i would be very suspicous of your power supply. It issues a PS Good signal to BIOS which triggers bios execution and so on. If it then cannnot handle the load of assorted operations it will cut the signal. Everything just stops. No warning.
tiffini, this procedure will light up OE for you: Part 1: msoe50.inf
-Open an Explorer window, search for msoe50.inf -the default location for this file is in the C:\Windows\Inf folder. -Right click the Msoe50.inf file, and then click Install. -Insert your Windows XP SP2 CD-ROM when prompted, locate the I386 folder on the CD-ROM, click Open, and then click OK. The Outlook Express files are installed.
Part 2. wab50.inf
-search for wab50.inf -the default location for this file is in the C:\Windows\Inf folder. -Right-click the Wab50.inf file, and then click Install. -In the I386 folder on the CD-ROM, click Open, and then click OK. The Outlook Express address book is installed.
Outlook Express is now reinstalled. Start Outlook Express to test its functionality
Hi, duckers, a few things to be rid of, but i cannot see the normal signs of update.exe.... Start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked.
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Download Avenger from http://swandog46.geekstogo.com/avenger.zip You must be in an Administrator-privileged account to run this procedure... -unzip it to your desktop and start it; select “Input script manually” and then click the magnifying glass icon. Paste into the box as one block all the text between the lines:
...and click Done, and finally the green light. Follow promps to reboot your machine. The files, etc., that you asked Avenger to delete are zipped to C:\avenger\backup.zip. Avenger creates a log file that should open with the results of its actions. This file is located at C:\avenger.txt Please post that log file. Get CCleaner from http://www.ccleaner.com/ - and put it in a new folder. You should aim to keep this one for general use. I set it from the installation checkboxes to only open from the recycle bin. It's neater that way. Now run CCleaner from the recycle bin rclick menu using its default settings [if you set up CCleaner as i suggested, rclicking …
For a start you definitely don't want WinAntispyware 2007 - it IS actually spyware, a fake, and gives fake detections to lead you to purchase.! Video activeX is another baddie. Any pgm you do not use every time you turn on is not needed to start... Google toolbar - dyu use it much, or is it more of a space waste? Anyway, post the full log and let someone help you remove the bad gear. Don't be shy now... :)
If you did this :Right click My Computer then click Properties > Hardware > Device Manager. Expand the entry called Computer and see if it says ACPI. - and did not find an ACPI entry then pretty much you get to reinstall XP to get that convenience. And when you do the reinstallation force setup to configure ACPI. F5 and select from menu.
Crikey, Amanda, close to 50% of those log entries are bad. And your IE is hopelessy out of date - you'll get slaughtered on the web. AV. Firewall? Anyway, let's use a good tool to clean out some stuff. CCleaner ==Get CCleaner from http://www.ccleaner.com/ - and put it in a new folder. You should aim to keep this one for general use. I set it from the installation checkboxes to only open from the recycle bin. It's neater that way. Now run CCleaner from the recycle bin rclick menu using its default settings [if you set up CCleaner as i suggested, rclicking the bin icon should give you the Open CCleaner option...]. Select the Cleaner icon and the Windows tab; press Run Cleaner. Next select the Applications tab and Run Cleaner again. ==GET AVG antispyware 7.5 here.. http://free.grisoft.com/doc/5390/lng/us/tpl/v5 or from here.. http://free.grisoft.com/freeweb.php/doc/5390/lng/us/tpl/v5#avg-anti-spyware-free -the link is almost at the bottom of the page , avgas 7.5.0.50. Install it and UPDATE it. Start AVG a-s 7.5; -under Scanner/ Settings please set Recommended actions to Quarantine, and run the scan. -click Apply all actions and then save the log file. Post the log file, along with a fresh hijackthis log, please..
Cool, you could unload a couple of those browser helpers... I do not know how you like to surf, or operate with IE, but my personal feelings are, if I want google i open a google window, i don't want a toolbar taking up space; same with yahoo. It is up to you, but you can remove them simply by rclick options on the toolbars themselves, or you can use hijackthis to fix them : the R3, any O2 entries you don't want, and the O3's also. Your choice. If you like assistance with it, say so.. Anyway, glad I could help. Cheers.
hi, nitehealer, i see the hosts file entry is gone, but whatever put it there did not show up. Are you still having problems with sites not loading at usual speeds? All sites, or are only some affected? And is IE your only browser?
Okay, you only have one partition, c:, with both OS's on it, so don't disturb it. Thing to do is to logon with the SP2 OS that you wish to keep, identify the SP1 Windows folder and just delete it. Then you must modify your boot.ini file to remove the loading point for that OS :- Press Windows-PauseBreak; or open System properties; or Start,Run, sysdm.cpl; > Advanced tab, Startup n Recovery Settings button, and Edit. Delete the line in notepad that refers to your SP1 OS, and Save. Should be done. If you are not sure about editing the boot.ini file post it here with a remark identifying the SP2 OS.
