|
Adwcleaner has removed all passwords
|
|
AfterDawn Addict
|
13. February 2013 @ 20:36 |
Link to this message
|
You did good bauld1, there is no log needed.
1.)
I just know you still have HJT ? run and post a HJT Log for me..
2.)
Download Combo fix from one of these locations.
* IMPORTANT !!! Place combofix.exe on your Desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Go to -> Here for your reference.
Click start > run and Copy and Paste this in exactly, using the picture below for reference, then click OK.
"%userprofile%\desktop\combofix.exe" /killall
Combo will begin to run DO NOTHING while this is happening.
? Do not attempt to use the internet or anything else while it's running.
? Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
? It will kill a few processes and disconnect you from the internet.
? If by chance it stops prematurely you can re-establish your internet connection by restarting your computer. It does set a restore point before running.
? This needs to be done so the program can work most efficiently for you.
**Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.
If when it's completed you can not get on the internet just reboot the computer
Post the log from comboFix for me located in
c:\comboFix.txt
3.)
Download Malwarebytes' Anti-Malware to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
? At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
? If an update is found, it will download and install the latest version.
? Once the program has loaded, select Perform full scan, then click Scan.
? When the scan is complete, click OK, then Show Results to view the results.
? Make sure that everything is checked, and click Remove Selected. <-- Don't forget this.
? When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
? Please post the MBAM, Combofix and HijackThis Logs
G
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...This message has been edited since posting. Last time this message was edited on 23. February 2013 @ 17:18
|
|
Advertisement
|
 |
|
|
|
bauld1
Junior Member
|
14. February 2013 @ 10:17 |
Link to this message
|
|
Hi 2oG,
Double clicked Hijack this,message to run as administrator,says hijack this is running but nothing happening,will i un install then install again? apologies.Been running over an hour no logs or screens
cheers
bauld1
|
AfterDawn Addict
|
14. February 2013 @ 17:49 |
Link to this message
|
Sounds like you picked up a ton of crap?.
Reboot tap f8 to go to Safe Mode ? select Safemode with networking ? then
Download Combofix from one of these locations:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
Double click and run Combofix from the desktop, in Safe Mode..
Grab a beer and don?t touch anything til it finishes completely
It will reboot and complete a Log ? wait for it to finish and then post the log from comboFix for me located in: c:\comboFix.txt
20G
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
bauld1
Junior Member
|
14. February 2013 @ 18:11 |
Link to this message
|
Hi 2oG,
sorry to give you these headaches,f8 isn't going to safemode,any other way?
when I started hijackthis a box did appear with a list (not a log)then dissappeared,when i click on it now it still says it is running.Apologies again,i never ran it correctly.
Cheers
bauld1
|
|
bauld1
Junior Member
|
14. February 2013 @ 18:39 |
Link to this message
|
|
it's ok got safe mode,will post log once it's run,thanks
bauld1
|
AfterDawn Addict
|
14. February 2013 @ 18:40 |
Link to this message
|
|
OK, GO for it!
Normally hitting F8 repeatedly when restarting will allow you to choose to go into safe mode. On rare occasions, I've run into a computer where this would not work. In that case, you can enter safe mode by doing the following:
? Go into the Start Menu and choose Run.
? In the Run dialog box, type msconfig and then click OK.
? In the System Configuration Utility, click on the BOOT.INI tab
? Check-mark "/SAFEBOOT"
? Click OK
? Another little box comes up. Click Restart.
Once you are done doing whatever needed to be done in safe mode, you'll need to reverse what you did to get things back to normal.
? Go into the Start Menu and choose Run.
? In the Run dialog box, type msconfig and then click OK.
? On the General tab here, make sure that "Normal Startup - load all device drivers and services" is selected. If not, select it.
? Click on the BOOT.INI tab.
? Un-check "/SAFEBOOT".
? Click OK.
? Another little box comes up. Click Restart.
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...This message has been edited since posting. Last time this message was edited on 14. February 2013 @ 18:42
|
|
bauld1
Junior Member
|
14. February 2013 @ 19:52 |
Link to this message
|
Hi 2oG,
No box came up to paste,combofix just ran.I tried to get onto net in safe mode,message came up C:\programfiles\internet explorer\iexplore.ex
illegal operation attemted on a registry key that has been marked for deletion.
