# Solved Virus can not be removed from hp desktop

Hewlett-packard Pavilion a350n desktop
March 23, 2013 at 15:19:10
Specs: XP, 120GB
 I downloaded an avi file and went to burn it onto a DVD and boom I got a virus. Norton detected it but can not remove it. It says it is in my video.exe what ever that means. I also have tried Trend micro. They too say it failed to fix the problem but sees it. I am currently running Dr.Web boot disk. It has been scanning for over three hours so I guess I have a serious problem. Any ideas what to do next?

See More: Virus can not be removed from hp desktop

April 5, 2013 at 21:30:12
 Post #53FAULTING_IP:SYMEFA+d9666That is an Norton problem, uninstall it.https://support.norton.com/sp/en/au...I use Microsoft Security Essentials ( MSE )http://www.softpedia.com/get/Antivi...http://www.softpedia.com/progScreen...http://www.techsupportalert.com/bes...http://windows.microsoft.com/en-US/...System requirementshttp://www.microsoft.com/en-us/secu...Can Microsoft Security Essentials ( MSE ) protect me from online banking and shopping.http://answers.microsoft.com/en-us/...If you choose to use Security Essentials, please follow the steps in this thread first, especially the part about removing all existing realtime antimalware:http://kb.eset.com/esetkb/index?pag...

#1
March 23, 2013 at 19:49:05
 "I downloaded an avi file and went to burn it onto a DVD and boom I got a virus"It doesn't work that way. I think you're leaving something out. Were the torrents involved?"It says it is in my video.exe what ever that means"video.exe IS the virus. Google "how to remove video.exe virus"

Report •

#2
March 23, 2013 at 19:59:47
 I don't understand your comment about I left something out. There wasn't anything more to it, I downloaded the avi file using utorrent and went to burn it to dvd and got the virus. What is there to leave out? Anyways,I was currently googling the video.exe virus and how to remove it. I can only find really old post from 2008 and 2010. They just say to find the video.exe file and remove it. Kinda common sense, I understand that but how do you find it and remove it is my question. That is why I am on here for advice on what to do.

Report •

#3
March 24, 2013 at 00:02:47
 Read the last line of response #1 and follow those instructions.SkipAudares Juvo

Report •

Related Solutions

#4
March 24, 2013 at 07:22:00

Report •

#5
March 24, 2013 at 13:08:04
 There might have been an added file extension. If you don't already do so make sure you are set to show all file extensions. Always pop back and let us know the outcome - thanks

Report •

#6
March 24, 2013 at 19:24:12
 I have downloaded and ran everything you told me to do, step by step. In the reports it is telling me that it has removed a trojan virus. I will run another scan in the morning, I had to stop to put my son to sleep but will continue in the morning. I hope this works and I will report the results tomorrow.

Report •

#7
March 25, 2013 at 16:48:38
 Riider, I did everything in the exact steps you said to them. The reports said they removed trojan virus. I restarted my computer in regular mode this morning and the same thing happened again. My computer shuts itself off. I ran a scan with my Norton again and it says I still have the virus. L:/video.exe is what they are calling the file and it still says can't be removed. Any other suggestions?

Report •

#8
March 25, 2013 at 16:53:46

Report •

#9
March 25, 2013 at 20:10:41
 Ok, so I ran Unhide and it did create a logfile. I rebooted. Then downloaded and ran Hitman Pro. I am sorry I didn't copy and paste the log. It said I had some tracking cookies and this- BackWeb-137.exe Trojan, c:programfiles/updatesfromHP/137903/ProgramIt said it removed this. I reran the scan again.Log came back clean. I then ran TrendMicro Rootkit tool and Housecall. Both came back clean. I then ran the Norton Power Eraser, which originally told me I had the L:/video.exe bad file, and said it failed to be removed. It again told me that it failed to be removed. So did I have two different viruses and one is removed and the other isn't?

Report •

#10
March 25, 2013 at 20:38:26
 Can you please download and run Rougekiller from this link:http://www.bleepingcomputer.com/dow...Open it and run it, It will do a very quick system setup check scan, when its finished click the Scan button, When the scan is finished click Delete. Rougekiller will produce a log. Please copy and paste the log here.Please reply and let us know if our help worked. Your feedback helps others. Maybe you?

Report •

#11
March 26, 2013 at 06:57:33
 Here is the report from RougeKillerOperating System : Windows XP (5.1.2600 Service Pack 3) 32 bits versionStarted in : Safe mode with network supportUser : Administrator [Admin rights]Mode : Remove -- Date : 03/26/2013 08:54:57| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 2 ¤¤¤[RUN][BLACKLISTDLL] HKCU\[...]\Run : NVIEW (rundll32.exe nview.dll,nViewLoadHook) -> DELETED[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED] ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> C:\WINDOWS\system32\drivers\etc\hosts127.0.0.1 localhost¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: ST3160021A +++++--- User ---[MBR] 7990f6d885f75c8608d0500a1680e6fd[BSP] 4fad7fac273bd84cfc1128669fa120fc : Legit.B MBR CodePartition table:0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 5692 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 11657520 | Size: 146925 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[2]_D_03262013_02d0854.txt >>RKreport[1]_S_03262013_02d0852.txt ; RKreport[2]_D_03262013_02d0854.txt

Report •

#12
March 26, 2013 at 21:12:29

Report •

#13
March 28, 2013 at 03:47:16
 Here is the log from MalwarebytesMalwarebytes Anti-Malware (Trial) 1.70.0.1100www.malwarebytes.orgDatabase version: v2013.03.26.05Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)Internet Explorer 8.0.6001.18702Administrator :: HOME [administrator]Protection: Disabled3/27/2013 8:04:34 PMmbam-log-2013-03-27 (20-04-34).txtScan type: Full scan (C:\|D:\|L:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 440985Time elapsed: 1 hour(s), 9 minute(s), 52 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)

Report •

#14
March 28, 2013 at 03:56:35
 Here is the short scan log from MalwarebytesMalwarebytes Anti-Malware (Trial) 1.70.0.1100www.malwarebytes.orgDatabase version: v2013.03.28.05Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)Internet Explorer 8.0.6001.18702Administrator :: HOME [administrator]Protection: Disabled3/28/2013 5:48:21 AMmbam-log-2013-03-28 (05-48-21).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 253732Time elapsed: 6 minute(s), 18 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)--------------------------------------------------------------------------------------------------Ran another scan out of safe mode in regular mode and this is what I gotMalwarebytes Anti-Malware (Trial) 1.70.0.1100www.malwarebytes.orgDatabase version: v2013.03.29.14Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702Owner :: HOME [administrator]Protection: Enabled3/29/2013 4:30:39 PMmbam-log-2013-03-29 (16-30-39).txtScan type: Full scan (L:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 265096Time elapsed: 12 minute(s), 39 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 4HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.HKCU\SOFTWARE\SeekingAlpha (Trojan.DNSChanger) -> Quarantined and deleted successfully.HKCU\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> Quarantined and deleted successfully.Registry Values Detected: 1HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Data: 31788f103e38d81d8b6f0cf8e3b1683f -> Quarantined and deleted successfully.Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)

Report •

#15
March 28, 2013 at 04:00:28
 Last scan Eset Online Scanner, here's the link:http://www.eset.com/us/online-scann...Download and run. The scanner popup will start, select Archives and then Advanced Settings, check mark Potentially Unwanted Programs. Then click Start bottom right. It will load the scanner and start scanning, which can take a long time. Please copy and paste the log.Please reply and let us know if our help worked. Your feedback helps others. Maybe you?

Report •

#16
March 28, 2013 at 15:30:11

Report •

#17
March 28, 2013 at 17:54:51
 Yes you can delete the quarantined files, and you can keep the Eset as a second online scan when needed. Please reply and let us know if our help worked. Your feedback helps others. Maybe you?

Report •

#18
March 28, 2013 at 21:27:49

Report •

#19
March 28, 2013 at 21:33:54
 Also rerun Malwarebytes to scan for that L:/video.exe in Post #9, just to make sure it has gone :)(When it gives options on drives to scan uncheck c:/ and check L:/ )Please reply and let us know if our help worked. Your feedback helps others. Maybe you?

Report •

#20
March 29, 2013 at 13:16:59

Report •

#21
March 29, 2013 at 19:40:07
 The AdwCleaner log can be found at; Start button > My Computer > select C:/ drive. The log should be found there. Copy and paste the log please.Please reply and let us know if our help worked. Your feedback helps others. Maybe you?

