue Rebooted as requested and that reloaded the Windows XP Recovery virus Reran iexplore exe Reran TDSSKiller and it found nothing Went into program files to find Malwarebytes to run it Malwarebytes could not find the virus Ran Superantivirus It could not find the virusEdit Moved topic from XP to the more appropriate forum Animal

A:Windows XP Recovery virus Removal

Since TDSSKiller detected a rootkit, I would highly recommend that you Please follow the instructions in ==>This Guide<==.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Once you have created the new topic, please reply back here with a link to the new topic.

http://www.bleepingcomputer.com/forums/t/399306/windows-xp-recovery-virus-removal/
Relevancy 52.89%

I have been infected with Windows 7 Recovery. I have completed all steps in the removal guide and it seems to be gone. However, I ran the unhide.exe and I still do not have the majority of my files and none of my start menu. I have Windows Vista. Please help get my files back.

A:Windows 7 recovery removal unhide.exe help

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

http://www.bleepingcomputer.com/forums/t/399881/windows-7-recovery-removal-unhideexe-help/
Relevancy 52.89%

First I want to thank everyone for the help you have posted regarding the Windows Recovery Virus I was able to remove this virus 7 Windows removal Post Recovery; help with malwarebytes but as a result now have a black desktop background and missing files that aren t really missing in the Start Up menu I followed the directions that were given in another thread recently and copied the necessary items into the start up menu folder but nothing has changed I wasn t able to run RKUnhookerLE Here is the error I got Exception code xC Instruction address x EAA Attempt to read at address xFFFFFFFF Please help and thank you in advance C Users BRENDA AppData Windows 7 Recovery; Post removal help Local Temp smtmp - Parameters quot s quot ---Files--- None found C Users BRENDA AppData Local Temp smtmp d------ Default Programs lnk ------- bytes desktop ini --ahs-- bytes My Identity Protection url --a---- bytes PhotoStage lnk ------- Windows 7 Recovery; Post removal help bytes Windows Update lnk ------- Windows 7 Recovery; Post removal help bytes C Users BRENDA AppData Local Temp smtmp Programs d------ Adobe Reader lnk --a---- bytes Apple Software Update lnk --a---- bytes Dell Help Documentation lnk --a---- bytes desktop ini --ahs-- bytes Media Center lnk --a---- bytes Microsoft Default Manager lnk --a---- bytes Microsoft Office lnk --a---- bytes Mozilla Firefox lnk --a---- bytes Sidebar lnk --a---- bytes Windows Anytime Upgrade lnk --a---- bytes Windows DVD Maker lnk --a---- bytes Windows Fax and Scan lnk --a---- bytes Windows Live Mail lnk --a---- bytes Windows Live Messenger lnk --a---- bytes Windows Live Movie Maker lnk --a---- bytes Windows Live Photo Gallery lnk --a---- bytes Windows Media Player lnk --a---- bytes XPS Viewer lnk --a---- bytes C Users BRENDA AppData Local Temp smtmp Programs Accessories d------ Calculator lnk --a---- bytes Desktop ini --ahs-- bytes displayswitch lnk --a---- bytes Math Input Panel lnk --a---- bytes Mobility Center lnk --a---- bytes Paint lnk --a---- bytes Remote Desktop Connection lnk --a---- bytes Snipping Tool lnk --a---- bytes Sound Recorder lnk --a---- bytes Sticky Notes lnk --a---- bytes Sync Center lnk --a---- bytes Welcome Center lnk --a---- bytes Wordpad lnk --a---- bytes C Users BRENDA AppData Local Temp smtmp Programs Accessories Accessibility d------ Desktop ini --ahs-- bytes Speech Recognition lnk --a---- bytes C Users BRENDA AppData Local Temp smtmp Programs Accessories System Tools d------ Character Map lnk --a---- bytes Desktop ini --ahs-- bytes dfrgui lnk --a---- bytes Disk Cleanup lnk --a---- bytes Resource Monitor lnk --a---- bytes System Information lnk --a---- bytes System Restore lnk --a---- bytes Task Scheduler lnk --a---- bytes Windows Easy Transfer Reports lnk --a---- bytes Windows Easy Transfer lnk --a---- bytes C Users BRENDA AppData Local Temp smtmp Programs Accessories Tablet PC d------ Desktop ini --ahs-- bytes ShapeCollector lnk --a---- bytes TabTip lnk --a---- bytes Windows Journal lnk --a---- bytes C Users BRENDA AppData Local Temp smtmp Programs Accessories Windows PowerShell d------ desktop ini --ahs-- bytes Windows PowerShell x lnk --a---- bytes Windows PowerShell ISE x lnk --a---- bytes Windows PowerShell ISE lnk --a---- bytes Windows PowerShell lnk --a---- bytes C Users BRENDA AppData Local Temp smtmp Programs Administrative Tools d------ Component Services lnk --a---- bytes Computer Management lnk --a---- bytes Data Sources ODBC lnk --a---- bytes desktop ini --ahs-- bytes Event Viewer lnk --a---- bytes iSCSI Initiator lnk --a---- bytes Memory Diagnostics Tool lnk --a---- bytes Performance Monitor lnk --a---- bytes services lnk --a---- bytes System Configuration lnk --a---- bytes Task Scheduler lnk --a---- bytes Windows Firewall with Advanced Security lnk --a---- bytes Windows PowerShell Modules lnk --a---- bytes C Users BRENDA AppData Local Temp smtmp Programs AIM d------ AIM lnk --a---- bytes Uninstall AIM lnk --a---- bytes Visit AIM on the Web url --a---- bytes C Us... Read more

http://www.bleepingcomputer.com/forums/t/403811/windows-7-recovery;-post-removal-help/
Relevancy 52.89%

This has to be somewhere else as well, I just can't find anything relevant. Sorry in advance. After removing the Windows 7 Recovery virus, all shortcuts have been removed. It even took away the Run access button (have to use Win+R now) and all shortcuts to IE and Firefox. Everything is still hidden, and I need to know if this can be easily remedied. I watched a YouTube video where it all just came right back for a guy, following removal. Any ideas?

Toshiba Satellite, Windows 7 Home 32-bit.

Edit: Oh, and it has deleted my user files, along with all the info therein, along with all Microsoft software, like Office and even the damned media player.

http://www.bleepingcomputer.com/forums/t/400117/windows-7-recovery-post-removal-help/
Relevancy 52.89%

Hello and Thank You in advance Running a Toshiba laptop with windows Had quot Windows Recovery quot show up on laptop Have followed the instructions here to delete Have ran in safe mode Rkill until it came up blank times in a row Malwarebytes several times found nothing TDSSKiller several times found nothing Have tried to manually delete files referenced on removal instructions Have ran unhide several times Symptoms that are still showing up - Explorer has a constant popup recovery windows 7 virus removal of not responding close and sometimes recover To windows 7 recovery virus removal the point it is unusable Start-All Programs- click a program - shows quot empty quot and nothing opens Missing default icons ie trash bin etc Believe I still have a rootkit problem that I have been unable to fix I have a Seagate Replica At this point is my best option to do a complete wipe of hard drive and reinstall Have attached both DDS file Thanks Again nbsp DDS scan txt nbsp nbsp KB nbsp nbsp downloads nbsp dds Attach zip nbsp nbsp KB nbsp nbsp downloads

A:windows 7 recovery virus removal

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OKDeFogger may ask you to reboot the machine, if it does - click OKDo not re-enable these drivers until otherwise instructed.Download DDS:Please download DDS by sUBs from one of the links below and save it to your desktop:
Download DDS and save it to your desktop

Link1
Link2
Link3

Please disable any anti-malware program that will block scripts from running before running DDS.

Double-Click on dds.scr and a command window will appear. This is normal.Shortly after two logs will appear:
DDS.txt Attach.txtA window will open instructing you save & post the logsSave the logs to a convenient place such as your desktopCopy the contents of both logs & post in your next replyScan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Save Report.Save the report somewhere where you can find it. Click Close.Copy the entire contents of the report and paste it in a reply here.Note** you may get this warning it is ok, just ignore"Rootkit Unhooker has detected a parasite inside itself!It is recommended to remove parasite, okay?""just click on Cancel, then Accept".information and logs:In your next post I need the following

.logs from DDSlog from RKUnHookerlet me know of any problems you may have hadGringo

http://www.bleepingcomputer.com/forums/t/398308/windows-7-recovery-virus-removal/
Relevancy 52.89%

I had Windows Recovery throwing warnings up so I ran Malwarebytes Anti-Malware MBAM and it got rid of the warnings Now when I try to update the definitions for MBAM I Finishing Windows of removal the Recovery get an error message about not being able to retrieve the update I am apprehensive to try to retrieve the definitions again because I can t tell if the virus has corrupted the executable Also when I run MBAM the file name is a string of numbers I would like assistance getting rid of the virus completely because this is not working hxxp xkcd com Here is the DDS log DDS Ver - - - NTFSx Internet Explorer BrowserJavaVersion Run Finishing the removal of Windows Recovery by Cy at on - - Microsoft Windows XP Professional GMT - Running Processes E WINDOWS system nvsvc exe E WINDOWS system svchost exe -k DcomLaunch svchost exe E WINDOWS System svchost exe -k netsvcs svchost exe svchost exe E Program Files Lavasoft Ad-Aware AAWService exe E WINDOWS system spoolsv exe svchost exe E WINDOWS System svchost exe -k Akamai E Program Files Common Files Apple Mobile Device Support AppleMobileDeviceService exe E Program Files Bonjour mDNSResponder exe E Program Files Java jre bin jqs exe E Program Files Common Files Microsoft Shared VS Debug mdm exe E Program Files Nero Update NASvc exe E Program Files Common Files Nero Nero BackItUp NBService exe E Program Files twc medicsp bin sprtsvc exe E WINDOWS system svchost exe -k imgsvc E WINDOWS system UTSCSI EXE E WINDOWS system mdmcls exe E Program Files Canon CAL CALMAIN exe E WINDOWS Explorer EXE E Program Files Lavasoft Ad-Aware AAWTray exe E WINDOWS cfgmng exe E Program Files twc medicsp bin sprtcmd exe E WINDOWS RTHDCPL EXE E Program Files Common Files InstallShield UpdateService issch exe E WINDOWS system RUNDLL EXE E Program Files Common Files Java Java Update jusched exe E Program Files GIGABYTE GBTUpd RunUpd exe E Program Files iTunes iTunesHelper exe E Program Files GIGABYTE ET GUI exe E WINDOWS system ctfmon exe E Program Files PIXELA ImageMixer SE for SD CameraMonitor exe E Program Files Logitech SetPoint SetPoint exe E Program Files Common Files Logishrd KHAL KHALMNPR EXE E Program Files iPod bin iPodService exe E Program Files internet explorer iexplore exe E Program Files internet explorer iexplore exe Pseudo HJT Report uStart Page hxxp login live com login srf id amp svc mail amp cbid amp msppjph amp tw amp fs amp lc amp lang EN uInternet Settings ProxyOverride amazon com amazon com searchap untd com localhost microsoft com windowsupdate com wustat windows com pogo com worldwinner com test-speed com liveupdate symantecliveupdate com symantec com nai com networkassociates com photosite com dir untd com local BHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - e program files common files adobe acrobat activex AcroIEHelper dll BHO Popup-Blocker Class ef -d a - ad-a -e cf - e program files netzero qsacc X IEBHO dll BHO Nero Toolbar d c f- a- -a ad- d - e program files ask com GenericAskToolbar dll BHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - e program files java jre bin jp ssv dll BHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - e program files java jre lib deploy jqs ie jqs plugin dll TB Nero Toolbar d c f- a- -a ad- d - e program files ask com GenericAskToolbar dll TB F F ECBE-D - B -B - A E F A - No File TB FAC - BF - DD-B A -A EA CFF CF - No File uRun ctfmon exe e windows system ctfmon exe mRun ATIPTA e program files ati technologies ati control panel atiptaxx exe mRun dvHighMem e windows cfgmng exe mRun medicsp e program files twc medicsp bin sprtcmd exe P medicsp mRun Adobe Reader Speed Launcher quot e program files adobe reader reader Reader sl exe quot mRun Kernel and Hardware Abstraction Layer KHALMNPR EXE mRun Ad-Watch e program files lavasoft ad-aware AAWTray exe mRun RTHDCPL RTHDCPL EXE mRun ISUSPM Startup e progra common instal update ISUSPM exe -startup mRun ISUSScheduler quot e program files common files installshield updateservice is... Read more

A:Finishing the removal of Windows Recovery

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
Because of this, you must reply within three days failure to reply will result in the topic being closed!
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.____________________________________________________Rootkit UnHooker (RkU)Please download Rootkit Unhooker from one of the following links and save it to your desktop.Link 1 (.exe file)Link 2 (zipped file)Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.Double-click on RKUnhookerLE.exe to start the program.
Vista/Windows 7 users right-click and select Run As Administrator.Click the Report tab, then click Scan.Check Drivers, Stealth Code, and uncheck the rest.Click OK.Wait until it's finished and then go to File > Save Report.Save the report to your Desktop.Copy and paste the contents of the report into your next reply.-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".NEXT:Running OTLWe need to create a FULL OTL ReportPlease download OTL from here:
Main MirrorMirrorSave it to your desktop.Double click on the i... Read more

http://www.bleepingcomputer.com/forums/t/404538/finishing-the-removal-of-windows-recovery/
Relevancy 52.89%

I am brand new to this forum and just found it. I need some help. My granddaughter has the Windows Recovery Virus on her laptop. It runs with Windows 7. The Recovery Virus has disabled the McAfee Virus Scan I put on her computer and will not allow me to download and run a virus scan with McAfee. What can I do to remove this Recovery Virus from her laptop? Is there a free automatic removal tool I can download to my computer and load up on her laptop via a memory stick? I can't get this thing off of her computer.

A:Windows 7 Recovery Virus removal

Welcome... I moved this from WIN 7 to the Am I Infected forum.Please follow our Removal Guide here Remove Windows Recovery .After reading how the malware is misleading you ...You will move to the Automated Removal InstructionsAfter you completed that, post your scan log here,let me know how things are.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating systemHow is it now?

http://www.bleepingcomputer.com/forums/t/452149/windows-7-recovery-virus-removal/
Relevancy 52.89%

I have read thru the forums and recovery issues Windows removal tried to remove the windows recovery virus manually then by using malwarebytes then running unhide to restore hidden files Much improved BUT I still have IE redirecting to random sites and my media player goes off without warning Windows recovery removal issues every so often - playing random stuff Malwarebytes doesn t detect anything new but something is still in my system This is nasty HELPI have tried to run TDSSkiller from my desktop but it wont open execute DDS LogDDS Ver - - - NTFSx Internet Explorer Run by Dan at on - - Microsoft Windows XP Professional GMT - AV AntiVir Desktop Disabled Updated AD - F - A-A -FDD C Running Processes C WINDOWS system Ati evxx exeC WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcssvchost exesvchost exeC WINDOWS system spoolsv exeC Program Files Avira AntiVir Desktop sched exeC WINDOWS system Ati evxx exesvchost exeC WINDOWS Explorer EXEC WINDOWS RTHDCPL EXEC Program Files ScanSoft OmniPageSE OpwareSE exeC Program Files Avira AntiVir Desktop avgnt exeC Program Files Common Files Java Java Update jusched exeC WINDOWS system ctfmon exeC Program Files ATI Technologies ATI ACE Core-Static MOM exeC Program Files ATI Technologies ATI ACE Core-Static ccc exeC Program Files Avira AntiVir Desktop avguard exeC Program Files Bonjour mDNSResponder exeC Program Files Java jre bin jqs exec Program Files Common Files Intuit QuickBooks QBCFMonitorService exeC Program Files Avira AntiVir Desktop avshadow exeC WINDOWS system svchost Windows recovery removal issues exe -k imgsvcC Program Files Internet Explorer IEXPLORE EXEC Program Files Internet Explorer IEXPLORE EXEC WINDOWS system wuauclt exeC WINDOWS system wscntfy exeC Program Files Internet Explorer iexplore exeC Program Files Internet Explorer iexplore exeC Documents and Settings Dan Desktop Windows recovery virus removal dds scrC WINDOWS system WSCRIPT exe Pseudo HJT Report uStart Page hxxp www google ca ig hl en amp source iglkuInternet Settings ProxyOverride localBHO AcroIEHlprObj Class e f-c d - d -b d- b d be b - c program files adobe acrobat acrobat activex AcroIEHelper dllBHO Spybot-S amp D IE Protection - f - d - Windows recovery removal issues - d f - c program files spybot - search amp destroy SDHelper dllBHO AcroIEToolbarHelper Class ae cd -e - f- - ee - c program files adobe acrobat acrobat AcroIEFavClient dllBHO Skype Plug-In ae - e c- ed - f b-f f a - c program files skype toolbars internet explorer skypeieplugin dllBHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dllBHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dllTB Adobe PDF -d c - - fa - e eaac - c program files adobe acrobat acrobat AcroIEFavClient dllEB Adobe PDF ec be- - c -a -beb d a b - c program files adobe acrobat acrobat AcroIEFavClient dlluRun ctfmon exe c windows system ctfmon exemRun RTHDCPL RTHDCPL EXEmRun StartCCC quot c program files ati technologies ati ace core-static CLIStart exe quot MSRunmRun OpwareSE quot c program files scansoft omnipagese OpwareSE exe quot mRun avgnt quot c program files avira antivir desktop avgnt exe quot minmRun SunJavaUpdateSched quot c program files common files java java update jusched exe quot mRun NeroFilterCheck c windows system NeroCheck exemRun QuickBooks Agent c windows qbagent exemRun Intuit SyncManager c program files common files intuit sync IntuitSyncManager exe startupIE E amp xport to Microsoft Excel - c progra micros office EXCEL EXE IE FB F -F - d -BB E- C F - c program files messenger msmsgs exeIE EA C -E FF- B- -AEC B E - EA C -E FF- B- -AEC B E - c program files skype toolbars internet explorer skypeieplugin dllIE DFB A - F - C -A - CAB FD A - - F - D - - D F - c program files spybot - search amp destroy SDHelper dllDPF AD C - E- D -B E - F D - hxxp java sun com update jinstall- -windows-i cabDPF CAFEEFAC- - - -A... Read more

A:Windows recovery removal issues

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
Because of this, you must reply within three days failure to reply will result in the topic being closed!
Please do not PM me directly for help. If you have any questions, post them in this topic.
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.____________________________________________________Rootkit UnHooker (RkU)Please download Rootkit Unhooker from one of the following links and save it to your desktop.Link 1 (.exe file)Link 2 (zipped file)Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.Double-click on RKUnhookerLE.exe to start the program.
Vista/Windows 7 users right-click and select Run As Administrator.Click the Report tab, then click Scan.Check Drivers, Stealth Code, and uncheck the rest.Click OK.Wait until it's finished and then go to File > Save Report.Save the report to your Desktop.Copy and paste the contents of the report into your next reply.-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".NEXT:Running OTLWe need to create a FULL OTL ReportPlease download OTL from here:
Main MirrorSave it to your desktop.Double click on the icon on your desktop.Click the &quo... Read more

http://www.bleepingcomputer.com/forums/t/399791/windows-recovery-removal-issues/
Relevancy 52.89%

Hello My daughter asked me to take a look at her Gateway laptop yesterday and when I saw the quot Windows Vista Recovery quot window after booting I suspected it was malware but have been a little surprised at its removal Recovery Vista Windows resiliency I ve been to the Windows Vista Recovery self-help page located at http www bleepingcomputer com virus-removal remove-windows-vista-recovery and that page ultimately led me here I cannot launch any programs or even see them by clicking on an icon or file in Windows on her system in either standard or safe modes The system comes up with a blank desktop except for Internet Explorer and I ve not bothered testing that I can get to a command prompt and was able to run rkill as well as tdsskiller Tdsskiller acted initially as if it had done something useful but all indications from a usage standpoint tell me it wasn t enough I was also able to run rkill and each time it runs the report is blank in terms of naming what it says was Windows Vista Recovery removal stopped if anything It s worth noting that while rkill doesn t effectively report names of programs or processes halted it DOES manage to make the otherwise unstoppable quot Windows Vista Recovery quot window go away I can get Windows Explorer to launch but it s not permitted by the beasties to show me any folders or files -- which was what sent me to the command line I ve been using a Knoppix Live-CD to do actual file transfers with a USB stick so I could load and run defogger exe dds scr and gmer Windows Vista Recovery removal exe I m posting this from my own PC while the laptop rests between bouts It s also worth noting that I was able yesterday to install MalwareBytes but have NOT been able to get it updated as all such attempts are promptly shut down by the malware It will run and scan but reports not having found a problem Per the instructions on this page - gt http www bleepingcomputer com forums topic html I m attaching the logs from dds scr and gmer exe Any guidance will be most appreciated

A:Windows Vista Recovery removal

Hey Gang ... I realize how buried you are right now so I sucked it up and did some intense studying of the guidelines for similar infections here and so far as I can determine, the laptop is now clean and sober again. I wanted to add this post so you can safely close this request and move to the next person who's likely needing the help more than I currently do.