Another box appeared about removing from list of deletions I think I said yes instead of no.I gave combo admin rights but while it was running it came up acess denied a couple of times.Let me know if I need to run it again.Many thanks again for your time and patience.
ComboFix 13-02-13.02 - carol 15/02/2013 0:09.2.2 - x86 NETWORK
Microsoft® Windows Vista? Home Premium 6.0.6001.1.1252.353.1033.18.2037.1490 [GMT 0:00]
Running from: c:\users\colin\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\carol\%appda~1
c:\users\carol\%appda~1\Microsoft\Windows\IETldCache\index.dat
c:\users\colin\AppData\Roaming\inst.exe
c:\users\colin\AppData\Roaming\vso_ts_preview.xml
.
.
((((((((((((((((((((((((( Files Created from 2013-01-15 to 2013-02-15 )))))))))))))))))))))))))))))))
.
.
2013-02-15 00:19 . 2013-02-15 00:20 -------- d-----w- c:\users\carol\AppData\Local\temp
2013-02-15 00:19 . 2013-02-15 00:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-15 00:19 . 2013-02-15 00:19 -------- d-----w- c:\users\colin\AppData\Local\temp
2013-02-15 00:19 . 2013-02-15 00:19 -------- d-----w- c:\users\ciara\AppData\Local\temp
2013-02-13 16:19 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A9E3EF22-CC72-4753-A68B-765069FCE89C}\mpengine.dll
2013-02-02 13:20 . 2013-02-02 13:20 -------- d-----w- c:\users\colin\AppData\Roaming\SUPERAntiSpyware.com
2013-02-02 13:19 . 2013-02-02 13:20 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-02-02 13:19 . 2013-02-02 13:19 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-02-02 12:38 . 2013-02-02 12:38 -------- d-----w- c:\program files\VideoLAN
2013-02-02 12:14 . 2013-02-02 12:14 -------- d-----w- c:\users\colin\AppData\Local\Secunia PSI
2013-02-02 12:14 . 2013-02-02 12:14 -------- d-----w- c:\program files\Secunia
2013-01-25 19:41 . 2013-01-25 19:41 -------- d-----w- c:\users\colin\AppData\Roaming\RealNetworks
2013-01-25 09:21 . 2013-01-25 09:21 -------- d-----w- c:\users\ciara\AppData\Roaming\RealNetworks
2013-01-25 01:19 . 2013-01-25 01:19 -------- d-----w- c:\program files\Common Files\Skype
2013-01-25 01:13 . 2013-01-25 01:13 -------- d-----w- c:\program files\RealNetworks
2013-01-25 01:13 . 2013-01-25 01:13 -------- d-----w- c:\programdata\RealNetworks
2013-01-25 01:08 . 2013-01-25 01:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2013-01-25 01:08 . 2013-01-25 01:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2013-01-25 01:08 . 2013-01-25 01:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-01-25 01:08 . 2013-01-25 01:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-01-25 01:08 . 2013-01-25 01:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-01-25 01:08 . 2013-01-25 01:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-01-25 01:08 . 2013-01-25 01:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-01-25 01:07 . 2013-01-25 01:08 -------- d-----w- c:\program files\QuickTime
2013-01-25 00:59 . 2013-01-25 00:58 859552 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-25 00:58 . 2013-01-25 00:58 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-25 00:53 . 2013-01-25 00:53 -------- d-----w- c:\program files\iPod
2013-01-25 00:53 . 2013-01-25 00:54 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-01-25 00:53 . 2013-01-25 00:54 -------- d-----w- c:\program files\iTunes
2013-01-25 00:36 . 2013-01-25 00:36 388096 ----a-r- c:\users\colin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-01-25 00:26 . 2013-01-25 00:27 -------- d-----w- c:\program files\Common Files\Adobe
2013-01-25 00:17 . 2013-01-25 00:17 -------- d-----w- c:\program files\FileHippo.com
2013-01-24 20:39 . 2013-01-24 20:39 -------- d-----w- c:\program files\Trend Micro
2013-01-24 19:42 . 2013-01-24 19:42 -------- d-----w- c:\windows\ERUNT
2013-01-24 19:42 . 2013-01-24 19:43 -------- d-----w- C:\JRT
2013-01-21 17:10 . 2013-01-21 17:10 -------- d-----w- c:\programdata\WindowsSearch
2013-01-21 17:05 . 2013-01-21 17:05 -------- d-----w- c:\windows\system32\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-11 19:55 . 2012-07-24 12:44 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-11 19:55 . 2012-07-24 12:44 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-25 00:58 . 2010-06-27 10:36 780192 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-17 01:28 . 2009-10-02 17:26 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-16 20:07 . 2011-04-20 11:35 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 2153472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-26 39408]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2012-11-23 307712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-28 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-28 137752]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-10-10 212992]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-01 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-27 202032]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2013-01-25 295072]
"QuiKProtect"="c:\program files\Iomega\QuikProtect\StartQuikProtect.exe" [2009-03-13 54504]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
.