Either: go Control panel > folder options OR: in an explorer window > tools>folder options; - then view tab, and press Show hidden files and folders. ==Download fixwareout from http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe - and save it to your desktop. Double click Fixwareout.exe to start the Fixwareout Setup Wizard, click next and then install. Ensure that Run fixit is checked, and click on Finish. After the fix follow the prompts. You will be asked to reboot your computer, and it may take longer than usual to load - this is normal.
Next check some settings....In control panel select the Network and Internet Connections , rclick on your default connection, usually local area connection for cable and dsl, and lclick on properties. Click the Networking tab. Dclick on the Internet Protocol (TCP/IP) item and select Obtain DNS servers automatically. Press OK twice to get out of the properties screen and reboot if it asks.
Now we have to flush the DNS cache: Go Start > Run, type cmd and click OK. In the command screen, type in cd\ and then press Enter. Now type in ipconfig /flushdns and then Enter. [space after ipconfig]. Type Exit.
Start Hijackthis, do a Scan Only and place checkmarks against the following, and then press Fix Checked:
This one is the tip-off : {E2EE5C44-C66D-499d-BEAE-A2A79189A63A} Just in case something else is hidden would you rename hijackthis.exe to.. umm... imabunny.exe for the next scan, please?
Please download VundoFix.exe to your desktop from http://www.atribune.org/ccount/click.php?id=4 Double-click VundoFix.exe to start it, click the Scan for Vundo button. When the scan completes click the Remove Vundo button. You will receive a prompt asking if you want to remove the files - click YES Your desktop will then go blank as the process of removing Vundo starts. When completed it will prompt that it will restart your computer - click OK. Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot. Post the contents of C:\vundofix.txt plus a new HijackThis log. I think ComboFix will get a couple of the others... and I will get to see a more complete startup list.. Download this file: http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe ...or from here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe - to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log - post that log in your next reply. A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may …
Be a cool joke if the router software had a virus, or was somehow hacked... :) But why not? Dl a fresh copy of its firmware from the maker's site. Thinking about it more, perhaps the firewall and AV gear in YOUR firm's router prevented any popups etc from appearing? But first clear the vundo etc from her lappy; dyu need a hand with that?
Copy this post to a notepad and save it. Delete Hijackthis. If you still have a downloaded zip use that, otherwise download from: http://216.180.233.162/~merijn/files/HijackThis.exe -install it to a new folder alongside your program files and then rename the Hijackthis.exe to imabunny.exe. Remove Alexa with Add/Remove pgms if you see it there. ==Start hijackthis, -select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked.
...missed fixing this one. Or, at least now the file is gone you should be able to fix it: O20 - Winlogon Notify: winghy32 - winghy32.dll (file missing) Tell me how things are, please.
well, if it is bho's or extensions that are the problem, fix this entry... R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
Greeneyes, if you have restarted then you would have a new desktop.htt, and it should be a good one. Try changing your screen resolution or background picture, apply, and then change back again [that is from M$!!]. But seriously, I could be concerned about the desktop.htt you had in system32. If the changing your desktop bit does not work then I suggest you start a new thread over in Viruses n Nasties forum with these two logs: ==download hijackthis: http://216.180.233.162/~merijn/files/HijackThis.exe -install it to a new folder alongside your program files and then rename the Hijackthis.exe to imabunny.exe. -in that folder start HijackThis by dclicking the .exe; now close ALL other applications and any open windows including the explorer window containing HijackThis. -Click the Scan and Save a Logfile button. Post the log here. ==Download this file: http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe ...or from here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe -- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log - post that log also in your next reply. A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
..the very weird thing is that now you can go back in and enable that setting, and everything will still be alright. It is handy to have those enabled; why it has effects like that is beyond me, have used the switch to fix other stuff. Too weird.
Does your friend have anything on there that they really want to keep? Could they not copy it off then install XP SP2? Cos I think that would be quicker.... and they need SP2 anyway.
No. Run vundofix again... I am not certain that it completed. Good. Now move onto the easy one. MyWebSearch Search Assistant - Go to Add/Remove programs and remove MyWebSearch Bar, MyWeb Search and Search Assistant. You must be in an Administrator-privileged account to run this procedure... ==Download Avenger from http://swandog46.geekstogo.com/avenger.zip -unzip it to your desktop, leave it for the moment. Start Sonic the hedgehog :) and press Scan Only, and place checkmarks against the following for fixing, and press Fix Checked.
