Posts by gerbil

Is this a desktop you're working on, and not something mission critical? If so, what is significant about the timing error? If you're a typical humanoid, then bank on 0.3secs reaction time. A fair whack of that 0.3secs is the mind "realising"; it is only relevant if you are to compete against a machine. And I think you are going to need a "machine" to do the timing - when the CPU shuts down, it sorta stops timing/signalling stuff, software stops working....
Open the door. Go outside. Occasionally.

Hello, Ann. Just to see if your problem derives from a Chrome extension, you might run ADWCleaner from http://www.bleepingcomputer.com/download/adwcleaner/
It is simple to use, just press Scan, then when it finishes press Report; post that notepad content.

The code detector thinks your white space is indicating code line indents. So just post as code, which means that your lines will be numbered. Not a big deal.
However.... the code detector also picks up excess spaces throughout lines, and at the end of lines (I think 3 consecutive spaces will trigger it). A simple solution to find those concatenated spaces is to put your post in a notepad, and hit CtrlA; the spaces will be highlighted.

I'm afraid you've caught me at a bad time... I'm getting pretty much over computers and their foibles, and investigating them. But anyway.... I will need to see what your system is running; without that information I'm staring at a blank wall, or a maze with many paths... something. This pgm is non-disruptive in the mode you shall run it:
==Download OTL from http://oldtimer.geekstogo.com/OTL.exe to your Desktop.

• Double click on the icon to start the application.
• Press Scan All Users, Minimal Output, Standard Registry ALL, leave other sections as they are.
• Under the Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%*.exe
CREATERESTOREPOINT

• Press Run Scan.
  The scan will take maybe 5 minutes; 2 notepads will present [saved to the place from where you ran OTL.exe] - please post both.

Tiny point - no way would two processes share the same PID... a typing error:
WINWORD.EXE (PID: 8012) Thread: 7604
splwow64.exe(PID: 8012) Thread: 3628

Stupid, dumb code detector.

If you go to Control Panel and open Network Connections you will likely see one or two connections listed, something like Local Area Connection and Dial Up Connection. Opening their respective properties via rclick will give you access to a checkbox enabling you to show their icon in the Taskbar. If you use the Dial Up icon to establish a connection then that is the icon you want. The other is quite redundant.
A missing ^ is possibly a hardware keyboard problem. Dust in the switching section, perhaps.
Re your surge protector's helpful onscreen message, I have no idea. It must be some protector; mine has no brain whatsoever. What make and model is it? Google that and "annoying text". I bet you are not alone. People generally loathe that sort of unwarranted intrusiveness, and will strive to defeat it.

Perhaps in "Your" Documents and Settings\Visual Studio\Projects
I think that is the default Save folder?

NTOSBOOT-B00DFAAD.pf is built after your system has been booted 3 times, following installation. It lists details about the files needed to optimally boot your system. Layout.ini is used to control the automatic M$ defragging of files during CPU quiet time, it instructs the defragger about files to lay close to the perimeter of the hdd for speedier loading; the file is rebuilt at that time.
Your system can function quite well, as you have observed, without Prefetch files, it will just be a little slower at responding to starting applications, at booting. It's an important part of optimising Windows performance, and should be left alone; it holds a maximum of 128 files plus the two you mention; old [i.e not recently used] files are dumped.
If the Prefetch folder is not filling with .pf files then check that your Task Scheduler service is set to Automatic.
But where did all the other files go? I do not know - did you run some sort of cleaning/optimising software?

POP3 download log corruption?

What are you trying to say? Are these processes of programs that you are trying to run, and which are hanging, or processes that just run non-stop in TM, and won't quit even if you are not using their programs?

Get Adwcleaner from bleepingcomputer.com.
Delete all that it finds.

http://social.microsoft.com/Forums/en-US/1fa158d9-58cc-462e-b291-acc8a6d101ec/microsoft-validation-issues-when-downloading-genuinecheck-errors
Have fun.

Try downloading AdwCleaner from www.bleepingcomputer.com.
Run it, and delete all that it finds.