c:\users\carol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Iomega Product Registration.lnk - c:\program files\Iomega\Registration\Register.exe [2004-2-4 16175104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2012-11-26 573024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-30 20:19 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-24 19:58]
.
2013-02-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2545014225-4040687697-4202415592-1002Core.job
- c:\users\ciara\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-11 15:23]
.
2013-02-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2545014225-4040687697-4202415592-1002UA.job
- c:\users\ciara\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-11 15:23]
.
2013-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-24 23:00]
.
2013-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-24 23:00]
.
2013-02-14 c:\windows\Tasks\User_Feed_Synchronization-{41A229B3-26F3-41BB-99AE-F97F3E9A2060}.job
- c:\windows\system32\msfeedssync.exe [2011-06-16 04:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 89.101.160.5 89.101.160.4
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://fubar.com/js/ImageUploader/ImageUploader6.cab
FF - ProfilePath - c:\users\colin\AppData\Roaming\Mozilla\Firefox\Profiles\j5v1bv04.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb128?a=6PQUdDfV9l&i=26
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb128/?loc=IB_DS&a=6PQUdDfV9l&&i=26&search=
FF - ExtSQL: 2012-12-29 21:19; torntv@torntv.com; c:\users\colin\AppData\Roaming\Mozilla\Firefox\Profiles\j5v1bv04.default\extensions\torntv@torntv.com.xpi
FF - ExtSQL: 2013-02-13 13:03; testpilot@labs.mozilla.com; c:\users\colin\AppData\Roaming\Mozilla\Firefox\Profiles\j5v1bv04.default\extensions\testpilot@labs.mozilla.com.xpi
FF - user.js: extentions.y2layers.installId - fbb1b449-08e1-49b1-aeee-1e011a17cd68
FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,buzzdock,YontooNewOffers
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQUdDfV9l&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 982fece0000000000000001fe15fada4
FF - user.js: extensions.incredibar_i.instlDay - 15703
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1421:22
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQUdDfV9l
FF - user.js: extensions.incredibar_i.upn2n - 92544181924925055
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10658
FF - user.js: extensions.incredibar_i.ppd -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-15 00:20
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-02-15 00:23:01
ComboFix-quarantined-files.txt 2013-02-15 00:22
ComboFix2.txt 2013-01-25 19:22
.
Pre-Run: 36,080,140,288 bytes free
Post-Run: 36,143,443,968 bytes free
.
- - End Of File - - 2E9D669268E9F06FD304EE35F209BA48
|
AfterDawn Addict
|
14. February 2013 @ 20:47 |
Link to this message
|
Well, I couldn't find anything that might be causing the problems you have. Please describe the problems you are having as best you can. try to list as many as possible.
I can't see the programs you are currently running from those logs and you may have a software conflict so let's dig a little deeper...
Please Download -> DDS and save it to your Desktop.
Alternate Download
? Double click dds.scr to run the tool.
? If using Vista or Windows 7 you will be prompted by UAC, please allow the prompt.
? DDS will now scan your computer.
? When the scan is complete, DDS will open two (2) logs:
o DDS.txt
o Attach.txt
? If not saved these logs will be automatically deleted when closed, so save both to your Desktop.
? Please note it is important that you post BOTH logs.
Please note: DDS will ask you to attach the second log (Attach.txt), please ignore this notice and post the log instead.
I may be in bed before you get back to me, have to go to work very early but will get back to you as soon as I can..