Report •

#22
March 29, 2013 at 21:33:10

Report •

#23
March 29, 2013 at 23:02:50

Report •

#24
March 30, 2013 at 22:21:15
 I downloaded Junkware Removal Tool to my desktop and it is a square with an orange circle with a man inside of it, right? When I double click on it to open or right click to open an error screen comes up and says 7-zip internal error code 105 so it won't let me run the scan.

Report •

#25
March 30, 2013 at 23:05:37
 it is a square with an orange circle with a man inside of it, right? - yes Did you extract the zip before you tried to run it?Please reply and let us know if our help worked. Your feedback helps others. Maybe you?

Report •

#26
March 30, 2013 at 23:13:11
 I fixed the issue, I turned off my Norton and the Malware. I ran the scan. It did quck scan and a deep scan. Did some funky things with my computer, turned off my computer and rebooted. When it rebooted itself, no log file came up. Did scan a second time just to make sure of log and once again no log was created on my desktop.

Report •

#27
March 31, 2013 at 00:27:13
 The JRT log should be found on your desktop as JRT.txt, try where the downloaded .exe was ran from also.Please reply and let us know if our help worked. Your feedback helps others. Maybe you?

Report •

#28
March 31, 2013 at 12:28:25
 I have looked and looked and can not find a JRT.txt on my desktop even went into my C drive and saw that there was a folder made named JRT. When I opened it there was a whole bunch of different files but nothing that said log.