Turn off automatic restart so that you see any error message:
http://pcsupport.about.com/od/windows7/ht/automatic-restart-windows-7.htm
If there is no error message then possibly the system has a heat or connection problem. Check the Event Viewer logs for software problems.
REmove any programs, toolbars that you don't use. If you bought the computer preloaded with W7 there likely is a mass of OEM software that bogs your system. There are automatic cleanup tools for some of the worst OEM installations, but it is something you can do yourself. Remove time-limited trials, automatic software update checking, OEM versions of public softwares... like, say, their own-brand AV service.

That was proper of the store; nice, too.
Hope they mention it to the warranty mob.

rundll32 should only appear in TM when it is actually handling a dll, and should only use CPU time as it handles; most of the time it should show zero CPU time while there. As an example, to get rundll32 to appear, rclick your taskbar clock and choose Adjust.
You could check its properties; the valid rundll32.exe is in system32. Further, if you delete it, it should be replaced by Windows File Protection from cache immediately.

DON'T DO IT!!
Find a cave, and live in it.

"Do I have to install it??" Not to please me.
Actually, "if I run Opera minimised and with width set so that the horiz scrollbar appears, the navigation dropdowns don't appear.." applies to FF also.
Unpleasing... too much space is given over to items which could be smaller and still have utility. But I think my biggest bugbear is the code detection thingy, as of old. It's too... diligent.
There seems to be an issue with OPs making long headers, too - they distort the layout, instead of wrapping.
Change can beget more work than is bargained.

Oh, sod the code detector. I cannot be bothered with it, with one line code.

Here's another.... if I run Opera minimised and with width set so that the horiz scrollbar appears, the navigation dropdowns don't appear..
I think the UI button are grossly oversized, as are headers. Is this made for mobiles, now, because it's an ugly interface on a desktop, not business-like, but... oh, I don't know... just unpleasing.
And Opera does not work at all well with markdown.

Kricket... you have a brand-new computer, a brand-new installation of W7, and it's a struggle already. Reload W7, and choose your updates, not leave the sys setting of Auto. I think the second paragraph here .... http://technet.microsoft.com/en-us/library/cc957526.aspx
..is germaine.

Ah, but he found a solution [somewhere], and is dead pleased.

It's Christmas!
Only that could explain the palette of colours.
The layout is slightly....well, it makes too much of the unimportant items [like user pictograms] and diminishes the post heading.
If I'm in a thread and decide to login to post, I like to be dropped straight back into the page I was on.
I know... progress... W8 is now, and this looks like it was created to fit right in....

Gack. Okay... For a start, i don't know the commands available on your setup disk. Others may. I assume, though, that thye have been loaded into your ramdrive...
"F2, ctrl + alt + F12". And the alphanumerics, surely? And . / \ <- Del ?
"I have researched a number of "Windows 7 Command Promp Commands" from "A to Z" none of which has been helpful "... you are not in Windows, you are not using Windows commands. As the system says, it has set up a ramdrive which it denotes as C: - this means that it has created a C: drive in your RAM, but it is NOT your hdd c:.
What happens if when in F: [command window prompt would be F:> ] you type... dir
What happens if when in C: [command window prompt would be C:> ] you type... dir
What I am seeking here is a list of available commands, but I do not know if dir is one of those.
This command... windows\systems32\restore\rstrui.exe will not work because that is a Windows OS pathname, and you are NOT in Windows. Keep in mind that you are using Dell's commands from the utilities disk; and that they have very likely been loaded into your C: ramdrive for use.

" AVG and have done every thing that's on AVG pages, Mcafee don't even help. " I hope you do not have two active AV services.
You need to spot the process using up the CPU time. TM process window may help, if you can access it after the freeze.
Or M$ Technet's Process Monitor. It looks daunting, but is easy to learn to use to advantage.
We would need to have a list of your installed softwares to be able to help. Perhaps you could present a log from OTL?
==Download OTL from http://oldtimer.geekstogo.com/OTL.exe to your Desktop.

• Double click on the icon to start the application.
• Press Scan All Users, Minimal Output, Standard Registry ALL, check both LOP and Purity boxes, leave other sections as they are.
• Under the Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
CREATERESTOREPOINT

• Press Run Scan.
  The scan will take maybe 5 minutes; 2 notepads will present [saved to the place from where you ran OTL.exe] - please post both.