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...This message has been edited since posting. Last time this message was edited on 14. February 2013 @ 20:48
|
|
bauld1
Junior Member
|
15. February 2013 @ 15:01 |
Link to this message
|
Hi 2oG,
Problems started after running adwcleaner,lost google chrome,laptop running slow(has speeded up a little now)but seems to be working really hard and getting hot.IE keeps dropping then recovering tab,IE sometimes doesn't respond.
Chrome not running properly is my fault now,I changed the passwords to see if that would help,but I have to log in to use,message- preferances can't be read some features may be unavailable and changes to preferences won't be saved.Most pages i'm on have Error on page at bottom left of screen and shows the privacy report sign.I also get alot of codes coming up when I go onto pages,admedia,facebook and others but they run very fast. Apologies for using up your time.Will post DDS logs shortly.
Many thanks
bauld1
This message has been edited since posting. Last time this message was edited on 15. February 2013 @ 15:23
|
|
bauld1
Junior Member
|
15. February 2013 @ 15:15 |
Link to this message
|
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista? Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 19/05/2008 11:08:32
System Uptime: 15/02/2013 14:55:34 (6 hours ago)
.
Motherboard: Hewlett-Packard | | 30ED
Processor: Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz | CPU | 1733/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 138 GiB total, 29.69 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 2.066 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Activation Assistant for the 2007 Microsoft Office suites
Adobe Download Manager
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.01)
Adobe Shockwave Player
Adobe Shockwave Player 11.6
AIM 6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
µTorrent
Audacity 1.2.6
avast! Free Antivirus
Bonjour
Compatibility Pack for the 2007 Office system
Conexant HD Audio
CyberLink YouCam
DVD Suite
ESU for Microsoft Vista
Facebook Video Calling 1.2.0.287
FileHippo.com Update Checker
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP DVD Play 3.6
HP Easy Setup - Frontend
HP Help and Support
HP Quick Launch Buttons 6.30 E2
HP Total Care Advisor
HP Update
HP User Guides 0092
HP Wireless Assistant
Intel(R) Graphics Media Accelerator Driver
Intel(R) Matrix Storage Manager
Intel(R) TV Wizard
Iomega Product Registration
Iomega QuikProtect
Iomega ScreenPlay Discovery
iTunes
Java 7 Update 11
Java Auto Updater
LAME v3.99.3 (for Windows)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2010 - English
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 19.0 (x86 en-US)
Mozilla Maintenance Service
MSCU for Microsoft Vista
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
NetWaiting
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
RecordMateLP
Retrospect 7.5
Secunia PSI (3.0.0.6001)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Skype Click to Call
Skype? 6.1
SUPERAntiSpyware
swMSM
Touch Pad Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VAP11G
VLC media player 2.0.5
WinPcap 4.1.1
WinRAR 4.20 (32-bit)
.
==== End Of File ===========================
|
|
bauld1
Junior Member
|
15. February 2013 @ 15:18 |
Link to this message
|
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 10.11.2
Run by carol at 20:08:52 on 2013-02-15
Microsoft® Windows Vista? Home Premium 6.0.6001.1.1252.353.1033.18.2037.1000 [GMT 0:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Iomega\QuikProtect\QpMonitor.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Iomega\QuikProtect\QuikProtect.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.yahoo.com
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [FileHippo.com] "c:\program files\filehippo.com\UpdateChecker.exe" /background
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [QuiKProtect] c:\program files\iomega\quikprotect\StartQuikProtect.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\users\carol\appdata\roaming\micros~1\windows\startm~1\programs\startup\iomega~1.lnk - c:\program files\iomega\registration\Register.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.1.4.cab
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://fubar.com/js/ImageUploader/ImageUploader6.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 89.101.160.5 89.101.160.4
TCP: Interfaces\{E4AAD8E9-DAD4-4760-9B46-13E626570FC2} : DHCPNameServer = 89.101.160.5 89.101.160.4
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-10-16 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-10-16 361032]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-10-16 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-16 58680]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-10-16 44808]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