Now start Avenger; select “Input script manually” and then click the magnifying glass icon. Paste into the box as one block all the text between the lines:- _____________________________________ Files to delete: C:\WINDOWS\SYSTEM32\winghy32.dll C:\WINDOWS\system32\msntb.dll C:\PROGRA~1\COMMON~1\SKS~1\chkntfs.exe
_____________________________________ ...and click Done, and finally the green light. Follow promps to reboot your machine. [The files, etc., that you asked Avenger to delete are zipped to C:\avenger\backup.zip.] Avenger creates a log file that should open with the results of its actions. This file is located at C:\avenger.txt
a firewall at its level best... hehe.. Ok, that's mean... Try to start into windows advanced setup [the screen you get when going for safe mode] and use last known good configuration.
Between scans did you make any alterations to the partitions on your HD? All primary partitions [and perhaps one extended partition] are recorded in the MBR; AVG will detect alterations.... If you did, tell it to accept the change.
Ah. Repeat business. For a start you have a vundo infection... so just in case something else is hidden would you rename hijackthis.exe to.. umm... imabunny.exe for the next scan, please?
Please download VundoFix.exe to your desktop from http://www.atribune.org/ccount/click.php?id=4 Double-click VundoFix.exe to start it, click the Scan for Vundo button. When the scan completes click the Remove Vundo button. You will receive a prompt asking if you want to remove the files - click YES Your desktop will then go blank as the process of removing Vundo starts. When completed it will prompt that it will restart your computer - click OK. Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot. Post the contents of C:\vundofix.txt plus a new HijackThis log.
reworked that post. Greeneyes, i just rechecked your earlier posts.... the only files to delete are actual desktop.htt files, not Desktop folders, nor desktop files with any other extension, such as desktop.ini. If you deleted any of those you could restore them from your bin. There is a Desktop folder in system32\config\systemprofile which is valid.. and a desktop.ini in system32, but both are probably empty; and others. So it may not be necessary to do what I posted earlier [and which I have just edited out if you did see it.. :)], but it won't hurt. Could you be more precise with that script error please?
That's good, Adrian. The O23 service, Spools, is proving tricky to remove although its file has been deleted... If you are interested in trying further to remove it you could follow this other procedure: [the real spool service is print spooler, windows\system32\spoolsv.exe - leave it be!] Go Start > run, enter dcomcnfg -click Services [local] in the left pane, maximise the window and select Extended tab at foot. Search for Spools spooler, or Spools and note its full name. If you rclick it and select Properties you can press the Stop button if it is highlighted. Note the file path if there is one.. Start > run, enter sc delete "service name you noted" -and if that does not get rid of that O23 entry in the hijackthis log then something is writing it back in. So try this above procedure, use hijackthis to do a Scan Only, and see if it is still there. If it is then please run this scan: Combofix ===Download this file: http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe ...or from here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe -- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log - post that log in your next reply. A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to …
Gee, greeneyes, I do apologise.... somehow your repost feel thru a crack in the floorboards - I missed it. Lessee... any desktop.htt file you can find WITH Folder Options setting "Hide protected operating system files" CHECKED is an imposter! To see the real one, your's... you MUST uncheck that setting. Your real one, the only real one, is at C:\Documents & Settings\greeneyes\Application Data\Microsoft\Internet Explorer\desktop.htt Typically, each user on a sys will have his own under his own Application Data branch. How you, with only one account, can see two admin files is beyond me.. Example: I am a user with admin privileges, there is also a non-privileged user account on my machine - if I search I will find only two files, one under my settings, one under the other account:- C:\Documents and Settings\XXX\Application Data\Microsoft\Internet Explorer\desktop.htt C:\Documents and Settings\YYY\Application Data\Microsoft\Internet Explorer\desktop.htt That desktop.htt should definitely not be in system32. Delete that one for sure [you may have to do it in Safe mode if it won't delete in normal mode..] But this is all just information... :) - delete ANY desktop.htt file you can find. XP will recreate the real one in the right place. Only one per user account.
Not much to do with the above, but AVG AS has a neat shredder under tools... files, folders, volumes. I put this up cos I get the feeling that few ppl explore the software they have, instead dive out n get a specialised tool.. - it is NOT a drive wiper such as dcc's cos it needs the OS.
Ack! All those cookies! Hmmm....did you run CCleaner under both Windows and Applications tabs before the Panda scan? Oh well.... Anyway, your sys appears clean. What symptoms are showing still?
Repeat the Delete an NT Service, this time for this line: Spools Spooler
Still no CP etc? Get the fix from the expert, Doug Knox: http://www.dougknox.com/xp/fileassoc/linkfile_fix.zip - unzip the file, dclick the .reg file and Yes to merge it with the registry. If it opens in notepad when you dclick it, just rclick instead, go Open with, and choose Registry editor. Tell me how it all goes.