Another method of tracking down the problem might be to use msconfig. Go to Services tab, hide all the M$ service, disable the remainder, and restart. If no problems [apart from missing services], recheck some, and restart. And so on.

Jim, your first example about adding users with different levels makes sense; I had not tried that. As does keep ing it simple with ACLs. And Jorge, your example explaining the permissions hierarchy was good.
Thanks to both of you... a bit off my track but now I know more.
NB. concfg* chatter is web trash.

"I am having trouble transferring the program from a DVD to the flash drive"...
For Windows, I use Novicorp's WinToFlash. Dead simple to use, and free.

Thanks, Jim. I'm coming up to speed on W7, and it is not helpful to find what i suspect is simply a mob of parroted, incorrect posts on a subject. I got trapped by the coding monster in Daniweb... that should be... "net share concfgC:\ /GRANT:username, FULL" ...Oh, bloody hell, it's all over me, the pest...... net share concfgSTARC:\ /GRANT....
But concfgSTAR means nothing, either, or even less - you cannot use a "*" in a sharename. The other thing is, you cannot add a user to a share when the share access is already Everyone, Full. Or create a new share to that same target. Some code they are putting up.
When you create a volume a hidden share is created to that volume, eg P$ for volume P: So directly editing via cmd the access to that share is naughty?
I knew about the /e parameter; I've seen quite a few posts here about lock-outs originating from that little thing.

Trying to restrict some share access on a simple network I made a syntax error or two, and googled net share and hidden share. This sort of thing came up many times:
"to create a hidden share enter...
net share concfgC:\ /GRANT:username, FULL
" ...and was touted as a hack! and totally mischievous stuff.
Well, I thought you created "hidden shares" by using sharename$.... and so the cmd would be...
net share hideyhole$=D:\secretstuff /GRANT:username, FULL
-which, of course, works. And looks silly, and isn't very hidden.
The first cmd just throws, obviously, syntax error. So what is this concfg thing? It's variously in posts also as concfg and concfg". Also, C:\ will already be shared as C$, so that also won't run.
What's going on? Oh, I don't need help on the initial thing, creating the restricted share.

That's a pretty old version of TDSSKiller that you ran. Would you download a fresh version from this site... http://support.kaspersky.com/downloads/utils/tdsskiller.exe ....and run that; post the log.
Get ADWCleaner from http://www.bleepingcomputer.com/download/adwcleaner/
Get Roguekiller from http://www.bleepingcomputer.com/download/roguekiller/
- Scan with ADWCleaner, post that log before deleting objects.
- Start Roguekiller, wait for the pre-scan to complete, accept the agreement that pops [the DRV block in top right of main window should be green] and then press Scan. When finished, a RK log icon will appear on your desktop [else press Report]; post that log.

Sounds like the installation did not complete. Can you run a disk check? Get hold of a W7 computer and build a system restore disk [via Backup and Restore centre], or download the W7 installation file and burn to dvd. Run Repair,; if it recognises your installation you will have the opportunity to run a disk check.
Here's a link which gives you the links to the GENUINE W7 download site... http://best-windows.vlaurie.com/boot-disks.html#full
Or.. http://forums.mydigitallife.info/threads/14709-Windows-7-Digital-River-direct-links-Multiple-Languages-X86-amp-X64/page60

I'm.... impressed... by those logs. MBAM full scan does what it says it does, and can take a very long time. Quick scan usually suffices.
Right. What problems do you have now? Speed? Do you have a cleanup tool? I recommend CCleaner from http://www.piriform.com/ccleaner It's very configurable.
An occasional disk defrag can help. I use MyDefrag from http://www.mydefrag.com/Manual-DownloadAndInstall.html

Hello, Lee.
This will involve more than hoping to find fake programs to delete in your control panel applet. To clear this infection you will have to download a couple of removal tools, but I will only give you safe, verified ones to use. Just so we can see what is going on, would you please....
==Download OTL from http://oldtimer.geekstogo.com/OTL.exe to your Desktop.

