Advertisement
Advertisement
 Search | |
| |
04-Aug-2012, 09:16 PM
#1 | |||||||
| Computer freezing/slowingg up at random times. Especially with Pandora and Explorer. |
11-Aug-2012, 11:49 AM
#2 | |||||||
 Important/critical update ....IMPORTANT/CRITICAL UPDATE.... When my friends turn on their computer, the screen stays black and it just makes a beep approximately once every second or two  . I was thinking about having them go into safe mode but I'm also waiting for a phone call from them answering the following Q's (I'm not currently at their house/computer):1. Did they turn the computer off on their own or did it do it by itself? a. If they turned off (or reset) it the last time (before it started doing this), what made them do so? I.e. Was it frozen, running ads, just slowing down, or something else before it turned off? b. If the computer reset by itself, what was occurring prior to it doing so?Anyway, it doesn't sound great to me but I'd like to know what ideas/actions you have/think could be done. Did the previously posted information (Hijack This, DDS, GMER) identify any culprits? Thank you very much (whoever gets this) |
19-Aug-2012, 11:29 AM
#3 | |||||||
| Still needing help Hello. Bumping because it fell off the 1st 6 pg's again and it seems like this post might have been accidentally missed by the helpful volunteers as others have been getting replies who first requested help 10+ days after my request. Thanks for all you guys and gals do to help others fight the computer problem "wars".  P.S. I have their computer here now but haven't tried to turn it on yet because I wanted to establish contact first and ask if I should try a regular start or try getting a safe mode start first. Also, I "think" I remember learning at some point in the past that there are 2 different possible ways that could be necessary to get into safe mode. One was continuing to push F8 but I can't remember what the other was  . Thanks again. |
26-Aug-2012, 01:21 PM
#5 | |||||||
| Hi CatByte and thanks for the reply. I'm still in my post #2 & #3 situation of concern irt attempting to restart the computer. Here's a quick updated timeline of what has occured: 1. 04Aug- While at my friends house, I ran the tests and posted the original Q due to the reported poor computer behavior. 2. 11Aug- They reported to me that the previous night they turned off the monitor (but left computer on as per their normal behavior). In the morning, they turned on the monitor and the computer wasn't working. They turned the computer off, waited approx 10 seconds, then restarted. As the computer was trying to restart it started beeping (approximately 1 beep/sec) but the computer didn't start. On subsequent attempts the same beeping occurred or a constant beep (tone) persisted. 3. 14Aug- They dropped the computer off with me but I wanted to wait to contact someone at TSG iot settle on whether to try a normal start or go straight for an attempt at a safe start. 4. I was leaning towards a virus or malware but now I'm not sure. A friend (with just the basic consumer level computer knowledge) of my friends told them that he thought it could be a video card issue. They were even told it could possibly have something to do with their computer fan...(something about the pwr getting interrupted at the fan junction and not able to get to the rest of the computer---if that's even possible)??? ---So which type of start do you think I should try first (straight to a safe mode attempt or try a normal start)?--- Thanks again for the assistance.  |
28-Aug-2012, 12:49 PM
#7 | |||||||
| Uggg... A bit of a complex answer but please bear with me... I hit the pwr button and the computer made a few start-up sounds but within approximately 5 seconds a steady tone was heard that didn't stop until the pwr was turned off. With the side panel off, I repeated the process and noticed 2 different results: 1. The computer seemed to be trying to start & the fans turned on but then the steady tone episode occurred. 2. " " " " then turned off for a second &the fans started again. There was sometimes no tone but I never heard a intermittent tone (it was always steady). I did this about a dozen times and all of a sudden (on one of the #2 style start-ups above) I observed a message about using F12 to enter start up. I pushed F8 instead and was able to select Safe mode. The desktop appeared and I was writing this email to update you when the monitor went a lime green color (nothing else visible) and stayed that way. I estimate it was about 2 minutes from when the desktop appeared (in safe mode) and the time the screen went green. Is that something you (or another TSG person) has had any experience with so that you'd have an idea of what this behavior means??? Maybe a video card, pwr interruption to some part of the motherboard or HD, or something else other than the standard answer of a HD failure?I plan on trying to get it into safe mode again and trying to work very fast to get the software loaded onto it before it goes green again... Any thoughts/recommendations irt the situation would be most welcome. |
29-Aug-2012, 05:04 PM
#9 | |||||||