I also want to say a huge thanks just for having this forum ... I have to give credit where it's due and without the diagnostic tools and inferred information on what to look for scattered through each trouble shooting thread, I'd still be biting my nails. Thanks again !!

http://www.bleepingcomputer.com/forums/t/400701/windows-vista-recovery-removal/
Relevancy 52.89%

I have created a dual boot system but only the XP works Whenever I choose the Windows Operating system the computer reboots and I am thrown in a loop What have I done wrong This is my boot ini file boot loader timeout default multi disk rdisk partition WINDOWS operating systems multi disk rdisk partition WINDOWS quot Microsoft Windows XP Professional quot fastdetect E quot Microsoft Windows Second Edition quot I also tried to modify the last line with these E Windows quot Microsoft Windows Second Edition quot multi disk rdisk partition quot Microsoft Windows Second Edition quot multi disk rdisk partition Windows quot Microsoft Windows Second Edition quot Each of these modified boot ini entries did not reboot the machine instead it gave me a new message Windows could not start because the following file is missing or corrupt lt Windows Root gt system hal Dual Issue XP/98 {RESOLVED}Windows Boot dll Please re-install a copy of the above file Background Info Preparation Windows Setup I have two physical hard drives I partitioned one and left the other one as a quot whole quot I am planning on the partitioned hard drives to house my OS and the other hard drive to handle all my data which can be shared {RESOLVED}Windows XP/98 Dual Boot Issue from both operating systems After partitioning my first drive was C and E my data drive was D It happened like this I did not select the letters I was using a Windows setup floppy to do the fdisk and the partitioning After all the partitions were set I ran the Windows setup and then instructed it to format the E drive FAT of course where it will reside It did so but when the scandisk part of the setup ran it was giving me an error on the C drive Although the C and D drives were not formatted yet as of this time it was only telling me that the error was on the C I formatted the C into FAT I ran the setup for changed the destination to E Windows and all went smoothly From within I then formatted the D drive so I now have all three drives as FAT Windows XP Setup I installed Windows XP from outside Windows I had the BIOS boot up from CD and then ran the setup from there The setup detected the two partitions on drive and the one partition in drive I selected the Partition as my target partition for the install Drive C and then it asked me if I want to convert it to NTFS I did After the install the bootup screen gave me the OS options but that s when I discovered that Windows can t boot up anymore Epilogue I found the hal dll in the C Windows system folder The problem is the C drive is in NTFS format so the Windows OS can t recognize it The weird thing is the hal dll is located in the cab files of XP not Win so why would the error come up when I try to boot up Win I hope you guys can explain what I did wrong or maybe guide me to a correct way of doing this project I thought I followed all the MS instructions to the letter Thanks nbsp

Relevancy 52.89%

Had this problem on a Dell XPS M1330 running Vista and then upgrading to Win 7 64bit. Try flashing or updating BIOS first. Then unplug and replug (or replace if bad) the CMOS battery to reset BIOS. Remember CMOS holds the settings in BIOS. So when no power to CMOS, BIOS settings get wiped out (BIOS tells your pc what to do when it starts). Reset to default settings in BIOS. This fixed my restart issue! I tried all kinds of fixes and this was the only one that worked! Not all are software related issues. Any hardware changes can cause this problem like adding a IDE drive to a SATA board. Make the drive a slave changing it from cable select for example. Hope this is useful to someone.

Relevancy 52.89%

I get a message that Windows failed.
Status: 0xc000000e
Info: The boot selection failed because a required device is inaccessible.

It instructs me to insert the windows installation disc, restart, and run "repair your computer".  However, I did not receive an installation disc, only a utilities disk (which does not boot)
What do I do now?

A:Inspiron M5030 recovery boot issue. Recovery disk does full restore and starts Win7, which operates fine. But on restart, windows will not boot.

1. Reseat the hard disk drives, reseat the controller and monitor. 2. Perform chkdsk /r on the RAID volume. 3. Run diagnostics on the hard disk drives and controller and replace as necessary.
Additional Information:
Event ID 1001 is logged in the System event log. Log Name: System Source: Microsoft-Windows-WER-SystemErrorReporting Date: 12.08.2013 11:23:04 Event ID: 1001 Task Category: None Level: Error Keywords: Classic User: N/A Computer: server.domain.com Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa800644ab30, 0xfffffa800644ae10, 0xfffff80001be07b0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031214-68266-01 Review of the memory dump files using Debugging Tools for Windows will result in output similar to the following.BugCheck 7A, {fffff6fc40040128, ffffffffc000000e, 6454cbe0, fffff88008025000} Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+36c1a ) Debugging Details: ------------------ ERROR_CODE: (NTSTATUS) 0xc000000e - A device which does not exist was specified. DISK_HARDWARE_ERROR: There was error with disk hardwareBugCheck F4, {3, fffffa8006332b30, fffffa8006332e10, fffff80001b8e7b0} ----- ETW minidump data unavailable----- Probably caused by : csrss.exe CRITICAL_OBJECT_TERMINATION (f4)
Look below for more details
Source : www.dell.com/.../EN

http://en.community.dell.com/support-forums/laptop/f/3518/t/19683062
Relevancy 52.46%

I have the Windows Recovery virus/trojan on my laptop. I previously attempted removal with malwarebytes 3 times and each time it would find something, I would delete it like I'm supposed to, and restart as it asks. And each time I would restart and find windows recovery right back where it was. I found the unistall guide on here and have followed all the steps exactly. I did the full scan, it found 2 infected items, I removed them, followed the prompt to restart my computer, did so, and was welcomed with the exact same thing I had to start with. I then turned my computer off. What do I do now??

A:Help - Windows Recovery virus removal trouble

Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Then post your DDS and GMER logs as a reply to this topic. Once you have done that I will remove my reply and consolidate the posts so that you retain your correct place in the queue.If you can produce at least some of the logs, then please explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

http://www.bleepingcomputer.com/forums/t/391910/help-windows-recovery-virus-removal-trouble/
Relevancy 52.46%

My laptop was infected by Windows Vista Recovery.

I found and followed the following instructions:
http://www.bleepingcomputer.com/virus-removal/remove-windows-vista-recovery

I was still getting google redirects so I ran TDSSKiller and they have now stopped.

Except now I still have an icon on my desktop labelled "Windows Vista Restore".

I tried running a full scan with Malware and it comes up with no infections.

Where do I go from here?

A:Windows Vista Recovery Removal Issues

Except now I still have an icon on my desktop labelled "Windows Vista Restore".You can safely delete it.

http://www.bleepingcomputer.com/forums/t/402645/windows-vista-recovery-removal-issues/
Relevancy 52.46%

So I recently had the Windows XP recovery virus and managed to get rid of the relentless popups by running rkiller then several malware removal (Spybot, malwarebytes)

But I still have afew problems that need solving:

- Google redirecting (And redirecting my web adress bar if i type in manually) me and TDSSkiller wont run to sort this out
- Everytime computer starts up, it loads for a moment, brings up an ACER screen, then restarts and comes to the "start in safe with networking/last known good config/normal" and will only start if last known good config is selected other wise it just keeps restarting.
- And I have no sounds on online videos.

I would like to solve these issues without posting a registry log thing if this is possible, any help appreciated.

A:Computer still effected after Windows XP recovery removal

Why is no one helping :S I thought this site was really helpful

http://www.bleepingcomputer.com/forums/t/403007/computer-still-effected-after-windows-xp-recovery-removal/
Relevancy 52.46%

After turning on my pc today i got hit with another one of these malware viruses called "Windows Recovery".
After searching online for possible removals basically told me to use malware bytes to search for malware to remove problem.
So i downloaded malwarebytes which brought up some problems which i then deleted. Windows recovery does not function anymore however is still present on my system, it is still in my all programs section and still a shortcut on my desktop however, neither lead anywhere as it cannot find the files.
I would just delete them to recycle bin however most of my desktop items have still vanished and on Start>All Programs most of my Programs have disapeared, is their anyone that can help me restore my programs so that they appear again and get rid of the rest of this virus that malware bytes no longer picks up

Kind regards
Dan

A:Windows Recovery Removal Process Problem

Hi Dan

I have just acquired the same virus - haven't got aroungd to removing it yet. Checking on line, someone posted that it changed items on the desktop to 'hidden'. So I think if you undo that it should restore your missing items.

Steve

http://www.bleepingcomputer.com/forums/t/386855/windows-recovery-removal-process-problem/
Relevancy 52.46%

Originally the computer came up with XP Anti-spyware virusBooted to safe mode Tried to launch Malwarebytes and the virus came up Went Windows cleanup XP and virus Recovery removal to http www bleepingcomputer com virus-removal remove-win- -internet-security- Followed instructions and left Malwarebytes running Malwarebytes was Windows XP Recovery virus removal and cleanup told to clean the malware problems it found On boot up a Windows XP Recovery virus shows Go to http www bleepingcomputer com virus-removal remove-windows-xp-recovery Follow instructions Tried to run rkill scr and got userinit exe Windows cannot access the specified device path or file You may not have the appropriate permissions to access the items Went back to the original instructions and they said to run iexplore exe Ran that Ran TDSSKiller It found rootkit win TDSS tdl Selected Cure Selected continue Rebooted as requested and that reloaded the Windows XP Recovery virus Reran iexplore exe Reran TDSSKiller and it found nothing When into program files to find Malwarebytes to run it It could not find the virus Ran Superantivirus It could not find the virusUpdated and ran Symantec Antivirus I t found and Quarantined Trojan gen and Adware HotbarFound the notepad font at Reduced font to Tried to fix the problem of no programs show when All Programs is selectedRebooted and got nFyePyKnbQUscgeAythbWRun-time error Object requiredHave a folder aQQA ikkkkkk Most shortcuts and a number of folders are set to hiddenDDS log DDS Ver - - - NTFSx Internet Explorer Run by Gayle at on - - Microsoft Windows XP Professional GMT - AV Symantec AntiVirus Corporate Edition Enabled Updated FB E- B - A- F -E D C Running Processes C WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcssvchost exesvchost exeC Program Files Common Files Symantec Shared ccSetMgr exeC Program Files Common Files Symantec Shared ccEvtMgr exeC Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A PIFSvc exeC Program Files Common Files Symantec Shared SPBBC SPBBCSvc exeC WINDOWS system spoolsv exeC WINDOWS system rundll exeC WINDOWS system rundll exeC WINDOWS system rundll exeC WINDOWS Explorer EXEsvchost exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Symantec LiveUpdate ALUSchedulerSvc exeC Program Files Bonjour mDNSResponder exeC DOCUME Gayle LOCALS Temp k g x h exeC Program Files Symantec AntiVirus DefWatch exeC WINDOWS system svchost exe -k hpdevmgmtC WINDOWS System svchost exe -k itlsvcC Program Files HP HP Software Update HPWuSchd exeC Program Files Java jre bin jqs exeC Program Files Common Files Symantec Shared ccApp exeC PROGRA SYMANT VPTray exeC Program Files Common Files Java Java Update jusched exeC Program Files Adobe Reader Reader Reader sl exeC Program Files Common Files Microsoft Shared VS Debug mdm exeC WINDOWS system ctfmon exeC WINDOWS TEMP k g x h exeC WINDOWS System svchost exe -k HPZ C WINDOWS System svchost exe -k HPZ C Program Files Microsoft Search Enhancement Pack SeaPort SeaPort exeC WINDOWS system svchost exe -k imgsvcC Program Files Symantec AntiVirus Rtvscan exeC WINDOWS cftnom exeC DOCUME Gayle LOCALS Temp k g x h exeC WINDOWS System svchost exeC PROGRA Symantec LIVEUP LUCOMS EXEC Program Files Symantec LiveUpdate AUPDATE EXEE XP anti-spyware dds scrC WINDOWS system WSCRIPT exe Pseudo HJT Report uStart Page hxxp www google com uSearch Page hxxp aa rd yahoo com customize ie defaults sp msgr http ph yahoo comuSearchURL Default hxxp aa rd yahoo com customize ie defaults su msgr http ph yahoo comuURLSearchHooks Yahoo Toolbar ef bd -c fb- d - f- d f - c program files yahoo companion installs cpn yt dllmWinlogon Userinit c windows system userinit exeBHO amp Yahoo Toolbar Helper d -c f - efb- b - eca - c program files yahoo companion installs cpn yt dllBHO HP Print Enhancer c e- - -bf - c - c program files hp digital imaging smart web printing hpswp printenhancer dllBHO Adob... Read more

A:Windows XP Recovery virus removal and cleanup

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan again:Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREWe also need a new log from the GMER anti-rootkit Scanner. Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.Please first disable any CD emulation programs using the steps found in this topic:Why we request you disable CD Emulation when receiving Malware Removal AdviceThen create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:How to create a GMER logThanks and again sorry for the delay.

http://www.bleepingcomputer.com/forums/t/399374/windows-xp-recovery-virus-removal-and-cleanup/
Relevancy 52.46%

Hello My laptop was infected with Windows Vista Recovery which was removed by the of this topic http www bleepingcomputer com virus-removal remove-windows-vista-recovery I think there may be infection left as IE amp chrome are not working and asking for proxy settings though I am not using any proxy at the moment Following is the DDS Text DDS Ver - - - NTFSx Internet Explorer BrowserJavaVersion Run by Kamran at on - - Microsoft Windows Vista Home Premium GMT AV AntiVir Desktop Enabled Recovery Vista removal after of infection Windows Possible Updated F C - CE- C F- C- B A B SP Windows Defender Enabled Updated D DDC A- F- fae- E -DA C ACF SP AntiVir Desktop Enabled Updated B E DCD- F - E - D C- CF DCF A Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system nvvsvc exe C Windows system svchost exe -k rpcss C Windows System svchost exe -k secsvcs C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows System DriverStore FileRepository stwrt inf f de STacSV exe C Windows system Possible infection after removal of Windows Vista Recovery svchost exe -k GPSvcGroup C Windows system SLsvc exe C Windows system svchost exe -k LocalService C Windows system rundll exe C Windows system Hpservice exe C Windows system svchost exe -k NetworkService C Windows system WLANExt exe C Windows System spoolsv exe C Program Files Avira AntiVir Desktop sched exe C Windows system svchost exe -k LocalServiceNoNetwork C Windows System DriverStore FileRepository stwrt inf f de aestsrv exe C Windows system agrsmsvc exe C Program Files Avira AntiVir Desktop avguard exe C Windows system svchost exe -k bthsvcs C Program Files Intel Intel Matrix Storage Manager IAANTMon exe C Program Files Common Files LightScribe LSSrvc exe C Windows System svchost exe -k HPZ C Windows System svchost exe -k HPZ C Windows system svchost exe -k NetworkServiceNetworkRestricted C Program Files SMINST BLService exe C Program Files CyberLink Shared files RichVideo exe C Program Files Avira AntiVir Desktop avshadow exe C Windows system svchost exe -k imgsvc C Program Files Hewlett-Packard Media TV Kernel TV TVCapSvc exe C Program Files Hewlett-Packard Media TV Kernel TV TVSched exe C Windows System svchost exe -k WerSvcGroup C Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXE C Windows system SearchIndexer exe C Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exe C Windows system taskeng exe C Windows system Dwm exe C Windows Explorer EXE C Program Files Synaptics SynTP SynTPEnh exe C Program Files Hewlett-Packard Media DVD DVDAgent exe C Program Files Hewlett-Packard TouchSmart Media TSMAgent exe C Program Files Hewlett-Packard TouchSmart Media Kernel CLML CLMLSvc exe C Program Files Hewlett-Packard HP MediaSmart SmartMenu exe C Windows system taskeng exe C Program Files Windows Defender MSASCui exe C Program Files Hewlett-Packard HP Quick Launch Buttons QLBCTRL exe C Program Files HP HP Software Update hpwuSchd exe C Program Files Hewlett-Packard HP Wireless Assistant HPWAMain exe C Program Files Hewlett-Packard PrnStatusMX PrnStatusMX exe C Program Files HP HP UT bin hppusg exe C Program Files Avira AntiVir Desktop avgnt exe C Program Files Hewlett-Packard Media TV TVAgent exe C Program Files Hewlett-Packard Shared hpqwmiex exe C Program Files Common Files Nokia MPlatform NokiaMServer exe C Program Files Google Quick Search Box GoogleQuickSearchBox exe C Windows system wbem wmiprvse exe C Program Files IDT WDM sttray exe C Windows System rundll exe C Program Files Intel Intel Matrix Storage Manager IAAnotif exe C Program Files Common Files Java Java Update jusched exe C Windows ehome ehtray exe C Windows ehome ehmsas exe C Program Files Hewlett-Packard HP wireless Assistant WiFiMsg EXE C Program Files Hewlett-Packard HP Quick Launch Buttons Com QLBEx exe ... Read more

A:Possible infection after removal of Windows Vista Recovery

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE-------------------------------------------------------------In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problemIf you still need help, please include the following in your next replyA detailed description of your problemsA new DDS log (don't forget attach.txt)Thanks and again sorry for the delay.

http://www.bleepingcomputer.com/forums/t/398445/possible-infection-after-removal-of-windows-vista-recovery/
Relevancy 52.46%

Is there any way to manually remove this? I am now unable to get online with this stupid virus. I tried running malwarebytes and it does not find anything. It wont let me open any programs either.....

A:Windows Recovery Virus Manual Removal

You might take a look at the BC Removal Guide, Windows Recovery and follow the instructions therein exactly.If that provides no solution, please follow the guide's instructions in the Preparation Guide link reflected.Louis

http://www.bleepingcomputer.com/forums/t/393124/windows-recovery-virus-manual-removal/
Relevancy 52.46%

Hello all I m hoping I can find a solution to my virus problems on this forum I have a fairly new Sony Vaio laptop running Windows I haven t had any problems with it until last night when I accidently acquired what I now know is the Windows Recovery virus I am hoping to find answers quick because I start class in a week and will desperately need the computer When I started up my computer this morning my icons were gone the screen black and the windows recovery box popped up saying that my - issues still windows virus removal after recovery having hardware was corrupted etc I immediately downloaded the Malwarebytes program and removed the virus After I windows recovery virus - still having issues after removal did so all of my icons were still hidden windows recovery virus - still having issues after removal and everything in my start menu was missing as well At a loss for what to do and not knowing about unhide exe I decided to try a system restore and went back to a previous version of my settings from August I did that and with a restart everything seemed back to normal Desktop background back icons back all my windows recovery virus - still having issues after removal music and documents back I thought I had solved the problem until I realized that everything stored under My Documents mainly my pictures were still missing It was then that I searched around and found the unhide exe on the internet I ran this and my pictures were back Though I wish I would have tried this before I did the system restore I thought that my virus problem was solved Now the issue seems to be with the internet When I began running Firefox I noticed a considerable lag when I tried to click on my bookmarks facebook youtube etc The internet was slow but the pages did load However when I try to go to google or yahoo and search something it takes multiple clicks for a page to load and when it is loading I see strange random urls appearing on the top of the browser It will often redirect back to the search results page Sometimes a box will pop up saying quot Do you want to open quot search quot quot with an option to open or save I just click cancel With a bit of effort I can get to the page I was trying to get to but it takes multiple clicks and a lot of frustration In addition to malwarebytes i ve downloaded avast and webroot antivirus software but those haven t found anything either I thought that maybe I had the google redirect virus but it didn t seem the same my browser doesn t redirect to a different website it just doesn t allow the site to load without several attempts Even so I did run tdsskiller the scan came up clean Sorry if this post is lengthly or confusing I just wanted to explain the full background of the issue If anyone has a suggestion it would be greatly appreciated Thanks in advance edit forgot to add that I did reinstall firefox as well as reinstalled internet explorer The problem occurs on IE as well

A:windows recovery virus - still having issues after removal

Hello.It appears that the issues on your system will require a more in-depth examination than can be performed in this forum. Please read the information in this guide, and follow all the steps beginning with step 6. After you have followed the steps in that guide, I would like you to start a new thread HERE and include a link to this thread.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient. The MRT is very busy, so it could be several days (3-5 days is the average wait right now) before you receive a reply. But rest assured, help is on the way!~Blade

http://www.bleepingcomputer.com/forums/t/415712/windows-recovery-virus-still-having-issues-after-removal/
Relevancy 52.46%

I had a feeling it was too easy I thought I successfully removed that rather nasty Windows XP Recovery virus Please keep in mind that I used quot XP of virus Recovery problem removal New after Windows unhide exe quot as part of the process Today I went to quot All Programs quot on the start menu and the programs folders are listed visible but when the pointer is put on them the extensiona all say quot empty quot For example in the quot All Programs quot part of the Start menu when I put the pointer on quot Accesories quot the next extension opens and lists quot Accesibility Communications Entertainment and System Tools quot folders But when I put the pointer New problem after removal of Windows XP Recovery virus on the quot System Tools quot folder for example the next extension pops up but says Empty I believe the quot missing quot programs are there just hidden I have Avast up and running but when I put the pointer on the Avast folder it shows Empty Is this fixable

A:New problem after removal of Windows XP Recovery virus

At last count 110 people read this which means about 109 folks smarter than I am saw it.