R2 QSCopyEngine;QSCopyEngine;c:\program files\iomega\quikprotect\QpMonitor.exe [2009-4-22 122880]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2012-11-29 38608]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2012-11-26 1225312]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2012-11-26 659040]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]
R3 QsFsFltr;QsFsFltr;c:\windows\system32\drivers\QsFsFltr.sys [2011-3-23 13824]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca84ece659de30;Google Update Service (gupdate1ca84ece659de30);c:\program files\google\update\GoogleUpdate.exe [2009-12-24 133104]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-02-15 10:47:38 6991832 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ce795929-bec2-4714-b040-eb41a075a015}\mpengine.dll
2013-02-15 10:41:32 6991832 ------w- c:\programdata\microsoft\windows defender\definition updates\updates\mpengine.dll
2013-02-15 00:23:02 -------- d-----w- c:\users\colin\appdata\local\temp
2013-02-15 00:22:06 -------- d-sh--w- C:\$RECYCLE.BIN
2013-02-15 00:22:06 -------- d-sh--w- \$RECYCLE.BIN
2013-02-02 13:19:10 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-02-02 13:19:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-02-02 12:38:06 -------- d-----w- c:\program files\VideoLAN
2013-02-02 12:14:24 -------- d-----w- c:\users\colin\appdata\local\Secunia PSI
2013-02-02 12:14:06 -------- d-----w- c:\program files\Secunia
2013-01-25 18:24:25 98816 ----a-w- c:\windows\sed.exe
2013-01-25 18:24:25 256000 ----a-w- c:\windows\PEV.exe
2013-01-25 18:24:25 208896 ----a-w- c:\windows\MBR.exe
2013-01-25 18:23:38 -------- d-----w- \Qoobox
2013-01-25 01:13:41 -------- d-----w- c:\program files\RealNetworks
2013-01-25 01:13:38 -------- d-----w- c:\programdata\RealNetworks
2013-01-25 01:08:07 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2013-01-25 01:08:07 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2013-01-25 01:08:07 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2013-01-25 01:08:07 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2013-01-25 01:08:07 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2013-01-25 01:08:07 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2013-01-25 01:08:07 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2013-01-25 00:59:26 859552 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-25 00:58:57 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-25 00:53:15 -------- d-----w- c:\program files\iPod
2013-01-25 00:53:12 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-01-25 00:53:12 -------- d-----w- c:\program files\iTunes
2013-01-25 00:17:54 -------- d-----w- c:\program files\FileHippo.com
2013-01-24 20:39:23 -------- d-----w- c:\program files\Trend Micro
2013-01-24 19:42:30 -------- d-----w- c:\windows\ERUNT
2013-01-24 19:42:09 -------- d-----w- C:\JRT
2013-01-24 19:42:09 -------- d-----w- \JRT
.
==================== Find3M ====================
.
2013-02-11 19:55:47 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-11 19:55:47 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-25 00:58:10 780192 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-17 01:28:58 232336 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 20:10:08.98 ===============
|
AfterDawn Addict
|
15. February 2013 @ 19:39 |
Link to this message
|
Originally posted by bauld1:
Apologies for using up your time.
Apologies not accepted. It?s MY time and I can use it as I see fit.
First: from DDS I see that your 150gig drive is on the brink of being full, only about 20% left and that can cause problems. Also, I see that you have WAY too many processes running at Log On. You also have 11GB ?D? partition that is probably a HP Recovery partition for Vista and we can always fall back on that if nothing else works?..
I have not seen a HJT Log for this computer and I see that you have 2 outdated HJT programs installed. Hijackthis and Hijackthis 2.02
Go to uninstall programs and uninstall both of these. Then:
Download Hijackthis 2.04
http://www.filehippo.com/download_hijac...302243ff61e113/
Run a scan and post a log for me.
We?ll work it out, just have patients.
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
bauld1
Junior Member
|
15. February 2013 @ 20:39 |
Link to this message
|
Hi 2oG,
Having problems with Hijackthis.Uninstalled previous,installed update with the wizard,tried to run it with log and a box appeared with a list of things,not a log,tried to uninstall,install again and it says programme alredy running,laptop is racing and getting hot.I don't know what i'm doing wrong,but this happened when i tried to run the older version,must be the only person to break Hijackthis !!
Cheers and thanks
bauld1
|
AfterDawn Addict
|
15. February 2013 @ 20:51 |
Link to this message
|
try running HJT from Safe Mode - it wont show me the running processes but I can get an idea of what is loading.