| Progress, but I'm worried about how long the computer will stay on...Yikes!... Hi Catbyte, --------------------------------------------------------------------------------------------------------------------------------------------------- First, #2 (in my previous post) didn't post properly. The quotation marks didn't extend out the way I wrote them. The gist was that the fans started, then stopped, then started again before the tone occured (as opposed to the fans only starting once b4 the tone). I'm including these symptoms in the hope that it could help diagnose a possible hardware issue... --------------------------------------------------------------------------------------------------------------------------------------------------- I have an update with a few embedded Q's (thx for the answers, I'm always concerned that something seemingly insignificant could actually be an important clue). 1. After about 20-30 attempts (one time I had the intermittent beeping, as opposed to the steady tone) the computer came on such that I could get it into Safe Mode. 2. I started ComboFix but received an error message saying, summarized: "Access denied, use an administrator prompt to run". I decided I should get a screen shot of the exact phrase so I re-inserted my thumb drive. Just as I did that, ComboFix started to run... I didn't do a screenshot because I remember reading that you're not supposed to do "anything" while ComboFix is running. 3. As combofix was running (I think it was around stage 32), the same message about needing to be an administrator came up. Then, about 10 seconds later, the program continued anyway. Btw, just as an fyi, the desktop never went blank. Question: Do those administrator warnings (where it says access denied once or twice but eventually runs anyway) normally occur or does that seem odd??? 4. The program finished and I saved the log to my thumb drive. I tried to use the "safely remove hardware" option (which had worked normally when I removed the thumb after xfering comboFix to the computer just 5-10 min prior). This time it wouldn't work and a message popped up saying: "C:/Windows/system32/rundll32.exe, Illegal operation attempted on a registry key that has been marked for deletion." I tried going into "My computer" and right clicking on the thumb drive to select "eject", but nothing would happen at all. Answered it: I just re-read your post about this issue but I haven't tried to restart the computer due to the extreme difficulty (and somewhat pure luck) getting it to turn on again. ----------------------------------------------------------------------------------------------------------------- Ok, here's the log, I hope it's helpful :ComboFix 12-08-28.01 - April 08/29/2012 13:03:35.1.2 - x86 MINIMAL Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3318.2833 [GMT -7:00] Running from: f:\tsg stuff\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Applications\myd.ico c:\program files\Applications\mym.ico c:\program files\Applications\myp.ico c:\program files\Applications\myv.ico c:\program files\Applications\ot.ico c:\program files\Applications\ts.ico c:\program files\AV9 c:\program files\ErrorSmart c:\program files\ErrorSmart\ErrorSmart.url c:\program files\Incredibar.com c:\program files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarApp.dll c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarEng.dll c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll c:\program files\Incredibar.com\incredibar\1.5.11.14\uninstall.exe c:\program files\RewardsArcade c:\program files\RewardsArcade\appAPIinternalWrapper.js c:\program files\RewardsArcade\fb.js c:\program files\RewardsArcade\jquery.js c:\program files\RewardsArcade\json.js c:\program files\RewardsArcade\RewardsArcade.dll c:\program files\RewardsArcade\RewardsArcade.exe c:\program files\RewardsArcade\Uninstall.exe c:\program files\RewardsArcade\UserConfirmation.exe c:\program files\StartNow Toolbar c:\program files\StartNow Toolbar\ReactivateIE.exe c:\program files\StartNow Toolbar\Resources\images\engine_images.png c:\program files\StartNow Toolbar\Resources\images\engine_maps.png c:\program files\StartNow Toolbar\Resources\images\engine_news.png c:\program files\StartNow Toolbar\Resources\images\engine_videos.png c:\program files\StartNow Toolbar\Resources\images\engine_web.png c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png c:\program files\StartNow Toolbar\Resources\images\icon_games.png c:\program files\StartNow Toolbar\Resources\images\icon_msn.png c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png c:\program files\StartNow Toolbar\Resources\images\icon_travel.png c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png c:\program files\StartNow Toolbar\Resources\installer.xml c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png c:\program files\StartNow Toolbar\Resources\skin\separator.png c:\program files\StartNow Toolbar\Resources\skin\splitter.png c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png c:\program files\StartNow Toolbar\Resources\toolbar.xml c:\program files\StartNow Toolbar\Resources\update.xml c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe c:\program files\StartNow Toolbar\uninstall.dat c:\programdata\Secure Solutions c:\users\April\AppData\Roaming\ErrorSmart c:\users\April\AppData\Roaming\ErrorSmart\Log\2008 Dec 06 - 12_53_22 PM_507.log c:\users\April\AppData\Roaming\Microsoft\Windows\Recent\My Pictures.url c:\windows\system32\msnphoto.scr c:\windows\system32\roboot.exe d:\users\April\Documents\~WRL0005.tmp d:\users\April\Documents\~WRL1896.tmp d:\users\April\Documents\~WRL1937.tmp d:\users\April\Documents\~WRL3420.tmp d:\users\April\Documents\My Documents.url . . ((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-29 ))))))))))))))))))))))))))))))) . . 