Report •

#29
April 1, 2013 at 01:06:03

Report •

#30
April 1, 2013 at 12:18:41
 Here is the Combo fix logComboFix 13-04-01.01 - Owner 04/01/2013 13:32:55.1.2 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1304 [GMT -5:00]Running from: c:\documents and settings\Owner\Desktop\ComboFix.exeAV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\Administrator\WINDOWSc:\documents and settings\All Users\Application Data\TEMPc:\documents and settings\Default User\WINDOWSc:\documents and settings\Owner\WINDOWSc:\program files\Altnetc:\program files\Altnet\My Altnet Shares\Bullguard Protection\bzip2.xmd.cabc:\program files\Altnet\My Altnet Shares\Bullguard Protection\cran.cvd.cabc:\program files\Altnet\My Altnet Shares\Bullguard Protection\emalware.ivd.cabc:\program files\Altnet\My Altnet Shares\Bullguard Protection\gzip.xmd.cabc:\program files\Altnet\My Altnet Shares\Bullguard Protection\java.cvd.cabc:\program files\Altnet\My Altnet Shares\Bullguard Protection\plugins.cabc:\program files\Altnet\My Altnet Shares\Bullguard Protection\plugins.cab.cabc:\program files\Altnet\My Altnet Shares\Bullguard Protection\tar.xmd.cabc:\program files\Altnet\My Altnet Shares\Bullguard Protection\update.txt.cabc:\temp\1cbc:\temp\1cb\syscheck.logc:\temp\tn3c:\windows\cdmxtrasc:\windows\Downloaded Program Files\CpnMgr.dllc:\windows\Fonts\a.zipc:\windows\help\wmplayer.bakc:\windows\Readme.txtc:\windows\system32\bkmoopob.exec:\windows\system32\BSTIEPrintCtl1.dllc:\windows\system32\config\systemprofile\WINDOWSc:\windows\system32\dllcache\wmpvis.dllc:\windows\system32\ijl11.dllc:\windows\system32\p2c:\windows\system32\ps2.batc:\windows\system32\URTTempc:\windows\system32\URTTemp\fusion.dllc:\windows\system32\URTTemp\mscoree.dllc:\windows\system32\URTTemp\mscoree.dll.localc:\windows\system32\URTTemp\mscorsn.dllc:\windows\system32\URTTemp\mscorwks.dllc:\windows\system32\URTTemp\msvcr71.dllc:\windows\system32\URTTemp\regtlib.exec:\windows\system32\z0c:\windows\system32\z0\vetzcomz22.exeD:\Autorun.infL:\Autorun.infL:\setup.exe..((((((((((((((((((((((((( Files Created from 2013-03-01 to 2013-04-01 )))))))))))))))))))))))))))))))..2013-03-31 05:40 . 2013-03-31 05:40 -------- d-----w- c:\windows\ERUNT2013-03-31 04:10 . 2013-03-31 05:40 -------- d-----w- C:\JRT2013-03-22 21:11 . 2013-03-22 21:11 -------- d-----w- c:\documents and settings\Owner\Application Data\Windows Search2013-03-22 15:47 . 2013-03-22 15:47 -------- d-----w- c:\windows\system32\winrm2013-03-22 15:47 . 2013-03-22 15:47 -------- dc----w- c:\windows\$968930Uinstall_KB968930$2013-03-22 15:47 . 2013-03-22 15:47 -------- d-----w- c:\documents and settings\Owner\Application Data\Windows Desktop Search2013-03-22 15:45 . 2013-03-22 16:12 -------- d-----w- c:\program files\Windows Desktop Search2013-03-22 15:45 . 2013-03-22 15:45 -------- d-----w- c:\windows\system32\GroupPolicy2013-03-22 15:42 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll2013-03-22 15:42 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll2013-03-22 15:42 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll2013-03-22 15:03 . 2013-03-15 07:21 7108640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{8D78080F-F14E-459E-8027-D106C2F870C9}\mpengine.dll2013-03-21 23:06 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys2013-03-21 23:06 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys2013-03-17 18:21 . 2010-05-26 16:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll2013-03-17 18:20 . 2010-05-26 16:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll2013-03-17 18:20 . 2010-05-26 16:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll2013-03-17 18:20 . 2010-05-26 16:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll2013-03-17 18:20 . 2010-05-26 16:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll2013-03-17 18:19 . 2013-03-24 22:34 -------- d-----w- c:\windows\Logs2013-03-17 15:39 . 2013-03-22 21:11 -------- d-----w- c:\program files\Common Files\LightScribe2013-03-15 20:56 . 2013-03-22 19:05 -------- d-----w- c:\program files\Common Files\Nero2013-03-15 20:40 . 2013-03-20 14:06 -------- d-----w- c:\program files\Microsoft Silverlight...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-03-12 20:39 . 2012-06-25 21:48 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-03-12 20:39 . 2011-06-04 16:40 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-02-12 00:32 . 2004-08-04 06:04 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys2013-02-12 00:32 . 2003-08-08 15:35 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys2013-02-08 00:45 . 2008-01-18 18:43 6954968 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll2013-02-05 20:05 . 2004-08-24 00:32 916480 ----a-w- c:\windows\system32\wininet.dll2013-02-05 20:05 . 2003-08-08 16:23 43520 ----a-w- c:\windows\system32\licmgr10.dll2013-02-05 20:05 . 2003-08-08 16:18 1469440 ----a-w- c:\windows\system32\inetcpl.cpl2013-02-05 05:53 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec2013-01-26 03:55 . 2003-08-08 15:33 552448 ----a-w- c:\windows\system32\oleaut32.dll2013-01-17 06:28 . 2009-10-02 16:58 232336 ------w- c:\windows\system32\MpSigStub.exe2013-01-07 01:19 . 2003-08-08 15:33 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe2013-01-07 00:37 . 2002-08-29 08:04 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe2013-01-04 01:20 . 2003-08-08 15:35 1867264 ----a-w- c:\windows\system32\win32k.sys2013-01-02 06:49 . 2003-05-30 14:00 1292288 ----a-w- c:\windows\system32\quartz.dll2013-01-02 06:49 . 2002-12-12 14:14 148992 ----a-w- c:\windows\system32\mpg2splt.ax..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"PhotoShow Deluxe Media Manager"="c:\progra~1\Nero\data\xtras\mssysmgr.exe" [2005-02-26 212992].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"LTMSG"="LTMSG.exe 7" [X]"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]"CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-07 90112]"HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 49152]"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 49152]"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2012-09-28 298376]"Desktop Disc Tool"="c:\program files\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]"Trend Micro RUBotted V2.0 Beta"="c:\program files\Trend Micro\RUBotted\RUBottedGUI.exe" [2010-12-17 1103184].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableLinkedConnections"= 1 (0x1).[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]Source= c:\program files\Windows NT\rtesejifsi.htmlFriendlyName= .[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]2003-02-21 10:50 40960 ----a-w- c:\program files\Softex\OmniPass\OPXPGina.dll.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]@="Service".[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnkbackup=c:\windows\pss\Event Reminder.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Reminders.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Reminders.lnkbackup=c:\windows\pss\Reminders.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnkbackup=c:\windows\pss\Updates from HP.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk]path=c:\documents and settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnkbackup=c:\windows\pss\spamsubtract.lnkStartup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]2004-09-07 18:47 57344 ----a-w- c:\windows\ALCXMNTR.EXE.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify]2003-06-23 04:25 24576 ----a-w- c:\program files\Hewlett-Packard\Digital Imaging\bin\BackupNotify.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]2011-07-19 23:29 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]2003-07-23 14:37 53248 ----a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]2003-07-28 19:19 323584 ----a-w- c:\windows\system32\nwiz.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]2005-02-26 00:28 212992 -c--a-w- c:\progra~1\Nero\data\Xtras\mssysmgr.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]2003-11-10 21:06 406016 ----a-w- c:\windows\system32\PSDrvCheck.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]2003-03-07 10:01 77887 ----a-w- c:\program files\WordPerfect Office 11\Programs\QFSCHD110.EXE.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]2007-09-25 06:11 132496 -c--a-w- c:\program files\Java\jre1.6.0_03\bin\jusched.exe.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0).[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\WINDOWS\\system32\\wjview.exe"="c:\\Program Files\\NetMeeting\\conf.exe"="c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\WINDOWS\\system32\\mshta.exe"="c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\uTorrent\\uTorrent.exe"="c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"="c:\\Program Files\\Nero\\Nero Blu-ray Player\\Blu-rayPlayer.exe"="c:\\Program Files\\Nero\\Nero 12\\Nero BackItUp\\BackItUp.exe"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"22936:TCP"= 22936:TCP:BitComet 22936 TCP"22936:UDP"= 22936:UDP:BitComet 22936 UDP"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management .R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0604010.00E\symds.sys [2/6/2013 8:15 AM 340088]R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0604010.00E\symefa.sys [2/6/2013 8:15 AM 924320]R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20130322.001\BHDrvx86.sys [3/21/2013 8:52 PM 997464]R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\0604010.00E\ccsetx86.sys [2/6/2013 8:15 AM 132768]R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0604010.00E\ironx86.sys [2/6/2013 8:15 AM 149624]R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/23/2012 12:37 PM 13672]R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [3/24/2013 5:47 PM 398184]R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/24/2013 5:47 PM 682344]R2 N360;Norton 360;c:\program files\Norton 360\Engine\6.4.1.14\ccsvchst.exe [2/6/2013 8:15 AM 138272]R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 1:19 PM 50704]R2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\Trend Micro\RUBotted\RUBotSrv.exe [3/22/2013 9:56 PM 439632]R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/9/2012 8:11 PM 106656]R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20130329.001\IDSXpx86.sys [3/29/2013 9:39 PM 373728]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/24/2013 5:47 PM 21104]S2 GdFsHook;McAfee Privacy Service File Guardian;\??\c:\windows\system32\Drivers\GDFSHK.SYS --> c:\windows\system32\Drivers\GDFSHK.SYS [?]S2 GdTdi;McAfee Privacy Service Transport Filter;\??\c:\windows\system32\Drivers\GDTDI.SYS --> c:\windows\system32\Drivers\GDTDI.SYS [?]S3 DCamUSBUVT;ICM532A;c:\windows\system32\drivers\usbuvt.sys [8/27/2005 11:02 PM 95232]S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7/4/2008 11:29 AM 30192]S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\drivers\btblan.sys [10/17/2010 1:27 PM 33792]S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [6/26/2009 11:19 AM 1124848]S3 USBAV708;Instant VideoMPX;c:\windows\system32\drivers\USBAV708.SYS [9/14/2005 5:33 PM 101120].Contents of the 'Scheduled Tasks' folder.2013-03-31 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-25 20:39].2013-03-29 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57].2013-04-01 c:\windows\Tasks\MP Scheduled Scan.job- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20].2013-03-29 c:\windows\Tasks\Roxio PhotoShow Updater.job- c:\program files\Roxio\PhotoShow\auto_updater_shim.exe [2010-10-29 01:37]..------- Supplementary Scan -------.uStart Page = hxxp://www.google.comuDefault_Search_URL = hxxp://srch-us9.hpwis.com/uInternet Connection Wizard,ShellNext = iexploreuInternet Settings,ProxyOverride = localhost;*.localIE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htmIE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htmIE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htmIE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htmIE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htmIE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htmIE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htmTrusted Zone: intuit.com\ttlcTCP: DhcpNameServer = 209.18.47.61 209.18.47.62DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cabDPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab.- - - - ORPHANS REMOVED - - - -.BHO-{da8ba20c-2414-4cdd-8e97-020e4f375ed5} - (no file)HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exeHKCU-Run-LightScribe Control Panel - c:\program files\Common Files\LightScribe\LightScribeControlPanel.exeMSConfigStartUp-MCAgentExe - c:\progra~1\mcafee.com\agent\mcagent.exeMSConfigStartUp-MCUpdateExe - c:\progra~1\mcafee.com\agent\mcupdate.exeMSConfigStartUp-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.ExeMSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exeMSConfigStartUp-UpdateManager - c:\program files\Common Files\Sonic\Update Manager\sgtray.exeMSConfigStartUp-Yahoo! Pager - c:\program files\Yahoo!\Messenger\ypager.exeAddRemove-Coupon Printer for Windows4.0 - c:\program files\Coupons\uninstall.exeAddRemove-Coupon Printer for Windows5.0.0.2 - c:\program files\Coupons\uninstall.exeAddRemove-Norton SystemWorks - c:\program files\Norton SystemWorks\uninst.isu...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2013-04-01 13:57Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]"ImagePath"="\"c:\program files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.4.1.14\diMaster.dll\" /prefetch:1".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\.sol\PersistentHandler]@DACL=(02 0000)@="{5e941d80-bf96-11cd-b579-08002b30bfeb}".[HKEY_LOCAL_MACHINE\software\Classes\.sor\PersistentHandler]@DACL=(02 0000)@="{eec97550-47a9-11cf-b952-00aa0051fe20}".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(752)c:\program files\Softex\OmniPass\opxpgina.dll.- - - - - - - > 'explorer.exe'(732)c:\windows\system32\WININET.dllc:\windows\system32\nView.dllc:\windows\system32\ieframe.dllc:\windows\system32\msi.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exec:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exec:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files\Bonjour\mDNSResponder.exec:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exec:\program files\LeapFrog\LeapFrog Connect\CommandService.exec:\windows\system32\nvsvc32.exec:\program files\Softex\OmniPass\Omniserv.exec:\windows\system32\SearchIndexer.exec:\program files\Softex\OmniPass\OPXPApp.exec:\program files\Malwarebytes' Anti-Malware\mbamgui.exec:\windows\system32\wscntfy.exec:\program files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exec:\windows\LTMSG.exec:\windows\System32\hphmon05.exec:\windows\system32\rundll32.exec:\hp\KBD\KBD.EXEc:\windows\system32\SearchProtocolHost.exec:\windows\system32\SearchFilterHost.exe.**************************************************************************.Completion time: 2013-04-01 14:05:57 - machine was rebootedComboFix-quarantined-files.txt 2013-04-01 19:05.Pre-Run: 95,084,449,792 bytes freePost-Run: 95,245,488,128 bytes free.- - End Of File - - 5F203EAB90A7B3991DCB7B5F7205DE7F

Report •

#31
April 1, 2013 at 13:27:46
 Great to see Combofix found these Autorun files in your usb drives and that setup.exe. D:\Autorun.infL:\Autorun.infL:\setup.exeWe need to remove Combofix from your pc now. Click Start, click Run, Copy and paste the followingcombofix /uninstallThen click "Ok"Combofix will then start to load like before only this time it will remove it, again please don't touch anything while its running.Please reply and let us know if our help worked. Your feedback helps others. Maybe you?

Report •

#32
April 1, 2013 at 15:10:44
 Combofix is uninstalled, whats next?

Report •

#33
April 1, 2013 at 15:30:50

Report •

#34
April 1, 2013 at 16:59:58
 It is shutting itself down saying -The system has recovered from a serious error-

Report •

#35
April 1, 2013 at 17:11:39

Report •

#36
April 1, 2013 at 21:05:36
 Followed steps, where would the file Pagefile.sys be found? Looked in C drive and didn't see it listed. Is it in another folder? It wants me to delete it but I can't find it.