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
bauld1
Junior Member
|
15. February 2013 @ 21:12 |
Link to this message
|
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 02:09:38, on 16/02/2013
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19088)
Boot mode: Safe mode with network support
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=...sario&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/webhp?sourceid=navclient&ie=UTF-8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuiKProtect] C:\Program Files\Iomega\QuikProtect\StartQuikProtect.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe -update activex
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} (Image Uploader Control) - http://fubar.com/js/ImageUploader/ImageUploader6.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Update Service (gupdate1ca84ece659de30) (gupdate1ca84ece659de30) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: QSCopyEngine - Unknown owner - C:\Program Files\Iomega\QuikProtect\QpMonitor.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 9230 bytes
|
AfterDawn Addict
|
15. February 2013 @ 22:20 |
Link to this message
|
|
well,well,well "I see!" said the blind man... when he picked up his hammer and SAW.
Just as I thought, and it will take me a while to go through it, so don't get discouraged..
It's just like eating an elephant.... one small Byte at a time. :)
I'll get some of it together and get back to you tomorrow. This should be FUN and a big lesson for the both of us. Just remember: no matter how old you get, make every day a learning day..
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
AfterDawn Addict
|
16. February 2013 @ 14:01 |
Link to this message
|
OK, bauld1, here?s the poop on your problems.
You have a 5yr old laptop with a Pentium dual core with probably a small amount of RAM, Vista needs a lot of ram, and a small 139GB hard drive that?s about 80% full.
You have a lot of HP Bloatware and programs that are probably not being used that are starting each time you boot and running all the time. They are taking up about all the RAM that is so needed by Vista that?s what slows you down so much.
You got hit by a Trojan that evidently came in on Java. It?s no longer on your machine but the damage has been done and left for you.
There are several ways you can go to get you back in running condition, all of which are a pain in the butt so you don?t loose all of your Data i.e. My Documents, my Pictures, my music, my videos etc. etc.
I don?t know about HP?s recovery but, some of them have 2 ways you can go. That is, a Full recovery back to the way it was when you first got it or a second way that saves your data. Don?t know what you have?
Or if I work with you we may have a chance to get it going and save what we can but, that would take a lot of time, maybe weeks, It's very difficult to fix one in this condition if it's not sitting on my workbench and you would have to follow my instructions to the letter..
Think about it and let me know?
We can do a Q&A on it.
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
bauld1
Junior Member
|
16. February 2013 @ 18:10 |
Link to this message
|
Hi 2oG,
Sorry for taking so long to get back to you.
Had an idea that it might require a full recovery,but,if I need startup discs etc,I don't Know where they are.The only thing that I would like to salvage/keep is itunes
daughters and my own,the only other things used are skype and utorrent and they can be installed again.(maybe part of the problem)
Again many thanks for your time,knowledge and patience,I'll pass the buck and leave it in your capable hands(no pressure lol)whatever you think is the best and easiest way forward.
Cheers
bauld1
|
AfterDawn Addict
|
16. February 2013 @ 19:05 |
Link to this message
|
Gday bauld1,
Do you have a USB drive that you can save your tunes and data to? That would help.
You really need a larger HD, 150 is nothing these days..
utorrent can be a problem it makes calls to bad sites that can infect you. I use it but, I block it's outbound calls.
I have had a problem with Avast having conflicts with other programs and that is what your problems seem to be telling me. I had a Trojan that also infected me through Java and it got in because Avast was butting heads with MalwareBytes Pro. I don't see any programs on your machine that I would think it would conflict with but, who knows.
You have a huge amount of programs that need to be deleted and probably some data files you don't use anymore. We can free up some space and try to fix the kinks in your operating system if you like. You will have to uninstall a lot of old junk and follow my instructions without trying anything on your on until we get through with it.
let me know and we will take it from there.
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
bauld1
Junior Member
|
16. February 2013 @ 20:46 |
Link to this message
|
Hi 2oG,
Late reply as comp is running slow,1.5 hrs to reply,comp wasn't as slow earlier,typical lol.
I have an external hard drive,but its not the stuff in itunes,its the actual programme,passwords etc,if it can't be saved,no probs a few days of tears and i'll get over it lol.
Anything that needs to be kept has been(itunes apart)so whatever needs deleted uninstalled/installed can be.