2012-08-29 20:10 . 2012-08-29 20:10 -------- d-----w- c:\users\April\AppData\Local\temp 2012-08-29 20:10 . 2012-08-29 20:10 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-10 06:29 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{862ADF1D-8FCF-455E-80EE-B3930A5271BE}\mpengine.dll 2012-08-03 21:54 . 2012-08-03 21:54 -------- d-----w- c:\users\April\AppData\Roaming\Optimizer Pro 2012-08-03 21:40 . 2012-08-03 21:40 -------- d-----w- c:\programdata\Premium 2012-08-03 21:39 . 2012-08-04 02:40 -------- d-----w- c:\programdata\OptimizerPro 2012-08-03 21:39 . 2012-08-03 21:39 -------- d-----w- c:\program files\Optimizer Pro 2012-08-03 21:38 . 2012-08-03 21:38 -------- d-----w- c:\program files\Perion 2012-08-03 21:38 . 2012-08-03 21:38 453 ----a-w- C:\user.js 2012-08-03 21:37 . 2012-08-03 21:37 -------- d-----w- c:\program files\Web Assistant 2012-08-03 21:36 . 2012-08-03 21:40 -------- d-----w- c:\programdata\InstallMate . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-03 05:49 . 2012-03-29 18:34 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-03 05:49 . 2011-12-08 19:35 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-13 13:40 . 2012-07-12 10:04 2047488 ----a-w- c:\windows\system32\win32k.sys 2012-06-05 16:47 . 2012-07-11 10:54 1401856 ----a-w- c:\windows\system32\msxml6.dll 2012-06-05 16:47 . 2012-07-11 10:54 1248768 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 15:26 . 2012-07-11 10:54 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-06-02 22:19 . 2012-06-19 10:58 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 22:19 . 2012-06-19 10:59 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-19 10:59 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-19 10:58 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-19 10:58 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:19 . 2012-06-19 10:59 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:12 . 2012-06-19 10:59 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12 . 2012-06-19 10:58 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 22:12 . 2012-06-19 10:58 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 08:33 . 2012-07-12 10:01 1800192 ----a-w- c:\windows\system32\jscript9.dll 2012-06-02 08:25 . 2012-07-12 10:01 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-06-02 08:25 . 2012-07-12 10:01 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-06-02 08:20 . 2012-07-12 10:01 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-06-02 08:16 . 2012-07-12 10:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-06-02 00:04 . 2012-07-11 10:54 278528 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 00:03 . 2012-07-11 10:54 204288 ----a-w- c:\windows\system32\ncrypt.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-04 1514152] "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936] "{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] . [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}] . [HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}] 2011-05-09 08:49 176936 ----a-w- c:\program files\uTorrentControl2\prxtbuTor.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}] 2012-04-11 20:08 87440 ----a-w- c:\program files\adawaretb\adawareDx.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}] 2011-05-09 08:49 176936 ----a-w- c:\program files\Vuze_Remote\prxtbVuze.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2012-01-04 00:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-04 1514152] "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936] "{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936] "{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2012-04-11 87440] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}] . [HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}] . [HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-04 1514152] "{687578B9-7132-4A7A-80E4-30EE31099E03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "????r"="" [?] "?????????"="??????????????e" [?] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856] "Singlesnet"="c:\program files\Singlesnet\Singlesnet\Singlesnet.exe" [2009-12-10 2797096] "AROReminder"="c:\program files\ARO 2011\ARO.exe" [2011-10-07 2314608] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "Optimizer Pro"="c:\program files\Optimizer Pro\OptProLauncher.exe" [2012-01-03 81912] "ChromeFrameHelper"="c:\users\April\AppData\Local\Google\Chrome\Application \21.0.1180.75\chrome_frame_helper.exe" [2012-08-07 81432] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 4186112] "Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-11-23 319488] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 453120] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-23 112216] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-03 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-03 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-03 133656] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-20 421736] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-04 1391272] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096] "MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640] "Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-05-09 201112] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe\0lsdelete . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavaso ft Ad-Aware Service] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - ECACHE . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2012-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 05:49] . 2012-07-30 c:\windows\Tasks\ARO 2011.job - c:\program files\ARO 2011\ARO.exe [2011-11-13 18:40] . 2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-23 23:09] . 2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-23 23:09] . 2012-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3118373242-1020852896-2878386637-1000Core.job - c:\users\April\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-11 17:36] . 2012-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3118373242-1020852896-2878386637-1000UA.job - c:\users\April\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-11 17:36] . 2012-08-09 c:\windows\Tasks\OptimizerProUpdaterTask{58641849-E401-4643-B97D-3C67ED8D23F6}.job - c:\programdata\OptimizerPro\OptimizerPro.exe [2012-08-03 21:39] . 2012-08-09 c:\windows\Tasks\PC Performer_DEFAULT.job - c:\program files\PC Performer\PCPerformer.exe [2011-12-11 02:04] . 2012-08-08 c:\windows\Tasks\PC Performer_UPDATES.job - c:\program files\PC Performer\PCPerformer.exe [2011-12-11 02:04] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com TCP: DhcpNameServer = 192.168.0.1 205.171.3.25 . - - - - ORPHANS REMOVED - - - - . WebBrowser-{9427041A-A8DC-4D06-9A68-93873486E957} - (no file) HKCU-Run-uTorrent - c:\program files\uTorrent\uTorrent.exe HKLM-Run-Acer Tour - (no file) HKLM-Run-eRecoveryService - (no file) HKLM-Run-NWEReboot - (no file) HKU-Default-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe AddRemove-incredibar - c:\program files\Incredibar.com\incredibar\1.5.11.14\uninstall.exe AddRemove-StartNow Toolbar - c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe AddRemove-RewardsArcade - c:\program files\RewardsArcade\Uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-08-29 13:10 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Completion time: 2012-08-29 13:13:02 ComboFix-quarantined-files.txt 2012-08-29 20:12 . Pre-Run: 32,102,854,656 bytes free Post-Run: 32,618,438,656 bytes free . - - End Of File - - 0669E5FC6F5D03D68FC8E762E06386CA |
29-Aug-2012, 07:32 PM
#11 | |||||||
| Glass getting closer to half full. :) OMG, it started normally without any tone (there were no speakers btw) and it is up and running... The following 4 things popped up on the screen on start-up: 1. ARO2011- "Reminder- Faster startup, fewer errors, and a cleaner system may be just a click away. 436 registry errors and tweaks remained on your system after the last scan. Buy now to fix any that remain or learn how to fix." Then, at the bottome of the dialog box, it says "To remove ARO2011 without fixing errors, please click here." Seems like trojan horse to me but what do I know? I even worry that when it says "click here" (to remove the program) that it could actually load something bad... 2. PC Performer (by performersoft)- This program automatically started trying to start running a scan. I hit stop scan to see what you want me to do. I don't know about this one either but I "think" it's more legitimate... 3. Optimizer Pro Speed Guard- "Attention! 13,847 errors are slowing down your computer. To completely optimize and clean your computer, it is highly recommended that you register and use the full version of optimizer pro. Would you like to register optimizer pro and optimize and fix the remaining errors on your PC?" This one seems fishy to me as well. 4. This bubble pop up actually came from the bottom right icon tray: Computer Security- "There are multiple security problems with your computer. Click this notification to fix." I think this one is the legitimate Windows program but I'm not touching/doing anything till I let you know about all these notifications. 5. This one popped up just as I was about to send this reply with the 4 above items: User Account Control- "A program needs your permission to continue. If you started this program continue." The program is listed as: "Subeo Tech Inc." When I click on "More details" it says "C:\Programs\Program Files\OptimizerPro\OptimizerPro.exe" Obviously linked to the #3 above but getting pushy to have me allow it to run.? Regardless of which one's are legit or not, it seems like she installed a lot of different "help your computer" type programs which could be fighting each other??? To reiterate, it's not a computer I use much so I can't take the...err..."credit" for the mess created. I know you love my lengthy and numbered reply's...lol... sorry. I'm just trying to be as thorough and descriptive as possible. |
29-Aug-2012, 08:59 PM
#13 | |||||||
| |
29-Aug-2012, 09:42 PM
#15 | |||||||
| 1. Just a follow up on the Malwarebytes. How do you want me to get the updates to her computer? Will one of the methods I described work, or not so much? 2. Even now that you're around for a little bit your status shows red (offline). Without telling be exactly where you are, how do your times match up to PST where I'm at? I'm usually most available from 0900-2200 PST and sometimes a little outside those times when I can't sleep You're very patient, thank you. Last edited by medium_low_skill; 30-Aug-2012 at 07:25 AM.. |
Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.
If you're not already familiar with forums, watch our Welcome Guide to get started.
| Tags |
| black screen, computer beeping sound, critical, explorer, pandora |
| |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| |