I'm starting to fear that there is no solution to this but no one wants to give me the bad news.

http://www.bleepingcomputer.com/forums/t/398735/new-problem-after-removal-of-windows-xp-recovery-virus/
Relevancy 52.46%

I ran all of the utilities and Malware Bytes per the instructions @ Bleepingcompter.com. It appears the virus is gone but it has left at least a couple of serious issues. I did run the unhide utility but my desktop is still empty. Everything is in its correct folder location it just doesn't show up on the desktop. Also, my "System Tools" shows empty. I can run system restore from its system32 folder location but all attempts to return to a previous set point fail. This is one nasty virus. Any suggestions would be appreciated.I would like to add one more question to this topic. I had the latest updates of Avast and Adaware running when this attack occurred and neither even hiccupped. Is there an antivirus or antimalware program that would have stopped it?Mod Edit: Moved from Malware Removal Logs to Am I Infected, no logs ~ Hamluis.

A:Remaining Issues with Windows XP Recovery Removal

I may have fixed my problem or at least part of it. I read elsewhere that I should run the rkill then Malwarebytes over and over. Maybe that was also mentioned here and I missed it. I did run them 3 times and I figured that was enough but it looks like the 4th time was the charm. Suddenly the desktop appeared but still no System Tools.
On edit: I just downloaded and ran AccRestore v2.0 from http://windowsxp.mvps.org/Accessories.htm It worked!!! Yippee.

http://www.bleepingcomputer.com/forums/t/401171/remaining-issues-with-windows-xp-recovery-removal/
Relevancy 52.03%

Hello,

I have a computer that had the Windows XP Recovery virus that I removed. After the virus was removed my CD drive will not read any disc. I have taken the drive out and tested in another machine and it works and I have also installed a new drive and it also will not read cd's. I have tried the upper and lower filters repair to no avial.
I suspect the virus has done something in the registy that I cannot find.

Any help or Ideas would be greatly appreciated.

A:CD will not read disc after Windows XP Recovery Virus removal

I have also gone into device manager and removed the cd drives and the ide controllers and reinstalled.

http://www.bleepingcomputer.com/forums/t/399961/cd-will-not-read-disc-after-windows-xp-recovery-virus-removal/
Relevancy 52.03%

It Windows google recovery, tool and removal MS redirect Started last night with Windows XP Recovery I was not able to access internet so I went to this computer and downloaded rkill and MalWareBytes I ran rkill and MalWareBytes MalWareBytes was stopped in mid scan so I ran them both again but in Windows recovery, MS removal tool and google redirect safe mode I had the following show up when I ran Rkill On the black screen after Please be patience was Access Denied but it had seem to stop everything I ran the MBAM and it had or infections that I removed I rebooted the computer and I started seeing Windows recovery, MS removal tool and google redirect MS Removal Tool It was late and I was tired and missed seeing the part about running TDSSKILLER I looked it up on Bleeping Computer and ran Rkill and MalWareBytes again access Denied msg on Rkill MBAM found virus again and removed them Tried to do a google search to fix the Windows HOSTS file but was unable to go anywhere because kept redirecting me Stopped for the night Woke up and saw I missed the TDSSKILLER and redid everything and ran it The TDSSKILLER found one item and cured it I looked up google redirect and followed steps on that Now it seems I got rid of everything but the google redirect Can you help me This is my son s computer and he needs it to finish up the school year DSS Log DDS Ver - - - NTFSx Run by Parent at on Mon Internet Explorer Microsoft Windows XP Professional GMT - AV My Security Engine Enabled Updated FDA - BC - DF -A AC- B F A C AV Total Protection Service Enabled Updated C - F - E - DC-AD E C FW My Security Engine Enabled Running Processes C WINDOWS system Ati evxx exe C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs C WINDOWS system svchost exe -k WudfServiceGroup svchost exe svchost exe C WINDOWS system Ati evxx exe C WINDOWS system spoolsv exe C Program Files Google Update GoogleUpdate exe svchost exe C Program Files Common Files Apple Mobile Device Support AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files Java jre bin jqs exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C Program Files McAfee Managed VirusScan Agent myAgtSvc Exe C WINDOWS system HPZipm exe C WINDOWS system svchost exe -k imgsvc C WINDOWS RTHDCPL EXE C Program Files Common Files Real Update OB realsched exe C Program Files McAfee Managed VirusScan Agent myAgtTry Exe C Program Files HP HP Software Update HPWuSchd exe C Program Files Common Files Java Java Update jusched exe C Program Files Common Files Adobe ARM AdobeARM exe C Program Files Messenger msmsgs exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C WINDOWS system ctfmon exe C Program Files McAfee Managed VirusScan VScan McShield exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Program Files Common Files Java Java Update jucheck exe C WINDOWS explorer exe E INFECTION dds scr Pseudo HJT Report uStart Page hxxp www k com uInternet Connection Wizard ShellNext iexplore uInternet Settings ProxyOverride local BHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files common files adobe acrobat activex AcroIEHelper dll BHO Google Toolbar Helper aa ed - dd- d - -cf f - c program files google google toolbar GoogleToolbar dll BHO Google Toolbar Notifier BHO af de - d - -b fa-ce b ad d - c program files google googletoolbarnotifier swg dll BHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dll BHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dll TB Google Toolbar c b - - d - b - a cd f - c program files google google toolbar GoogleToolbar dll TB EA- A- B-ADF - D E CC - No File uRun MSMSGS quot c program files messenger msmsgs exe quot background uRun swg quot c program files google googletoolbarnotifier GoogleToolbarNotifier exe quot uRun ct... Read more

A:Windows recovery, MS removal tool and google redirect

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OKDeFogger may ask you to reboot the machine, if it does - click OKDo not re-enable these drivers until otherwise instructed.Download DDS:Please download DDS by sUBs from one of the links below and save it to your desktop:
Download DDS and save it to your desktop

Link1
Link2
Link3

Please disable any anti-malware program that will block scripts from running before running DDS.

Double-Click on dds.scr and a command window will appear. This is normal.Shortly after two logs will appear:
DDS.txt Attach.txtA window will open instructing you save & post the logsSave the logs to a convenient place such as your desktopCopy the contents of both logs & post in your next replyScan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Save Report.Save the report somewhere where you can find it. Click Close.Copy the entire contents of the report and paste it in a reply here.Note** you may get this warning it is ok, just ignore"Rootkit Unhooker has detected a parasite inside itself!It is recommended to remove parasite, okay?""just click on Cancel, then Accept".information and logs:In your next post I need the following

.logs from DDSlog from RKUnHookerlet me know of any problems you may have hadGringo

http://www.bleepingcomputer.com/forums/t/397738/windows-recovery-ms-removal-tool-and-google-redirect/
Relevancy 52.03%

hello long time lurker first time poster sorry that my first post is not a removal recovery google redirect virus of windows after proper intro hopefully i will get to that after i fix this bleepin computer about days ago i contracted a rather nasty google redirect after removal of windows recovery virus little virus which set up a quot windows google redirect after removal of windows recovery virus restore quot malware program onto my computer hid all of my c drive files and locked my keyboard and mouse when i tried to restart in safe mode i think it may have keyed my car too but that might have been the neighborhood kids anyways i stopped it from running with RKILL removed it with MalwareBytes and restored my programs google redirect after removal of windows recovery virus with Unhide exe so joy rang throughout the kingdom right not really now i have a google redirector you know the drill click on a google result and get redirected to another search engine i ran superantispyware and spybot S amp D each picked up a few items but this redirector remains i read the prerequisites for posting pasted below is my DDS TXT and attached is my GMER log and DDS attachment Thank you in advance for your help DDS Ver - - - NTFSx Run by Owner at on Thu Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT - Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C Program Files Common Files Symantec Shared ccSetMgr exe C WINDOWS Explorer EXE C Program Files Common Files Symantec Shared ccEvtMgr exe C Program Files Common Files Symantec Shared SPBBC SPBBCSvc exe C WINDOWS system spoolsv exe svchost exe C Program Files Common Files Apple Mobile Device Support AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files Symantec AntiVirus DefWatch exe C Program Files Java jre bin jqs exe C WINDOWS system svchost exe -k imgsvc C Program Files Symantec AntiVirus Rtvscan exe C WINDOWS system Wacom Tablet exe C WINDOWS system igfxpers exe C WINDOWS system igfxtray exe C WINDOWS system ctfmon exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Documents and Settings Spybot - Search amp Destroy TeaTimer exe C Program Files Mozilla Firefox firefox exe C Program Files Mozilla Firefox plugin-container exe C WINDOWS system wuauclt exe C Documents and Settings Owner My Documents Downloads dds scr Pseudo HJT Report uStart Page https login yahoo com config login src fpctx amp done hxxp www yahoo com uInternet Settings ProxyOverride local lt local gt BHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - c program files common files adobe acrobat activex AcroIEHelperShim dll BHO Spybot-S amp D IE Protection - f - d - - d f - c docume spybot SDHelper dll BHO Groove GFS Browser Helper - c - d -b f - bbc d a e - c program files microsoft office office GrooveShellExtensions dll BHO Google Toolbar Helper aa ed - dd- d - -cf f - c program files google google toolbar GoogleToolbar dll BHO Google Toolbar Notifier BHO af de - d - -b fa-ce b ad d - c program files google googletoolbarnotifier swg dll BHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dll BHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dll TB Google Toolbar c b - - d - b - a cd f - c program files google google toolbar GoogleToolbar dll EB Groove Folder Synchronization a ae - bf - -a a -cfa e - c program files microsoft office office GrooveShellExtensions dll uRun ctfmon exe c windows system ctfmon exe uRun swg quot c program files google googletoolbarnotifier GoogleToolbarNotifier exe quot uRun SpybotSD TeaTimer c documents and settings spybot - search amp destroy TeaTimer exe mRun HotKeysCmds c windows system hkcmd exe mRun Persistence c windows system igfxpers exe mRun IgfxTray c windows system igfxtray exe mRun KernelFaultCheck systemroot system ... Read more

A:google redirect after removal of windows recovery virus

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OKDeFogger may ask you to reboot the machine, if it does - click OKDo not re-enable these drivers until otherwise instructed.Download DDS:Please download DDS by sUBs from one of the links below and save it to your desktop:
Download DDS and save it to your desktop

Link1
Link2
Link3

Please disable any anti-malware program that will block scripts from running before running DDS.

Double-Click on dds.scr and a command window will appear. This is normal.Shortly after two logs will appear:
DDS.txt Attach.txtA window will open instructing you save & post the logsSave the logs to a convenient place such as your desktopCopy the contents of both logs & post in your next replyScan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Save Report.Save the report somewhere where you can find it. Click Close.Copy the entire contents of the report and paste it in a reply here.Note** you may get this warning it is ok, just ignore"Rootkit Unhooker has detected a parasite inside itself!It is recommended to remove parasite, okay?""just click on Cancel, then Accept".information and logs:In your next post I need the following

.logs from DDSlog from RKUnHookerlet me know of any problems you may have hadGringo

http://www.bleepingcomputer.com/forums/t/398389/google-redirect-after-removal-of-windows-recovery-virus/
Relevancy 52.03%

I downloaded the Malwarebytes Anti-Malware software and removed the Windows Recovery Virus. I also downloaded the Unhide.exe and used it to bring back my files. I have two issues now:

First when I hit start and go to "All Programs" not all my programs show and the ones that I find and open do not show up as recently used when I hit start again after using the program. How do I fix this?

Second, The virus was removed a few days ago and I've been able to use my programs without any problems. Now when I try to use Quickbooks I get a registry error, telling me that "Quickbooks has a problem reading this registration file. You need to ask your system administrator to REMOVE this file and re-install it." Please help.

A:Registry Issues after removal of the Windows Recovery Virus

<<The virus was removed a few days ago and I've been able to use my programs without any problems...>>

I'm a little confused...when did the problems listed begin?

I see no registry issues detailed...I do see a registration situation with Quickbooks detailed. The two are not the same. A registration issue can probably be overcome by uninstalling/reinstalling the program with said issue, based on premise that program files may be damaged.

Louis

http://www.bleepingcomputer.com/forums/t/427673/registry-issues-after-removal-of-the-windows-recovery-virus/
Relevancy 51.17%

Yesterday a messagebox popped up on my screen quot Windows XP Recovery Hard Drive Errors found Click OK to scan now quot Knowing better than to do what it told me I pressed the quot Cancel quot button but work. didn't Recovery" "Windows Infected guide, followed , with removal HELP! XP it proceded to scan anyway After a while of quote-unquote quot scanning quot it told me quot Windows cannot find hard disk space Hard Drive Error quot then quot GPU RAM Temperature is critically high Urgent sic RAM Memory surely the real MS would know that the M in RAM stands for memory wouldn t it optimization is required to prevent system crash quot Then Infected with "Windows XP Recovery" , followed removal guide, didn't work. HELP! I got quot Read time of hard drive clusters less than ms quot I don t even think that is a real error message just something made up to scare people who aren t in the know technically surely lt ms read-time is a good thing So naturally I quot x quot ed it off then shut down my pc The today when I got up I booted off an Ubuntu LiveCD to save my files then tried to start Windows in safe mode Which didn t work too well My computer runs XP Professional so when I tried to log in my password wouldn t work and quot Administrator quot as the username and nothing as a password didn t work either So I decided I had to try it in normal mode The virus tries to make your desktop look quot scary quot by hiding all the files and making the background black It also attempts to convince the victim that the HDD really is damaged by setting all file attributes to quot hidden quot and removing all links from the start menu You can load My Computer access the C drive but you quot C quot nothing I set folder options to quot View hidden files and folders quot and alakazam my files appeared Anyway I was still getting popups so I followed BleepingComputer com s tutorial about Windows XP recovery here This guide worked fine until about step Run mbam-setup exe though I suspect step failed which caused this no rootkits were detected but as you will probably work out there is one at work here MBAM gave me an error quot The setup files are corrupted Please obtain a new copy of the program quot So I did and this time renamed it jjdsjsds com exe Double clicked it- still no luck Then symantec told me jjdsjsds com exe was infected and that it cleaned it also saying quot Access Denied quot Which is the same error I received when I ran RKill but RKill seemed to work killing XP Recovery with ease Luckily I have a copy of MBAM installed so I ran that and tried to update it I got the update screen up it downloaded but then a dialog appeared quot An error has occurred Please report this error code to our support team MBAM ERROR UPDATING CreateFile Access is denied quot Wondering what happened I decided to abort the update and run a scan anyway It found nothing So I navigated to the folder that I knew the malware was in thanks to the RKill log and scanned that Still nothing I was going to delete the files manually but I decided I d post here first I will post a screenshot showing the files in the folder Anyway I followed the instructions in the preperation guide and made all the required logs I also ran the rootkit detector again just to be sure but still nothing So brace yourself here comes the log starting with even though it isn t required the RKill log This log file is located at C rkill log Please post this only if requested to by the person helping you Otherwise you can close this log when you wish Rkill was run on at Operating System Microsoft Windows XP Processes terminated by Rkill or while it was running C PROGRA SYMANT VPTray exeC Documents and Settings All Users Application Data MEXFxpGUVShIHWB exeC Documents and Settings All Users Application Data exe --- ATTENTION --- Windows was configured to use a proxy Proxy settings have been removed The Proxy Server that was configured is If this was a valid setting pleas... Read more

A:Infected with "Windows XP Recovery" , followed removal guide, didn't work. HELP!

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

http://www.bleepingcomputer.com/forums/t/398650/infected-with-windows-xp-recovery-followed-removal-guide-didnt-work-help/
Relevancy 50.31%

One of my users got the Windows XP Recovery "virus" last evening. He was RDCed into his desktop from home. I looked this morning and recognized it was not really a hard drive failure. I looked at the guide which suggested removing the Hidden attribute and running Anti-MalwareBytes (which I did). I ran it twice which returned diseased files. I cleaned it. I still can't get IE to work, etc. Where do I go from here?

Thanks,
Glenn

A:Windows XP Recovery issue

Sorry, meant to include the log files from MBAM:

First Run ==============================================

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6705

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/3/2011 11:01:47 AM
mbam-log-2011-06-03 (11-01-47).txt

Scan type: Quick scan
Objects scanned: 152544
Time elapsed: 4 minute(s), 23 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
c:\documents and settings\all users\application data\ooyecuncneni.exe (Trojan.FakeMS) -> 708 -> Unloaded process successfully.
c:\documents and settings\all users\application data\18145060.exe (Trojan.FakeMS) -> 2148 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OoyECuNcnEni (Trojan.FakeMS) -> Value: OoyECuNcnEni -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\all users\application data\ooyecuncneni.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\18145060.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

==============================================================================================

Second run: ==============================

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6705

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/3/2011 12:30:09 PM
mbam-log-2011-06-03 (12-30-09).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 224021
Time elapsed: 34 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\all users\application data\symantec\srtsp\quarantine\apq6.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.

===============================================================================================

Third run: ========================================

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6705

Windows 5.1.2600 Service Pack 3
Internet Explorer ... Read more

http://www.bleepingcomputer.com/forums/t/401542/windows-xp-recovery-issue/
Relevancy 50.31%

I have a computer that when sold had windows 8 on it. it was later upgraded to windows 8.1. This is a Dell Inspiron 3537 laptop. It is in need of a factory reset, the owners did not create recovery disk. And the recovery program does not work after the 8.1 upgrade! I am told the recovery partition is corrupt or missing. is there still a way I can use the win. 8 recovery partition?
 

https://forums.techguy.org/threads/windows-8-recovery-issue.1160870/
Relevancy 50.31%

My Computer is a Samsung NP300E5C Laptop Windows 7 Home premium 64 bit When I tried to install Samsung Recovery Solution 5 on my computer after downloading it from Samsung's Website it said
There is no Samsung Recovery Area on your hard disk drive
Setup will be canceled
What should I do to install it so how do I a Samsung Recovery Area ?
The same kind of thing happens when I try to install quick starter from samsung
 

Relevancy 49.88%

Hey everyone,

I'm having issues trying to reinstall Windows on my old emachines computer using the emachines recovery disk set. After rebooting and following the formatting instructions, it runs Symantec's Ghost program (which requires all three cd's) and then reboots itself. The computer gets to the "Please wait while Windows prepares..." and then freezes forever. I've let it sit for over an hour and have gotten nothing. Upon rebooting I get the Windows splash and then a black screen. I've reinstalled Windows twice and have gotten the same results (frozen screen - rebooting brings the black screen).

The emachines is an old T1100 with all the original specs.

Any ideas on what could be causing this?

A:Emachines Windows Recovery issue

Ah - the eMachines recovery disk...