Report •

#37
April 1, 2013 at 21:53:43
 Go to Start, My Computer, Open your C:/ drive, on this page go to the Tools menu at the top of this window. Go to Folder Options, View tab, Go down the list until you find Hidden Files and Folders, Check mark Show Hidden Files and Folders. Now have another look for it in the C:/ drive for the Pagefile.sys file and delete it restart your pc and under Virtual Memory set paging file size to Custom or System Managed Size.The problem should be gone, don't forget to hide the files and folders again using the instruction above. In the reverse order.Please reply and let us know if our help worked. Your feedback helps others. Maybe you?

Report •

#38
April 1, 2013 at 22:00:42
 After that we will clean your Disk of traces and junk etc, then clean your Registry.Download Wise Disk Cleaner http://www.wisecleaner.com/wisedisk...Run the two tabs from the left Common Cleaner and Advanced Cleaner.Then download Wise Registry Cleaner http://www.wisecleaner.com/wiseregi...Run the two tabs from the left Registry Cleaner and System Tuneup.Please reply and let us know if our help worked. Your feedback helps others. Maybe you?

Report •

#39
April 2, 2013 at 10:07:54
 Maybe I'm having a bad day but both links in #38 look identical to me.Or is there some clever reason for downloading it a second time?Always pop back and let us know the outcome - thanks

Report •

#40
April 2, 2013 at 13:50:02
 No the links are different :) have a look at the top of each page for the subtle changes...One says "Disk" the other "Registry"Please reply and let us know if our help worked. Your feedback helps others. Maybe you?

Report •

#41
April 2, 2013 at 13:57:01
 Oh dear, I've failed the test again (but I do know who our Prime Minister is LOL). Excuse the intrusion folks....Always pop back and let us know the outcome - thanks

Report •

#42
April 2, 2013 at 14:03:14
 All good Derek, Your help is always welcome and its good to know your watching over us all :) Please reply and let us know if our help worked. Your feedback helps others. Maybe you?

Report •

#43
April 2, 2013 at 19:28:56
 So I deleted the pagefile and it is still shutting itself off and rebooting with same error. I went and did the steps again a second time just to make sure and same problem. Could it be something else?I have already run The Wise disk cleaner but the pc shut down before I could do the Registry.

Report •

#44
April 2, 2013 at 20:49:22
 Try this: https://kb.wisc.edu/helpdesk/page.p...Running chckdsk /f from desktop half way down the page. And I will see if I can find anything else to help.Please reply and let us know if our help worked. Your feedback helps others. Maybe you?

Report •

#45
April 3, 2013 at 14:48:29
 I ran the chckdsk, it said the volume is clean.

Report •

#46
April 3, 2013 at 15:48:42
 Try starting Windows in Safe Mode and then running Wise Registry Cleaner from there.Please reply and let us know if our help worked. Your feedback helps others. Maybe you?

Report •

#47
April 3, 2013 at 20:36:49
 Ran the Registry cleaner, had 923 issues found and 40 were unsafe. I cleaned them and 18 failed to be removed. They were in the Software paths, file types, application settings and the unistaller Ran scan a second time after cleaned and 15 failed to be removed.I ran system tuneup and defrag, then ran scan third time, still 15 could not be removed.Pc is still shutting itself off, seems like when I leave it to scan and not moving the mouse.

Report •

#48
April 4, 2013 at 21:46:10
 Going over thread to see what caused the shutting off. Looks like Combofix so we will try a system restore to the 31/03/13 or before. We will have to remove these two D:\Autorun.inf L:\Autorun.inf another way. Let me know if you need help with the restore.Remove all external drives and usb sticks etc.Once you have gone back, download Naevius USB Antivirus from here:http://www.naevius.com/usb_antiviru...Once its installed, leave it open and connect the usb devices back up. It will scan them automatically. Please reply and let us know if our help worked. Your feedback helps others. Maybe you?

Report •

#49
April 5, 2013 at 18:26:29
 So I try to do a system restore and it will not let me go back before the month of April, plus no date in April is bold for me to check. I look at the system settings and there was a check in the box the says Tun off system restore on all drives! So I am guessing this means I do not have a restore point.

Report •

#50
April 5, 2013 at 18:44:00
 Just whilst we are waiting for a comment from MrGoodguy.You receive a "System Has Recovered from a Serious Error" message after every restarthttp://support.microsoft.com/?kbid=...

Report •

#51
April 5, 2013 at 18:57:20
 After trying my Paging File variation of what MrGoodguy gave you & you are still getting the error message, see if you can find a .dmp or dump file.Copy & paste the dump (.dmp ) file onto your desktop & then upload it to a site of your choosing or use Image Uploader. Post the link please.Minidump file is located in C:\Windows\MinidumpKernel memory dump is located in C:\Windows\MEMORY.DMP

Report •

#52
April 5, 2013 at 19:31:00
 Here is the image file that you requested Mr.Goodguy[url=http://depositfiles.com/files/mfk3a5xvn]Mini040513-01.dmp[/url] [url=http://depositfiles.com/files/ay8g6gzmo]Mini040513-01.dmp[/url] there were about ten of these files in the Memory folder. I have tried a couple different times to delete the pagefile and it deletes it but still having the shutoff problem and then message comes up. I can sit and work on my computer and if I do that it doesnt shut off. But if I leave it to long or try a scan it shuts itself off.

Report •

#53
April 5, 2013 at 20:00:22

Report •

#54
April 5, 2013 at 20:03:32

Report •

#55
April 5, 2013 at 21:30:12
 Post #53FAULTING_IP:SYMEFA+d9666That is an Norton problem, uninstall it.https://support.norton.com/sp/en/au...I use Microsoft Security Essentials ( MSE )http://www.softpedia.com/get/Antivi...http://www.softpedia.com/progScreen...http://www.techsupportalert.com/bes...http://windows.microsoft.com/en-US/...System requirementshttp://www.microsoft.com/en-us/secu...Can Microsoft Security Essentials ( MSE ) protect me from online banking and shopping.http://answers.microsoft.com/en-us/...If you choose to use Security Essentials, please follow the steps in this thread first, especially the part about removing all existing realtime antimalware:http://kb.eset.com/esetkb/index?pag...

Report •

#56
April 5, 2013 at 21:55:27
 So is the other problem a Norton problem as well? From Post#20, when I ran the other virus scanners they come back saying they are clean but Norton Power eraser kept saying the L:/video.exe was bad?

Report •

#57
April 5, 2013 at 22:12:26
 "So is the other problem a Norton problem as well?"No idea, get rid of Norton & lets find out.

Report •

#58
April 6, 2013 at 20:32:18
 I uninstalled Norton. I believe it has fixed the shutting off problem. I had let my PC sit idle for over two hours and it didn't shut off. I wanted to see if the other problem still existed about the L:/video.exe file, it does but only to the Norton Power eraser. I ran a Malwarebytes scan and it came back clean on both of my disks. So how do I know if the virus is gone? And why is Norton power eraser the only one saying that this file is bad?On another note another error pops up when pc starts up, it says file is to long. C:/program files\Hewlett-packard\digital imaging\{18e0918e-1060-48f3-925c-56c82e88551b}

Report •

#59
April 6, 2013 at 21:30:50
 "Norton power eraser"Same story, it is causing problems, uninstall using Revo.If Revo dosn't pick it up, let me know.Revo Uninstallerhttp://www.softpedia.com/get/Tweak/...http://www.softpedia.com/progScreen...http://www.revouninstaller.com/Open Revo, double click on a program logo, click > Yes & then you get your options, with Advanced down the bottom.If you have partially uninstalled your program, you get a message from Revo, that it can't find the uninstaller, hit Cancel & let Revo continue on, to search for the remnants.If you get a reboot message, ignore it & do it after Revo has finished.I use Advanced Mode. Screenshots of how to use. http://i.imgur.com/dXJGX1q.gifhttp://i.imgur.com/VonCA.gifhttp://i.imgur.com/fGmmb.gifhttp://i.imgur.com/pdhbV.gifhttp://i.imgur.com/fIgy0.gifhttp://i.imgur.com/tDH9Z.gifhttp://i.imgur.com/DbfgN.gifhttp://i.imgur.com/tDafK.gifhttp://i.imgur.com/Bz5j9.gifhttp://i.imgur.com/X5S5I.gif

Report •

#60
April 6, 2013 at 21:33:51
 "On another note another error pops up when pc starts up"Let's deal with the Norton problem first, one thing at a time, small steps.