Let me know the next step,it will be a few hours before i start,heading to bed and comp is so slow.Many thanks for your kind help,take care
Cheers
bauld1
|
AfterDawn Addict
|
16. February 2013 @ 22:02 |
Link to this message
|
Quote:
its not the stuff in itunes,its the actual programme,passwords etc,if it can't be saved,no probs a few days of tears and i'll get over it lol.
Anything that needs to be kept has been(itunes apart)so whatever needs deleted uninstalled/installed can be.
After thinking about it, I believe you may be better restoring your system because I don't think you will be able to recover any passwords or settings.
Check this out then let me know if you can get into it and what you think about it.
Starting the recovery from the Windows Vista desktop
Use the following steps to recover the computer starting from the Windows Vista desktop:
1. Disconnect and remove all external devices such as printers, USB drives, and memory cards.
2. From the Windows desktop click Start , and then type recovery manager in the Search field.
3. Select Recovery Manager from the list, and then press the Enter key. Allow the action to continue if prompted.
4. On the Welcome to the Recovery Manager screen, click Next .
Figure 1: Recovery Manager: Welcome to the Recovery Manager
5. On the Software Program Re-installation screen, select No , and then click Next.
Figure 2: Recovery Manager: Software program re-installation
6. On the Hardware Driver Re-installation screen, select No , and then click Next.
Figure 3: Recovery Manager: Hardware Driver Re-installation
7. On the Microsoft System Restore screen, select No , and then click Next.
Figure 4: Recovery Manager: Microsoft System Restore
8. On the Recover your computer to its original factory condition screen, click Yes , and then click Next.
Figure 5: Recovery Manager: Recover your computer to its original factory condition
The computer restarts and another Welcome to the Recovery Manager screen opens.
NOTE: If the computer does not display another Welcome to the Recovery Manager screen, the RECOVERY or FACTORY_IMAGE partitions on the hard drive have been deleted OR the files in these partitions have been deleted. A set of recovery discs is needed to run a System Recovery. Follow the instructions listed in the section Starting the recovery from recovery discs.
9. On the Welcome to the Recovery Manager screen, click Next.
10. On the Microsoft System Restore screen, select No , and then click Next.
11. On the System Recovery screen, confirm that you want to run a System Recovery by selecting Yes , and then click Next.
12. The Recovery Manager gives you the option of backing up your data files. To do so, read Backing up your files.
If you do not want to backup your files, select No , and then click Next.
13. After the System Recovery is complete, the computer restarts and continues into Windows setup. Complete the setup screens and wait until the computer finishes the setup. Then, turn off the computer, reconnect all peripheral devices, and turn on the computer.
14. Before using the computer, update and protect your computer. Reinstall any virus and security software that was installed before the System Recovery.
15. Reinstall any software applications that were added after purchasing the computer, and any files that were backed up.
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...This message has been edited since posting. Last time this message was edited on 16. February 2013 @ 22:05
|
|
bauld1
Junior Member
|
17. February 2013 @ 12:13 |
Link to this message
|
|
Hi 2oG,
Hope all is well.Going to start recovery shortly,Recovery manager heading is there,also Recovery disc creation, i can't find original discs that came with laptop.If I have any probs I can post from another comp.
Many thanks.
bauld1
This message has been edited since posting. Last time this message was edited on 17. February 2013 @ 12:23
|
AfterDawn Addict
|
17. February 2013 @ 12:20 |
Link to this message
|
|
bauld1,
I hope the recovery works out OK. I am pretty sure it will because I have used it on laptops before and had good luck with it.
After looking over your Logs and seeing how much trouble it would be to try and fix it, I figured this would be the easiest way for you.
Keep me informed
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
bauld1
Junior Member
|
17. February 2013 @ 13:00 |
Link to this message
|
|
Hi 2oG
its ok misread your instructions
This message has been edited since posting. Last time this message was edited on 17. February 2013 @ 13:11
|
|
Advertisement
|
|
|
|
bauld1
Junior Member
|
17. February 2013 @ 13:28 |
Link to this message
|
|
Hi 2oG
choose not to back up files,message BOOTMGR is missing Press ctrl-alt-del to restart
tried a couple of times but this message keeps appearing,any ideas?
Cheers
bauld1
|