My advice would be to buy a Windows XP disk in the store.
Upgrading you RAM to 256 wouldn't hurt either.

http://www.techsupportforum.com/forums/f10/emachines-windows-recovery-issue-166119.html
Relevancy 49.88%

Sigh
Was wondering if any one could help me

I have a HP Pavilion which as some of you might know has its own recovery drive
I need to use my recovery drive because my computer is pretty screwed up right now. how ever when ever i attempt to access my recovery drive i get
STOP: c0000218 {registry file failure}
The registry cannot load the hive (file):
System\roomt\system32\config\security
Or its log alternate
it is corrupt , absent , or not writable
 

Relevancy 49.88%

Okay so my brother just gave me the ASUS G JW Laptop to use it has windows x OS on it and I've tried at least a dozen or so ways to get it to find the recovery drive using tutorials and I am getting nowhere but frustrated I've even tried making an ISO Win disc and getting it 8.1 out Recovery windows issue cant figure this I to boot from there hoping that the key which I got using a rd party I cant figure out this windows 8.1 Recovery issue device would pull from the bios and allow me to get a clean computer that way but to no avail It won't even recognize the disc as a boot option I've finally figured out the keys to get into the bios and boot menus so we're good there And I am pretty familiar with windows back but I've never encountered windows until now and I already hate it So I cant figure out this windows 8.1 Recovery issue any help is greatly appreciated Also don't feel like you are overexplaining anything Explain it as simply and in as many steps as you can trying not to assume I know what you're talking about especially if you get into command prompt stuff cuz that loses me really quickly when people jump around Thank you ahead of time for your help This is really frustrating

A:I cant figure out this windows 8.1 Recovery issue

Welcome to Eight Forums.

If you have an ASUS computer and if Refresh or Reset does not work, then you should use the Asus Backtracker utility.

-or-

How to download and clean install Windows 8.1 if you have an OEM computer with UEFI firmware (BIOS) embedded Windows 8/8.1 product key. -> link

http://www.eightforums.com/installation-setup/65164-i-cant-figure-out-windows-8-1-recovery-issue.html
Relevancy 49.88%

Greetings I found this site to be useful for some issues I have been having Now I have a peculiar problem I have a Dell Inspiron m Laptop with WinXP SP installed in one partition and Ubuntu in the other I thought of removing Ubuntu as my hard disk capacity is less So when I popped in my Windows CD to get Recovery Console it loads all the way till before I get the menu screen and suddenly I get a BSOD with the following technical information STOP X E XC XF F E XF F XF F ntfs sys - Address F F E base at F Datestamp cea The error suggested me to check XP recovery SP2 console issue Windows BIOS updates and disable BIOS cacheing My BIOS is up-to-date and drivers are all compatible as I did the compatibility checks too In fact other than this problem I have a perfect running system I read the stop error articles Windows XP SP2 recovery console issue on support base and found out stop x e was related to system Windows XP SP2 recovery console issue handler exception but the next line ntfs sys throws me off My windows partitions are FAT Moreover CHKDSK did not throw any errors on my hard disk I tried installing Recovery Console on the hard disk but I get the same BSOD even after a successful install Right now I am clueless but I am running memtest tonite and I will post the results tomorrow If anyone can help me in this peculiar situation your help is greatly appreciated Thanks Lex

A:Windows XP SP2 recovery console issue

I did a memtest86 and had no errors. I ran it upto 10 cycles. I checked the harddisk, driver compatibilty and found zilch errors. I also used an application called Program Checker whic turned out fine. So I have no clue on why this error keeps on popping up. I hope someone has a solution

http://www.techsupportforum.com/forums/f10/windows-xp-sp2-recovery-console-issue-109506.html
Relevancy 49.45%

I removal Windows NTFS after and issue permissions ve had a persistent problem with computers coming in infected after removals my user permissions and NTFS permissions are hosed I ve been banging my head on the wall trying to resolve the issue but have never found a solution other than a reload Infected machines are all running Win x if it matters Issues include files and folders seemingly at random are hidden and cannot be unhidden right now desktop icons cannot install programs Access Denied I m assuming because I do not have permission to write to a temp folder during the install Copying to the root of C for example I am prompted to elevate as an admin I try to run secedit configure cfg windir Windows inf defltbase inf db defltbase sdb verboseAnd it will fail after processing all the registry keys scesrv log results in Windows and NTFS permissions issue after removal Warning Access is denied Error Windows and NTFS permissions issue after removal setting security on machine software classes Registry permission reset with secedit which I don t think is even officially supported in will fail every key I even tried running icacls T Q C RESET which I know is not meant for a windows install drive to see if that would get me anywhere every file is access denied Below are what my scanners pulled out minus the tracking cookies on my most recent machine Value HKEY LOCAL MACHINE SOFTWARE Microsoft Windows CurrentVersion Uninstall Cake Mania -- DisplayName detected Trace Registry Cake Mania A Value HKEY LOCAL MACHINE SOFTWARE Microsoft Windows CurrentVersion Uninstall Cake Mania -- UninstallString detected Trace Registry Cake Mania A C Documents and Settings User AppData LocalLow Sun Java Deployment cache be a - ec ce detected Trojan-Downloader Java Agent IK C Program Files Shockwave com Cake Mania product CakeMania exe detected Trojan Win Buzus IK C Users User AppData LocalLow Sun Java Deployment cache be a - ec ce detected Trojan-Downloader Java Agent IK - - c programdata godylqgmths exe detected Trojan-Downloader Win Dapato bt - - c programdata godylqgmths exe was deleted - - C Documents and Settings All Users exe detected Trojan Win Jorik Fraud ud - - C Documents and Settings All Users exe was deleted - - C Documents and Settings User AppData Local Microsoft Windows Temporary Internet Files Low Content IE QK SFN QQkFBg MBAEDAAABEkcJBQcEAAYADAANBQ htm detected Trojan-Downloader HTML Agent tm - - C Documents and Settings User AppData Local Microsoft Windows Temporary Internet Files Low Content IE QK SFN QQkFBg MBAEDAAABEkcJBQcEAAYADAANBQ htm was deleted - - C Documents and Settings User AppData Local Temp Low tmp E tmp detected Trojan-Downloader Win Dapato bt - - C Documents and Settings User AppData Local Temp Low tmp E tmp was deleted - - C Documents and Settings User AppData LocalLow Sun Java Deployment cache f a- fc main class detected Trojan-Downloader Java Small f - - C Documents and Settings User AppData LocalLow Sun Java Deployment cache c f- fa main class detected Trojan-Downloader Java Small f - - C Documents and Settings User AppData LocalLow Sun Java Deployment cache d c - bead main class detected Trojan-Downloader Java Small f - - C Documents and Settings User AppData LocalLow Sun Java Deployment cache f a- fc was deleted - - C Documents and Settings User AppData LocalLow Sun Java Deployment cache c f- fa was deleted - - C Documents and Settings User AppData LocalLow Sun Java Deployment cache f f- b df b main class detected Trojan-Downloader Java Small f - - C Documents and Settings User AppData LocalLow Sun Java Deployment cache d c - bead was deleted - - C Documents and Settings User AppData LocalLow Sun Java Deployment cache f f- b df b was deleted - - C Documents and Settings User AppData LocalLow Sun Java Deployment cache b d b- af ae main class detected Trojan-Downloader Java Small f - - C Documents and Settings User AppData LocalLow Sun Java Deployment cache d d- a e f main class detected Trojan-Downloader Java S... Read more

A:Windows and NTFS permissions issue after removal

Sorry for the bump, but the plaster is starting to chip off the wall.

http://www.bleepingcomputer.com/forums/t/400048/windows-and-ntfs-permissions-issue-after-removal/
Relevancy 49.02%

My Sony vaio - Windows / 7 recovery Bootmgr issue missing vpceb fm gave message -'retry error press alt clt delete to restart' but it did not resolve after doing that Using Sony recovery disks I tried to do recovery repair windows bit it showed windows loading files and then windows logo and then became blank screen showing cursor I was able to move cursor though but nothing happens even hard disk light do not show up I tried to restart with F and went to windows safe mode and performed quick test and noticed error with harddisk I had repaired using the recovery repair tools It took hrs to repair and then I started to restore c drive It asked me to put recovery disk and after processing rth disk for a while it gave me a message - quot an error occurred while executing an operation the operation was not completed Shutdown the pc then try the operation again after restarting the system - Error quot The problem appear even after restarting I also tried to restart the system with out Recovery disk and quot noticed bootmgr is missing press clt alt delete message Windows 7 recovery issue / Bootmgr missing quot I am not sure whats happening Can someone please help me resolve this problem Thanks - Shashank

A:Windows 7 recovery issue / Bootmgr missing

Instead of using the CD's to restore your computer try the built in System Restore:

http://www.techsupportforum.com/foru...gs-637464.html

http://www.techsupportforum.com/forums/f217/windows-7-recovery-issue-bootmgr-missing-643031.html
Relevancy 49.02%

Hi I have Vista OS loaded as the default one by Acer I recently installed windows on a formatted partition which formerly had my data And I believe since then I haven't been able to use the Acer D D recovery It should come up by pressing Alt F during POST but it doesn't I have made sure that it is enabled in the BIOS I went through lot of forums and they suggest it's an Acer after issue Acer 7 D2D installing recovery windows MBR issue and that it may have been deleted or something Someone suggested me to use partedit and change partition ID to and Acer D2D recovery issue after installing windows 7 then run some command like quot mbrwin exe install quot but after doing that I couldn't load any of the OSs I somehow was able to repair recovered as it shows in the dual boot screen now both of them by using windows DVD thank God And on top of that Acer D D still doesn't work Any Acer D2D recovery issue after installing windows 7 solutions on the issue Thanks

A:Acer D2D recovery issue after installing windows 7

  
Quote: Originally Posted by The AudGuy


Hi,

I have Vista OS loaded as the default one by Acer. I recently installed windows 7 on a formatted partition (which formerly had my data). And I believe since then I haven't been able to use the Acer D2D recovery. It should come up by pressing Alt+F4 during POST, but it doesn't. I have made sure that it is enabled in the BIOS. I went through lot of forums and they suggest it's an Acer MBR issue and that it may have been deleted or something ?? Someone suggested me to use partedit and change partition ID to 07 and then run some command like " mbrwin.exe install ^@(% ", but after doing that I couldn't load any of the OSs. I somehow was able to repair (recovered as it shows in the dual boot screen now) both of them by using windows 7 DVD (thank God). And on top of that, Acer D2D still doesn't work. Any solutions on the issue ? Thanks!



Sorry I must be dense. what is the issue? Once you went from vista to win 7 the recovery partition was for all intents and purposes dead. It can only (using a vista dvd) restore you to vista.

What was it you were trying to do?

You can of course (if you have a win 7 dvd) set up a new recovery partition that will get you back to win 7

So?

Ken

http://www.sevenforums.com/backup-restore/76379-acer-d2d-recovery-issue-after-installing-windows-7-a.html
Relevancy 49.02%

Hi,

I have had my Samsung R530 laptop a few years now and I have been a little careless with it and now need to restore my laptop to its original out of the box setup.

Samsung recovery has never worked since the day I installed Ubuntu, and I have had regular fights between Linux grub and windows mbr for control of the boot....lol

The bottom line is I start samsung recovery and it says recovery area not found, I know its there; 15GB/Healthy Partition/3.14GB free the partition label is correct 0x27 and the windows 7 files seem to be there too, problem is how can I access and restore windows 7 with this partition if cannot access it with samsung's recovery tool???

Thanks in Advance

A:Help restoring windows 7(Samsung Recovery Issue)

Welcome to Windows Seven Forums.

If you have your Windows 7 DVD or a Windows repair disc you could boot into the Recovery Environment and try the Restore Image option.

Failing that, you could contact Samsung and see if they still have a recovery disc for your computer.

I'm no Linux expert as I've never used it, but I'll lay odds it's probably the reason you can't access Samsung's recovery partition. I take it you didn't create a set of recovery discs when you first bought the computer?

http://www.sevenforums.com/installation-setup/225360-help-restoring-windows-7-samsung-recovery-issue.html
Relevancy 49.02%

Hi everyone,  I've been trying to upgrade to Windows 10 for a while now from Windows 8.1, the Windows 10 files manage to download quite successfully in the beginning, saying I have enough space etc, so it all looks dandy for a minute or two. However once the files are downloaded,  it tells me I don't have enough disk space. It turns out the file has been downloading to my Recovery Drive which really doesn't have enough room in the first place.  So my question is, how do I stop the Windows 10 upgrade from downloading into my Recovery Drive, and move the downloading location to somewhere more sensible? I've tried restarting the process, deleting the downloaded file from the Recovery Drive, but it still recreates the same files in the same place. I haven't found any option as to if I can move the download location so far either.  Thanks in advance!

http://h30434.www3.hp.com/t5/Notebook-Operating-System-and-Recovery/Windows-10-Upgrade-from-Windows-8-1-Recovery-Drive-issue/td-p/5764869
Relevancy 48.59%

Thanks in advance,

Every time I turn on my PC, the Windows Recovery Console comes up, explaining that I have a made a recent hardware change that is causing startup problems.

I have never made, to my knowledge, ANY hardware changes whatsoever.

There is a younger family member in our house who uses this PC constantly, yet knows very little about PCs.

I cannot install any Security Updates without restarting!

A:Security Issue / Windows Recovery Console Problems!

try pressing f8 when booting and from the boot options choose
last known good configuration
i have never struck this before,if you type help in the recovery console it will give you a list of the commands available

http://www.techsupportforum.com/forums/f10/security-issue-windows-recovery-console-problems-29501.html
Relevancy 48.59%

Sorry if I come off like I have no idea what im talking about because I dont I had a virus last week that I was able to remove by following the steps of the quot Remove Windows Recovery Uninstall Guide from this site Everything seems to be working out just fine now except my start up menu is blank and when I have tried to print coupons using coupons com and smartsource com it says i have to re-install an Recovery Unistall issue the Windows Completed Guide....having my quot coupon printer quot So I click the install button complete what it asks me to and still no luck I think I downloaded the Java applet it asked me to like times but it Completed the Windows Recovery Unistall Guide....having an issue still wouldnt let me print Completed the Windows Recovery Unistall Guide....having an issue Does anyone know what to do I thought i read something about temporarily turning off any antivirus etc software but im not sure how to do that and if i WANT to do that i dont want to risk anymore virus issues please help kelly

A:Completed the Windows Recovery Unistall Guide....having an issue

Well...do you have any trouble printing anything from your desktop?I tend to avoid strange websites that tell me to install something in order to optimize my experience...but McAfee Site Advior gives those two sites the OK.You need to be more specific...about what you were asked to do...what happened...and any onscreen error message.FWIW: If you follow every suggestion that you ever read on the Internet...you will be very unhappy consistently . All advice/suggestions...are not necessarily good or full of knowledge .Your start menu situation may possibly be cured by running the latest version of Unhide.exe .Louis

http://www.bleepingcomputer.com/forums/t/405265/completed-the-windows-recovery-unistall-guidehaving-an-issue/
Relevancy 48.59%

-------- EDIT I posted this here because Boot issue Windows StartRepairOffline won't Recovery solve it all started with a BSOD User of the computer got the following error in Outlook - E Your system needs Windows Boot Recovery won't solve issue StartRepairOffline more memory or system resources Close some windows and try again -------- Hello Seven Forums I'm currently facing an issue with Windows I got asked to repair this PC but they ran into another issue than I did They couldn't get the PC to boot because it gave them a BSOD Now when I just started the PC there's not a single BSOD and it runs fine untill the quot Windows Logon quot screen It doesn't load There's a cursor and all but the actual screen isn't popping up I had some heavy google sessions with no result so far I tried to press quot Ctrl Alt Delete quot to get the taskmanager opened then starting quot Explorer exe quot but the taskmanager didn't even load Now after inserting my Windows Home Premium disk OEM and tried to run a recovery it took about minutes to come up with this error Code Problemsignature Problem Event Name StartupRepairOffline Problemsignature Problemsignature Problemsignature unknown Problemsignature Problemsignature ExternalMedia Problemsignature Problemsignature BadDriver OS Version Locale ID I have fixed these problems before but only with wiping the whole disk and doing a clean install But is there another way It's not my own computer I do not know what files are stored on it and because of that I don't want to do a clean install Ruben

A:Windows Boot Recovery won't solve issue StartRepairOffline

  
Quote: Originally Posted by Cyberuben


--------
EDIT:
I posted this here because it all started with a BSOD. User of the computer got the following error in Outlook: 0-8007000E (Your system needs more memory or system resources. Close some windows and try again)
--------

Hello Seven Forums,

I'm currently facing an issue with Windows. I got asked to repair this PC, but they ran into another issue than I did.
They couldn't get the PC to boot because it gave them a BSOD. Now, when I just started the PC, there's not a single BSOD and it runs fine, untill the "Windows Logon" screen. It doesn't load. There's a cursor and all, but the actual screen isn't popping up.

I had some heavy google sessions, with no result so far. I tried to press "Ctrl + Alt + Delete" to get the taskmanager opened, then starting "Explorer.exe", but the taskmanager didn't even load.
Now, after inserting my Windows 7 Home Premium disk (OEM), and tried to run a recovery, it took about 30 minutes to come up with this error:

Code:
Problemsignature:
Problem Event Name: StartupRepairOffline
Problemsignature 01: 6.1.7600.16385
Problemsignature 02: 6.1.7600.16385
Problemsignature 03: unknown
Problemsignature 04: 718
Problemsignature 05: ExternalMedia
Problemsignature 06: 1
Problemsignature 07: BadDriver
OS Version: 6.1.7600.2.0.0.256.1
Locale ID: 1043
I have fixed these problems before, but only with wiping the whole disk and doing a clean install. But is there another way? It's not my own computer, I do not know what files are stored on it, and because of that I don't want to do a clean install.

Ruben


Hello Ruben!

As the error log says it's "Problemsignature 07: BadDriver" unfortunately we won't know which driver it's talking about. Are you able to login under Safe Mode? If so check in Event Viewer so if you find anything specific.

Run a SFC Repair at Boot SFC /SCANNOW : Run in Command Prompt at Boot. Check this article Why is my screen black when I start Windows 7&#63; and see if it helps.

Report us back with results

http://www.sevenforums.com/bsod-help-support/242431-windows-boot-recovery-wont-solve-issue-startrepairoffline.html
Relevancy 48.59%

hi my computer became infected with the windows xp removal virus days ago google also redirects no matter what i type in the search engine or click on within that search my computer shuts down at random moments i have not had any success trying to remove the virus on my own any assistance would be most appreciated DDS Ver - - - NTFSx Internet Explorer Run by Owner at on - - xp recovery redirect with windows w/google infected issue Microsoft Windows infected with windows xp recovery w/google redirect issue XP Home Edition GMT - Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C WINDOWS system spoolsv exe C WINDOWS system igfxtray exe C Program Files CyberLink PowerDVD PDVDServ exe C Program Files Digital Media Reader shwiconem exe C Program Files QuickTime qttask exe C Program Files iTunes iTunesHelper exe C Program Files Messenger msmsgs exe C Program Files Spybot - Search amp Destroy TeaTimer exe C WINDOWS system ctfmon exe C Program Files Olympus ib olycamdetect exe svchost exe C Program Files Common Files Apple Mobile Device Support AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files Java jre bin jqs exe C Program Files Common Files New Boundary PrismXL PRISMXL SYS C Program Files Microsoft Search Enhancement Pack SeaPort SeaPort exe C WINDOWS system svchost exe -k imgsvc C Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXE C Program Files Yahoo SoftwareUpdate YahooAUService exe C Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exe C Program Files iPod bin iPodService exe C WINDOWS system wscntfy exe C WINDOWS explorer exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Documents and Settings Owner Desktop dds scr C WINDOWS system WSCRIPT exe Pseudo HJT Report uSearch Bar hxxp www google com ie uStart Page hxxp att my yahoo com uInternet Connection Wizard ShellNext iexplore uInternet Settings ProxyOverride local BHO amp Yahoo Toolbar Helper d -c f - efb- b - eca - c program files yahoo companion installs cpn yt dll BHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - c program files common files adobe acrobat activex AcroIEHelperShim dll BHO Spybot-S amp D IE Protection - f - d - - d f - c program files spybot - search amp destroy SDHelper dll BHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dll BHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dll BHO SingleInstance Class fdad da - a - fd - c - f ac - c program files yahoo companion installs cpn YTSingleInstance dll TB att net Toolbar ef bd -c fb- d - f- d f - c program files yahoo companion installs cpn yt dll TB CDD BF- FFB- - AD - DF B D - No File EB Real com fe fa -d c- d - fa- c f afe - c windows system Shdocvw dll uRun MSMSGS quot c program files messenger msmsgs exe quot background uRun EPSON Stylus CX Series c windows system spool drivers w x e faticda exe fu quot c windows temp E SA tmp quot EF quot HKCU quot uRun SpybotSD TeaTimer c program files spybot - search amp destroy TeaTimer exe uRun ctfmon exe c windows system ctfmon exe uRun VoipBuster quot c program files voipbuster com voipbuster VoipBuster exe quot -nosplash -minimized uRun cdloader quot c documents and settings owner application data mjusbsp cdloader exe quot MAGICJACK uRun Olympus ib quot c program files olympus ib olycamdetect exe quot Startup uRunOnce FlashPlayerUpdate c windows system macromed flash FlashUtil m ActiveX exe -update activex mRun IgfxTray c windows system igfxtray exe mRun HotKeysCmds c windows system hkcmd exe mRun Recguard c windows sminst RECGUARD EXE mRun NeroFilterCheck c windows system NeroCheck exe mRun RemoteControl quot c program files cyberlink powerdvd PDVDServ exe quot mRun SunKistEM c program files digital media reader shwiconem exe mRun lt NO NAME gt mRun SunJav... Read more

A:infected with windows xp recovery w/google redirect issue

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OKDeFogger may ask you to reboot the machine, if it does - click OKDo not re-enable these drivers until otherwise instructed.Download DDS:Please download DDS by sUBs from one of the links below and save it to your desktop:
Download DDS and save it to your desktop

Link1
Link2
Link3

Please disable any anti-malware program that will block scripts from running before running DDS.