Report •

#61
April 7, 2013 at 19:56:26
 okay I unistalled all Norton, Symantec products. How do I make sure I am virus free?

Report •

#62
April 7, 2013 at 20:07:49

Report •

#63
April 7, 2013 at 20:43:49
 Results of screen317's Security Check version 0.99.62 Windows XP Service Pack 3 x86 Internet Explorer 8 [b][u]Antivirus/Firewall Check:[/b][/u] Windows Firewall Enabled! ESET Online Scanner v3 Trend Micro RUBotted 2.0 Beta Microsoft Security Essentials [b][u]Anti-malware/Other Utilities Check:[/b][/u] Windows Defender CCleaner Wise Disk Cleaner 7.79 Wise Registry Cleaner 7.67 Java Web Start Java(TM) 6 Update 2 Java(TM) 6 Update 3 Java 2 Runtime Environment, SE v1.4.1_02 [color=red][b]Java version out of Date![/b][/color] Adobe Flash Player 11.6.602.180 Adobe Reader 10.1.6 [color=red][b]Adobe Reader out of Date![/b][/color] [b][u]Process Check: objlist.exe by Laurent[/b][/u] Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Trend Micro RUBotted RUBotSrv.exe [b][u]System Health check[/b][/u] Total Fragmentation on Drive C:: 0% [b][u]End of Log[/b][/u]

Report •

#64
April 7, 2013 at 20:55:07

Report •

#65
April 7, 2013 at 21:01:11
 After the above, run these (yes I know you have already run the Wise programs) in this order please.1: TFChttp://www.geekstogo.com/forum/file...http://oldtimer.geekstogo.com/TFC.exehttp://www.itxassociates.com/OT-Too...Please double-click TFC.exe to run it. (Note: If you are running on Vista/Windows 7, right-click on the file and choose Run As Administrator).It will close all programs when run, so make sure you have saved all your work before you begin.Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean. 2: Wise Disk Cleaner ( Run the 1st three tabs, left to right. I use default settings, leave boxes that are unchecked, unchecked ) Reboot when finished.3: Wise Registry Cleaner ( Only use Registry Cleaner & with default settings. Don't use System Tuneup, that is for Experts, you really have to know what you are doing ) Reboot when finished.

Report •

#66
April 7, 2013 at 21:28:37
 I just googled Trend Micro RUBotted, it hasn't been updated for years. Use Revo to uninstall.

Report •

#67
April 8, 2013 at 18:58:33
 I uninstalled the old Java and Adobe reader and also RUBotted. Here is the new scan to see if I am more secure. It looks like it is still saying my Java is out of date. I had Java 2 and now I have Java 6 what number should I have? Windows XP Service Pack 3 x86 Internet Explorer 8 [b][u]Antivirus/Firewall Check:[/b][/u] Windows Firewall Enabled! ESET Online Scanner v3 Microsoft Security Essentials [b][u]Anti-malware/Other Utilities Check:[/b][/u] Windows Defender CCleaner Wise Disk Cleaner 7.79 Wise Registry Cleaner 7.67 Java Web Start Java(TM) 6 Update 2 [color=red][b]Java version out of Date![/b][/color] Adobe Flash Player 11.6.602.180 Adobe Reader XI Google Chrome 22.0.1229.95 Google Chrome 26.0.1410.43 [b][u]Process Check: objlist.exe by Laurent[/b][/u] Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe [b][u]System Health check[/b][/u] Total Fragmentation on Drive C:: 2% [b][u]End of Log[/b][/u]

Report •

#68
April 8, 2013 at 19:09:08

Report •

#69
April 8, 2013 at 20:25:27
 Java has been updated. I ran the temp file cleaner and the Wise disk and Registry cleaner in the order you told me to and rebooted each time. Whats next?

Report •

#70
April 8, 2013 at 20:32:48
 Copy & Paste the contents of the log/logs after running each program please.

Report •

#71
April 8, 2013 at 21:12:56

Report •

#72
April 9, 2013 at 19:44:41

Report •

#73
April 9, 2013 at 19:46:12

Report •

#74
April 9, 2013 at 19:47:24
 Yes HopperRox, I agree with you. These guys are amazing for helping me!

Report •

#75
April 9, 2013 at 20:54:09
 "so I had to break it up"Spot on, that's the way to do it."Did it only scan my C drive? I have an external L drive that I believe is where I downloaded the virus too"This is an extract from your TDSSKiller log. That L is the same one, correct?============================================================21:18:51.0836 3764 C: <-> \Device\Harddisk0\DR0\Partition221:18:51.0836 3764 D: <-> \Device\Harddisk0\DR0\Partition121:18:51.0851 3764 L: <-> \Device\Harddisk5\DR7\Partition121:18:51.0851 3764 ============================================================

Report •

#76
April 9, 2013 at 21:00:22
 Thanks HopperRox, once an OP is prepared to carry on, I commit to a full follow up.It does take some effort, just remembering what has been done is hard. Not doing all aspects of the clean up, will let the infection come back.

Report •

#77
April 9, 2013 at 21:28:52
 Yes, that is the same L, drive. Sorry I missed it. So what is the next adventure?

Report •

#78
April 9, 2013 at 21:42:05
 Here we go.

Report •

#79
April 10, 2013 at 05:33:45
 Unhooker report - - - - -

Report •

#80
April 10, 2013 at 05:39:53

Report •

#81
April 10, 2013 at 11:42:48
 ESET scan said NO Threats found. So no log to copy. Took 5 hours to scan.

Report •

#82
April 10, 2013 at 11:53:29
 "ESET scan said NO Threats found. So no log to copy. Took 5 hours to scan"That is a very good result, it means that remnants of programs that helped infect you, are gone.Download TR ( Trojan Remover, 30 day trial )http://www.softpedia.com/get/Antivi...http://www.softpedia.com/progScreen...http://www.simplysup.com/tremover/d...Install, update then follow the scanning instructions.

Report •

#83
April 10, 2013 at 21:28:59
 Scan completeNo active malicious files were found and no changes were made- that was the message I received.