• Double click on the icon to start the application.
• Press Scan All Users, Minimal Output, Standard Registry ALL, check both LOP and Purity boxes; if your s is a 64-bit system then check that box; leave other sections as they are.
• Under the Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
CREATERESTOREPOINT

• Press Run Scan.
  The scan will take maybe 5 minutes; 2 notepads will present [saved to the place from where you ran OTL.exe] - please post both.

Good to know. Or not. I may have been a contributor to the world of misinformation at one time or another... & another... .. and on this site, too. It's pretty good that the site search engine is not so capable any more.
Flies know lots about webs. Else they learn about them, but too late. Traps for the unwary.

You mean, I can't believe everything I read on the Web?

"It is possible for applications to change the codepage via several functions."
"Test it in Safe Mode."

Cchecking, QQ is now Unicode, so... I don't know. Reinstall it, i guess.

It happens with OSK, it happens with your kbd, but never with Ubuntu. Only Windows. Any hardware kbd controller is built into the kbd, or in the case of a laptop at the end of a ribbon cable. But that hardware controller has nothing to do with OSK. What inputs it takes from the OS I have no clue about.
So, to basics. Test it in Safe Mode. There you have no third-party filter drivers, just kbdclass and kbdhid, both M$ drivers. If it does not happen there, then likely you have some malware. Scanned?

Still some garbage. Get ADWCleaner from http://www.bleepingcomputer.com/download/adwcleaner/dl/125/
Get Junkware Removal Tool from http://www.bleepingcomputer.com/download/junkware-removal-tool/dl/131/
Do a scan with ADW first, then JRT; present bothe logs.

Check this value in your registry. At key HKLM\SYSTEM\CurrentControlSet\Control\Nls\CodePage, check that...
OEMCP=437.
And that it does not change between startups.
It is possible for applications to change the codepage via several functions. If it is fixed at the same value each time then somehow your codepage is getting altered internally.
And that is all I know about keyboards and the characters that they produce.

Good-oh. Seems domain usergroup gives more options to manipulate accounts.

"and i think it really MAKES the cpu go to 85+ "...."Maybe speccy isnt compatible "
Around about this time, you rip it out and go with what works; there are plenty of good options. For sys info, i use either msinfo32 [RUN that one], or siw.exe [gurgle for that].
Msinfo32 is okay for the basics, siw.exe is comparable to or even better than speccy. My judgement. More info than you'll ever need.

I assume by installation not being complete, Apex means the virus's installation.
The main job of a virus is to self-replicate; once present it will copy itself into whatever file types it is written to invade. In doing so it may destroy them [pretty silly from its own point of view], or, most likely, add itself to the code so that if the file is used in another computer it can replicate there. That is its job, by design. Whatever other actions it takes via its payload is up to the writer eg. redirect, destroy files, earn some money...

Shouldn't do any damage. The quality pastes are non-conductive electrically, non-corrosive. The worst it could do is harden a wee bit and make it ever so slightly more difficult to lift the CPU out one day.
Interesting about the monitors. I use Core Temp on an Intel CPU... it's just fine, and believable.
I don't know where your other moonitors get their info from... some query the system monitor chip's outputs eg a Winbond chip; some can read the CPU's temperatures directly from their sensors eg CPUID. I have that one, too, and if I check now, it agrees with Core Temp. I set Core Temp to output to the systray.
85 is not going to cook a CPU [if it is the real temp], but under 60 is nice for hard work, and 35 or less for idle [a bit dependent on ambient].
Are the softwares giving strange readings suited to your mb and CPU?

Please don't attach logs. As it says, do this: "The code snippet in your post is formatted incorrectly. Please use the Code button in the editor toolbar when posting whitespace-sensitive text or curly braces."
The code button is in the line right above where you type your response. A window will open, paste the logs into it.
Shooting in the dark, here, but this line is probable germaine:---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
Please run ASWMBR, and tdsskiller.
==Download aswMBR from http://www.bleepingcomputer.com/download/aswmbr/
Start it, press Scan [it will download virus definitions from Avast], wait the 3 or 4 minutes until it says Scan completed then press Save Log. Post that, please. Do NOT fix anything at this stage.
An MBR.dat file will appear on your desktop, it is a copy of your MBR. Do not delete it.
==Download TDSSkiller from this link, save it to your desktop:
http://support.kaspersky.com/downloads/utils/tdsskiller.exe -you may need to download it to a clean computer and then transfer it to the desktop using a USB flash drive.
=Start TDSSKiller,
-click Start scan;
-if TDSSKiller finds a rootkit and prompts a Cure then press Continue [a reboot may be required];
-press Continue also on any Skip prompt for suspicious files. Do not delete or quarantine any files.
Post the log from C:.