Double-Click on dds.scr and a command window will appear. This is normal.Shortly after two logs will appear:
DDS.txt Attach.txtA window will open instructing you save & post the logsSave the logs to a convenient place such as your desktopCopy the contents of both logs & post in your next replyScan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Save Report.Save the report somewhere where you can find it. Click Close.Copy the entire contents of the report and paste it in a reply here.Note** you may get this warning it is ok, just ignore"Rootkit Unhooker has detected a parasite inside itself!It is recommended to remove parasite, okay?""just click on Cancel, then Accept".information and logs:In your next post I need the following

.logs from DDSlog from RKUnHookerlet me know of any problems you may have hadGringo

http://www.bleepingcomputer.com/forums/t/399818/infected-with-windows-xp-recovery-wgoogle-redirect-issue/
Relevancy 48.16%

My friend is having a problem with Canon 600 printer. It will only print color and not black. We've just replaced a new cartridge of black and it is still not printing in black. We want it to print all colors. Before replacing a new cartridge the old one was dried up. What could be the problem? Could the cartridge be damaged or the print nozzles may be clogged? What should I do?
 

Relevancy 48.16%

Hello to all.
I was working with the Recovery Console and got the part where it ask for a password. The
problem is I don't have a password. I have no record of ever making a password for this
computer. It is Windows xp Professional with Service Pack 3 from Gateway. I read that if you don't have a password you can type "blank" or" leave blank "and press enter. I don't know which. I can't get that to work. Maybe I am doing something wrong.
I am at at a loss as to what to do. It has a" Intel Pentium 4, 3200 MHz
Processor, 200MH external bus" Is there any work around to getting around the password.
If anyone has any suggestions or references to offer . I would so much appreciate your
help.

best wishes to all
 

Relevancy 48.16%

Hello - am am running Windows XP Version 2002 Service Pack 2.Just got infected today by the "Windows Recovery" Trojan and I believe it had been removed(?) using rkill.com, Malwarebytes Anti-Malware (version 1.60.0.1800) and unhide.exe.However MBAM is now popping up frequent messages that say it "Successfully blocked access to a potentially malicious website xx.xxx.xxx.xxx, Type: outgoing".A number of different IP addresses are shown (in the above message where the xx.xxx.xxx.xxx is shown), including these:46.249.59.4783.133.124.19583.133.120.187Current MBAM full scan reports zero infected items.Reformatting and reinstalling Windows is not something I want to do unless all other options have been exhausted.Am I (still) infected?Thanks in advance for any and all assistance.

A:Removed "Windows Recovery" Trojan but MBAM Still Reporting Issue

Hello,And welcome to BleepingComputer.com, before we can assist you with your question of: Am I infected? You will need to perform the following tasks and post the logs of each if you can.Please download and run Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.Malwarebytes Anti-MalwareNOTEMalwarebytes is now offering a free trial of their program, if you want to accept it you will need to enter some billing information, so that at the end of the trial you would be charged the cost of the product. Please decline this offer, if you are unable to provide billing information. If you want to try it out, then provide the billing information.Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Full Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Exit MBAM when done.Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.SUPERAntiSpyware:Please download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you enco... Read more

http://www.bleepingcomputer.com/forums/t/438433/removed-windows-recovery-trojan-but-mbam-still-reporting-issue/
Relevancy 47.73%

Hi guys;

I have windows ME installed on C drive, and Win XP pro on D drive.

Now I want to remove the ME safely, and not the XP. How do I do that?

and what if I wanted to remove the XP??
 

Relevancy 47.73%

Hi Guys I m running XP and IEv on a Compaq Presario My son uses the machine to go to gaming cheat sites for his Playstation and to Kazaa You guessed it -- lots of spyware I have cleaned up most of it with Spybot and Adaware But this HuntBar [Resolved] Removal HuntBar thing just won t go away Spybot finds it but can t remove it Spybot even [Resolved] HuntBar Removal gives me the path in the registry where it found it But I can t remove it manually either I noticed a lot of references to quot Hijack This quot in many of your threads on this topic I downloaded it and ran it The log file is pasted in this note I see a couple of suspicious looking things but I don t really know enough about what I am doing to attempt a clean-up myself Please have a look and advise me I have one symptom in my browser which may or not be related I can not set my home page It always reverts to quot about blank quot Here is the log Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP R - HKCU Software Microsoft Internet Explorer Main Search Page http search presario net scripts redirectors presario srchredir dll c c amp s search amp LC R - HKCU Software Microsoft Internet Explorer Main Default Page URL http desktop presario net scripts redirectors presario deskredir dll c c amp s consumer amp LC R - HKCU Software Microsoft Internet Explorer Search SearchAssistant http search presario net scripts redirectors presario srchredir dll c c amp s searchbar amp LC R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKLM Software Microsoft Internet Explorer Search SearchAssistant http is websearch com huntsp wbcrwl R - HKCU Software Microsoft Internet Explorer Main Window Title Microsoft Internet Explorer R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer http R - HKCU Software Microsoft Internet Explorer Main Local Page C WINDOWS System blank htm R - HKLM Software Microsoft Internet Explorer Main Local Page SystemRoot system blank htm O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper ocx O - Toolbar amp Radio - E - F- D - E- A C - C WINDOWS System msdxm ocx O - Toolbar no name - dbbba b- d- de - f - b - no file O - HKLM Run MCAgentExe C Program Files McAfee com Agent mcagent exe O - HKLM Run MCUpdateExe C PROGRA McAfee com Agent mcupdate exe O - HKLM Run VirusScan Online quot c PROGRA mcafee com vso mcvsshld exe quot O - HKLM Run Imonitor quot C Program Files McAfee QuickClean Plguni exe quot START O - HKLM Run LWBMOUSE C Program Files Labtec Labtec Mouse Software lwbwheel exe O - HKLM Run HPDJ Taskbar Utility C WINDOWS System spool drivers w x hpztsb exe O - HKLM Run Ad-watch C Program Files Lavasoft Ad-aware Ad-watch exe O - HKCU Run MSMSGS quot C Program Files Messenger msmsgs exe quot background O - HKCU Run CTFMON EXE C WINDOWS System ctfmon exe O - HKCU Run McAfee InstantUpdate Monitor quot C Program Files McAfee McAfee Shared Components Instant Updater RuLaunch exe quot startmonitor O - Extra Tools menuitem amp Find Pages Linking to this URL HKLM O - Extra Tools menuitem Find Other Pages on this amp Host HKLM O - Extra Tools menuitem AV Home HKLM O - Extra button Translate HKLM O - Extra Tools menuitem AV amp Translate HKLM O - Extra button Real com HKLM O - Extra button Messenger HKLM O - Extra Tools menuitem Messenger HKLM O - Plugin for pdf C Program Files Internet Explorer PLUGINS nppdf dll O - Plugin for spop C Program Files Internet Explorer Plugins NPDocBox dll O - DPF ED DDF - - BBE- - A EDB D A McAfee com Operating System Class - http download mcafee com molbin shared mcinsctl en-us mcinsctl cab O - DPF F C AA- B- -BA - A BB F Update Class - http v windowsupdate microsoft com CAB x unicode iuctl CAB O - HKLM System CCS Services Tcpip E C D-E - - BC-D E C Domain sk sympatico ca O - HKLM System CS Services Tcpip E C D-E - - BC-D E C Domain sk sympatico ca Thanks nbsp

Relevancy 47.73%

Hello I removal [resolved] help Virus made a big mistake When re-installing XP I didnt re-install my Norton System [resolved] Virus removal help Works immediately and in the process caught viruses and I would appreciate any help in removing them I have looked thru many sites for help and have tried the remedies but Im not sure if they are gone or not A Norton scan shows nothing in safe mode with restore off I do know this everytime I start my comp I have to always put in my username and passwords again for many sites These are the virusues backdoor berbew I W spybot worm W Randex gen Thanks Rudy Here is my log from hijack this Logfile of HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS Explorer EXE C WINDOWS system LEXBCES EXE C WINDOWS system spoolsv exe C WINDOWS system LEXPPS EXE C Program Files Lexmark X Series lxbkbmgr exe C Program Files Lexmark X Series lxbkbmon exe C Program Files Common Files Symantec Shared ccApp exe D Program Files Norton SystemWorks Norton Ghost GhostStartTrayApp exe C PROGRA PESTPA PPControl exe C PROGRA PESTPA PPMemCheck exe C PROGRA PESTPA CookiePatrol exe D Program Files Microsoft Office Office FINDFAST EXE D Program Files Microsoft Office Office OSA EXE C Program Files Common Files Symantec Shared ccEvtMgr exe D PROGRA NORTON NORTON GHOSTS EXE D Program Files Norton SystemWorks Norton AntiVirus navapsvc exe D Program Files Norton SystemWorks Norton Utilities NPROTECT EXE C WINDOWS System nvsvc exe C WINDOWS System svchost exe C Program Files Intel Intel R Active Monitor imonnt exe C Program Files Yahoo Messenger YPager exe C Program Files Internet Explorer iexplore exe C Program Files Messenger msmsgs exe C Documents and Settings Rudy My Documents HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Start Page http red clientapps yahoo com customize ie defaults stp ymsgr http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http red clientapps yahoo com customize ie defaults stp ymsgr http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Local Page O - BHO no name - E F-C D - D -B D- B D BE B - D Program Files Adobe Acrobat Reader ActiveX AcroIEHelper ocx O - BHO CleanMyPC Popup Blocker - A BC B - F - c -A D- E E - C Program Files CleanMyPC Popup Blocker CleanBHO dll O - BHO NAV Helper - BDF E -B - AD-A -FADC B - D Program Files Norton SystemWorks Norton AntiVirus NavShExt dll O - Toolbar CleanMyPC Toolbar - EC - E - - E- E - C Program Files CleanMyPC Popup Blocker CleanBar dll O - Toolbar amp Radio - E - F- D - E- A C - C WINDOWS System msdxm ocx O - Toolbar Norton AntiVirus - CDD BF- FFB- - AD - DF B D - D Program Files Norton SystemWorks Norton AntiVirus NavShExt dll O - HKLM Run Lexmark X Series quot C Program Files Lexmark X Series lxbkbmgr exe quot O - HKLM Run NeroCheck C WINDOWS system NeroCheck exe O - HKLM Run UpdReg C WINDOWS Updreg exe O - HKLM Run Jet Detection D Program Files Creative SBAudigy PROGRAM ADGJDet exe O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS System NvCpl dll NvStartup O - HKLM Run nwiz nwiz exe install O - HKLM Run IMONTRAY C Program Files Intel Intel R Active Monitor imontray exe O - HKLM Run ccApp quot C Program Files Common Files Symantec Shared ccApp exe quot O - HKLM Run ccRegVfy quot C Program Files Common Files Symantec Shared ccRegVfy exe quot O - HKLM Run GhostStartTrayApp D Program Files Norton SystemWorks Norton Ghost GhostStartTrayApp exe O - HKLM Run PestPatrol Control Center c PROGRA PESTPA PPControl exe O - HKLM Run PPMemCheck c PROGRA PESTPA PPMemCheck exe O - HKLM Run CookiePatrol c PROGRA PESTPA CookiePatrol exe O - HKCU Run Microsoft Restore scrgrd exe O - HKCU Run Mic... Read more

A:[resolved] Virus removal help

Norton sucks! Everyone I know that has Norton, gets viruses!
I have AVG which I got from www.grisoft.com for free and
AVG caught virus that Norton never even noticed!

Here's a site for an online virus scan:
http://housecall.trendmicro.com/housecall/start_corp.asp
Maybe that can help with your virus problem.

There's a box to check if you want them to remove the virus they find too.
Also try AVG antivirus ....it's free and it works way better than Norton!
 

https://forums.techguy.org/threads/resolved-virus-removal-help.261656/
Relevancy 47.73%

Hi I am a new member so please bear with me I would very much appreciate any help to identify and remove a virus on Win Pro with a DSL connection This virus is in my office computer I am sending this post from my home computer Been having problems for about two months These are the specifics Have run NAV free McAfree scan AVG scan Spybot House Call and Stinger Stinger found TROJ ROLEKA A and Bkdr IRC removal with please help virus [Resolved] FLOOD [Resolved] please help with virus removal BI All the others were quot clean quot I can t copy and paste download programs such as HiJack This can t add or remove programs Get a svchost exe has generated error message and many other messages randomly Get blank screen on some web sites but not others Can t download the windows updates or patches Starts to load and then hangs or downloads but won t install Get access denied messages at various times I have read many threads and have tried to find files mentioned in the regedit but they are not there Have hidden files shown and full extensions shown I am at my wits end When I checked all the exe files in Explorer it seemed to me like there was way too many When I try to delete files I get access denied I don t see any obvious problems in the Task Manager I will make every attempt to try anything suggested I am not a novice but am not sure about regedit files so I am afraid to delete the wrong thing Also regrettably I do not have the latest updates installed for WIN It seems my NAV was disabled by the virus because I cannot now get the virus definitions updates I could until this stated nbsp

Relevancy 47.73%

O k first i m trying to stay away from downloading Removal [resolved] MakeMeSearch HELP!!! Bar anything and I am also trying to get rid of this in a short amount of time I know I sound picky but sry Anyways no matter what I do the MakeMeSearch bar pops up and it closes and opens other bars to make room Currently I have run HiJackThis and this is the log Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C WINDOWS System gearsec exe [resolved] MakeMeSearch Bar Removal HELP!!! c Program Files Norton AntiVirus navapsvc exe C WINDOWS System svchost exe C Program Files Softex OmniPass OPXPApp exe C WINDOWS system explorer exe C WINDOWS Explorer EXE C [resolved] MakeMeSearch Bar Removal HELP!!! Program Files Common Files Real Update OB realsched exe C Program Files QuickTime qttask exe C Program Files EarthLink TotalAccess TaskPanl exe C Program Files Sprint Virtual Assistant bin mpbtn exe C WINDOWS System wuauclt exe C Program Files Common Files Real Update OB rnathchk exe C Program Files Internet Explorer iexplore exe C Program Files hjt HijackThis exe R [resolved] MakeMeSearch Bar Removal HELP!!! - HKCU Software Microsoft Internet Explorer Main Default Page URL http start earthlink net R - HKCU Software Microsoft Internet Explorer Main Default Search URL http www earthlink net partner more msie button search html R - HKCU Software Microsoft Internet Explorer Main Search Bar http start earthlink net AL Search R - HKCU Software Microsoft Internet Explorer Main Search Page http www earthlink net partner more msie button search html R - HKCU Software Microsoft Internet Explorer Main Start Page http start earthlink net R - HKLM Software Microsoft Internet Explorer Main Default Page URL http red clientapps yahoo com customize ie defaults stp ymsgr http my yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Search URL http red clientapps yahoo com customize ie defaults su ymsgr http www yahoo com R - HKLM Software Microsoft Internet Explorer Search SearchAssistant http start earthlink net AL Search R - HKCU Software Microsoft Internet Connection Wizard ShellNext http qus hpwis com R - URLSearchHook no name - FC EDD- - - - C D - no file R - URLSearchHook no name - D FF - BE- -B C - BB A - no file R - URLSearchHook SrchHook Class - F B - C- -A B -D BD DCBB - C Program Files EarthLink TotalAccess ElnIE dll F - REG system ini UserInit C Windows System wsaupdater exe O - Hosts search netscape com sitefinder verisign com O - BHO Yahoo Companion BHO - D -C F - efb- B - ECA - C Program Files Yahoo companion Installs cpn ycomp dll O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper ocx O - BHO no name - B D B- - bd - F - D EE A - no file O - BHO no name - B DE- C - BF-B B- B F A E - C Program Files Microsoft Money System mnyside dll O - BHO EarthLink Popup Blocker - B F E - F - a-B -B E C EDF - C Program Files EarthLink TotalAccess PnEL dll O - BHO NavErrRedir Class - FC EDD- - - - C D - no file O - BHO C WINDOWS lbbho dll - E DB -AC - D -B - B B F E - C WINDOWS lbbho dll O - BHO no name - C A - DDA- C F-BE C-C F CF - no file O - BHO Tubby - EAC - E - -BC D- D D - C WINDOWS System MTC dll O - BHO CNavExtBho Class - BDF E -B - AD-A -FADC B - c Program Files Norton AntiVirus NavShExt dll O - BHO Cls - CF F - E - A -CBA - - C WINDOWS System wer dll O - BHO no name - FDD B - D - ffb- - B AD ACC - no file O - Toolbar Norton AntiVirus - CDD BF- FFB- - AD - DF B D - c Program Files Norton AntiVirus NavShExt dll O - Toolbar amp Yahoo Companion - EF BD -C FB- D - F- D F - C Program Files Yahoo companion Installs cpn ycomp dll O - Toolbar no name - AD -FDDB- d f- -A - no file O - Toolbar no name - CDE A D-A - -B... Read more

A:[resolved] MakeMeSearch Bar Removal HELP!!!

Hi demon666000, Welcome to TSG!!

Run HJT again and put a check in the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/mo...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/mo...ton/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/cus...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus8.hpwis.com/
R3 - URLSearchHook: (no name) - _{4FC95EDD-4796-4966-9049-29649C80111D} - (no file)
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
O2 - BHO: (no name) - {1B7D753B-1981-4bd2-91F3-6D055EE113A0} - (no file)
O2 - BHO: NavErrRedir Class - {4FC95EDD-4796-4966-9049-29649C80111D} - (no file)
O2 - BHO: C:\WINDOWS\lbbho.dll - {95E9DB51-AC34-4D86-B705-01209B5B5F8E} - C:\WINDOWS\lbbho.dll
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - (no file)
O2 - BHO: Tubby - {9EAC0102-5E61-2312-BC2D-4D54434D5443} - C:\WINDOWS\System32\MTC.dll
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-717765723548} - C:\WINDOWS\System32\wer3548.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {702AD576-FDDB-4d0f-9811-A43252064684} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - Global Startup: Microsoft Office.hta
Close all applications and browser windows before you click "fix checked".
Download Spybot http://www.safer-networking.org/en/download/index.html

Click on "Search For updates" when prompted.
Click on "Immunize" when prompted.
Scan, click on fix problems.

Reboot.
Download AdAware SE Personal: http://www.lavasoftusa.com/support/download/

Install the program and launch it.

On the bottom right-hand corner of the main window click on Check for updates now then click Connect and download the latest reference files.

In the main window: Click Start and under Select a scan Mode tick Perform full system scan.

Deselect Search for negligible risk entries.

To start the scan, click the Next button.