Report •

#84
April 10, 2013 at 22:45:41

Report •

#85
April 11, 2013 at 11:51:56
 ComboFix 13-04-11.01 - Owner 04/11/2013 13:14:40.2.2 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1500 [GMT -5:00]Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exeAV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\All Users\Application Data\TEMP..((((((((((((((((((((((((( Files Created from 2013-03-11 to 2013-04-11 )))))))))))))))))))))))))))))))..2013-04-11 04:24 . 2013-04-11 04:24 -------- d-----w- c:\program files\Trojan Remover2013-04-11 04:21 . 2013-03-15 05:21 7108640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DC8D63FD-36F9-465E-BD26-EA43C83EFD30}\mpengine.dll2013-04-11 04:18 . 2012-06-15 20:35 185616 ----a-w- c:\windows\system32\ztvunrar39.dll2013-04-11 04:18 . 2012-06-15 20:33 605968 ----a-w- c:\windows\system32\ztv7z.dll2013-04-11 04:18 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll2013-04-11 04:18 . 2012-06-15 20:39 169744 ----a-w- c:\windows\system32\ztvunrar36.dll2013-04-11 04:18 . 2012-06-15 20:33 77072 ----a-w- c:\windows\system32\ztvcabinet.dll2013-04-11 04:18 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\unrar3.dll2013-04-11 04:18 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll2013-04-11 04:17 . 2013-04-11 04:25 -------- d-----w- c:\documents and settings\Owner\Application Data\Simply Super Software2013-04-11 04:17 . 2013-04-11 04:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software2013-04-09 15:02 . 2013-03-15 05:21 7108640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-04-09 02:42 . 2013-04-09 02:42 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache2013-04-09 02:38 . 2013-04-09 02:38 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Sun2013-04-09 02:27 . 2013-04-09 02:27 143872 ----a-w- c:\windows\system32\javacpl.cpl2013-04-09 02:27 . 2013-04-09 02:27 782240 ----a-w- c:\windows\system32\deployJava1.dll2013-04-09 02:27 . 2013-04-09 02:27 861088 ----a-w- c:\windows\system32\npDeployJava1.dll2013-04-09 02:27 . 2013-04-09 02:27 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll2013-04-08 14:49 . 2013-04-08 14:49 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee2013-04-08 03:34 . 2013-04-08 03:34 -------- d-----w- c:\program files\Microsoft Security Client2013-04-08 02:27 . 2013-04-08 02:27 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\VS Revo Group2013-04-08 02:26 . 2013-04-08 02:26 -------- d-----w- c:\documents and settings\All Users\Application Data\VS Revo Group2013-04-08 02:26 . 2009-12-30 15:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys2013-04-08 02:26 . 2013-04-08 02:26 -------- d-----w- c:\program files\VS Revo Group2013-04-06 15:40 . 2013-03-15 07:21 7108640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{660A6026-3659-4E8A-8C76-3A9BD6685A08}\mpengine.dll2013-04-06 02:25 . 2013-04-06 02:28 -------- d-----w- c:\documents and settings\Owner\Application Data\Image Uploader2013-04-06 02:24 . 2013-04-06 02:24 -------- d-----w- c:\program files\Image Uploader2013-04-06 02:24 . 2013-04-06 02:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Image Uploader2013-04-04 04:45 . 2013-04-04 04:45 -------- d-----w- c:\program files\Amazing Designs2013-04-04 03:29 . 2013-04-04 04:04 -------- d-----w- c:\documents and settings\Owner\Application Data\Wise Registry Cleaner2013-04-02 16:30 . 2013-04-09 02:39 -------- d-----w- c:\documents and settings\Owner\Application Data\Wise Disk Cleaner2013-04-02 16:29 . 2013-04-04 03:28 -------- d-----w- c:\program files\Wise2013-03-31 05:40 . 2013-03-31 05:40 -------- d-----w- c:\windows\ERUNT2013-03-31 04:10 . 2013-03-31 05:40 -------- d-----w- C:\JRT2013-03-28 17:46 . 2013-03-28 17:46 -------- d-----w- c:\program files\ESET2013-03-26 01:21 . 2013-03-26 01:21 -------- d-----w- c:\program files\HitmanPro2013-03-26 01:19 . 2013-03-26 01:30 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro2013-03-24 22:33 . 2013-03-24 22:34 -------- d-----w- c:\program files\CCleaner2013-03-24 04:36 . 2013-04-01 18:50 -------- d-----w- c:\documents and settings\Administrator2013-03-23 02:56 . 2013-03-23 02:56 -------- d-----w- c:\program files\WinPcap2013-03-22 21:36 . 2013-04-07 02:17 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\NPE2013-03-22 21:11 . 2013-03-22 21:11 -------- d-----w- c:\documents and settings\Owner\Application Data\Windows Search2013-03-22 15:47 . 2013-03-22 15:47 -------- d-----w- c:\windows\system32\winrm2013-03-22 15:47 . 2013-03-22 15:47 -------- dc----w- c:\windows\$968930Uinstall_KB968930$2013-03-22 15:47 . 2013-03-22 15:47 -------- d-----w- c:\documents and settings\Owner\Application Data\Windows Desktop Search2013-03-22 15:45 . 2013-03-22 16:12 -------- d-----w- c:\program files\Windows Desktop Search2013-03-22 15:45 . 2013-03-22 15:45 -------- d-----w- c:\windows\system32\GroupPolicy2013-03-22 15:42 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll2013-03-22 15:42 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll2013-03-22 15:42 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll2013-03-21 23:06 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys2013-03-21 23:06 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys2013-03-17 18:21 . 2010-05-26 16:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll2013-03-17 18:20 . 2010-05-26 16:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll2013-03-17 18:20 . 2010-05-26 16:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll2013-03-17 18:20 . 2010-05-26 16:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll2013-03-17 18:20 . 2010-05-26 16:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll2013-03-17 18:19 . 2013-03-24 22:34 -------- d-----w- c:\windows\Logs2013-03-17 15:39 . 2013-04-06 18:38 -------- d-----w- c:\program files\Common Files\LightScribe2013-03-15 20:56 . 2013-04-06 19:13 -------- d-----w- c:\program files\Common Files\Nero2013-03-15 20:40 . 2013-03-20 14:06 -------- d-----w- c:\program files\Microsoft Silverlight...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-04-02 10:33 . 2009-10-02 16:58 237088 ------w- c:\windows\system32\MpSigStub.exe2013-03-15 07:21 . 2008-01-18 18:43 7108640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll2013-03-12 20:39 . 2012-06-25 21:48 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-03-12 20:39 . 2011-06-04 16:40 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-03-08 08:36 . 2003-08-08 15:35 293376 ----a-w- c:\windows\system32\winsrv.dll2013-03-07 01:32 . 2003-08-08 15:33 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe2013-03-07 00:50 . 2002-08-29 08:04 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe2013-03-02 02:06 . 2004-08-24 00:32 916480 ----a-w- c:\windows\system32\wininet.dll2013-03-02 02:06 . 2003-08-08 16:23 43520 ----a-w- c:\windows\system32\licmgr10.dll2013-03-02 02:06 . 2003-08-08 16:18 1469440 ----a-w- c:\windows\system32\inetcpl.cpl2013-03-02 01:25 . 2003-08-08 15:35 1867264 ----a-w- c:\windows\system32\win32k.sys2013-03-02 01:08 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec2013-02-27 07:56 . 2003-08-08 15:33 2067456 ----a-w- c:\windows\system32\mstscax.dll2013-02-12 00:32 . 2004-08-04 06:04 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys2013-02-12 00:32 . 2003-08-08 15:35 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys2013-01-26 03:55 . 2003-08-08 15:33 552448 ----a-w- c:\windows\system32\oleaut32.dll2013-01-20 20:59 . 2013-01-20 20:59 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"PhotoShow Deluxe Media Manager"="c:\progra~1\Nero\data\xtras\mssysmgr.exe" [2005-02-26 212992]"NVIEW"="nview.dll" [2003-07-28 852038].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"LTMSG"="LTMSG.exe 7" [X]"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]"CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-07 90112]"HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 49152]"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 49152]"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2012-09-28 298376]"Desktop Disc Tool"="c:\program files\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-05-23 483328]"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-01 30192]"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2004-09-21 73728]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-07-28 4841472]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2013-02-07 1608464].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160].c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableLinkedConnections"= 1 (0x1).[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]Source= c:\program files\Windows NT\rtesejifsi.htmlFriendlyName= .[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]2003-02-21 10:50 40960 ----a-w- c:\program files\Softex\OmniPass\OPXPGina.dll.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]@="Service".[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnkbackup=c:\windows\pss\Event Reminder.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Reminders.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Reminders.lnkbackup=c:\windows\pss\Reminders.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnkbackup=c:\windows\pss\Updates from HP.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk]path=c:\documents and settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnkbackup=c:\windows\pss\spamsubtract.lnkStartup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]2004-09-07 18:47 57344 ----a-w- c:\windows\ALCXMNTR.EXE.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify]2003-06-23 04:25 24576 ----a-w- c:\program files\Hewlett-Packard\Digital Imaging\bin\BackupNotify.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]2011-07-19 23:29 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]2003-07-23 14:37 53248 ----a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]2003-07-28 19:19 323584 ----a-w- c:\windows\system32\nwiz.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]2005-02-26 00:28 212992 -c--a-w- c:\progra~1\Nero\data\Xtras\mssysmgr.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]2003-11-10 21:06 406016 ----a-w- c:\windows\system32\PSDrvCheck.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]2003-03-07 10:01 77887 ----a-w- c:\program files\WordPerfect Office 11\Programs\QFSCHD110.EXE.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0).[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\WINDOWS\\system32\\wjview.exe"="c:\\Program Files\\NetMeeting\\conf.exe"="c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\WINDOWS\\system32\\mshta.exe"="c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\uTorrent\\uTorrent.exe"="c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"="c:\\Program Files\\Nero\\Nero Blu-ray Player\\Blu-rayPlayer.exe"="c:\\Program Files\\Nero\\Nero 12\\Nero BackItUp\\BackItUp.exe"="c:\\Program Files\\Nero\\KM\\KwikMedia.exe"="c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"22936:TCP"= 22936:TCP:BitComet 22936 TCP"22936:UDP"= 22936:UDP:BitComet 22936 UDP"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management .R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/23/2012 12:37 PM 13672]R2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [7/13/2012 4:27 PM 769432]R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 1:19 PM 50704]S1 MpKslb16216b8;MpKslb16216b8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DC8D63FD-36F9-465E-BD26-EA43C83EFD30}\MpKslb16216b8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DC8D63FD-36F9-465E-BD26-EA43C83EFD30}\MpKslb16216b8.sys [?]S2 GdFsHook;McAfee Privacy Service File Guardian;\??\c:\windows\system32\Drivers\GDFSHK.SYS --> c:\windows\system32\Drivers\GDFSHK.SYS [?]S2 GdTdi;McAfee Privacy Service Transport Filter;\??\c:\windows\system32\Drivers\GDTDI.SYS --> c:\windows\system32\Drivers\GDTDI.SYS [?]S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]S3 DCamUSBUVT;ICM532A;c:\windows\system32\drivers\usbuvt.sys [8/27/2005 11:02 PM 95232]S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7/4/2008 11:29 AM 30192]S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\drivers\btblan.sys [10/17/2010 1:27 PM 33792]S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [4/7/2013 9:26 PM 27064]S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [6/26/2009 11:19 AM 1124848]S3 USBAV708;Instant VideoMPX;c:\windows\system32\drivers\USBAV708.SYS [9/14/2005 5:33 PM 101120].[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]2011-03-04 17:29 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-04-10 01:31 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-04-10 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-25 20:39].2013-03-29 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57].2013-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-08 19:21].2013-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-08 19:21].2013-04-11 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 16:11].2013-03-29 c:\windows\Tasks\Roxio PhotoShow Updater.job- c:\program files\Roxio\PhotoShow\auto_updater_shim.exe [2010-10-29 01:37]..------- Supplementary Scan -------.uStart Page = hxxp://www.google.comuDefault_Search_URL = hxxp://srch-us9.hpwis.com/uInternet Connection Wizard,ShellNext = iexploreuInternet Settings,ProxyOverride = localhost;*.localIE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htmIE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htmIE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htmIE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htmIE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htmIE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htmIE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htmTrusted Zone: intuit.com\ttlcTCP: DhcpNameServer = 209.18.47.61 209.18.47.62DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cabDPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab.- - - - ORPHANS REMOVED - - - -.MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_03\bin\jusched.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2013-04-11 13:25Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\.sol\PersistentHandler]@DACL=(02 0000)@="{5e941d80-bf96-11cd-b579-08002b30bfeb}".[HKEY_LOCAL_MACHINE\software\Classes\.sor\PersistentHandler]@DACL=(02 0000)@="{eec97550-47a9-11cf-b952-00aa0051fe20}".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(764)c:\program files\Softex\OmniPass\opxpgina.dll.- - - - - - - > 'explorer.exe'(2612)c:\windows\system32\WININET.dllc:\windows\system32\nView.dllc:\windows\system32\msi.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\program files\Microsoft Security Client\MsMpEng.exec:\program files\Common Files\EPSON\EBAPI\eEBSVC.exec:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files\Bonjour\mDNSResponder.exec:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exec:\program files\Java\jre7\bin\jqs.exec:\program files\LeapFrog\LeapFrog Connect\CommandService.exec:\program files\Common Files\LightScribe\LSSrvc.exec:\windows\system32\nvsvc32.exec:\program files\Softex\OmniPass\Omniserv.exec:\windows\system32\SearchIndexer.exec:\program files\Softex\OmniPass\OPXPApp.exec:\windows\system32\wscntfy.exec:\program files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exec:\windows\LTMSG.exec:\program files\iPod\bin\iPodService.exec:\windows\system32\rundll32.exec:\program files\Hewlett-Packard\Digital Imaging\{18E0918E-1060-48f3-925C-56C82E88551B}\setup.exec:\windows\system32\msiexec.exe.**************************************************************************.Completion time: 2013-04-11 13:34:01 - machine was rebootedComboFix-quarantined-files.txt 2013-04-11 18:33ComboFix2.txt 2013-04-01 19:05.Pre-Run: 98,673,893,376 bytes freePost-Run: 98,587,684,864 bytes free.- - End Of File - - 124F7F095B553DADAFAD349DBABA33CD