I'm not sure you needed to run Chameleon because MBAM itself was running. Typically, the rootkits block MBAM's executable completely. But anyway, you got there.
You picked up all that stuff yourself, via an email or some download you opened. I'm not sure your AV service is performing as well as one could hope. What is it?

And this... " In "Administrator" I tried loading updates again because I don't know how to get it back to that scan and it does the same old thing with not wanting to load updates. So I forced it to run the update with /wuforce. It acts like it's working and then in the end it says "Install failed with error number 0x8007043c."
Windows update cannot function in Safe Mode [this is quite normal] because some services are not loaded in Safe Mode, hence that error message. Your update service is quite likely ok still in Normal mode.
Looking around, it seems that a simple system restore to a date previous to your infection will stop the threat locking your PC, and allow you to run Malwarebytes, which program is up to date with this particular threat.
Good luck.

:)... it is a bogus threat, and your files are safe. Let's see, because you can boot into safe mode you have a couple of simple coihces to start with. First off, see if it launches from your startup folder...
In safe mode, go to C:\Docs n Setts\your account\Start menu\Programs\Startup. Look there, and see if there is a link [shortcut] to a program that you do not recognise; if you see one then rename it with an X in front and try to restart in Normal mode. Post the links here if you wish me to look at them.
In Safe Mode, if you do not see any such link, then Run...
msconfig
Go to Startup tab, and check there for unknown entries, uncheck them, Apply n OK, and restart.
Once you can restart OK, update and run Malwarebytes.
As far as how you actually newly got the trojan [it obviously only just came in], by any chance do you have a torrent program installed and running?

Posted in your other thread, Crystal.

Cool, you're clear of adwares.
"install is not need since Windows update agent is already installed"
If you used the /wuforce parameter it should have over-ridden that "already installed" condition. Did you use that in the command line, like...
C:\some download folder:\WindowsUpdateAgent30-x86.exe /wuforce <=that /wuforce is necessary!
...and that should have forced it to reinstall. Don't run it from the website, rather download and save it, then run from that folder.
Okay, if trying that again does not work, then try this...
Paste this into the Run box:
%systemdrive%\Windows\inf ..and press OK
Scroll down to au.inf and upon rclick choose Install.
Browse to your \ServicePackFiles\i386 folder below the inf folder, and OK.
After it finishes restart your system andtry the updates site again.

Interesting. I had to experiment to be sure, because account information on the web is conflicting and some of it is quite wrong, and my experience with them was moderate... so on my W7 machine I enabled the Guest account; I also created a new User account, Justonce, logged in as him and had him build and save some files in his Documents folder and elsewhere... the desktop, other drives. Then I added Justonce to the Guests Localgroup, and deleted him from the Users Localgroup. Logged him out, logged the new guest Justonce in.... all his files stood, desktop, his Documents and saves to other drives. Restarted, and logged him in... all files remained. He could not rename himself or move himself from Localgroup Guest.
Hmmm. So then I logged in as the Guest [not Justonce] and discovered that the Guest can only save to his Documents and not to any other drive. He can read on other drives.
So an account in the Localgroup Guest is not the same as the Guest account: the Guest can only save to his Documents, whereas a Localgroup Guest [Justonce in this case] can save to other drives also. And the Guest account Documents is NOT deleted when he logs out, or when the sys is restarted - the Guest account persists until it is removed.
So all I can think is, it is as BigPaw said: your IT deleted the User account and all its folders, and created a …

That was garbage, XPish, and should be logonui.exe. Logonstudio, or Resource Hacker.
W7? This file: system32\oobe\backgroound.bmp.
Anyway, Logonstudio will do it, or manually, this site explains the hows:
http://www.techspot.com/guides/224-change-logon-screen-windows7/
You can't swap the file directly because you cannot get the permissions. But W7 is built so you can substitute another.