When the scan is finished mark everything for removal and get rid of it. (Right-click the window and choose select all from the drop down menu and then click Next)
Go to Internet Options, Programs
Click the "Reset Web Settings" Button to reset your home and search pages.
Reboot and post another log.
 

https://forums.techguy.org/threads/resolved-makemesearch-bar-removal-help.339225/
Relevancy 47.73%

Yikes I ve no idea what s going on with this computer My girlfriend opened up an email from a friend in Hong Kong and it s been porn trouble since Every time any user logs on to the system the IE home page changes to [Resolved] removal min/CWS failed win porn porn favorites get added and every once in a while though not lately the page we re [Resolved] win min/CWS removal failed on gets re-directed to more porn I also noticed that [Resolved] win min/CWS removal failed when we log off we get an error that quot Win Min quot could not be shut down or is not responding I ve seen [Resolved] win min/CWS removal failed other threads about how to remove some seemingly related problems So I tried running AdAware CWShredder Spybot and Nortong AntiVirus in that order AdAware cleaned cookies only RedSherrif et al Spybot cleaned up a few registry entries can t remember what they were CWShredder removed CWS Alfasearch However if I run CWShredder twice or multiple times in a row it seems to always find and quot REMOVE quot CWS Alfasearch Still my woes continue I ll include the hijackthis log down below in hopes that someone will recognize what s going on Thanks Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C PROGRA NavNT vptray exe C WINDOWS System atiptaxx exe C Documents and Settings All Users Start Menu Programs Startup winlogon exe C PROGRA NavNT DefWatch exe C PROGRA NavNT rtvscan exe C WINDOWS System PGPsdkServ exe C Documents and Settings Nene Local Settings Temp Temporary Directory for hijackthis zip HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Start Page http rd yahoo com customize sbcydsl defaults http yahoo sbc com dsl R - HKLM Software Microsoft Internet Explorer Main Search Bar http rd yahoo com customize sbcydsl defaults sb http www yahoo com search ie html R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www sony com vaiopeople O - Hosts desktop kazaa com O - Hosts alpha kazaa com O - Hosts shop kazaa com O - BHO no name - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper ocx O - Toolbar amp Radio - E - F- D - E- A C - C WINDOWS System msdxm ocx O - HKLM Run vptray C PROGRA NavNT vptray exe O - HKLM Run ATIPTA atiptaxx exe O - Global Startup winlogon exe O - Extra button Yahoo Login HKLM O - Extra Tools menuitem Yahoo Login HKLM O - Extra button Messenger HKLM O - Extra Tools menuitem Yahoo Messenger HKLM O - Extra button AIM HKLM O - Extra button Real com HKLM O - Extra button Messenger HKLM O - Extra Tools menuitem Messenger HKLM O - Plugin for spop C Program Files Internet Explorer Plugins NPDocBox dll O - IERESET INF START PAGE URL http www sony com vaiopeople O - DPF F C AA- B- -BA - A BB F Update Class - http v windowsupdate microsoft com CAB x unicode iuctl CAB O - DPF A E C -A BA- D - - DB C YahooYMailTo Class - O - DPF C FCEF -ACE - D -BEBD- AA B AE Symantec RuFSI Registry Information Class - http security symantec com sscv SharedContent common bin cabsa cab O - DPF D F A- - B -B D- BB EB E PhotosCtrl Class - http f pg photos yahoo com ocx us yexplorer us cab O - DPF D CDB E-AE D- CF- B - Shockwave Flash Object - http download macromedia com pub shockwave cabs flash swflash cab O - HKLM System CCS Services Tcpip F A F-FE - -A -CA ED F B NameServer O - HKLM System CCS Services Tcpip CB E - B A- -BC F-F CDA E F NameServer O - HKLM System CS Services Tcpip Parameters SearchList res-hall northwestern edu O - HKLM System CS Services Tcpip F A F-FE - -A -CA ED F B NameServer O - HKLM System CS Services Tcpip Parameters SearchList res-hall northwestern edu O - HKLM System CS Services Tcpip F A F-FE - -A -CA ED F B NameServer O - HKLM System CCS Services ... Read more

A:[Resolved] win min/CWS removal failed

End this process
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogon.exe
with ctrl-alt-del for a start

Fix these using HJT

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/sbcyd...hoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcyd.../search/ie.html
O1 - Hosts: 216.40.230.4 desktop.kazaa.com
O1 - Hosts: 216.40.230.4 alpha.kazaa.com
O1 - Hosts: 216.40.230.4 shop.kazaa.com
O4 - Global Startup: winlogon.exe
Delete the C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogon.exe file

Reboot and check that it'snotstill running
 

https://forums.techguy.org/threads/resolved-win-min-cws-removal-failed.186184/
Relevancy 47.73%

I am fairly new to posting - it s been a long time and it used to be much less quot enhanced quot My problem is that I have worked to remove all the spy ware and block all future spy ware from my system - sb s amp d and spywareblaster seem to have really done me some good but the original driver of my efforts was due to a pop up window which after some on-line searches and high levels of frustration I discovered was jetseeker After quite some time now it popped up again I ve searched the boards and have seem some very helpful replies from flrman and so on but I m not confident enough to really slash into my system reg on my own so I m hoping for a little help log - Jetseeker removal HJ [Resolved] help from the computer gods - that would be you all My Hijack This log seems rather short and I recognize almost everything as something I ve seen before [Resolved] Jetseeker HJ log - removal help so I hope I m fairly easy to review Logfile of HijackThis v Scan saved at PM on Platform Windows ME Win x MSIE Internet Explorer v SP Running processes C WINDOWS SYSTEM KERNEL DLL C WINDOWS SYSTEM MSGSRV EXE C WINDOWS SYSTEM SPOOL EXE C WINDOWS SYSTEM mmtask tsk C WINDOWS SYSTEM MPREXE EXE C WINDOWS SYSTEM MSTASK EXE C WINDOWS SYSTEM SSDPSRV EXE C WINDOWS SYSTEM ZONELABS VSMON EXE C WINDOWS EXPLORER EXE C WINDOWS SYSTEM RESTORE STMGR EXE C WINDOWS TASKMON EXE C WINDOWS SYSTEM SYSTRAY EXE C PROGRAM FILES NETROPA ONE-TOUCH MULTIMEDIA KEYBOARD MMKEYBD EXE C WINDOWS SYSTEM HIDSERV EXE C WINDOWS SYSTEM HPSYSDRV EXE [Resolved] Jetseeker HJ log - removal help C WINDOWS SYSTEM WMIEXE [Resolved] Jetseeker HJ log - removal help EXE C PROGRAM FILES ADAPTEC DIRECTCD DIRECTCD EXE C WINDOWS SYSTEM HPOOPM EXE C PROGRAM FILES NETROPA ONE-TOUCH MULTIMEDIA KEYBOARD KEYBDMGR EXE C WINDOWS SYSTEM QTTASK EXE C WINDOWS RunDLL exe C PROGRAM FILES NETROPA ONSCREEN DISPLAY OSD EXE C PROGRAM FILES ZONE LABS ZONEALARM ZONEALARM EXE C PROGRAM FILES HEWLETT-PACKARD HP PSC SERIES BIN HPODEV EXE C WINDOWS SYSTEM DDHELP EXE C PROGRAM FILES NETROPA ONE-TOUCH MULTIMEDIA KEYBOARD MMUSBKB EXE C PROGRAM FILES HEWLETT-PACKARD HP PSC SERIES BIN HPOEVM EXE C WINDOWS SYSTEM HPOIPM EXE C PROGRAM FILES HEWLETT-PACKARD HP PSC SERIES BIN HPOSTS EXE C PROGRAM FILES INTERNET EXPLORER IEXPLORE EXE C PROGRAM FILES INTERNET EXPLORER IEXPLORE EXE C WINDOWS DESKTOP HIJACKTHIS HIJACKTHIS EXE R - HKCU Software Microsoft Internet Explorer Main Search Bar about blank R - HKCU Software Microsoft Internet Explorer Search SearchAssistant about blank R - HKLM Software Microsoft Internet Explorer Main Search Bar http www yahoo com ext search search html R - HKLM Software Microsoft Internet Explorer Main Search Page http hp yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Search URL http hp yahoo com R - HKLM Software Microsoft Internet Explorer Search SearchAssistant about blank R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localhost O - BHO no name - E F-C D - D -B D- B D BE B - C PROGRAM FILES ADOBE ACROBAT READER ACTIVEX ACROIEHELPER DLL O - Toolbar amp Radio - E - F- D - E- A C - C WINDOWS SYSTEM MSDXM OCX O - Toolbar no name - FB F E - - d - F - FC CB - no file O - HKLM Run ScanRegistry C WINDOWS scanregw exe autorun O - HKLM Run TaskMonitor C WINDOWS taskmon exe O - HKLM Run PCHealth C WINDOWS PCHealth Support PCHSchd exe -s O - HKLM Run SystemTray SysTray Exe O - HKLM Run LoadPowerProfile Rundll exe powrprof dll LoadCurrentPwrScheme O - HKLM Run Hidserv Hidserv exe run O - HKLM Run Keyboard Manager C Program Files Netropa One-touch Multimedia Keyboard MMKeybd exe O - HKLM Run HPScanPatch C WINDOWS SYSTEM HPScanFix exe O - HKLM Run hpsysdrv c windows system hpsysdrv exe O - HKLM Run Delay C WINDOWS delayrun exe O - HKLM Run Adaptec DirectCD C PROGRA ADAPTEC DIRECTCD DIRECTCD EXE O - HKLM Run HPAIO PrintFolderMgr C WINDOWS SYSTEM hpoopm exe O - HKLM Run QuickTime Task quot C WINDOWS SYSTEM QTTASK EXE quot -atboottime O - HKLM RunServices Lo... Read more

Relevancy 47.73%

Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system csrss exe C WINDOWS System winlogon exe C WINDOWS system services exe C WINDOWS system lsass with help removal [Resolved] lycos exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS System svchost exe C WINDOWS System svchost exe C WINDOWS Explorer EXE C WINDOWS system spoolsv exe C [Resolved] help with lycos removal WINDOWS System SCardSvr exe C PROGRA mcafee com agent mcagent exe C PROGRA mcafee com vso mcvsshld exe C program files Support com bin tgcmd exe c progra mcafee com vso mcvsescn exe C Program Files BellSouth Internet Tools blsloader exe C Program Files BroadJump Client Foundation CFD exe C Program Files quickenw QAGENT EXE [Resolved] help with lycos removal C PROGRA PANICW POP-UP [Resolved] help with lycos removal POPUPS EXE C Program Files Webroot Spy Sweeper SpySweeper exe C WINDOWS System mrtMngr EXE C WINDOWS System Jsp exe C WINDOWS System Jsp exe C WINDOWS System alg exe c PROGRA mcafee com vso mcvsrte exe C WINDOWS System tcpsvcs exe C WINDOWS System snmp exe C WINDOWS System svchost exe C WINDOWS System MsPMSPSv exe c PROGRA mcafee com vso mcshield exe C WINDOWS System wisptis exe C Program Files Internet Explorer iexplore exe C Documents and Settings Bill My Documents HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http home bellsouth net R - HKLM Software Microsoft Internet Explorer Main Default Page URL http store presario net scripts redirectors presario storeredir dll s consumerfav amp c c amp lc R - HKLM Software Microsoft Internet Explorer Main Start Page http home bellsouth net R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - Hosts rad msn com O - Hosts view atdmt com O - BHO V dd - F DC - B A- F -B B-E DA D D FD - C PROGRA COMMON IESERV A dll file missing O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper dll O - BHO BlspcHlpr Class - C F-CB - D- A-B F E EA - C Program Files BellSouth Internet Tools blspc dll O - BHO no name - C -CB D- E- C -CCFFE F CAB - no file O - BHO no name - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO G GZ - C BC - C - B B- F-C B F ABD B - C DOCUME ALLUSE APPLIC Pribi Pribi dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dll O - BHO no name - D A F- A- CC- F - BCAF AD - C WINDOWS Downloaded Program Files SbCIe dll file missing O - Toolbar McAfee VirusScan - BA B -B - c -B - F F - c progra mcafee com vso mcvsshl dll O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dll O - HKLM Run MCUpdateExe C PROGRA mcafee com agent McUpdate exe O - HKLM Run MCAgentExe c PROGRA mcafee com agent mcagent exe O - HKLM Run VSOCheckTask quot c PROGRA mcafee com vso mcmnhdlr exe quot checktask O - HKLM Run VirusScan Online quot c PROGRA mcafee com vso mcvsshld exe quot O - HKLM Run tgcmd quot c program files Support com bin tgcmd exe quot server nosystray deaf O - HKLM Run srmclean C Cpqs Scom srmclean exe O - HKLM Run PopUpInspector C Program Files GIANT Company Software inc PopUp Inspector PopUpInspector exe O - HKLM Run KernelFaultCheck systemroot system dumprep -k O - HKLM Run IntelliPoint quot C Program Files Microsoft IntelliPoint point exe quot O - HKLM Run blspcloader quot C Program Files BellSouth Internet Tools blsloader exe quot O - HKLM Run BJCFD C Program Files BroadJump Client Foundation CFD exe O - HKLM Run S NSLA QS C WINDOWS System KgmJ U exe O - HKLM Run QAGENT C Program Files quickenw QAGENT EXE O - HKCU Run PopUpStopperProfessional quot C PROGRA PANICW POP-UP POPUPS EXE quot O - HKCU Run IEService exe C DOCUME ALLUSE APPLIC JServ IEService exe O - HKCU Run Pribi exe C DOCUME ALLUSE APPLIC Pribi Pribi exe O - HKCU Run Yahoo Pager C Program Files Yahoo Messenger ypager exe -quiet O - HKCU... Read more

Relevancy 47.73%

Original thread "Windows Issue Logs MBAM Still Removed but Reporting Trojan with: Associated Recovery" from quot BleepingComputer com gt Security gt Am I infected What do I do quot forum is here http www bleepingcomputer com forums topic html page gopid entry Just got infected today by the quot Windows Recovery quot Trojan and I Logs Associated with: Removed "Windows Recovery" Trojan but MBAM Still Reporting Issue believe it had been removed using rkill com Malwarebytes Anti-Malware version and unhide exe However MBAM is now popping up frequent messages that say it quot Successfully blocked access to a potentially malicious website xx xxx xxx xxx Type outgoing quot A number of different IP addresses are shown in the above message where the xx xxx xxx xxx is shown including these Requested logs are pasted attached DDS dds txt log DDS Ver - - - NTFSx Internet Explorer BrowserJavaVersion Run by Main User at on - - Microsoft Windows XP Professional GMT - AV ESET NOD Antivirus Enabled Logs Associated with: Removed "Windows Recovery" Trojan but MBAM Still Reporting Issue Updated E E D - - F - FB -D ACA F C Running Logs Associated with: Removed "Windows Recovery" Trojan but MBAM Still Reporting Issue Processes C WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcssvchost exesvchost exeC WINDOWS system spoolsv exeC Program Files SUPERAntiSpyware SASCORE EXEC Program Files APC APC PowerChute Personal Edition mainserv exeC Program Files ESET ESET NOD Antivirus ekrn exeC Program Files Intel Intel Desktop Utilities iduServ exeC Program Files Malwarebytes Anti-Malware mbamservice exeC Program Files Novosoft Handy Backup BackupNetworkCoordinator exeC WINDOWS Explorer EXEC Program Files Secunia PSI PSIA exeC WINDOWS system igfxtray exeC WINDOWS system hkcmd exeC WINDOWS system igfxpers exeC WINDOWS RTHDCPL EXEC WINDOWS Samsung PanelMgr ssmmgr exeC Program Files D D exeC Program Files Intel Intel Desktop Utilities ipTray exeC Program Files ESET ESET NOD Antivirus egui exeC Program Files Malwarebytes Anti-Malware mbamgui exeC WINDOWS system igfxsrvc exeC Program Files Novosoft Handy Backup hbagent exeC Program Files SUPERAntiSpyware SUPERAntiSpyware exeC Program Files PrintKey Printkey exeC Program Files Secunia PSI psi tray exeC Documents and Settings Main User Application Data Dropbox bin Dropbox exeC Program Files APC APC PowerChute Personal Edition apcsystray exeC Documents and Settings Main User Local Settings Application Data Google Chrome Application chrome exeC Documents and Settings Main User Local Settings Application Data Google Chrome Application chrome exeC WINDOWS explorer exeC WINDOWS system notepad exe Pseudo HJT Report uStart Page hxxp www google com BHO Octh Class b - b - -b f -f b efc - c program files orbitdownloader orbitcth dllBHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dlluRun TClockEx c program files tclockex TCLOCKEX EXEuRun Handy Backup c program files novosoft handy backup hbagent exe -logonuRun Google Update quot c documents and settings main user local settings application data google update GoogleUpdate exe quot cuRun SUPERAntiSpyware c program files superantispyware SUPERAntiSpyware exemRun IgfxTray c windows system igfxtray exemRun HotKeysCmds c windows system hkcmd exemRun Persistence c windows system igfxpers exemRun RTHDCPL RTHDCPL EXEmRun Alcmtr ALCMTR EXEmRun Samsung PanelMgr c windows samsung panelmgr ssmmgr exe autorunmRun Dimension c program files d D exemRun ipTray exe quot c program files intel intel desktop utilities ipTray exe quot mRun egui quot c program files eset eset nod antivirus egui exe quot hide waitservicemRun Malwarebytes Anti-Malware quot c program files malwarebytes anti-malware mbamgui exe quot starttrayStartupFolder c docume mainus startm programs startup dropbox lnk - c documents and settings main user application data dropbox bin Dropbox exeStartupFolder c docume alluse sta... Read more

A:Logs Associated with: Removed "Windows Recovery" Trojan but MBAM Still Reporting Issue

Hi,Please do the following:Download ComboFix from one of the following locations:Link 1 Link 2 VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.Notes:1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

http://www.bleepingcomputer.com/forums/t/438486/logs-associated-with-removed-windows-recovery-trojan-but-mbam-still-reporting-issue/
Relevancy 47.73%

My desktop computer started (out of the blue) acting up with a "windows error recovery" screen on boot up. It gives me the choice to "Launch startup repair" or boot to windows normally. The first option does not fix it. It gives an error code 0x0. It leads to a dialog box that says system recovery options that gives some details and some advanced options, but it tells me it does not recognize my username and password! The second option, to boot to windows, gives me a BSOD. What to do.

A:Windows error recovery, Computer goest to "Start up Repair" and it can not fix the issue.

What version of Windows, please?

Louis

http://www.bleepingcomputer.com/forums/t/466111/windows-error-recovery-computer-goest-to-start-up-repair-and-it-can-not-fix-the-issue/
Relevancy 47.3%

Quote:





Originally Posted by Girderman



Insert the XP CD, and boot it to Recovery Console and run the following:

fixboot
fixmbr
chkdsk

and then reboot to the single HD.

Note, if you changed the primaries jumper settings, you need to change them back to Single in order for it to work properly.

A:RESOLVED recovery console

Hi,

You have to reboot, and boot off the Windows XP CD rather than inserting it while Windows is running.
http://support.microsoft.com/kb/307654

http://www.techsupportforum.com/forums/f10/resolved-recovery-console-154100.html
Relevancy 47.3%

Please help if you can My computer COMPAQ Presario (please!) [resolved] and with recovery crash help need series running XP-home crashed and I can't seem to get at the boot sequence or the hard disk Symptoms [resolved] need help with crash and recovery (please!) --cause of crash unknown was attempting to restart computer when prompted as part of a Macromedia install but that seems innoccuous --I have had boot sector errors on this machine before but symptoms were different and I was able to restore to original factory condiiton --computer cycles through a startup sequence--shows the compaq flash blinks blue some kind of screen ios presented but only for a split second then goes black and recycles through this loop --compaq quick restore attempts to start a copy of user data but quickly hangs up with quot error quot there is no other text here --when I try start up with F I see messages about device drivers then the blue flash and recycle --I got into DOS and attempted to do a DIR command on C - gets message quot an error occurred during directory enumeration quot I can do DIR D and DIR G with no problem - so DOS is working However from a C prompt I was unable to do CD WINDOWS --attempting recovery from quot last known good configuration quot does same error cycle Any ideas what the problem is Can I fix it without a full restore and laborious reinstall of all my software How can I save the data on that disk I have other PCs networked to the failed one and those PCs have CD RW drives The data I would care about is in the My Documents file--but the C drive on the failed computer was not set to be sharable to other computers I have financial data on it and my kids use the other computers primarily for games Can I set the drive sharing capability via DOS My backup data is a couple weeks old What is the DOS folder name for the My Documents file under my id on this computer Can I use DOS to copy my My Documents folder to a CD Other than My DOcuments the only other data I really need is in my Outlook PST--what is the DOS path name for that What I want to do in order of preference --get into Windows on the failed machine with no reinstall or data loss --if I have to reinstall the O S at least save all my data from My Documents and from my Outlook PST Any help appreciated Thanks Joe I got into DOS ran CHKDSK r and it seem s to be cycling as well Was at complete fell back to and is still running Somehow after jumping quot back quot to a lower complete CHKDSK finally completed indicated it had made a repair and Windows now boots up OK No clue why but I am happy and busily updating my backups Joe for the future can I use DOS to set a drive shareable

http://www.techsupportforum.com/forums/f10/resolved-need-help-with-crash-and-recovery-please-23419.html
Relevancy 46.87%

I just acquired a Sony VGC-RB30 desktop.
The pc allows me to surf the web, but it has a Windows issue.
Just looking for advice on where to start cleaning up this machine.
At bootup:
1) I get to the choice of OS: XP Pro or XP Home, only Pro works
2) after selecting XP Pro, then I need to choose one of 2 User Icons (both have admin rights)
3) then I get the message "did not pass genuine windows..." I choose- resolve later
4) and finally a home page opens up, and I can surf.
on the back of the case is a certificate of authenticity for XP Home Edition
I did not receive any original system CD's for this machine.
Can this "windows genuine" issue be easily resolved?
 