Report •

#86
April 11, 2013 at 12:02:12
 Under other running programs in the combofix log if you look toward the bottom, the second one from the bottom. c:\program files\Hewlett-Packard\Digital Imaging\{18E0918E-1060-48f3-925C-56C82E88551B} That is the error code I get every time my computer boots up. It says error this file name is too long. I know you said one thing at a time just thought I would point it out since it was listed in the log.

Report •

#87
April 11, 2013 at 14:10:07
 " I know you said one thing at a time just thought I would point it out since it was listed in the log"We are now at that point, it was my next move. Lets see if this fixes it.Run chkdsk & post the contents of the log. Check both boxes.http://best-windows.vlaurie.com/chk...Obtaining CHKDSK Results ( log file )http://www.cpucare.net/OS/XP/Viewin...How to get to Event Viewer.In Windows XP there are four ways to get to event viewer.Start > Control Panel > Administrative Tools > Event Viewer.Right click > My Computer > Manage > Event Viewer.Start > Run > Eventvwr. Start > All Programs > Accessories > Command Prompt, paste > Eventvwr & hit Enter.Obtaining CHKDSK ResultsOnce Event Viewer is open, select Application. The 4th column of information in the right-hand pane is titled Source, click on the word Source at the top of the column to sort by that column. Scroll through the Source column to find the most recent entry titled Winlogon.Double-click Winlogon to open the CHKDSK results.

Report •

#88
April 11, 2013 at 14:56:48
 mmm 87 responses thus far; is this a record?I gave up trying to follow the saga in detail - but a wee thought that may help...When running a scan for any kind of pest, usually wise(r) to disable System Restore; and leave it that way until scan is complete. Then have a look-see for anything that is quarantined; and delete it.Then reboot; if all OK... re-enable System Restore, and reboot. If problem returns... disable System Restore; rescan. etc as just above, and check for/delete anything quarantined... Then try going back to a Restore Point well before the problem(s) arrived... And if problem returns yet again... then repeat scan etc. as above. Then try another even earlier Restore Point.. and if necessary do this working back to earlier Restore Points - hopefully until one is found that doesn't reproduce the pest effects. If you can bear it... consider deleting all previous restore points, after a first successful clean scan routine etc. as above.If you can run your scan(s) in Safe-mode (with or without networking) even better... You would only need networking if using an on-line freebie (or otherwise) scan utility...And one other approach; boot with a Linux disk; run all freebie on-line scans you can find; and as usual delete anything quarantined. Possibly also run some of the various utils suggested via the Linux boot too. I think you will be able install some of them even via Linux (but others may advise you can't and I bow to their experience there...)System Restore often will put things back that you hoped you had removed, corrected etc...; and if there is anything in a quarantined environment likely they may/will be restored too...Your story is an excellent reason and lesson in why NOT to use Torrent, Warez and similar sites - and/or most "naught naught" sites... No end of junk, nasties etc. are harboured there and can and will do all manner of damage...Which having said... Recently download an update from M$-land and an XP-Pro system died... No desktop display - nothing - just a blank standard desktop back ground... All fine in Safe-mode but no way to get it OK in Normal mode... Even a repair install failed to resolve it... Systernals ERD said it was all OK...; but it wasn't... A parallel install found that whilst data was intact in the old installation (Personal stuff etc.) Outlook had been obliterated totally. Only solution was to save data etc. off the system or to a separate partition on the HD; then reformat c: partition and re-install OS/apps afresh. Then it all worked fine... But again I feel best to avoid like the plague Torrents etc... Report • #89 April 11, 2013 at 15:19:45  Re #88If you disable system restore in XP this remove all restore points (gone forever) so you can't then re-enable it as you suggest and get them back again later.That's my understanding, but my XP is currently awaiting delivery of a PSU so I can't check it out. Having to make do with Win 8 LOL.Always pop back and let us know the outcome - thanks Report • #90 April 11, 2013 at 18:41:35  You are correct Derek, once you disable the Restore the points are gone.Regards Report • #91 April 11, 2013 at 22:14:40  Did not fix the problem error came back up when pc rebooted. Here is the log.Checking file system on C:The type of the file system is NTFS.Volume label is HP_PAVILION.A disk check has been scheduled.Windows will now check the disk. Cleaning up minor inconsistencies on the drive.Cleaning up 408 unused index entries from index$SII of file 0x9.Cleaning up 408 unused index entries from index $SDH of file 0x9.Cleaning up 408 unused security descriptors.CHKDSK is verifying Usn Journal...Usn Journal verification completed.CHKDSK is verifying file data (stage 4 of 5)...File data verification completed.CHKDSK is verifying free space (stage 5 of 5)...Free space verification is complete. 150451559 KB total disk space. 53784792 KB in 157530 files. 58256 KB in 16109 indexes. 0 KB in bad sectors. 326123 KB in use by the system. 65536 KB occupied by the log file. 96282388 KB available on disk. 4096 bytes in each allocation unit. 37612889 total allocation units on disk. 24070597 allocation units available on disk.Internal Info:40 f3 02 00 52 a6 02 00 e0 dc 03 00 00 00 00 00 @...R...........f9 09 00 00 07 00 00 00 02 03 00 00 00 00 00 00 ................48 16 ca 0e 00 00 00 00 0a 3f 65 6f 00 00 00 00 H........?eo....20 59 28 3b 00 00 00 00 70 57 24 f0 05 00 00 00 Y(;....pW$.....ec 65 22 6b 07 00 00 00 1e 23 71 1c 0e 00 00 00 .e"k.....#q.....10 34 e7 a6 00 00 00 00 80 3f 07 00 5a 67 02 00 .4.......?..Zg..00 00 00 00 00 60 c3 d2 0c 00 00 00 ed 3e 00 00 .....`.......>..Windows has finished checking your disk.Please wait while your computer restarts.For more information, see Help and Support Center at http://go.microsoft.com/fwlink/even... file system on C:The type of the file system is NTFS.Volume label is HP_PAVILION.