Repeat the Delete an NT Service, this time for this line: Spools Spooler
Still no CP etc? Get the fix from the expert, Doug Knox: http://www.dougknox.com/xp/fileassoc/linkfile_fix.zip - unzip the file, dclick the .reg file and Yes to merge it with the registry. If it opens in notepad when you dclick it, just rclick instead, go Open with, and choose Registry editor. Tell me how it all goes.
Understood. Because of the file you posted we'll step back and restart with these instructions. You must be in an Administrator-privileged account to run this procedure...: ==Download Avenger from http://swandog46.geekstogo.com/avenger.zip -unzip it to your desktop, leave it for the moment. ==CCleaner: more detailed instructions - Dl the file ccsetup139.exe from filehippo to a downloads folder, dclick it and agree to everything - either let it open its own new folder or point it at a folder you created by your other pgms folder [DON'T you create folders in the start menu!! Leave installing pgms to make entries if they wish!]. The only box I left checked was the "Add Open CCleaner to Recycle bin context menu". And press Install. Should go okay... leave it for the moment. ==start HijackThis by dclicking the .exe; now close ALL other applications and any open windows including the explorer window containing HijackThis. -Select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked.
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O4 - HKCU\..\Run: [Firewall auto setup] C:\DOCUME~1\Allison\LOCALS~1\Temp\winlogon.exe
==start Avenger; select “Input script manually” and then click the magnifying glass icon. Paste into the
box as one block all the text between the lines:- _____________________________________ Files to delete: C:\DOCUME~1\Allison\LOCALS~1\Temp\winlogon.exe _____________________________________
...and click Done, and finally the green light. Follow promps to reboot your machine. [The files, …
Stan, I put these two posts into another thread: If you do not use M$ apps like office etc then restrict your updating to Windows updates only - this results in you getting security updates only. If you are interested in this then go programs > microsoft update, when the web page loads hit settings? and make your selection there.
What i hoped would be understood is that Microsoft Updates is just gee-gaws for M$ apps. They are not [generally] vital ... they certainly are not fixes for security issues. Those are in Windows Updates. So you don't need MU running constantly. Further, as far as WU goes, in your security centre make the setting to Notify you when they are available. Don't panic about this, M$ will notify you every time you turn your sys onto the net until you dl or cancel them.
Princess, we gotta guess so much! Like we could assume that the techs "repaired" windows? [a repair installation..]. If you lost all your files and information why not just reinstall windows? - a clean slate. But assuming you don't wish to do that, and if it is that you occasionally get it to the point that it runs in normal mode then do this: first impose upon a cobber to dl hijackthis to a pendrive, floppy, cdrw..you choose, run it and post a log. ==download hijackthis: http://216.180.233.162/~merijn/files/HijackThis.exe -install it to a new folder alongside your program files and then rename the Hijackthis.exe to imabunny.exe. -in that folder start HijackThis by dclicking the .exe; now close ALL other applications and any open windows including the explorer window containing HijackThis. -Click the Scan and Save a Logfile button. Post the log here. "lingo and information"??! - I promise you that you'll get none of that here.
Automatic updates.... my microsoft updates is shutdown, my windows updates is on notify only. Windows updates is the important security issue one - I dl the ones I need. What you do is up to you, but if it's working.. let sleeping dogs lie.
you did already mention SP2. Any install disk, M$ or OEM, will do so just borrow one, but you'll find that your numbers will be the thing. Did your friend "borrow" those? If so, it's either a fight :pow to get them back or $100 more to M$... :'(. System restore. The virus[es] may be in there as well, but first you clear the OS of them and then tip out sysres. To do that you turn it off, then right back on. And cos you were clean, you immed make a nice, fresh, clean restore point. Tell us who wins over the windows xp reg numbers.
Okay, Adrian, the next step is to move hijackthis. It is in an unsafe location at the moment [any backups it makes could easily be lost during cleanup!] so, please delete the version you currently have and: ==please download a fresh copy of hijackthis: http://216.180.233.162/~merijn/files/HijackThis.exe -install it to a new folder alongside your program files and then rename the Hijackthis.exe to imabunny.exe. You MUST do this before proceeding further!! ==Download Avenger from http://swandog46.geekstogo.com/avenger.zip -unzip it to your desktop. Leave it for the moment. ==I see that you have MyWay Searchassistant there, courtesy DELL. We can get rid of it for a start.. First see if it is listed in Add/remove pgms list - remove it if able, then.. Go start > run, paste: msiexec.exe /X {78d944d7-a97b-4004-ab0a-b5ad06839940} -and Enter. If it is found click yes at the prompt. Next delete the MyWay files/folder in Program Files [use myway as a search string...]. You could also use myway as a search string in regedit and delete all references... BUT BE CAREFUL in there!! - you can skip this step; removing the files makes the reg entries redundant. Now to see just how tough the real pest is.... start HijackThis [imabunny] by dclicking the .exe; close ALL other applications and any open windows including the explorer window containing HijackThis. -Select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked.