Relevancy 46.87%

iam trying to get a few files off a customers hard drive that is crashing . it is not totally dead yet because it will still boot into windows but when it gets there you can hear the heads hit and then the machine locks up ..... i need to get at least one file off the drive some i need some type of software to read the drive and get that one file. Thanks in Advance
 

Relevancy 46.87%

Wow I just spent like minutes writing up an extremely detailed post about my problem and the board logged me out and dumped my post Sigh Here it goes again This forum looks really helpful and I'm eager to see what it's like here I'm going Hardware recovery -- lsass.exe -- New [resolved] HDD to write AGAIN as detailed a report of my problem as I can Please read everything so you understand what I have and haven't thought of already Any help you can give me will be greatly appreciated My System as of NOW ------------------------------------------- Asus A N X Deluxe AMD XP Evga Geforce GT x MB Corsair DDR PC dual channel Creative SB Live WINDOWS XP PRO - fully patched no SP Updated Current Drivers PRIMARY [resolved] New Hardware -- lsass.exe -- HDD recovery MASTER -- new [resolved] New Hardware -- lsass.exe -- HDD recovery GB Maxtor fresh windows [resolved] New Hardware -- lsass.exe -- HDD recovery PRIMARY SLAVE-- old BG Maxtor halfway installed see post ndary MASTER-- ONLITE DVDRW ndary SLAVE-- generic CDRW -------------------------------------------- The story Days ago I installed my new PSU - Ultra-X Connect W I also put in my OLD gb HDD that was on a different computer that also had WinXP I wanted the old HDD to be a Backup Drive irony It had been awhile since I had put a computer together and I FORGOT to set the master slave jumpers on the Harddrives not sure if this had anything to do with what happened I had also never added a second HDD to a computer and this one already had an OS on it Anyway once I started the computer up with the new hardware the computer would boot up normally until it hit the windows login screen then it would restart and this would continue to loop until I turned it off and removed the new hardware When I plugged in the old HDD alone to make sure it wasn't the new hardware causing the problem I would get an Error box at Windows Login along the lines of quot lsass exe passed invalid parameter by process or function quot So the first thing that I think is quot SASSER quot I have a fully updated windows and it waits until NOW to manifest itself Maybe it somehow jumped from the old HDD So I jump on the internet on another computer to search for solutions to my problem I decide that the easiest way to fix this problem is to run a Repair Installation of Windows from my WindowsXp CD that won't change the structure of my files Because the articles I read suggested that the lsass file just needed to be replaced And here's the crappy part it doesn't care that I'm reinstalling windows somehow the error box comes up in the middle of the installation right at the part where the installation starts windows to finish setup So my HDD is stuck right in the center of the Windows install since the error box doesn't let anything move until it's closed and upon closing the computer restarts Everytime I restart that computer now it resumes windows setup but gets stopped by the Error I take this to mean that the data is still intact on the HDD but I am even less able to get into windows since it's in the middle of a reinstall Once again I search for an answer to my problem Option find a DOS based Sasser removal utility to run from a floppy disc before windows starts in hope that the problem is actually the sasser worm This would theoretically allow the windows installation to resume wtithout interruption The problem with this option is I couldn't find a DOS based Sasser removal tool and I was also not even sure that I had the Sasser worm Option get a new HDD set the old one to Slave and the new one to Master and transfer the files from the old HDD to the New HDD I have opted to try THIS OPTION So here I am now with the setup that I described at the top My new harddrive is up and running with a good Windows install waiting for the file transfer These files mostly photoshop images are EXTREMELY important to me and it so happens that at this moment all of my backups have been compromised I didn't predict having my new hardwa... Read more

A:[resolved] New Hardware -- lsass.exe -- HDD recovery

whew I'm glad you posted this here first...don't, under any circumstance transfer files from the slave drive to the master! (adding to post just need this to be said quickly)

added:

If you have two drives on the same IDE channel swapping files, it will work for a minute or so, but eventually there will be a virtual collision and your computer will crash and you will lose information. If you want to transfer between hard drives, it is pertinent that you set them up on different IDE channels.

With two hard drives I would put the one with the OS on one IDE channel. and the storage drive on the same channel as the cd-rom drive. A while back I had this problem, and lost some priceless files (just stupid stuff so I didn't want to pay for data recovery, and I think my buddy has a copy of most of it). Other than that it is as straight forward and copy + paste.

http://www.techsupportforum.com/forums/f10/resolved-new-hardware-lsass-exe-hdd-recovery-58587.html
Relevancy 46.87%

hey i just bought a dell inspiron 6400 and wanted to make a recovery disk on it... dell has a partition drive i think with all the files for it.. but can someone tell me howto make the actual disk as a recovery disk.. sorry new to softwares

A:[resolved]help making a recovery disk

Hey,
windows Vista actually comes with integrated software to hlp in backing up and restoying.

In control panel click the icon - backup and restore center.
there are then two options
- Back up files
- Restore Files

change the settings in back up files. there you are able to back up files to a cd etc and choose what files you want to backup

however if you are looking to make a cd that u can boot from or use to recover corrupted files etc you will most likely need to download a 3rd party software.

Some easy to use ones are
Acronis or R-Drive Image, though they are only trials.

Hope that helps

http://www.techsupportforum.com/forums/f217/resolved-help-making-a-recovery-disk-154574.html
Relevancy 46.44%

Hello all, Here is my problem... My better half decided to download a program that was combined with GATOR and installed it (along with gator)... I have removed GATOR and OFFICE COMPANION with ad-aware however it keeps coming back, There is a folder called SVCSAP that is saying the access is denied and will not let ad-aware remove it. Is there a program out there that would zap this for me or can any of you help me get it off. See my Signature for my computer Specs. Thanks in advance.
 

Relevancy 46.44%

G'day,

I've got a rather nasty situation with what I believe to be a variant of one of the Optix Trojans.
I executed a program that NAV had scanned as clean and this resulted in a hang (nothing too unusual there!). However, upon restarting, trying to run ANY executable results in the dialog saying "can't find *wmmiexe.exe* needed to run files of type application".
A quick check of the file types associations shows that applications now need to be opened with the aforesaid wmmiexe app, which according to on-line sources, is related to the Optix trojan.

My problem is simple. How do I change the registry to fix the file associations (and then remove the trojan), if I can't run regedit, or for that matter, any other application?

Any help would be greatly appreciated.

Thanks for your time
Zarg
 

Relevancy 46.44%

Appreciate an After [Resolved] Win2K. please Removal HJT Virus/Parasite appraisal Logfile of HijackThis v Scan saved at PM on Platform Windows SP WinNT MSIE Internet Explorer v SP Running processes C WINNT System [Resolved] Win2K. After Virus/Parasite Removal HJT please smss exe C WINNT system winlogon exe C WINNT system services exe C WINNT system lsass exe C WINNT system svchost exe C WINNT system spoolsv exe C PROGRA Grisoft AVG avgserv exe C WINNT System svchost exe C WINNT system regsvc exe C WINNT system MSTask exe C WINNT System WBEM WinMgmt exe C WINNT System mspmspsv exe C WINNT Explorer EXE C PROGRA Grisoft AVG avgcc exe C Program Files MSN Messenger msnmsgr exe C My Downloads HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www google ca R - HKCU Software Microsoft Internet Explorer Main Local Page R - HKLM Software Microsoft Internet Explorer Main Local Page O - Hosts www burstnet com O - Hosts oz valueclick com O - Hosts a tribalfusion com O - Hosts servedby advertising com O - Hosts pagead googlesyndication com O - BHO no name - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper dll O - BHO no name - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO no name - AA ED - DD- d - -CF F - c program files google googletoolbar dll O - Toolbar amp Radio - E - F- D - E- A C - C WINNT System msdxm ocx O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dll O - HKLM Run Windows Explorer Explorer exe O - HKLM Run AVG CC C PROGRA Grisoft AVG avgcc exe STARTUP O - HKLM Run Synchronization Manager mobsync exe logon O - HKLM Run MSConfig C WINNT system msconfig exe auto O - HKLM RunServices Windows Explorer Explorer exe O - HKCU Run msnmsgr quot C Program Files MSN Messenger msnmsgr exe quot background O - HKLM RunOnce MigrateMMDrivers rundll exe mmsys cpl mmseRunOnce O - Extra context menu item amp Google Search - res c program files google GoogleToolbar dll cmsearch html O - Extra context menu item Backward amp Links - res c program files google GoogleToolbar dll cmbacklinks html O - Extra context menu item Cac amp hed Snapshot of Page - res c program files google GoogleToolbar dll cmcache html O - Extra context menu item Si amp milar Pages - res c program files google GoogleToolbar dll cmsimilar html O - Extra context menu item Translate into English - res c program files google GoogleToolbar dll cmtrans html O - Extra button Related HKLM O - Extra Tools menuitem Show amp Related Links HKLM O - Plugin for bcf C Program Files Internet Explorer Plugins NPBelv dll O - DPF F -B - -A -B BB A C - http a g akamai net meInstaller exe O - DPF D D - - D -BDCD- C F A B HouseCall Control - http a g akamai net all xscan cab O - DPF F C AA- B- -BA - A BB F Update Class - http v windowsupdate microsoft c O - DPF D CDB E-AE D- CF- B - Shockwave Flash Object - http download macromedia com pub ash swflash cab Thanks nbsp

Relevancy 46.44%

Hey folks I somehow really messed up on this one I had a problem where my computer wasn t booting past the windows load screen and to try and fix I loaded a system recovery in safe mode That seemed to bother my computer more as now it won t boot saying the following quot Windows could not start because of the following missing or corrupt file WINDOWS SYSTEM CONFIG SYSTEM quot It suggests that I use windows recovery So screen wont & issue. complete, blue Solved: setup recovery raid Windows I pop in the DVD and sometimes it works sometimes not It will often freeze on loading a video file driver and at the end it will read quot file i prt sys caused an unexpected error in at line u t in d drive quot I think its my bogus DVD drive but it does work half the time So even when the windows recovery boots I would let it go through and hit R for recovery However it says Windows doesn t detect any Solved: Windows recovery wont complete, blue screen & raid setup issue. drives probably because I have two drives on Raid I retry and hit f when it starts to load third party drivers Now I have discs for raid drivers I ve tried all each with multiple options within The computer is years old so for the life of me I can t remember which I ve used when originally loading windows When I post my bios shows Sil Sata Raid Bios version I tried Solved: Windows recovery wont complete, blue screen & raid setup issue. all disks but the Sil Sata Raid Driver Disk by ABIT Version multiple times Still no go What happens is I get the blue screen of death quot Problem has been detected etc etc Check for viruses etc etc run chkdsk f to check Solved: Windows recovery wont complete, blue screen & raid setup issue. for hard drive corruption Stop x b oxF D xC x x quot Now I believe that my drives are fine When I go into the raid settings in bios it says they are operating normal and the problem that made the computer go haywire is a problem I experienced before that people fixed here and discovered to be a driver issue See old post years ago http forums techguy org windows-xp -solved-windows-cant-boot-black html So now I m stuck I can t recover it seems so frustration is building I will try and download the latest drivers from ABIT and try those but anyone have any ideas I ve tried recovery maybe times and no go Not sure how to proceed as I unfortunately need some data on these drives I realize this was incredibly long so I really appreciate your help and hope some of you out there truly enjoy a good challenge Thanks again -Jeff Mobo AB Pro nbsp

A:Solved: Windows recovery wont complete, blue screen & raid setup issue.

https://forums.techguy.org/threads/solved-windows-recovery-wont-complete-blue-screen-raid-setup-issue.928044/
Relevancy 46.44%

A customer picked up the Windows Vista Recovery virus and I could use some help with the removal procedure. I'm currently scanning with a newly created Norton Internet Security bootable CD. The scan takes a while and I don't know yet if it will fully detect and remove the problem. In case you're not familiar with it the virus blocks access to anti-malware apps, hides user data files and is active in SAFE mode. I can't find a way to get to the usual load points, such as "appdata" etc, to see find the virus EXE. I have booted with a rescue CD, but access to folders in the user profile is denied. Is there a removal FAQ for this one? TIA.

A:"Windows Vista Recovery" malware removal

See if the manual removal instructions here, will help Windows Vista Recovery and Windows 7 Recovery - Virus Solution and Removal

http://www.sevenforums.com/system-security/163750-windows-vista-recovery-malware-removal.html
Relevancy 46.44%

Hi, My Toshiba laptop A205-S4617 crashed miserably and I have lost my recovery CD somewhere. Please help me about how to restore the Laptop to atleast the intial factory setting mode. Or else can any one help me in getting the Recovery CD. It was running VISTA.

A:(Resolved) Recovery CD for Toshiba A205-S4617

Hello and Welcome to TSF.

Unfortunately, Toshiba doesn't offer replacement CDs. They suggest either taking it to a Toshiba service center (for $75) or buying a retail copy of Windows.

http://askiris.toshiba.com/ToshibaSu...200%2016149286

Before you go spending money , let's try this.

With the unit powered down press and hold the zero key on your keyboard while powering the unit up. If it's equipped with it, the Toshiba Recovery Wizard should open, and it's pretty much self explanatory from there.

Let me know how it goes.

http://www.techsupportforum.com/forums/f217/resolved-recovery-cd-for-toshiba-a205-s4617-174696.html
Relevancy 46.44%

i lost my cd that came with my printer to install it on my computer. i just did a system recovery and now need to reinstall it. is there a way to do it or a website were i can get the installation procedure?

the printer is a HP deskjet 3820 printer.

A:[resolved]trying to reinsall printer after system recovery

You can nearly always get the drivers from the makers of the product, the time that gets tricky is when it is very old, but your is easy to find right >>>Here<<<,., just choose your OS to download what you need.

http://www.techsupportforum.com/forums/f10/resolved-trying-to-reinsall-printer-after-system-recovery-156500.html
Relevancy 46.44%

I am trying format in {RESOLVED}allocation recovery unit format a Maxtor GB Hard Drive Drive D I get the message quot Trying to recover allocation unit quot The cursor blinks under the T for Trying Yellow light that hard drive is active stays on It seemed stuck that way or I was too impatient This is a hard drive that I had been using as {RESOLVED}allocation unit recovery in format my C drive then it developed a proablem that neither Norton check Disk nor Scandisk could correct I copied all Crive files to a GB Maxtor HD Drive per this forums instructions {RESOLVED}allocation unit recovery in format and that went well I then reversed the two drives so that I could unpartition and repartition the G M Then I proceeded to format the GB D drive from DOS WinMe Boot or startup disk Twice it ended up with the same message quot Trying to recover allocation unit quot After an hour I rebooted because it seemed that although the yellow light was on meaning that something was happening with one of the hard drives I could see no progress should Ihave been able to see more and it seemed that the cursor was stuck under the T for Trying Any Suggestions Do I need to let it run that way for more hours Should I run fdisk and repartition the drive again and then reformat again Is the drive unusable If it can t recover the allocation unit can it complete in some way and the drive be useable Thanks for any help you can be Years working with computers and this is the first thime I have run into this Thanks again JIm Harding nbsp

A:{RESOLVED}allocation unit recovery in format

Generally that error can be caused by damaged sectors on the drive. I would suggest downloading powermax utility from maxtor, it is the drive diagnostic utility, see what it reports about the drive

http://www.maxtor.com/Maxtorhome.htm

the program is under support, software and utilities
 

https://forums.techguy.org/threads/resolved-allocation-unit-recovery-in-format.78588/
Relevancy 46.44%

Hello everyone I work at a University [resolved] from Recovery Console? Changing boot.ini Helpdesk and I'm having [resolved] Changing boot.ini from Recovery Console? serious problems with a student machine We use Cisco Clean Access to verify student computers are up-to-date with Window Updates and antivirus definitions One student computer had a corrupted Window Update Windows Updates didn't see any available updates for the computer but Clean Access did The only option is to remove all the updates and download them all from Window Updates The [resolved] Changing boot.ini from Recovery Console? person who removed them either removed something she shouldn't have or removed something in the wrong order and kernel died With the case [resolved] Changing boot.ini from Recovery Console? of two technicians working on the same computer at different times without telling each other what the other was doing within MSCONFIG I set boot ini to start in safemode The other technician wasn't aware that I did that and repaired the Windows install Now Windows wants to run a setup but can't because it's in safe mode We can get to the recovery console but I don't know how to turn off booting to safe mode from there Can anyone help me Thanks Jennifer Riebel

A:[resolved] Changing boot.ini from Recovery Console?

this article should be very helpful.

http://www.techsupportforum.com/forums/f10/resolved-changing-boot-ini-from-recovery-console-71593.html
Relevancy 46.01%

Anyone help me, 18months ago I sampled Nod32 anti virus, I was not happy with it and removed the program via the uninstaller. I purchased Panda and went to update Panda to the 2005 software and have noticed again that Nod32 has somehow come back onto my system, but not all the files. I have deleted as much as I could but I am left with the nodshex.dll file in the ESET folder and until I get this off my system I am unable to update my Panda. I have emailed Nod32 people, no response, I have tried to delete it in Safe Mode, would not delete, I have looked on the Task Manager and can not find it running to delete from there. How on earth do I get rid of this program, I have looked in the Registry and I am unable to find it in the software either. Please Help.

A:[resolved] Nod32 Anti Virus Removal Problem

Hi

Try having a search around with regseeker:-

http://www.snapfiles.com/freeware/sy...wregtools.html

Make sure the back-up registry box is checked and use the 'delete' key on your keyboard to delete whatever you find.

However, if you're lucky it might even take the bits and pieces out in the auto clean mode.

Did it show in Add/Remove programs?

I guess one option would be to download it again and then try and uninstall it wholesale?

Peter

http://www.techsupportforum.com/forums/f10/resolved-nod32-anti-virus-removal-problem-53604.html
Relevancy 45.15%

I have a drive here on which I have spent about hours setting up just the way it needs to be I disconnected the drive and took it to another machine to do an image of the drive in the event of a Recovery Active user (Resolved) opinions Partition wanted major system crash (Resolved) Active Partition Recovery user opinions wanted Long story short I didn t get to make (Resolved) Active Partition Recovery user opinions wanted the image before the partition simply disappeared I put the drive back into (Resolved) Active Partition Recovery user opinions wanted the original machine and FDisk reports no partitions present I have downloaded the evaluation version of Active Partition Recovery and I simply want opinions from users of the program if any are here as to how good the program actually is before I spend the money for the full commercial version I don t know how much money I ve wasted here on software that doesn t work I have viewed the screens in the evaluation version and I do see my folder names and file names In other words it looks good Does any Active Partition Recovery user care to give any kudos or caveats nbsp

A:(Resolved) Active Partition Recovery user opinions wanted

Well, I didn't get any replies and I decided not to wait any longer. I have been needing something like this for years and I guess it was long over due.

It worked with some limited success. It recovered the partition; but, it was not bootable. Nothing I could do would make it so. I finally reinstalled Windows 98 over the existing copy. It picked up all the old settings just as an upgrade should and made the drive bootable.

I didn't read the manual so I might have missed something that would have preserved the partition's bootability. I'll read it later.