Report •

#92
April 11, 2013 at 22:41:34
 "Did not fix the problem error came back up when pc rebooted. Here is the log"Ok, 1: go to c:\program files\Hewlett-Packard\Digital Imaging\ & delete the entry > {18E0918E-1060-48f3-925C-56C82E88551B}2: Reboot3: If the message is gone, make sure your printer/scanner is working Ok.4: If the message is still there or the printer/scanner is not Ok, uninstall the printer/scanner using Revo.5: Run, TFC, Wise Disk Cleaner & then Wise Registry Cleaner.6: Reinstall the printer/scanner.

Report •

#93
April 12, 2013 at 05:09:24
 Chaps - thanks for the correction re' System Restore. I was under the impression that disabling it merely meant that it didn't function (obviously) until "re-enabled"; but that any points already set were preserved... In effect by disabling SR one merely put it into a sort of hibernation mode...; ready and eager to operate again when "woken up" (re-enabled. mmm The correction did prompt me to look further into SR...; found one or two useful snippets of which I wasn't aware... For anyone interested I have posted one such link (that also advised disabling SR prior to dealing with virus and other pests).Again many thanks for the correction...trvlr

Report •

#94
April 12, 2013 at 20:03:22
 I deleted the file. Checked both of my printers and scanners and my external dvd drive. No message when rebooted. So problem fixed. Am I virus free as well?

Report •

#95
April 12, 2013 at 20:36:12
 "Am I virus free as well?"As far as I can tell, Yes.Now to deal with your System Restore which you reported was disabled. We shall start afresh."So I try to do a system restore and it will not let me go back before the month of April, plus no date in April is bold for me to check. I look at the system settings and there was a check in the box the says Tun off system restore on all drives! So I am guessing this means I do not have a restore point"System Restore may have infected files in it, turning System Restore OFF & then ON will remove them.How to Turn On and Turn Off System Restore in Windows XPhttp://support.microsoft.com/kb/310...Start > My Computer > right click & select Properties.Select System Restore & untick > Turn off System Restore on all drives ( If partitioned or more than one drive installed )Select the drive with the operating system on, click Settings & set it on Min.Any other drive or partition, click Settings & tick > Turn off System Restore on this drive.http://img858.imageshack.us/g/syste...Tools to keep, just update before using. Others not mentioned, need to be downloaded again, because they release new versions constantly.ESETMicrosoft Security Essentials TDSSKillerMalwarebytes' Anti-Malware ( MBAM ) New version just released.TFCCCleaner. New version just released.Wise Disk CleanerWise Registry Cleaner Revo Uninstaller

Report •

#96
April 12, 2013 at 21:07:43
 Wow, I cant believe it I am done! lol. It is going to feel weird not coming on here everyday, I feel like I've bonded with you guys! Thank you so much for helping me with my adventure. You have positive Karma coming your way...

Report •

#97
April 12, 2013 at 21:10:08
 "You have positive Karma coming your way..."Thank you.

Report •

#98
April 13, 2013 at 08:48:47
 A splendid effort, but it didn't "quite" make 100 posts LOL.Always pop back and let us know the outcome - thanks

Report •

#99
April 13, 2013 at 09:26:02
 "A splendid effort, but it didn't "quite" make 100 posts LOL"Oh bug........................... Thank you.Not a record either.Just got home from friends, off to bed now.

Report •

#100
April 15, 2013 at 20:21:47
 It's made 100 now though. Well done team!

Report •

#101
December 19, 2013 at 08:10:27
 Had I saw this thread sooner, I could've saved you a lot of time - when a virus won't go away even after using antivirus and antimalware software, the next best thing to do, rather than download 100s of different other programs and wait for them to run, is to reinstall Windows. Go into Safe Mode, backup your data, then blow the current copy of Windows away. 99.9999% of the time that will blow away any virus/malware that bypasses the software that scans and removes it and google can't provide manual uninstall instructions for it.

Report •

#102
December 19, 2013 at 08:42:29
 Good suggestion "ninja" and certainly a valid path to consider after some efforts seem not to be successful; having "bin there and had to dun" that in the past (not too long ago either) - as last resort.But perhaps presented with a little more modesty, less "I know it all" would be good too…?Some/most of those who contributed to the bulk of this thread are very long timers here, very patient, very knowledgeable, and very modest and unassuming… And I, along with many others, have learnt much from them...Nonetheless I'm sure many here found the assorted information a "very" useful and instructive tutorial re' assorted items/utils covered…; and in the future others who may come across this thread will likewise?It certainly got into areas and considerations/interpretations that were new to me…message edited by trvlr

Report •

#103
December 19, 2013 at 09:20:57
 Re #101"Had I saw this thread sooner"Sounds a bit like, "I'm a clever dick" - Einstein relative perhaps?The poster is most unlikely to come back and read this as he/she was last seen in April. The problem has been fixed, so to whom is your response directed?As for "reformat/re-install" or "factory restore" then sure, this could be applied to most posted queries on here except when the fault is down to hardware. Nobody who could be considered a helper on here would be unaware of such options, which are also known to many original posters."download 100s of different other programs"A mind blowing piece of exaggeration. Count them up if you don't agree, and not all the links posted were actually used. You should also bear in mind that helping fix computers from afar often needs a bit of to and fro in terms of responses and explanations anyway. On some posts this can mean explaining steps in great detail. As for reformat and factory restore, well that depends on how a poster uses the computer. If it is pretty well kept "straight out of the box" with the odd addition then fine. In my case, for instance, it takes months to get a computer the way I want it to be. The re-install itself doesn't take long but the thought of having to set it all up again my way, or even remember exactly how I tailored everything, would lead me to prefer a fix, even if convoluted.EDIT:Oops, I think #102 & 103 overlapped due to relative typing and composition speeds.Always pop back and let us know the outcome - thanksmessage edited by Derek

Report •

#104
December 19, 2013 at 09:50:56
 Hi Derek:Yes I think we both "kinda" hit here at the same time; and had the same/similar reaction too… in response the post 101 of today - Dec. 19th.The style does appear in other more recent posts too…?Recently came back here to CN as likely you may have spotted - after a length period away… It's good to see some of the "olde timers/long standers" still here...trvlr...

Report •

#105
December 19, 2013 at 10:05:55
 trvlrYep, good to see you around again. I nearly left once but the addiction caught up with me.techninjaDon't read us wrong - new helpers on here are very welcome and can be like a breath of spring. Different opinions can co-exist quite nicely. Just take care of the tone of your responses and all will be well.Always pop back and let us know the outcome - thanksmessage edited by Derek

Report •

#106
December 19, 2013 at 15:16:07
 Well said Derek & trvlr, welcome back trvlr.John in Western Australia.http://www.timeanddate.com/worldclo...

Report •