This sure beat the alternative.
 

https://forums.techguy.org/threads/resolved-active-partition-recovery-user-opinions-wanted.185522/
Relevancy 45.15%

I am missing any key in my registry that has tcpip. I am using Windows ME. Although I have deleted the hosts as per the other steps in the fix, I still cannot access google .com

Here is what I am missing:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
Tcpip\

Does anyone know why I am missing this key, and how I can continue to fix this annoying trojan?

Thanks!
CT
 

A:[Resolved] Can't Reach Google & search Engines? QHosts-1 Virus Removal

https://forums.techguy.org/threads/resolved-cant-reach-google-search-engines-qhosts-1-virus-removal.175462/
Relevancy 44.72%

hi its frustrating for me to get the following error massage when I try issue....... DLL [RESOLVED] to run some apps including calculator from win accessories The system DLL user dll was relocated in memory The application will not run properly The relocation occurred because the [RESOLVED] DLL issue....... DLL C WINDOWS system SHELL dll occupied an address range reserved for Windows system DLLs The vendor supplying the DLL should be contacted for a new DLL have anyone come across this before hope you did Pl help to correct this problem my system details intel Core Duo E GB RAM GeForce video Windows XP Prof with SP In Detail Windows Windows XP Build Service Pack Internet Explorer Memory RAM MB CPU Intel R Core TM CPU GHz CPU Speed MHz Sound card SoundMAX HD Audio O Display Adapters NVIDIA GeForce TurboCache TM NetMeeting driver RDPDD Chained DD Network Adapters Bluetooth Device Personal Area Network NETGEAR WG v Mbps Wireless USB Adapter - Packet Scheduler Miniport CD DVD Drives E PIONEER DVD-RW DVR- D F IM N CQL L G IM N CQL L H IM N CQL L COM Ports COM COM LPT Ports LPT Mouse Button Wheel Mouse Present USB Controllers host controllers Firewire Not Detected Manufacturer American Megatrends Inc Product Make P PL BIOS Info AT AT COMPATIBLE A M I - Time Zone AUS Eastern Standard Time Battery No Battery Motherboard ASUSTeK Computer INC P PL Modem Standard Modem over Bluetooth link

A:[RESOLVED] DLL issue.......

Hi Rizmi !

I suppose you have a custom theme pack installed ?

Go to add/remove programs, tick the "show updates" box and uninstall the KB925902 hotfix if it's in the list. Removing that update worked for this user.

If that didn't solve your problem contact the people that created your custom theme pack or just uninstall it.

http://www.techsupportforum.com/forums/f10/resolved-dll-issue-163662.html
Relevancy 44.72%

I was having a lot of problems with pop-ups computer Log Resolved...hjt Issue Pop-up performance and internet use I posted some of the text from pop-up pages that my Trend Micro software blocked from pulling up posted in the quot Am I infected What do I do quot forum This was a common occurence Pop-up Issue Resolved...hjt Log I was told by buddy that I had a Vundo infection and to follow his listed instructions for removal part of which included posting a HJT log after I was done I downloaded the Vundo removal tool and ran it and removed the files it recommended I downloaded Super Antispyware software and ran in safe mode twice in safe mode a couple more times regular full scans I ran the online Bit Defender twice I downloaded and ran a full scan with Ad-Aware a few times I updated the pattern files for both downloaded antispywares I also updated the pattern file on my Trend Micro PCCillin program and ran full scans and performed a disk clean-up So far so good My computer is running faster than it has since I got it no more pop-ups and internet speed seems to have increased as well The HJT log below is what my system now shows My computer seems to be working great but if there is anything else I need to do please let me know Thanks to buddy for the help and in advance to anyone else who sees more hidden problems in the log below Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Running processes C WINDOWS System smss exeC WINDOWS system winlogon Pop-up Issue Resolved...hjt Log exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Intel Wireless Bin EvtEng exeC Program Files Intel Wireless Bin S EvMon exeC Program Files Intel Wireless Bin WLKeeper exeC WINDOWS system spoolsv exeC Program Files Lavasoft Ad-Aware aawservice exeC Program Files Dell NICCONFIGSVC NICCONFIGSVC exeC PROGRA TRENDM INTERN PcCtlCom exeC Program Files Intel Wireless Bin RegSrvc exeC WINDOWS system svchost exeC PROGRA TRENDM INTERN Tmntsrv exeC PROGRA TRENDM INTERN TmPfw exeC Program Files Intel Wireless Bin ZcfgSvc exeC WINDOWS Explorer EXEC PROGRA Intel Wireless Bin XConfig exeC Program Files Apoint Apoint exeC Program Files Intel Wireless Bin ifrmewrk exeC Program Files Common Files InstallShield UpdateService issch exeC Program Files Apoint Apntex exeC Program Files Trend Micro Internet Security pccguide exeC Program Files DellSupport DSAgnt exeC WINDOWS system ctfmon exeC Program Files SUPERAntiSpyware SUPERAntiSpyware exeC Program Files Kodak Kodak EasyShare software bin EasyShare exeC Program Files Messenger msmsgs exeC PROGRA TRENDM INTERN tmproxy exeC HijackThis HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page http dell myway com O - BHO no name - AutorunsDisabled - no file O - BHO Trend Micro Antifraud Toolbar - - E- D -A DE-E DA BE - C PROGRA TRENDM INTERN PccIeBar dllO - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO no name - D F -B FE- -BF - AB D D - C Program Files MyWaySA SrchAsDe bin deSrcAs dllO - BHO DriveLetterAccess - CA D E- - CF- E - - C WINDOWS system dla tfswshx dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO no name - B BCF - B - C -BDF - A D DBE - C WINDOWS Cursors iwnabk dll file missing O - Toolbar Easy-WebPrint - C -E D- c -AA D- AC BABA C - C Program Files Canon Easy-WebPrint Toolband dllO - Toolbar Trend Micro Antifraud Toolbar - F FD- A - -A - AB CFF AF - C PROGRA TRENDM INTERN PccIeBar dllO - HKLM Run Apoint C Program Files Apoint Apoint exeO - HKLM Run IntelWireless C Program Files Intel Wireless Bin ifrmewrk exe tf Intel PROSet WirelessO - HKLM Run ISUSPM Startup C PROGRA COMMON INSTAL UPDATE ISUSPM exe -startupO - HKLM Run ISUSScheduler quot C Program Files Common Files InstallShield UpdateService issch exe quot -startO - HKLM Run ... Read more

A:Pop-up Issue Resolved...hjt Log

Hi there! Nothing wrong here at all, I see a clean log! There are a handful of leftover entries you can fix, they are just orphaned registry keys.Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:O2 - BHO: (no name) - AutorunsDisabled - (no file)O2 - BHO: (no name) - {B1BCF948-51B2-4C62-BDF6-9A1D09701DBE} - C:\WINDOWS\Cursors\iwnabk.dll (file missing)O9 - Extra button: (no name) - AutorunsDisabled - (no file)Click on Fix Checked when finished and exit HijackThis.Make sure your Internet Explorer is closed when you click Fix Checked!That's all, looks like buddy215 has cleaned you out already!

http://www.bleepingcomputer.com/forums/t/98992/pop-up-issue-resolvedhjt-log/
Relevancy 44.72%

Hello, I'm at a loss and afraid I've lost all my files.   Every time I restarted my computer I kept getting the Windows Boot Manager error message: Status: 0xc000000f Info: An error occured while attempting to read the boot configuration data. However, after googling and trying numerous methods to repair this, I now keep getting prompted with the Windows Recovery Manager.  I assumed that choosing the default factory restore option would prompt me with a back up option, but it didn't and proceeded to reformat.  I quickly shut my computer down. I don't know what to do next because now all I get is the Windows Recovery Manager option. Any help would be much appreciated!

A:Windows Boot Manager Error / Windows Recovery Manager Issue

If this string of events actually did start to reformat the drive, it might still be recoverable.  I would boot the computer to an independent OS IE: Linux Live on a CD or DVD and then look at the drive.  Then use that to copy your data to another drive.  Once the data is saved, then do whatever you want with this corrupted drive.  Do not try to continue with any other operations until the data is saved elsewhere.Since this PC came with Vista, once the data is saved, you could try the HP REcovery Manager to restore the original OS. Or just start over this a new install of windows 7

http://h30434.www3.hp.com/t5/Desktop-Boot-and-Lockup/Windows-Boot-Manager-Error-Windows-Recovery-Manager-Issue/td-p/5603963
Relevancy 44.72%

A friend of mine was having some problems with their computer last week The PC would randomly shut down almost always around pm although I am guessing Recovery Can't Drive Not Recognized, to Console [resolved]SATA Enter repair that is just coincidence and then when they turned it back on it would shut down again This would happen a couple of times before they were able to boot up again Finally yesterday the PC wouldn't boot at all and it gave the C WINDOWS system config system is missing or corrupt I tried to get into [resolved]SATA Drive Not Recognized, Can't Enter Recovery Console to repair recovery console but it said it did not detect a hard drive The Hard Drive is a SATA drive SATA is enabled in BIOS They are running XP Pro A couple of weeks ago they upgraded the memory adding another stick of but I am not sure if they were having these problems before the memory upgrade or not Anyways my first question is what can I do to have the drive be recognized again I did some research and it mentioned having to install Third Party SATA drivers but since the drive was working before and we haven't done a clean install I shouldn't have to load the drivers again correct Unless they got deleted corrupt somehow Well let me know if anyone has any suggestions Thanks

A:[resolved]SATA Drive Not Recognized, Can't Enter Recovery Console to repair

Hi,

A couple of places to start:

> If you have any IDE hard drives hooked up, then disconnect them to get it going.

> Enter the BIOS setup menu and set everything back to default settings and try it.

> Make sure your drive detection in the Bios setup menu is set to AUTO

> Try clearing the CMOS ....... When and if you get it back up, try the recovery console again.

> The SATA drives are notorious for having loose cables (I have to use cable ties for some at times) and they do not fit into the drives very secure, so you need to make sure they are making good contact with the cable to the drive.

> Make sure the power cord is hooked in secure to the drive. Try another cable if this one does not do the job for you.

Post back with questions/concerns.

http://www.techsupportforum.com/forums/f10/resolved-sata-drive-not-recognized-cant-enter-recovery-console-to-repair-148443.html
Relevancy 44.29%

ever since then, I can't download adobe flash player and I need it for facebook. My internet explorer settings seem to be ok. activex controls are set to prompt, but I don't get any prompt at all and no bar at all. the security level is set to medium. can you help? thanks!

A:I had a malware issue and had it resolved but

Download it from here

http://www.filehippo.com/download_flashplayer_ie/

and run it manually

http://www.techsupportforum.com/forums/f10/i-had-a-malware-issue-and-had-it-resolved-but-356283.html
Relevancy 44.29%

I recently had an issue involving a suspected keylogger and one of my online accounts Keylogger resolved if not issue, sure I believe that I contracted the virus from a link that was infected Regardless I tried to wipe my hard drive clean and start from scratch I really need to make sure that the keylogger and any other viruses are contained deleted before I can continue using my machine I'm running Windows XP Home Edition with Service Pack installed Below are the required scans Thank you in advance DDS Ver - - - NTFSx Run by Dominic Iacano at on Fri Internet Explorer Microsoft Windows XP Home Edition GMT - Keylogger issue, not sure if resolved Running Processes C WINDOWS System Ati evxx exe C WINDOWS system svchost -k DcomLaunch svchost exe C Program Files Windows Defender MsMpEng exe C WINDOWS System svchost exe -k netsvcs C Program Files TGTSoft StyleXP StyleXPService exe svchost exe C WINDOWS system Ati evxx exe svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C WINDOWS system Rundll exe C Program Files QuickTime QTTask exe C WINDOWS SnoopFreeUI exe C Program Files Windows Defender MSASCui exe C Program Files The Weather Channel FW Desktop DesktopWeather exe C Program Files Logitech SetPoint SetPoint exe C Program Files Trillian trillian exe C WINDOWS system HPZipm exe C WINDOWS System SnoopFreeSvc exe C Program Files Viewpoint Common ViewpointService exe C Program Files iPod bin iPodService exe C Program Files Common Files Logishrd KHAL KHALMNPR EXE C WINDOWS system wscntfy exe C WINDOWS system wuauclt exe C WINDOWS System msiexec exe C Program Files Mozilla Firefox firefox exe C Documents and Settings Dominic Iacano My Documents Downloads dds scr Pseudo HJT Report uStart Page about blank EB - a - b-a - c a a - No File uRun DW quot c program files the weather channel fw desktop DesktopWeather exe quot uRun STYLEXP c program files tgtsoft stylexp StyleXP exe -Hide mRun P Helper Rundll P dll P Helper mRun QuickTime Task quot c program files quicktime QTTask exe quot -atboottime mRun Kernel and Hardware Abstraction Layer KHALMNPR EXE mRun iTunesHelper quot c program files itunes iTunesHelper exe quot mRun SnoopFreeUI SnoopFreeUI exe mRun Windows Defender quot c program files windows defender MSASCui exe quot -hide StartupFolder c docume domini startm programs startup trillian lnk - c program files trillian trillian exe StartupFolder c docume alluse startm programs startup logite lnk - c program files logitech setpoint SetPoint exe IE FB F -F - d -BB E- C F - c program files messenger msmsgs exe DPF DirectAnimation Java Classes - file c windows java classes dajava cab DPF Microsoft XML Parser for Java - file c windows java classes xmldso cab Notify AtiExtEvent - Ati evxx dll Notify LBTWlgn - c program files common files logishrd bluetooth LBTWlgn dll SEH Microsoft AntiMalware ShellExecuteHook eb - dd- d-a dd- e c d fb cb - c progra window MpShHook dll SERVICES DRIVERS R SnoopFree SnoopFree Driver c windows system drivers SnopFree sys - - R SnoopFreeSvc Snoop Free Service System SnoopFreeSvc exe -- gt System SnoopFreeSvc exe R Viewpoint Manager Service Viewpoint Manager Service c program files viewpoint common ViewpointService exe - - R WinDefend Windows Defender c program files windows defender MsMpEng exe - - S NPF NetGroup Packet Filter Driver c windows system drivers npf sys - - Created Last - - a------- c windows SnoopFreeUI exe - - a------- c windows system SnoopFreeSvc exe - - a------- c windows SnoopFreeDll dll - - a------- c windows system drivers SnopFree sys - - a------- C CHOKE ISO - - lt DIR gt --d----- c program files DVD Shrink - - lt DIR gt --d----- c program files PokerStars - - a------- c windows system hpz l pi dll - - ac------ c windows system dllcache usbstor sys - - lt DIR gt --d----- c program files HP - - a------- c windows system HPZc dll - - a------- c windows system hpzids dll - - a------- C ut x bat - - a------- C ut bat - - lt DIR gt --d----- c program files DVD Decrypter - - a------... Read more

A:Keylogger issue, not sure if resolved

Hello and welcome to TSF.

I cannot see any sign of malware. If you had wiped your hard drive clean, and reinstalled the operating system, the infection would not have survived. Do you still have any malware symptoms?

The major issue I see is that you don't appear to have an antivirus application installed. That's very dangerous in today's cyberworld. Please install this free-for-personal use Antivirus :
Avira Antivirus: http://www.free-av.com/

Tutorial for Avira: http://www.techsupportforum.com/cont...ticles/64.html

Let's also have an online scan with Kaspersky Online Scanner just to make sure.

**Note**

To optimize scanning time and produce a more sensible report for review: Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan.
Click Accept, when prompted to download and install the program files and database of malware definitions.Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click View scan report at the bottom.
Click the Save Report As... button.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

http://www.techsupportforum.com/forums/f284/keylogger-issue-not-sure-if-resolved-355763.html
Relevancy 44.29%

I was having the common issue of getting redirected to the wrong websites when clicking on search result links and having new browser windows open up in quot Click here to take our anonymous survey and win a prize quot type sites for no reason I use both Firefox and IE In Firefox I seemed to be able to dodge this by clicking the quot Warn me when being redirected quot box but not in IE I have McAfee but it never even seemed to be able to sniff this problem I tried both Hitman Pro and Malwarebytes Anti-Malware both claimed to have found and fixed a number of problems but neither fixed Redirect Issue Resolved, Think I this problem It does appear that combofix has fixed things I am not a novice but I'm also not a techie so I kept the instructions up on another PC while I ran the program There really wasn't much of anything I had to do Redirect Issue Resolved, I Think but being able to re-read Redirect Issue Resolved, I Think what to expect while the program ran made me feel a lot better so if you don't have a second machine to do this the way I did I'd print out the instructions I had to disable my popup blocker to complete the download from bleepingcomputer as recommended and then I did disconnect my modem and disable my McAfee including firewall before running the program and so far all seems fine This was the most helpful forum I've come across in years and I'm so glad I found it As I said I think my issue is resolved but am posting my log file below Thanks again ComboFix - - - HP Owner - x Microsoft Windows XP Home Edition GMT - Running from c documents and settings HP Owner YOUR-AE C A B My Documents Downloads ComboFix exe AV McAfee VirusScan On-access scanning disabled Updated B EE - - CDE-A A-DD BA FAD FW McAfee Personal Firewall disabled B - C F- -BDA - CA DA E Other Deletions c documents and settings HP Owner YOUR-AE C A B GoToAssistDownloadHelper exe c windows Downloaded Program Files f initialsetup inf Redirect Issue Resolved, I Think c windows Downloaded Program Files popcaploader inf c windows explorer exe D Autorun inf Infected copy of c windows system DRIVERS viaide sys was found and disinfected Restored copy from - Kitty had a snack p Files Created from - - to - - - - - - -c--a-w- c windows system dllcache viaide sys - - - - ----a-w- c windows system drivers viaide sys - - - - -------- d-----w- c documents and settings HP Owner YOUR-AE C A B Application Data Malwarebytes - - - - ----a-w- c windows system drivers mbamswissarmy sys - - - - -------- d-----w- c program files Malwarebytes' Anti-Malware - - - - -------- d-----w- c documents and settings All Users Application Data Malwarebytes - - - - ----a-w- c windows system drivers mbam sys - - - - ----a-w- c program files mbam-setup exe - - - - ----a-w- c windows system bootdelete exe - - - - ----a-w- c windows system drivers hitmanpro sys - - - - -------- d-----w- c documents and settings All Users Application Data Hitman Pro - - - - -------- d-----w- c program files Hitman Pro - - - - ----a-w- c windows system drivers mfeclnk sys - - - - ----a-w- c windows system drivers mfendisk sys - - - - ----a-w- c windows system drivers mferkdet sys - - - - ----a-w- c windows system drivers mfetdi k sys - - - - ----a-w- c windows system drivers cfwids sys - - - - ----a-w- c windows system drivers mfebopk sys - - - - ----a-w- c windows system drivers mfefirek sys - - - - ----a-w- c windows system drivers mfeavfk sys - - - - -------- d-----w- c program files McAfee com - - - - -------- d-----w- c windows system wbem Repository - - - - -------- d-----w- c documents and settings HP Owner YOUR-AE C A B Local Settings Application Data Threat Expert - - - - -------- d-----w- c documents and settings All Users Application Data McAfee Security Scan - - - - -------- d-sh--w- c windows ftpcache - - - - -------- dc-h--w- c windows ie - - - - -------- d-----w- c program files MSN Toolbar - - - - -------- d-----w- c program files Microsoft Silverlight - - - - -------- d-----w- c program fil... Read more

http://www.techsupportforum.com/forums/f284/redirect-issue-resolved-i-think-485874.html
Relevancy 44.29%

I am trying to find a solution to my problem (not being able to enter DOS)

when i do start,run and type CMD.....

the DOS box opens,blinks twice or three times and then goes away

does the same thing when i type in regedit

any help would be greatly appreciated

A:[resolved]XPsp2 issue??????

Have you checked for viruses or trojans, etc? If not, I'd start there.

http://www.techsupportforum.com/forums/f10/resolved-xpsp2-issue-140890.html
Relevancy 44.29%

So I tried one of those icon programs that can change al your icons, it was cool, but I got rid of it. Now the issue is that my C:\ drive icon seems to be gone :(

Anyone know where this icon is, or a way to change it? When I right click on it, it obviously gives me the properties of the C:\ drive, not the typical properties where you can change icons etc...

A:Annoying issue(RESOLVED)

Hi,

Right click
Properties

Choose a new Icon

hth

Ceri

http://www.techsupportforum.com/forums/f10/annoying-issue-resolved-133984.html